From b169424551930a9325f700f502802f4d515194e5 Mon Sep 17 00:00:00 2001
From: Janne Karhunen <janne.karhunen@gmail.com>
Date: Fri, 14 Jun 2019 15:20:15 +0300
Subject: ima: use the lsm policy update notifier

Don't do lazy policy updates while running the rule matching,
run the updates as they happen.

Depends on commit f242064c5df3 ("LSM: switch to blocking policy update notifiers")

Signed-off-by: Janne Karhunen <janne.karhunen@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 security/integrity/ima/ima.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'security/integrity/ima/ima.h')

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index d213e835c498..2203451862d4 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -154,6 +154,8 @@ unsigned long ima_get_binary_runtime_size(void);
 int ima_init_template(void);
 void ima_init_template_list(void);
 int __init ima_init_digests(void);
+int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event,
+			  void *lsm_data);
 
 /*
  * used to protect h_table and sha_table
-- 
cgit v1.2.3