ima_fs: don't bother with removal of files in directory we'll be removing

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

removal of parent takes all children out

Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Al Viro 9 months ago 22260a99 a98ce027

+18 -39

1 changed file

expand all

security

integrity

ima

ima_fs.c

+18 -39

security/integrity/ima/ima_fs.c

··· 396 396 397 397 static struct dentry *ima_dir; 398 398 static struct dentry *ima_symlink; 399 - static struct dentry *binary_runtime_measurements; 400 - static struct dentry *ascii_runtime_measurements; 401 - static struct dentry *runtime_measurements_count; 402 - static struct dentry *violations; 403 - static struct dentry *ima_policy; 404 399 405 400 enum ima_fs_flags { 406 401 IMA_FS_BUSY, ··· 414 419 415 420 static void __init remove_securityfs_measurement_lists(struct dentry **lists) 416 421 { 417 - int i; 418 - 419 - if (lists) { 420 - for (i = 0; i < securityfs_measurement_list_count; i++) 421 - securityfs_remove(lists[i]); 422 - 423 - kfree(lists); 424 - } 422 + kfree(lists); 425 423 } 426 424 427 425 static int __init create_securityfs_measurement_lists(void) ··· 521 533 522 534 ima_update_policy(); 523 535 #if !defined(CONFIG_IMA_WRITE_POLICY) && !defined(CONFIG_IMA_READ_POLICY) 524 - securityfs_remove(ima_policy); 525 - ima_policy = NULL; 536 + securityfs_remove(file->f_path.dentry); 526 537 #elif defined(CONFIG_IMA_WRITE_POLICY) 527 538 clear_bit(IMA_FS_BUSY, &ima_fs_flags); 528 539 #elif defined(CONFIG_IMA_READ_POLICY) ··· 540 553 541 554 int __init ima_fs_init(void) 542 555 { 556 + struct dentry *dentry; 543 557 int ret; 544 558 545 559 ascii_securityfs_measurement_lists = NULL; ··· 561 573 if (ret != 0) 562 574 goto out; 563 575 564 - binary_runtime_measurements = 565 - securityfs_create_symlink("binary_runtime_measurements", ima_dir, 576 + dentry = securityfs_create_symlink("binary_runtime_measurements", ima_dir, 566 577 "binary_runtime_measurements_sha1", NULL); 567 - if (IS_ERR(binary_runtime_measurements)) { 568 - ret = PTR_ERR(binary_runtime_measurements); 578 + if (IS_ERR(dentry)) { 579 + ret = PTR_ERR(dentry); 569 580 goto out; 570 581 } 571 582 572 - ascii_runtime_measurements = 573 - securityfs_create_symlink("ascii_runtime_measurements", ima_dir, 583 + dentry = securityfs_create_symlink("ascii_runtime_measurements", ima_dir, 574 584 "ascii_runtime_measurements_sha1", NULL); 575 - if (IS_ERR(ascii_runtime_measurements)) { 576 - ret = PTR_ERR(ascii_runtime_measurements); 585 + if (IS_ERR(dentry)) { 586 + ret = PTR_ERR(dentry); 577 587 goto out; 578 588 } 579 589 580 - runtime_measurements_count = 581 - securityfs_create_file("runtime_measurements_count", 590 + dentry = securityfs_create_file("runtime_measurements_count", 582 591 S_IRUSR | S_IRGRP, ima_dir, NULL, 583 592 &ima_measurements_count_ops); 584 - if (IS_ERR(runtime_measurements_count)) { 585 - ret = PTR_ERR(runtime_measurements_count); 593 + if (IS_ERR(dentry)) { 594 + ret = PTR_ERR(dentry); 586 595 goto out; 587 596 } 588 597 589 - violations = 590 - securityfs_create_file("violations", S_IRUSR | S_IRGRP, 598 + dentry = securityfs_create_file("violations", S_IRUSR | S_IRGRP, 591 599 ima_dir, NULL, &ima_htable_violations_ops); 592 - if (IS_ERR(violations)) { 593 - ret = PTR_ERR(violations); 600 + if (IS_ERR(dentry)) { 601 + ret = PTR_ERR(dentry); 594 602 goto out; 595 603 } 596 604 597 - ima_policy = securityfs_create_file("policy", POLICY_FILE_FLAGS, 605 + dentry = securityfs_create_file("policy", POLICY_FILE_FLAGS, 598 606 ima_dir, NULL, 599 607 &ima_measure_policy_ops); 600 - if (IS_ERR(ima_policy)) { 601 - ret = PTR_ERR(ima_policy); 608 + if (IS_ERR(dentry)) { 609 + ret = PTR_ERR(dentry); 602 610 goto out; 603 611 } 604 612 605 613 return 0; 606 614 out: 607 - securityfs_remove(ima_policy); 608 - securityfs_remove(violations); 609 - securityfs_remove(runtime_measurements_count); 610 - securityfs_remove(ascii_runtime_measurements); 611 - securityfs_remove(binary_runtime_measurements); 612 615 remove_securityfs_measurement_lists(ascii_securityfs_measurement_lists); 613 616 remove_securityfs_measurement_lists(binary_securityfs_measurement_lists); 614 617 securityfs_measurement_list_count = 0;