diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 7689c1e21f0927f07aeb4e67c2146013a311a854..09baa335ebc79ed9c7054272dc38534e02c85175 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -91,8 +91,13 @@ static void ima_rdwr_violation_check(struct file *file) mutex_lock(&inode->i_mutex); /* file metadata: permissions, xattr */ if (mode & FMODE_WRITE) { - if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) - send_tomtou = true; + if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) { + struct integrity_iint_cache *iint; + iint = integrity_iint_find(inode); + /* IMA_MEASURE is set from reader side */ + if (iint && (iint->flags & IMA_MEASURE)) + send_tomtou = true; + } } else { if ((atomic_read(&inode->i_writecount) > 0) && ima_must_measure(inode, MAY_READ, FILE_CHECK))