ima: fix erroneous removal of security.ima xattr

[karo-tx-linux.git] / security / integrity / ima / ima_policy.c

diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 3f6b8a466368e01052d466aa826658fec78d5556..a556d5b9c57f75c9fe7b11b1fd8ee1d20a83280f 100644 (file)
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -167,9 +167,11 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
        const struct cred *cred = current_cred();
        int i;
 
-       if ((rule->flags & IMA_FUNC) && rule->func != func)
+       if ((rule->flags & IMA_FUNC) &&
+           (rule->func != func && func != POST_SETATTR))
                return false;
-       if ((rule->flags & IMA_MASK) && rule->mask != mask)
+       if ((rule->flags & IMA_MASK) &&
+           (rule->mask != mask && func != POST_SETATTR))
                return false;
        if ((rule->flags & IMA_FSMAGIC)
            && rule->fsmagic != inode->i_sb->s_magic)