Unverified Commit 16257cf6 authored by Christian Brauner's avatar Christian Brauner Committed by Christian Brauner (Microsoft)
Browse files

evm: remove dead code in evm_inode_set_acl() 



When evm_status is INTEGRITY_PASS then this function returns early and so
later codepaths that check for evm_status != INTEGRITY_PASS can be removed
as they are dead code.

Fixes: e61b135f ("integrity: implement get and set acl hook")
Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarChristian Brauner (Microsoft) <brauner@kernel.org>
parent cb2144d6

security/integrity/evm/evm_main.c

+2 −3
Original line number Diff line number Diff line
@@ -678,13 +678,12 @@ int evm_inode_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry, 
	    !evm_inode_set_acl_change(mnt_userns, dentry, acl_name, kacl))

		return 0;



	if (evm_status != INTEGRITY_PASS &&

	    evm_status != INTEGRITY_PASS_IMMUTABLE)

	if (evm_status != INTEGRITY_PASS_IMMUTABLE)

		integrity_audit_msg(AUDIT_INTEGRITY_METADATA, d_backing_inode(dentry),

				    dentry->d_name.name, "appraise_metadata",

				    integrity_status_msg[evm_status],

				    -EPERM, 0);

	return evm_status == INTEGRITY_PASS ? 0 : -EPERM;

	return -EPERM;

}



static void evm_reset_status(struct inode *inode)