Hi Tushar,
On Wed, 2020-09-23 at 12:20 -0700, Tushar Sugandhi wrote:
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index fe1df373c113..31a772d8a86b 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -451,15 +451,19 @@ int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event,
> }
>
> /**
> - * ima_match_keyring - determine whether the keyring matches the measure rule
> - * @rule: a pointer to a rule
> - * @keyring: name of the keyring to match against the measure rule
> + * ima_match_rule_data - determine whether the given func_data matches
> + * the measure rule data
> + * @rule: IMA policy rule
> + * @opt_list: rule data to match func_data against
> + * @func_data: data to match against the measure rule data
> * @cred: a pointer to a credentials structure for user validation
> *
> - * Returns true if keyring matches one in the rule, false otherwise.
> + * Returns true if func_data matches one in the rule, false otherwise.
> */
> -static bool ima_match_keyring(struct ima_rule_entry *rule,
> - const char *keyring, const struct cred *cred)
> +static bool ima_match_rule_data(struct ima_rule_entry *rule,
> + const struct ima_rule_opt_list *opt_list,
> + const char *func_data,
> + const struct cred *cred)
> {
> bool matched = false;
> size_t i;
> @@ -467,14 +471,14 @@ static bool ima_match_keyring(struct ima_rule_entry *rule,
> if ((rule->flags & IMA_UID) && !rule->uid_op(cred->uid, rule->uid))
> return false;
>
> - if (!rule->keyrings)
> + if (!opt_list)
> return true;
The opt_list should be based on rule->func. There shouldn't be a need
to pass it as a variable.
Mimi
>
> - if (!keyring)
> + if (!func_data)
> return false;
>
> - for (i = 0; i < rule->keyrings->count; i++) {
> - if (!strcmp(rule->keyrings->items[i], keyring)) {
> + for (i = 0; i < opt_list->count; i++) {
> + if (!strcmp(opt_list->items[i], func_data)) {
> matched = true;
> break;
> }
