ima: without an IMA policy loaded, return quickly

Unless an IMA policy is loaded, don't bother checking for an appraise policy rule. Return immediately. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

ima: without an IMA policy loaded, return quickly
Unless an IMA policy is loaded, don't bother checking for an appraise policy rule. Return immediately. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
f873b28f · Mimi Zohar · 92063f3c · f873b28f
Commit f873b28f authored 4 years ago by Mimi Zohar
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -606,6 +606,9 @@ void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
 	struct integrity_iint_cache *iint;
 	int must_appraise;

+	if (!ima_policy_flag || !S_ISREG(inode->i_mode))
+		return;
+
 	must_appraise = ima_must_appraise(mnt_userns, inode, MAY_ACCESS,
 					  FILE_CHECK);
 	if (!must_appraise)
@@ -636,6 +639,9 @@ void ima_post_path_mknod(struct user_namespace *mnt_userns,
 	struct inode *inode = dentry->d_inode;
 	int must_appraise;

+	if (!ima_policy_flag || !S_ISREG(inode->i_mode))
+		return;
+
 	must_appraise = ima_must_appraise(mnt_userns, inode, MAY_ACCESS,
 					  FILE_CHECK);
 	if (!must_appraise)