The parameters passed to this logging function are all provided by a privileged user and therefore we can call audit_log_string() rather than audit_log_untrustedstring(). Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> Suggested-by: Steve Grubb <sgrubb@xxxxxxxxxx> Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx> --- security/integrity/ima/ima_policy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 8bbc18eb07eb..1d00db19d167 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -634,7 +634,7 @@ static void ima_log_string_op(struct audit_buffer *ab, char *key, char *value, audit_log_format(ab, "%s<", key); else audit_log_format(ab, "%s=", key); - audit_log_untrustedstring(ab, value); + audit_log_string(ab, value); audit_log_format(ab, " "); } static void ima_log_string(struct audit_buffer *ab, char *key, char *value) -- 2.13.6