IMA: don't propagate opened through the entire thing
[muen/linux.git] / security / integrity / ima / ima_main.c
index dca44cf7838eaddf882212faedc9759a391f7723..b286f37712d506de48285467b55d739e423e881c 100644 (file)
@@ -168,7 +168,7 @@ void ima_file_free(struct file *file)
 
 static int process_measurement(struct file *file, const struct cred *cred,
                               u32 secid, char *buf, loff_t size, int mask,
-                              enum ima_hooks func, int opened)
+                              enum ima_hooks func)
 {
        struct inode *inode = file_inode(file);
        struct integrity_iint_cache *iint = NULL;
@@ -294,7 +294,7 @@ static int process_measurement(struct file *file, const struct cred *cred,
        if (rc == 0 && (action & IMA_APPRAISE_SUBMASK)) {
                inode_lock(inode);
                rc = ima_appraise_measurement(func, iint, file, pathname,
-                                             xattr_value, xattr_len, opened);
+                                             xattr_value, xattr_len);
                inode_unlock(inode);
        }
        if (action & IMA_AUDIT)
@@ -338,7 +338,7 @@ int ima_file_mmap(struct file *file, unsigned long prot)
        if (file && (prot & PROT_EXEC)) {
                security_task_getsecid(current, &secid);
                return process_measurement(file, current_cred(), secid, NULL,
-                                          0, MAY_EXEC, MMAP_CHECK, 0);
+                                          0, MAY_EXEC, MMAP_CHECK);
        }
 
        return 0;
@@ -364,13 +364,13 @@ int ima_bprm_check(struct linux_binprm *bprm)
 
        security_task_getsecid(current, &secid);
        ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0,
-                                 MAY_EXEC, BPRM_CHECK, 0);
+                                 MAY_EXEC, BPRM_CHECK);
        if (ret)
                return ret;
 
        security_cred_getsecid(bprm->cred, &secid);
        return process_measurement(bprm->file, bprm->cred, secid, NULL, 0,
-                                  MAY_EXEC, CREDS_CHECK, 0);
+                                  MAY_EXEC, CREDS_CHECK);
 }
 
 /**
@@ -383,14 +383,14 @@ int ima_bprm_check(struct linux_binprm *bprm)
  * On success return 0.  On integrity appraisal error, assuming the file
  * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
  */
-int ima_file_check(struct file *file, int mask, int opened)
+int ima_file_check(struct file *file, int mask)
 {
        u32 secid;
 
        security_task_getsecid(current, &secid);
        return process_measurement(file, current_cred(), secid, NULL, 0,
                                   mask & (MAY_READ | MAY_WRITE | MAY_EXEC |
-                                          MAY_APPEND), FILE_CHECK, opened);
+                                          MAY_APPEND), FILE_CHECK);
 }
 EXPORT_SYMBOL_GPL(ima_file_check);
 
@@ -493,7 +493,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
        func = read_idmap[read_id] ?: FILE_CHECK;
        security_task_getsecid(current, &secid);
        return process_measurement(file, current_cred(), secid, buf, size,
-                                  MAY_READ, func, 0);
+                                  MAY_READ, func);
 }
 
 static int __init init_ima(void)