ima: clear IMA_HASH

author Mimi Zohar <zohar@linux.vnet.ibm.com>

Sun, 11 Mar 2018 04:07:34 +0000 (23:07 -0500)

committer Mimi Zohar <zohar@linux.vnet.ibm.com>

Fri, 23 Mar 2018 10:31:37 +0000 (06:31 -0400)
author Mimi Zohar <zohar@linux.vnet.ibm.com>
Sun, 11 Mar 2018 04:07:34 +0000 (23:07 -0500)
committer Mimi Zohar <zohar@linux.vnet.ibm.com>
Fri, 23 Mar 2018 10:31:37 +0000 (06:31 -0400)
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c

index e3da29a..40557c0 100644 (file)
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -389,7 +389,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
                 action |= entry->action & IMA_DO_MASK;
                 if (entry->action & IMA_APPRAISE) {
                         action |= get_subaction(entry, func);
-                       action ^= IMA_HASH;
+                       action &= ~IMA_HASH;
                 }
  
                 if (entry->action & IMA_DO_MASK)
author	Mimi Zohar <zohar@linux.vnet.ibm.com>
	Sun, 11 Mar 2018 04:07:34 +0000 (23:07 -0500)
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>
	Fri, 23 Mar 2018 10:31:37 +0000 (06:31 -0400)