diff options
| author |   Dmitry Kasatkin <d.kasatkin@samsung.com> | 2014-10-03 14:40:19 +0300 |
|---|---|---|
| committer |   Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-10-11 23:28:07 -0400 |
| commit | 272a6e90ffee1dea39efd6fdf9592edc83a0738e (patch) | |
| tree | d083a538be224e4c2a25e2380a789cff8d80e455 | |
| parent | ima: report policy load status (diff) | |
| download | linux-dev-272a6e90ffee1dea39efd6fdf9592edc83a0738e.tar.xz linux-dev-272a6e90ffee1dea39efd6fdf9592edc83a0738e.zip | |
ima: no need to allocate entry for comment
If a rule is a comment, there is no need to allocate an entry.
Move the checking for comments before allocating the entry.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index cdc620b2152f..bf232b98011e 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -694,6 +694,12 @@ ssize_t ima_parse_add_rule(char *rule) return -EACCES; } + p = strsep(&rule, "\n"); + len = strlen(p) + 1; + + if (*p == '#') + return len; + entry = kzalloc(sizeof(*entry), GFP_KERNEL); if (!entry) { integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, @@ -703,14 +709,6 @@ ssize_t ima_parse_add_rule(char *rule) INIT_LIST_HEAD(&entry->list); - p = strsep(&rule, "\n"); - len = strlen(p) + 1; - - if (*p == '#') { - kfree(entry); - return len; - } - result = ima_parse_rule(p, entry); if (result) { kfree(entry); |