evm: Don't return an error in evm_write_xattrs() if audit is not enabled

This patch avoids that evm_write_xattrs() returns an error when audit is
not enabled. The ab variable can be NULL and still be passed to the other
audit_log_() functions, as those functions do not include any instruction.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index a99676e..8a9db7d 100644 (file)
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -197,7 +197,7 @@ static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
 
        ab = audit_log_start(audit_context(), GFP_KERNEL,
                             AUDIT_INTEGRITY_EVM_XATTR);
-       if (!ab)
+       if (!ab && IS_ENABLED(CONFIG_AUDIT))
                return -ENOMEM;
 
        xattr = kmalloc(sizeof(struct xattr_list), GFP_KERNEL);