summaryrefslogtreecommitdiff
path: root/security/integrity
diff options
context:
space:
mode:
authorChristian Brauner <brauner@kernel.org>2022-10-28 15:41:31 +0200
committerChristian Brauner (Microsoft) <brauner@kernel.org>2022-10-28 15:41:31 +0200
commit16257cf6658d5bde2a055caf48f143c255abade7 (patch)
tree92ea0f9cfbe25ea12e41edc7f3bcbffdce036623 /security/integrity
parentcb2144d66b0b24fd1b880fc72678ba21ca414dab (diff)
evm: remove dead code in evm_inode_set_acl()
When evm_status is INTEGRITY_PASS then this function returns early and so later codepaths that check for evm_status != INTEGRITY_PASS can be removed as they are dead code. Fixes: e61b135f7bfe ("integrity: implement get and set acl hook") Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/evm/evm_main.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index e074c2b4d499..e01cfd4ad896 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -678,13 +678,12 @@ int evm_inode_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
!evm_inode_set_acl_change(mnt_userns, dentry, acl_name, kacl))
return 0;
- if (evm_status != INTEGRITY_PASS &&
- evm_status != INTEGRITY_PASS_IMMUTABLE)
+ if (evm_status != INTEGRITY_PASS_IMMUTABLE)
integrity_audit_msg(AUDIT_INTEGRITY_METADATA, d_backing_inode(dentry),
dentry->d_name.name, "appraise_metadata",
integrity_status_msg[evm_status],
-EPERM, 0);
- return evm_status == INTEGRITY_PASS ? 0 : -EPERM;
+ return -EPERM;
}
static void evm_reset_status(struct inode *inode)