[PATCH openEuler-5.10 45/64] Revert "ima: Add ima namespace to the ima subsystem APIs"

From: Zhang Tianxing zhangtianxing3@huawei.com

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA

--------------------------------

This reverts commit c2b095cc0f1447fbbeade7ba09c6e9e9ee75fca4.

Signed-off-by: Zhang Tianxing zhangtianxing3@huawei.com Acked-by: Xie XiuQi xiexiuqi@huawei.com Acked-by: Xiu Jianfengxiujianfeng@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- include/linux/ima.h | 4 +- security/integrity/ima/ima.h | 28 +++++-------- security/integrity/ima/ima_api.c | 9 ++-- security/integrity/ima/ima_appraise.c | 16 +++----- security/integrity/ima/ima_asymmetric_keys.c | 3 +- security/integrity/ima/ima_fs.c | 2 +- security/integrity/ima/ima_main.c | 43 +++++++++----------- security/integrity/ima/ima_policy.c | 42 ++++++++----------- security/integrity/ima/ima_queue_keys.c | 3 +- 9 files changed, 60 insertions(+), 90 deletions(-)

diff --git a/include/linux/ima.h b/include/linux/ima.h index 7f847cf0297c..5cb5659c0a06 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -152,7 +152,7 @@ static inline void ima_post_key_create_or_update(struct key *keyring, #endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */

#ifdef CONFIG_IMA_APPRAISE -extern bool is_ima_appraise_enabled(const struct ima_namespace *ima_ns); +extern bool is_ima_appraise_enabled(void); extern void ima_inode_post_setattr(struct dentry *dentry); extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, const void *xattr_value, size_t xattr_value_len); @@ -164,7 +164,7 @@ extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); extern void ima_inode_post_removexattr(struct dentry *dentry, const char *xattr_name); #else -static inline bool is_ima_appraise_enabled(const struct ima_namespace *ima_ns) +static inline bool is_ima_appraise_enabled(void) { return 0; } diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 8b59e03ec849..071e9e749420 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -268,8 +268,7 @@ static inline void ima_process_queued_keys(void) {} int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, - const char *keyring, - struct ima_namespace *ima_ns); + const char *keyring); int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); int ima_collect_measurement(struct integrity_iint_cache *iint, struct file *file, void *buf, loff_t size, @@ -279,12 +278,10 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, struct evm_ima_xattr_data *xattr_value, int xattr_len, const struct modsig *modsig, int pcr, struct ima_template_desc *template_desc, - struct ima_digest *digest, - struct ima_namespace *ima_ns); + struct ima_digest *digest); void process_buffer_measurement(struct inode *inode, const void *buf, int size, const char *eventname, enum ima_hooks func, - int pcr, const char *keyring, - struct ima_namespace *ima_ns); + int pcr, const char *keyring); void ima_audit_measurement(struct integrity_iint_cache *iint, const unsigned char *filename); int ima_alloc_init_template(struct ima_event_data *event_data, @@ -300,16 +297,15 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, - const char *keyring, - struct ima_namespace *ima_ns); + const char *keyring); void ima_init_policy(void); void ima_init_ns_policy(struct ima_namespace *ima_ns, const struct ima_policy_setup_data *policy_setup_data); void ima_update_policy(void); -void ima_update_policy_flag(struct ima_namespace *ima_ns); +void ima_update_policy_flag(void); ssize_t ima_parse_add_rule(char *); void ima_delete_rules(void); -int ima_check_policy(const struct ima_namespace *ima_ns); +int ima_check_policy(void); void *ima_policy_start(struct seq_file *m, loff_t *pos); void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos); void ima_policy_stop(struct seq_file *m, void *v); @@ -337,23 +333,20 @@ int ima_default_appraise_setup(const char *str,

#ifdef CONFIG_IMA_APPRAISE int ima_check_blacklist(struct integrity_iint_cache *iint, - const struct modsig *modsig, int pcr, - struct ima_namespace *ima_ns); + const struct modsig *modsig, int pcr); int ima_appraise_measurement(enum ima_hooks func, struct integrity_iint_cache *iint, struct file *file, const unsigned char *filename, struct evm_ima_xattr_data *xattr_value, int xattr_len, const struct modsig *modsig, struct ima_digest *found_digest); -int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func, - struct ima_namespace *ima_ns); +int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func); void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file); enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint, enum ima_hooks func); #else static inline int ima_check_blacklist(struct integrity_iint_cache *iint, - const struct modsig *modsig, int pcr, - struct ima_namespace *ima_ns) + const struct modsig *modsig, int pcr) { return 0; } @@ -371,8 +364,7 @@ static inline int ima_appraise_measurement(enum ima_hooks func, }

static inline int ima_must_appraise(struct inode *inode, int mask, - enum ima_hooks func, - struct ima_namespace *ima_ns) + enum ima_hooks func) { return 0; } diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index b4347eac9c85..d9f4599dee40 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -191,7 +191,6 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @pcr: pointer filled in if matched measure policy sets pcr= * @template_desc: pointer filled in if matched measure policy sets template= * @keyring: keyring name used to determine the action - * @ima_ns: ima namespace whose policy data will be used * * The policy is defined in terms of keypairs: * subj=, obj=, type=, func=, mask=, fsmagic= @@ -207,15 +206,14 @@ void ima_add_violation(struct file *file, const unsigned char *filename, int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, - const char *keyring, - struct ima_namespace *ima_ns) + const char *keyring) { int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH;

flags &= ima_policy_flag;

return ima_match_policy(inode, cred, secid, func, mask, flags, pcr, - template_desc, keyring, ima_ns); + template_desc, keyring); }

/* @@ -320,8 +318,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct evm_ima_xattr_data *xattr_value, int xattr_len, const struct modsig *modsig, int pcr, struct ima_template_desc *template_desc, - struct ima_digest *digest, - struct ima_namespace *ima_ns) + struct ima_digest *digest) { static const char op[] = "add_template_measure"; static const char audit_cause[] = "ENOMEM"; diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 9213c012cbe4..ad7715822e06 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -81,11 +81,10 @@ __setup("ima_appraise_digest_list=", appraise_digest_list_setup);

/* * is_ima_appraise_enabled - return appraise status - * @ima_ns: pointer to the ima namespace being checked * * Only return enabled, if not in ima_appraise="fix" or "log" modes. */ -bool is_ima_appraise_enabled(const struct ima_namespace *ima_ns) +bool is_ima_appraise_enabled(void) { return ima_appraise & IMA_APPRAISE_ENFORCE; } @@ -95,8 +94,7 @@ bool is_ima_appraise_enabled(const struct ima_namespace *ima_ns) * * Return 1 to appraise or hash */ -int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func, - struct ima_namespace *ima_ns) +int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) { u32 secid;

@@ -105,8 +103,7 @@ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func,

security_task_getsecid(current, &secid); return ima_match_policy(inode, current_cred(), secid, func, mask, - IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, - NULL); + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); }

static int ima_fix_xattr(struct dentry *dentry, @@ -334,8 +331,7 @@ static int modsig_verify(enum ima_hooks func, const struct modsig *modsig, * Returns -EPERM if the hash is blacklisted. */ int ima_check_blacklist(struct integrity_iint_cache *iint, - const struct modsig *modsig, int pcr, - struct ima_namespace *ima_ns) + const struct modsig *modsig, int pcr) { enum hash_algo hash_algo; const u8 *digest = NULL; @@ -352,7 +348,7 @@ int ima_check_blacklist(struct integrity_iint_cache *iint, if ((rc == -EPERM) && (iint->flags & IMA_MEASURE)) process_buffer_measurement(NULL, digest, digestsize, "blacklisted-hash", NONE, - pcr, NULL, NULL); + pcr, NULL); }

return rc; @@ -579,7 +575,7 @@ void ima_inode_post_setattr(struct dentry *dentry) || !(inode->i_opflags & IOP_XATTR)) return;

- action = ima_must_appraise(inode, MAY_ACCESS, POST_SETATTR, NULL); + action = ima_must_appraise(inode, MAY_ACCESS, POST_SETATTR); iint = integrity_iint_find(inode); if (iint) { set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags); diff --git a/security/integrity/ima/ima_asymmetric_keys.c b/security/integrity/ima/ima_asymmetric_keys.c index 58aa56b0422d..1c68c500c26f 100644 --- a/security/integrity/ima/ima_asymmetric_keys.c +++ b/security/integrity/ima/ima_asymmetric_keys.c @@ -60,6 +60,5 @@ void ima_post_key_create_or_update(struct key *keyring, struct key *key, */ process_buffer_measurement(NULL, payload, payload_len, keyring->description, KEY_CHECK, 0, - keyring->description, - NULL); + keyring->description); } diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index 64f5b0997760..90f1d9c85b31 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -531,7 +531,7 @@ static int ima_release_data_upload(struct inode *inode, struct file *file) return 0; }

- if (valid_policy && ima_check_policy(NULL) < 0) { + if (valid_policy && ima_check_policy() < 0) { cause = "failed"; valid_policy = 0; } diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 9bbd716bff99..e4b0ad29dbd8 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -124,8 +124,7 @@ static void ima_rdwr_violation_check(struct file *file, int must_measure, char **pathbuf, const char **pathname, - char *filename, - struct ima_namespace *ima_ns) + char *filename) { struct inode *inode = file_inode(file); fmode_t mode = file->f_mode; @@ -295,8 +294,7 @@ void ima_file_free(struct file *file)

static int process_measurement(struct file *file, const struct cred *cred, u32 secid, char *buf, loff_t size, int mask, - enum ima_hooks func, - struct ima_namespace *ima_ns) + enum ima_hooks func) { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; @@ -321,7 +319,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * Included is the appraise submask. */ action = ima_get_action(inode, cred, secid, mask, func, &pcr, - &template_desc, NULL, ima_ns); + &template_desc, NULL); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); if (!action && !violation_check) @@ -343,7 +341,7 @@ static int process_measurement(struct file *file, const struct cred *cred,

if (!rc && violation_check) ima_rdwr_violation_check(file, iint, action & IMA_MEASURE, - &pathbuf, &pathname, filename, ima_ns); + &pathbuf, &pathname, filename);

inode_unlock(inode);

@@ -447,11 +445,10 @@ static int process_measurement(struct file *file, const struct cred *cred, xattr_value, xattr_len, modsig, pcr, template_desc, ima_digest_allow(found_digest, - IMA_MEASURE), - ima_ns); + IMA_MEASURE));

if (rc == 0 && (action & IMA_APPRAISE_SUBMASK)) { - rc = ima_check_blacklist(iint, modsig, pcr, ima_ns); + rc = ima_check_blacklist(iint, modsig, pcr); if (rc != -EPERM) { inode_lock(inode); rc = ima_appraise_measurement(func, iint, file, @@ -507,7 +504,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) if (file && (prot & PROT_EXEC)) { security_task_getsecid(current, &secid); return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK, NULL); + 0, MAY_EXEC, MMAP_CHECK); }

return 0; @@ -546,7 +543,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) security_task_getsecid(current, &secid); inode = file_inode(vma->vm_file); action = ima_get_action(inode, current_cred(), secid, MAY_EXEC, - MMAP_CHECK, &pcr, &template, 0, NULL); + MMAP_CHECK, &pcr, &template, 0);

/* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -585,13 +582,13 @@ int ima_bprm_check(struct linux_binprm *bprm)

security_task_getsecid(current, &secid); ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK, NULL); + MAY_EXEC, BPRM_CHECK); if (ret) return ret;

security_cred_getsecid(bprm->cred, &secid); return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK, NULL); + MAY_EXEC, CREDS_CHECK); }

/** @@ -612,7 +609,7 @@ int ima_file_check(struct file *file, int mask) security_task_getsecid(current, &secid); rc = process_measurement(file, current_cred(), secid, NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | - MAY_APPEND), FILE_CHECK, NULL); + MAY_APPEND), FILE_CHECK); if (ima_current_is_parser() && !rc) ima_check_measured_appraised(file); return rc; @@ -691,7 +688,7 @@ void ima_post_create_tmpfile(struct inode *inode) struct integrity_iint_cache *iint; int must_appraise;

- must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK, NULL); + must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK); if (!must_appraise) return;

@@ -718,7 +715,7 @@ void ima_post_path_mknod(struct dentry *dentry) struct inode *inode = dentry->d_inode; int must_appraise;

- must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK, NULL); + must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK); if (!must_appraise) return;

@@ -769,7 +766,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &secid); return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_READ, func, NULL); + 0, MAY_READ, func); }

const int read_idmap[READING_MAX_ID] = { @@ -813,7 +810,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, func = read_idmap[read_id] ?: FILE_CHECK; security_task_getsecid(current, &secid); return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func, NULL); + MAY_READ, func); }

/** @@ -911,8 +908,7 @@ int ima_post_load_data(char *buf, loff_t size, */ void process_buffer_measurement(struct inode *inode, const void *buf, int size, const char *eventname, enum ima_hooks func, - int pcr, const char *keyring, - struct ima_namespace *ima_ns) + int pcr, const char *keyring) { int ret = 0; const char *audit_cause = "ENOMEM"; @@ -944,7 +940,7 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, if (func) { security_task_getsecid(current, &secid); action = ima_get_action(inode, current_cred(), secid, 0, func, - &pcr, &template, keyring, NULL); + &pcr, &template, keyring); if (!(action & IMA_MEASURE)) return; } @@ -1016,8 +1012,7 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) return;

process_buffer_measurement(file_inode(f.file), buf, size, - "kexec-cmdline", KEXEC_CMDLINE, 0, NULL, - NULL); + "kexec-cmdline", KEXEC_CMDLINE, 0, NULL); fdput(f); }

@@ -1046,7 +1041,7 @@ static int __init init_ima(void) pr_warn("Couldn't register LSM notifier, error %d\n", error);

if (!error) - ima_update_policy_flag(&init_ima_ns); + ima_update_policy_flag();

return error; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index ebb4721032d4..fe5d0f311f1c 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -692,7 +692,6 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @template_desc: the template that should be used for this rule * @keyring: the keyring name, if given, to be used to check in the policy. * keyring can be NULL if func is anything other than KEY_CHECK. - * @ima_ns: IMA namespace whose policies are being checked * * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type) * conditions. @@ -704,8 +703,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, enum ima_hooks func, int mask, int flags, int *pcr, struct ima_template_desc **template_desc, - const char *keyring, - struct ima_namespace *ima_ns) + const char *keyring) { struct ima_rule_entry *entry; int action = 0, actmask = flags | (flags << 1); @@ -758,9 +756,8 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, * loaded policy. Based on this flag, the decision to short circuit * out of a function or not call the function in the first place * can be made earlier. - * @ima_ns: pointer to the ima namespace whose policy flag is updated */ -void ima_update_policy_flag(struct ima_namespace *ima_ns) +void ima_update_policy_flag(void) { struct ima_rule_entry *entry;

@@ -789,8 +786,7 @@ static int ima_appraise_flag(enum ima_hooks func) return 0; }

-static void __init add_rules(struct ima_policy_data *policy_data, - struct ima_rule_entry *entries, int count, +static void __init add_rules(struct ima_rule_entry *entries, int count, enum policy_rule_list policy_rule) { int i = 0; @@ -918,20 +914,19 @@ void __init ima_init_policy(void)

/* if !ima_policy, we load NO default rules */ if (ima_policy) - add_rules(NULL, - dont_measure_rules, ARRAY_SIZE(dont_measure_rules), + add_rules(dont_measure_rules, ARRAY_SIZE(dont_measure_rules), IMA_DEFAULT_POLICY);

switch (ima_policy) { case ORIGINAL_TCB: - add_rules(NULL, original_measurement_rules, + add_rules(original_measurement_rules, ARRAY_SIZE(original_measurement_rules), IMA_DEFAULT_POLICY); break; case EXEC_TCB: fallthrough; case DEFAULT_TCB: - add_rules(NULL, default_measurement_rules, + add_rules(default_measurement_rules, ARRAY_SIZE(default_measurement_rules), IMA_DEFAULT_POLICY); default: @@ -939,7 +934,7 @@ void __init ima_init_policy(void) }

if (ima_policy) - add_rules(NULL, &ima_parser_measure_rule, 1, IMA_DEFAULT_POLICY); + add_rules(&ima_parser_measure_rule, 1, IMA_DEFAULT_POLICY);

/* * Based on runtime secure boot flags, insert arch specific measurement @@ -951,7 +946,7 @@ void __init ima_init_policy(void) if (!arch_entries) pr_info("No architecture policies found\n"); else - add_rules(NULL, arch_policy_entry, arch_entries, + add_rules(arch_policy_entry, arch_entries, IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY);

/* @@ -959,8 +954,7 @@ void __init ima_init_policy(void) * signatures, prior to other appraise rules. */ if (ima_use_secure_boot || ima_use_appraise_exec_tcb) - add_rules(NULL, - secure_boot_rules, ARRAY_SIZE(secure_boot_rules), + add_rules(secure_boot_rules, ARRAY_SIZE(secure_boot_rules), IMA_DEFAULT_POLICY);

/* @@ -972,34 +966,32 @@ void __init ima_init_policy(void) build_appraise_entries = ARRAY_SIZE(build_appraise_rules); if (build_appraise_entries) { if (ima_use_secure_boot) - add_rules(NULL, - build_appraise_rules, build_appraise_entries, + add_rules(build_appraise_rules, build_appraise_entries, IMA_CUSTOM_POLICY); else - add_rules(NULL, - build_appraise_rules, build_appraise_entries, + add_rules(build_appraise_rules, build_appraise_entries, IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY); }

if (ima_use_appraise_tcb || ima_use_appraise_exec_tcb) - add_rules(NULL, default_appraise_rules, + add_rules(default_appraise_rules, ARRAY_SIZE(default_appraise_rules), IMA_DEFAULT_POLICY);

if (ima_use_appraise_exec_tcb) - add_rules(NULL, appraise_exec_rules, + add_rules(appraise_exec_rules, ARRAY_SIZE(appraise_exec_rules), IMA_DEFAULT_POLICY);

if (ima_use_secure_boot || ima_use_appraise_tcb || ima_use_appraise_exec_tcb) - add_rules(NULL, &ima_parser_appraise_rule, 1, IMA_DEFAULT_POLICY); + add_rules(&ima_parser_appraise_rule, 1, IMA_DEFAULT_POLICY);

- ima_update_policy_flag(NULL); + ima_update_policy_flag(); }

/* Make sure we have a valid policy, at least containing some rules. */ -int ima_check_policy(const struct ima_namespace *ima_ns) +int ima_check_policy(void) { if (list_empty(&ima_temp_rules)) return -EINVAL; @@ -1035,7 +1027,7 @@ void ima_update_policy(void) */ kfree(arch_policy_entry); } - ima_update_policy_flag(NULL); + ima_update_policy_flag();

/* Custom IMA policy has been loaded */ ima_process_queued_keys(); diff --git a/security/integrity/ima/ima_queue_keys.c b/security/integrity/ima/ima_queue_keys.c index 34ca54ba52b7..69a8626a35c0 100644 --- a/security/integrity/ima/ima_queue_keys.c +++ b/security/integrity/ima/ima_queue_keys.c @@ -162,8 +162,7 @@ void ima_process_queued_keys(void) entry->payload_len, entry->keyring_name, KEY_CHECK, 0, - entry->keyring_name, - NULL); + entry->keyring_name); list_del(&entry->list); ima_free_key_entry(entry); }