Functionally no change, just simplify the ima_detect_file_change() code.
Signed-off-by: Mimi Zohar <[email protected]>
---
@Fred, looking to merge with commit 0824f861605d ("ima: fallback to using
i_version to detect file change")
security/integrity/ima/ima_main.c | 19 +++++++------------
1 file changed, 7 insertions(+), 12 deletions(-)
diff --git a/security/integrity/ima/ima_main.c
b/security/integrity/ima/ima_main.c
index 6c49afa8dcc0..5cea53fc36df 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -194,18 +194,13 @@ static bool ima_detect_file_change(struct ima_iint_cache
*iint,
result = vfs_getattr_nosec(&file->f_path, &stat, STATX_CHANGE_COOKIE,
AT_STATX_SYNC_AS_STAT);
- if (!result && stat.result_mask & STATX_CHANGE_COOKIE &&
- stat.change_cookie != iint->real_inode.version)
- return true;
- else if (!(stat.result_mask & STATX_CHANGE_COOKIE) &&
- IS_I_VERSION(inode) &&
- !(inode_eq_iversion(inode, iint->real_inode.version)))
- return true;
- else if (!(stat.result_mask & STATX_CHANGE_COOKIE) &&
- !(IS_I_VERSION(inode)))
- return true;
-
- return false;
+ if (!result && stat.result_mask & STATX_CHANGE_COOKIE)
+ return stat.change_cookie != iint->real_inode.version;
+
+ if (IS_I_VERSION(inode))
+ return !inode_eq_iversion(inode, iint->real_inode.version);
+
+ return true;
}
static void ima_check_last_writer(struct ima_iint_cache *iint,
--
2.53.0
