diff options
Diffstat (limited to 'security/integrity/ima/ima_main.c')
| -rw-r--r-- | security/integrity/ima/ima_main.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 45de18e9a6f2..dba965de90d3 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c | |||
| @@ -291,11 +291,15 @@ EXPORT_SYMBOL_GPL(ima_file_check); | |||
| 291 | */ | 291 | */ |
| 292 | int ima_module_check(struct file *file) | 292 | int ima_module_check(struct file *file) |
| 293 | { | 293 | { |
| 294 | int rc; | 294 | int rc = 0; |
| 295 | 295 | ||
| 296 | if (!file) | 296 | if (!file) { |
| 297 | rc = INTEGRITY_UNKNOWN; | 297 | if (ima_appraise & IMA_APPRAISE_MODULES) { |
| 298 | else | 298 | #ifndef CONFIG_MODULE_SIG_FORCE |
| 299 | rc = -EACCES; /* INTEGRITY_UNKNOWN */ | ||
| 300 | #endif | ||
| 301 | } | ||
| 302 | } else | ||
| 299 | rc = process_measurement(file, file->f_dentry->d_name.name, | 303 | rc = process_measurement(file, file->f_dentry->d_name.name, |
| 300 | MAY_EXEC, MODULE_CHECK); | 304 | MAY_EXEC, MODULE_CHECK); |
| 301 | return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; | 305 | return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; |