ima: prevent unnecessary policy checking

[linux.git] / security / integrity / ima / ima_main.c

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index dcc98cf542d83fb4768ff3bd2ec113c204c7ecb6..7689c1e21f0927f07aeb4e67c2146013a311a854 100644 (file)
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -81,7 +81,6 @@ static void ima_rdwr_violation_check(struct file *file)
 {
        struct inode *inode = file_inode(file);
        fmode_t mode = file->f_mode;
-       int must_measure;
        bool send_tomtou = false, send_writers = false;
        char *pathbuf = NULL;
        const char *pathname;
@@ -94,16 +93,12 @@ static void ima_rdwr_violation_check(struct file *file)
        if (mode & FMODE_WRITE) {
                if (atomic_read(&inode->i_readcount) && IS_IMA(inode))
                        send_tomtou = true;
-               goto out;
+       } else {
+               if ((atomic_read(&inode->i_writecount) > 0) &&
+                   ima_must_measure(inode, MAY_READ, FILE_CHECK))
+                       send_writers = true;
        }
 
-       must_measure = ima_must_measure(inode, MAY_READ, FILE_CHECK);
-       if (!must_measure)
-               goto out;
-
-       if (atomic_read(&inode->i_writecount) > 0)
-               send_writers = true;
-out:
        mutex_unlock(&inode->i_mutex);
 
        if (!send_tomtou && !send_writers)