Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-06 05:06:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

evm: additional parameter to pass integrity cache entry 'iint'

Browse Source 
Additional iint parameter allows to skip lookup in the cache.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Dmitry Kasatkin 2011-05-06 11:34:13 +03:00 committed by Mimi Zohar
parent d46eb36995
commit 2960e6cb5f
2 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
include/linux/evm.h
View File

@ -11,11 +11,14 @@
#include <linux/integrity.h> #include <linux/integrity.h>
#include <linux/xattr.h> #include <linux/xattr.h>
struct integrity_iint_cache;
#ifdef CONFIG_EVM #ifdef CONFIG_EVM
extern enum integrity_status evm_verifyxattr(struct dentry *dentry, extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
const char *xattr_name, const char *xattr_name,
void *xattr_value, void *xattr_value,
size_t xattr_value_len); size_t xattr_value_len,
struct integrity_iint_cache *iint);
extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid);
extern int evm_inode_setxattr(struct dentry *dentry, const char *name, extern int evm_inode_setxattr(struct dentry *dentry, const char *name,
const void *value, size_t size); const void *value, size_t size);
@ -34,7 +37,8 @@ extern int evm_inode_init_security(struct inode *inode,
static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
const char *xattr_name, const char *xattr_name,
void *xattr_value, void *xattr_value,
size_t xattr_value_len) size_t xattr_value_len,
struct integrity_iint_cache *iint)
{ {
return INTEGRITY_UNKNOWN; return INTEGRITY_UNKNOWN;
} }

18
security/integrity/evm/evm_main.c
View File

@ -127,21 +127,19 @@ static int evm_protected_xattr(const char *req_xattr_name)
*/ */
enum integrity_status evm_verifyxattr(struct dentry *dentry, enum integrity_status evm_verifyxattr(struct dentry *dentry,
const char *xattr_name, const char *xattr_name,
void *xattr_value, size_t xattr_value_len) void *xattr_value, size_t xattr_value_len,
struct integrity_iint_cache *iint)
{ {
struct inode *inode = dentry->d_inode;
struct integrity_iint_cache *iint;
enum integrity_status status;
if (!evm_initialized || !evm_protected_xattr(xattr_name)) if (!evm_initialized || !evm_protected_xattr(xattr_name))
return INTEGRITY_UNKNOWN; return INTEGRITY_UNKNOWN;
iint = integrity_iint_find(inode); if (!iint) {
if (!iint) iint = integrity_iint_find(dentry->d_inode);
return INTEGRITY_UNKNOWN; if (!iint)
status = evm_verify_hmac(dentry, xattr_name, xattr_value, return INTEGRITY_UNKNOWN;
}
return evm_verify_hmac(dentry, xattr_name, xattr_value,
xattr_value_len, iint); xattr_value_len, iint);
return status;
} }
EXPORT_SYMBOL_GPL(evm_verifyxattr); EXPORT_SYMBOL_GPL(evm_verifyxattr);