Merge tag 'imx-fixes-3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo...

[sfrench/cifs-2.6.git] / security / integrity / evm / evm_main.c

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 3bcb80df4d01f1ca30927c7e61c6b2b19b5ca15f..9685af330de5db40f4d7d097ea736b377dd68b36 100644 (file)
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -126,14 +126,15 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
        rc = vfs_getxattr_alloc(dentry, XATTR_NAME_EVM, (char **)&xattr_data, 0,
                                GFP_NOFS);
        if (rc <= 0) {
-               if (rc == 0)
-                       evm_status = INTEGRITY_FAIL; /* empty */
-               else if (rc == -ENODATA) {
+               evm_status = INTEGRITY_FAIL;
+               if (rc == -ENODATA) {
                        rc = evm_find_protected_xattrs(dentry);
                        if (rc > 0)
                                evm_status = INTEGRITY_NOLABEL;
                        else if (rc == 0)
                                evm_status = INTEGRITY_NOXATTRS; /* new file */
+               } else if (rc == -EOPNOTSUPP) {
+                       evm_status = INTEGRITY_UNKNOWN;
                }
                goto out;
        }
@@ -284,6 +285,13 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name,
                goto out;
        }
        evm_status = evm_verify_current_integrity(dentry);
+       if (evm_status == INTEGRITY_NOXATTRS) {
+               struct integrity_iint_cache *iint;
+
+               iint = integrity_iint_find(dentry->d_inode);
+               if (iint && (iint->flags & IMA_NEW_FILE))
+                       return 0;
+       }
 out:
        if (evm_status != INTEGRITY_PASS)
                integrity_audit_msg(AUDIT_INTEGRITY_METADATA, dentry->d_inode,
@@ -352,7 +360,6 @@ void evm_inode_post_setxattr(struct dentry *dentry, const char *xattr_name,
                return;
 
        evm_update_evmxattr(dentry, xattr_name, xattr_value, xattr_value_len);
-       return;
 }
 
 /**
@@ -372,7 +379,6 @@ void evm_inode_post_removexattr(struct dentry *dentry, const char *xattr_name)
        mutex_lock(&inode->i_mutex);
        evm_update_evmxattr(dentry, xattr_name, NULL, 0);
        mutex_unlock(&inode->i_mutex);
-       return;
 }
 
 /**
@@ -414,7 +420,6 @@ void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
 
        if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID))
                evm_update_evmxattr(dentry, NULL, NULL, 0);
-       return;
 }
 
 /*