diff options
author | Mimi Zohar <zohar@linux.ibm.com> | 2021-03-19 16:14:25 +0100 |
---|---|---|
committer | Mimi Zohar <zohar@linux.ibm.com> | 2021-03-22 20:12:26 +0100 |
commit | f873b28f260e6f6ea98eb46f6c42d581379c91b1 (patch) | |
tree | ec7b1abd6081ff28a1d4e8d5e0499bcce8fe0a65 /security | |
parent | integrity: double check iint_cache was initialized (diff) | |
download | linux-f873b28f260e6f6ea98eb46f6c42d581379c91b1.tar.xz linux-f873b28f260e6f6ea98eb46f6c42d581379c91b1.zip |
ima: without an IMA policy loaded, return quickly
Unless an IMA policy is loaded, don't bother checking for an appraise
policy rule. Return immediately.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/ima/ima_main.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 9ef748ea829f..9d1196f712e1 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -606,6 +606,9 @@ void ima_post_create_tmpfile(struct user_namespace *mnt_userns, struct integrity_iint_cache *iint; int must_appraise; + if (!ima_policy_flag || !S_ISREG(inode->i_mode)) + return; + must_appraise = ima_must_appraise(mnt_userns, inode, MAY_ACCESS, FILE_CHECK); if (!must_appraise) @@ -636,6 +639,9 @@ void ima_post_path_mknod(struct user_namespace *mnt_userns, struct inode *inode = dentry->d_inode; int must_appraise; + if (!ima_policy_flag || !S_ISREG(inode->i_mode)) + return; + must_appraise = ima_must_appraise(mnt_userns, inode, MAY_ACCESS, FILE_CHECK); if (!must_appraise) |