ima: without an IMA policy loaded, return quickly

Unless an IMA policy is loaded, don't bother checking for an appraise
policy rule.  Return immediately.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 9ef748e..9d1196f 100644 (file)
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -606,6 +606,9 @@ void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
        struct integrity_iint_cache *iint;
        int must_appraise;
 
+       if (!ima_policy_flag || !S_ISREG(inode->i_mode))
+               return;
+
        must_appraise = ima_must_appraise(mnt_userns, inode, MAY_ACCESS,
                                          FILE_CHECK);
        if (!must_appraise)
@@ -636,6 +639,9 @@ void ima_post_path_mknod(struct user_namespace *mnt_userns,
        struct inode *inode = dentry->d_inode;
        int must_appraise;
 
+       if (!ima_policy_flag || !S_ISREG(inode->i_mode))
+               return;
+
        must_appraise = ima_must_appraise(mnt_userns, inode, MAY_ACCESS,
                                          FILE_CHECK);
        if (!must_appraise)