ima: Remove redundant policy rule set in add_rules()

kstruczy · mimizohar · commit 6ee28442a465 · 2020-05-07T22:54:08.000-04:00
Function ima_appraise_flag() returns the flag to be set in
temp_ima_appraise depending on the hook identifier passed as an argument.
It is not necessary to set the flag again for the POLICY_CHECK hook.

Signed-off-by: Krzysztof Struczynski &lt;krzysztof.struczynski@huawei.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
@@ -643,11 +643,8 @@ static void add_rules(struct ima_rule_entry *entries, int count,
 
 			list_add_tail(&entry->list, &ima_policy_rules);
 		}
-		if (entries[i].action == APPRAISE) {
+		if (entries[i].action == APPRAISE)
 			temp_ima_appraise |= ima_appraise_flag(entries[i].func);
-			if (entries[i].func == POLICY_CHECK)
-				temp_ima_appraise |= IMA_APPRAISE_POLICY;
-		}
 	}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -643,11 +643,8 @@ static void add_rules(struct ima_rule_entry *entries, int count,`
`643`	`643`
`644`	`644`	`list_add_tail(&entry->list, &ima_policy_rules);`
`645`	`645`	`}`
`646`		`- if (entries[i].action == APPRAISE) {`
	`646`	`+ if (entries[i].action == APPRAISE)`
`647`	`647`	`temp_ima_appraise \|= ima_appraise_flag(entries[i].func);`
`648`		`- if (entries[i].func == POLICY_CHECK)`
`649`		`- temp_ima_appraise \|= IMA_APPRAISE_POLICY;`
`650`		`- }`
`651`	`648`	`}`
`652`	`649`	`}`
`653`	`650`