ima: use the lsm policy update notifier

Don't do lazy policy updates while running the rule matching, run the updates as they happen. Depends on commit f242064c5df3 ("LSM: switch to blocking policy update notifiers") Signed-off-by: Janne Karhunen <janne.karhunen@gmail.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
author: Janne Karhunen <janne.karhunen@gmail.com> 2019-06-14 15:20:15 +0300
committer: Mimi Zohar <zohar@linux.ibm.com> 2019-06-14 09:02:43 -0400
commit: b169424551930a9325f700f502802f4d515194e5 (patch)
tree: 5b38bb996cfe6791c0c672a1576c198ed8c9599e /security/integrity/ima/ima.h
parent: 42df744c4166af6959eda2df1ee5cde744d4a1c3 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index d213e835c498..2203451862d4 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -154,6 +154,8 @@ unsigned long ima_get_binary_runtime_size(void);
 int ima_init_template(void);
 void ima_init_template_list(void);
 int __init ima_init_digests(void);
+int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event,
+			  void *lsm_data);
 
 /*
  * used to protect h_table and sha_table
author	Janne Karhunen <janne.karhunen@gmail.com>	2019-06-14 15:20:15 +0300
committer	Mimi Zohar <zohar@linux.ibm.com>	2019-06-14 09:02:43 -0400
commit	b169424551930a9325f700f502802f4d515194e5 (patch)
tree	5b38bb996cfe6791c0c672a1576c198ed8c9599e /security/integrity/ima/ima.h
parent	42df744c4166af6959eda2df1ee5cde744d4a1c3 (diff)