From 6f6723e21589f4594bb72b27ddbb2f75defb33bb Mon Sep 17 00:00:00 2001
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
Date: Mon, 24 Apr 2017 22:43:52 -0400
Subject: ima: define is_ima_appraise_enabled()

Only return enabled if in enforcing mode, not fix or log modes.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

Changes:
- Define is_ima_appraise_enabled() as a bool (Thiago Bauermann)
---
 security/integrity/ima/ima_appraise.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'security')

diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index ac546df73afc..7fe0566142d8 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -33,6 +33,16 @@ static int __init default_appraise_setup(char *str)
 
 __setup("ima_appraise=", default_appraise_setup);
 
+/*
+ * is_ima_appraise_enabled - return appraise status
+ *
+ * Only return enabled, if not in ima_appraise="fix" or "log" modes.
+ */
+bool is_ima_appraise_enabled(void)
+{
+	return (ima_appraise & IMA_APPRAISE_ENFORCE) ? 1 : 0;
+}
+
 /*
  * ima_must_appraise - set appraise flag
  *
-- 
cgit v1.2.3-59-g8ed1b