ima: Call audit_log_string() rather than logging it untrusted The parameters passed to this logging function are all provided by a privileged user and therefore we can call audit_log_string() rather than audit_log_untrustedstring(). Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Suggested-by: Steve Grubb <sgrubb@redhat.com> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

commit: 8a3bcaf6ecd37fee326cd30732192ef2a09e5b07 [log] [tgz]
author: Stefan Berger <stefanb@linux.vnet.ibm.com> Mon Jun 04 16:54:52 2018 -0400
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> Wed Jul 18 07:27:22 2018 -0400
tree: 27d3466184ad6f57e3d85d7315ebba03b9edcf41
parent: 87ea58433208d17295e200d56be5e2a4fe4ce7d6 [diff]
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 1659abb..f457684 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c

@@ -663,7 +663,7 @@ static void ima_log_string_op(struct audit_buffer *ab, char *key, char *value,
 		audit_log_format(ab, "%s<", key);
 	else
 		audit_log_format(ab, "%s=", key);
-	audit_log_untrustedstring(ab, value);
+	audit_log_string(ab, value);
 	audit_log_format(ab, " ");
 }
 static void ima_log_string(struct audit_buffer *ab, char *key, char *value)
commit	8a3bcaf6ecd37fee326cd30732192ef2a09e5b07	[log] [tgz]
author	Stefan Berger <stefanb@linux.vnet.ibm.com>	Mon Jun 04 16:54:52 2018 -0400
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	Wed Jul 18 07:27:22 2018 -0400
tree	27d3466184ad6f57e3d85d7315ebba03b9edcf41
parent	87ea58433208d17295e200d56be5e2a4fe4ce7d6 [diff]