ima: without an IMA policy loaded, return quickly

Unless an IMA policy is loaded, don't bother checking for an appraise policy rule. Return immediately. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
author: Mimi Zohar <zohar@linux.ibm.com> 2021-03-19 11:14:25 -0400
committer: Mimi Zohar <zohar@linux.ibm.com> 2021-03-22 15:12:26 -0400
commit: f873b28f260e6f6ea98eb46f6c42d581379c91b1 (patch)
tree: ec7b1abd6081ff28a1d4e8d5e0499bcce8fe0a65 /security/integrity
parent: 92063f3ca73aab794bd5408d3361fd5b5ea33079 (diff)
download: linux-f873b28f260e6f6ea98eb46f6c42d581379c91b1.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 9ef748ea829f..9d1196f712e1 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -606,6 +606,9 @@ void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
 	struct integrity_iint_cache *iint;
 	int must_appraise;
 
+	if (!ima_policy_flag || !S_ISREG(inode->i_mode))
+		return;
+
 	must_appraise = ima_must_appraise(mnt_userns, inode, MAY_ACCESS,
 					  FILE_CHECK);
 	if (!must_appraise)
@@ -636,6 +639,9 @@ void ima_post_path_mknod(struct user_namespace *mnt_userns,
 	struct inode *inode = dentry->d_inode;
 	int must_appraise;
 
+	if (!ima_policy_flag || !S_ISREG(inode->i_mode))
+		return;
+
 	must_appraise = ima_must_appraise(mnt_userns, inode, MAY_ACCESS,
 					  FILE_CHECK);
 	if (!must_appraise)
author	Mimi Zohar <zohar@linux.ibm.com>	2021-03-19 11:14:25 -0400
committer	Mimi Zohar <zohar@linux.ibm.com>	2021-03-22 15:12:26 -0400
commit	f873b28f260e6f6ea98eb46f6c42d581379c91b1 (patch)
tree	ec7b1abd6081ff28a1d4e8d5e0499bcce8fe0a65 /security/integrity
parent	92063f3ca73aab794bd5408d3361fd5b5ea33079 (diff)
download	linux-f873b28f260e6f6ea98eb46f6c42d581379c91b1.tar.gz