evm: remove dead code in evm_inode_set_acl()

When evm_status is INTEGRITY_PASS then this function returns early and so
later codepaths that check for evm_status != INTEGRITY_PASS can be removed
as they are dead code.

Fixes: e61b135f7bfe ("integrity: implement get and set acl hook")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index e074c2b..e01cfd4 100644 (file)
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -678,13 +678,12 @@ int evm_inode_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
            !evm_inode_set_acl_change(mnt_userns, dentry, acl_name, kacl))
                return 0;
 
-       if (evm_status != INTEGRITY_PASS &&
-           evm_status != INTEGRITY_PASS_IMMUTABLE)
+       if (evm_status != INTEGRITY_PASS_IMMUTABLE)
                integrity_audit_msg(AUDIT_INTEGRITY_METADATA, d_backing_inode(dentry),
                                    dentry->d_name.name, "appraise_metadata",
                                    integrity_status_msg[evm_status],
                                    -EPERM, 0);
-       return evm_status == INTEGRITY_PASS ? 0 : -EPERM;
+       return -EPERM;
 }
 
 static void evm_reset_status(struct inode *inode)