tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

ima: define is_ima_appraise_enabled()

Only return enabled if in enforcing mode, not fix or log modes.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

Changes:
- Define is_ima_appraise_enabled() as a bool (Thiago Bauermann)

Mimi Zohar 6f6723e2 e1f5e01f

+16
+6
include/linux/ima.h
··· 75 75 #endif 76 76 77 77 #ifdef CONFIG_IMA_APPRAISE 78 + extern bool is_ima_appraise_enabled(void); 78 79 extern void ima_inode_post_setattr(struct dentry *dentry); 79 80 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 80 81 const void *xattr_value, size_t xattr_value_len); 81 82 extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); 82 83 #else 84 + static inline bool is_ima_appraise_enabled(void) 85 + { 86 + return 0; 87 + } 88 + 83 89 static inline void ima_inode_post_setattr(struct dentry *dentry) 84 90 { 85 91 return;
+10
security/integrity/ima/ima_appraise.c
··· 34 34 __setup("ima_appraise=", default_appraise_setup); 35 35 36 36 /* 37 + * is_ima_appraise_enabled - return appraise status 38 + * 39 + * Only return enabled, if not in ima_appraise="fix" or "log" modes. 40 + */ 41 + bool is_ima_appraise_enabled(void) 42 + { 43 + return (ima_appraise & IMA_APPRAISE_ENFORCE) ? 1 : 0; 44 + } 45 + 46 + /* 37 47 * ima_must_appraise - set appraise flag 38 48 * 39 49 * Return 1 to appraise