Commit f873b28f authored by Mimi Zohar's avatar Mimi Zohar
Browse files

ima: without an IMA policy loaded, return quickly 



Unless an IMA policy is loaded, don't bother checking for an appraise
policy rule.  Return immediately.

Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
parent 92063f3c

security/integrity/ima/ima_main.c

+6 −0
Original line number Diff line number Diff line
@@ -606,6 +606,9 @@ void ima_post_create_tmpfile(struct user_namespace *mnt_userns, 
	struct integrity_iint_cache *iint;

	int must_appraise;



	if (!ima_policy_flag || !S_ISREG(inode->i_mode))

		return;



	must_appraise = ima_must_appraise(mnt_userns, inode, MAY_ACCESS,

					  FILE_CHECK);

	if (!must_appraise)
@@ -636,6 +639,9 @@ void ima_post_path_mknod(struct user_namespace *mnt_userns, 
	struct inode *inode = dentry->d_inode;

	int must_appraise;



	if (!ima_policy_flag || !S_ISREG(inode->i_mode))

		return;



	must_appraise = ima_must_appraise(mnt_userns, inode, MAY_ACCESS,

					  FILE_CHECK);

	if (!must_appraise)