From patchwork Fri Nov  3 20:17:59 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mikhail Kurinnoi <viewizard@viewizard.com>
X-Patchwork-Id: 10041145
Return-Path: <linux-integrity-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	F1310602D8 for <patchwork-linux-integrity@patchwork.kernel.org>;
	Fri,  3 Nov 2017 20:18:03 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E387A2967C
	for <patchwork-linux-integrity@patchwork.kernel.org>;
	Fri,  3 Nov 2017 20:18:03 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id D87B4298C8; Fri,  3 Nov 2017 20:18:03 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 551802967C
	for <patchwork-linux-integrity@patchwork.kernel.org>;
	Fri,  3 Nov 2017 20:18:03 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752057AbdKCUSD (ORCPT
	<rfc822;patchwork-linux-integrity@patchwork.kernel.org>);
	Fri, 3 Nov 2017 16:18:03 -0400
Received: from mail-lf0-f66.google.com ([209.85.215.66]:52481 "EHLO
	mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752045AbdKCUSC (ORCPT
	<rfc822;linux-integrity@vger.kernel.org>);
	Fri, 3 Nov 2017 16:18:02 -0400
Received: by mail-lf0-f66.google.com with SMTP id b190so4441707lfg.9
	for <linux-integrity@vger.kernel.org>;
	Fri, 03 Nov 2017 13:18:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=sender:date:from:to:subject:message-id:mime-version
	:content-transfer-encoding;
	bh=O/XxcA+098o9P76sIU/74JMeT4VVy/yaoFzpafZ/Ws8=;
	b=nkTuFvu/AJJSZ+sSUXoS8rJwyizIcPgvwIlKq0xmTt3mpzefNZcZm1WQQ5tBWtrJoM
	XwwEndX8j6grfo7HjojTd3BhjoCQRRwKNI4bMVvwuFRRvKZWeKA//QAt2yI3wFAl2751
	0sbwvDRVoskJ1AvDeVZi/2B7LCjUdAWKJE4RgacP6VSKO9eyfO1dJTJwLm44c6ZHswuR
	3a4x3x1lJLPOQFFC42EF7Uf9YdlYjpuM4R+7svxuKORIW/kW+Rzsx8tzt6bCkK0sa0iU
	upSni0LGSX5CS6mI5nUbLxqU+FD/37SbGNGsvXKB/gI/S/r/PEmCTMY2B+YqjLhB1baS
	eJOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:date:from:to:subject:message-id
	:mime-version:content-transfer-encoding;
	bh=O/XxcA+098o9P76sIU/74JMeT4VVy/yaoFzpafZ/Ws8=;
	b=ns4j0L1ExQrqIaX9TchHGhpGZGvpjgMv/MvxiF3VxWB71Lcs62H0F3LxzgZ99j10Qq
	m5N+MbNsHQ4HjiihYAWkQjNmt5kZraScHDVEiSdd6cYFJO+1FLBA5d+nENI3JgbGFhd0
	uxCWLmNxYksjtHH3uOeP2WeQcuuwo2GrkLhebBE5yuPcwdEgu+UNThwTdk+VeKvfLXBW
	fJaWCK4l0rgi8gbgY0xoYGrRHBJuKSSDjDwXKO/aeGOegM2itsrn1YZqAOL2Kh8zcsmd
	E/cHF6T7gaU46QfO9kdaG+44FyNpIgJ5xL8HHqtD0pcCCHI4Nw0TDK9DUGnAo9Q0sknu
	M+kg==
X-Gm-Message-State: AJaThX49W+/OhxGSgNz/egYh+CyLkeadTKJbHrtxm6EahDUlJEB/ADsI
	luAVvShDnMla3KSV2aYGxs7vl66B
X-Google-Smtp-Source: 
 ABhQp+SGVO1dBT0633D5QayN7p5WHCdPS4QpV4XT8uAnc8739AR77DEgIclr0Ml+OUmX/Ud2lYOfVw==
X-Received: by 10.25.233.81 with SMTP id g78mr3108317lfh.197.1509740280755;
	Fri, 03 Nov 2017 13:18:00 -0700 (PDT)
Received: from totoro ([83.217.199.75]) by smtp.gmail.com with ESMTPSA id
	w88sm1184247lfd.1.2017.11.03.13.17.59
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Fri, 03 Nov 2017 13:18:00 -0700 (PDT)
Date: Fri, 3 Nov 2017 23:17:59 +0300
From: Mikhail Kurinnoi <viewizard@viewizard.com>
To: linux-integrity@vger.kernel.org, Mimi Zohar <zohar@linux.vnet.ibm.com>
Subject: [PATCH] evm: allow uid/gid/mode changes for inode without xattr
	support
Message-ID: <20171103231759.518e2c04@totoro>
MIME-Version: 1.0
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

This patch provide changes in order to allow uid/gid/mode changes for
inode without xattr support.

Signed-off-by: Mikhail Kurinnoi <viewizard@viewizard.com>

 security/integrity/evm/evm_main.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 9826c02e2db8..e365ea39a3ed 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -431,7 +431,8 @@ int evm_inode_setattr(struct dentry *dentry, struct iattr *attr)
 	unsigned int ia_valid = attr->ia_valid;
 	enum integrity_status evm_status;
 
-	if (!(ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID)))
+	if (!(ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID)) ||
+	    !(d_backing_inode(dentry)->i_opflags & IOP_XATTR))
 		return 0;
 	evm_status = evm_verify_current_integrity(dentry);
 	if ((evm_status == INTEGRITY_PASS) ||