---

yaml --- r: 264489 b: refs/heads/master c: 6d38ca0 h: refs/heads/master i: 264487: d8d0211 v: v3
git-mirror · Jul 18, 2011 · da42da0 · da42da0
1 parent b7d9c0f
commit da42da0
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 7 deletions.
diff --git a/[refs] b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 2960e6cb5f7c662b8edb6b0d2edc72095b4f5672
+refs/heads/master: 6d38ca01c0c2d6c2e46ec1984db9ada6bad6ca26
diff --git a/trunk/security/integrity/evm/evm_main.c b/trunk/security/integrity/evm/evm_main.c
@@ -56,13 +56,15 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
 	struct evm_ima_xattr_data xattr_data;
 	int rc;
 
-	if (iint->hmac_status != INTEGRITY_UNKNOWN)
+	if (iint->hmac_status == INTEGRITY_PASS)
 		return iint->hmac_status;
 
+	/* if status is not PASS, try to check again - against -ENOMEM */
+
 	rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
 			   xattr_value_len, xattr_data.digest);
 	if (rc < 0)
-		return INTEGRITY_UNKNOWN;
+		goto err_out;
 
 	xattr_data.type = EVM_XATTR_HMAC;
 	rc = vfs_xattr_cmp(dentry, XATTR_NAME_EVM, (u8 *)&xattr_data,
@@ -77,11 +79,8 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
 	case -ENODATA:		/* file not labelled */
 		iint->hmac_status = INTEGRITY_NOLABEL;
 		break;
-	case -EINVAL:
-		iint->hmac_status = INTEGRITY_FAIL;
-		break;
 	default:
-		iint->hmac_status = INTEGRITY_UNKNOWN;
+		iint->hmac_status = INTEGRITY_FAIL;
 	}
 	return iint->hmac_status;
 }