Merge tag 'integrity-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar...

[sfrench/cifs-2.6.git] / security / integrity / ima / ima_main.c

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index b85d9e4294267b9523562861d9c4510aa054b4c3..906c1d8e0b71c7da6eed2e83c9d688a3ae293173 100644 (file)
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -482,7 +482,7 @@ int ima_bprm_check(struct linux_binprm *bprm)
 }
 
 /**
- * ima_path_check - based on policy, collect/store measurement.
+ * ima_file_check - based on policy, collect/store measurement.
  * @file: pointer to the file to be measured
  * @mask: contains MAY_READ, MAY_WRITE, MAY_EXEC or MAY_APPEND
  *
@@ -606,6 +606,9 @@ void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
        struct integrity_iint_cache *iint;
        int must_appraise;
 
+       if (!ima_policy_flag || !S_ISREG(inode->i_mode))
+               return;
+
        must_appraise = ima_must_appraise(mnt_userns, inode, MAY_ACCESS,
                                          FILE_CHECK);
        if (!must_appraise)
@@ -636,6 +639,9 @@ void ima_post_path_mknod(struct user_namespace *mnt_userns,
        struct inode *inode = dentry->d_inode;
        int must_appraise;
 
+       if (!ima_policy_flag || !S_ISREG(inode->i_mode))
+               return;
+
        must_appraise = ima_must_appraise(mnt_userns, inode, MAY_ACCESS,
                                          FILE_CHECK);
        if (!must_appraise)
@@ -780,6 +786,7 @@ int ima_load_data(enum kernel_load_data_id id, bool contents)
                        pr_err("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter might help\n");
                        return -EACCES; /* INTEGRITY_UNKNOWN */
                }
+               break;
        default:
                break;
        }