Message ID | 20231107134012.682009-7-roberto.sassu@huaweicloud.com (mailing list archive) |
---|---|
State | Changes Requested |
Delegated to: | Paul Moore |
Headers | show |
Series | security: Move IMA and EVM to the LSM infrastructure | expand |
On 11/7/2023 5:39 AM, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu@huawei.com> > > Change evm_inode_post_setattr() definition, so that it can be registered as > implementation of the inode_post_setattr hook (to be introduced). > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> > --- > fs/attr.c | 2 +- > include/linux/evm.h | 6 ++++-- > security/integrity/evm/evm_main.c | 4 +++- > 3 files changed, 8 insertions(+), 4 deletions(-) > > diff --git a/fs/attr.c b/fs/attr.c > index 9bddc0a6352c..498e673bdf06 100644 > --- a/fs/attr.c > +++ b/fs/attr.c > @@ -503,7 +503,7 @@ int notify_change(struct mnt_idmap *idmap, struct dentry *dentry, > if (!error) { > fsnotify_change(dentry, ia_valid); > ima_inode_post_setattr(idmap, dentry, ia_valid); > - evm_inode_post_setattr(dentry, ia_valid); > + evm_inode_post_setattr(idmap, dentry, ia_valid); > } > > return error; > diff --git a/include/linux/evm.h b/include/linux/evm.h > index 01fc495a83e2..cf976d8dbd7a 100644 > --- a/include/linux/evm.h > +++ b/include/linux/evm.h > @@ -23,7 +23,8 @@ extern enum integrity_status evm_verifyxattr(struct dentry *dentry, > struct integrity_iint_cache *iint); > extern int evm_inode_setattr(struct mnt_idmap *idmap, > struct dentry *dentry, struct iattr *attr); > -extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); > +extern void evm_inode_post_setattr(struct mnt_idmap *idmap, > + struct dentry *dentry, int ia_valid); > extern int evm_inode_setxattr(struct mnt_idmap *idmap, > struct dentry *dentry, const char *name, > const void *value, size_t size); > @@ -97,7 +98,8 @@ static inline int evm_inode_setattr(struct mnt_idmap *idmap, > return 0; > } > > -static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) > +static inline void evm_inode_post_setattr(struct mnt_idmap *idmap, > + struct dentry *dentry, int ia_valid) > { > return; > } > diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c > index 894570fe39bc..d452d469c503 100644 > --- a/security/integrity/evm/evm_main.c > +++ b/security/integrity/evm/evm_main.c > @@ -840,6 +840,7 @@ int evm_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, > > /** > * evm_inode_post_setattr - update 'security.evm' after modifying metadata > + * @idmap: idmap of the idmapped mount > * @dentry: pointer to the affected dentry > * @ia_valid: for the UID and GID status > * > @@ -849,7 +850,8 @@ int evm_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, > * This function is called from notify_change(), which expects the caller > * to lock the inode's i_mutex. > */ > -void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) > +void evm_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry, > + int ia_valid) > { > if (!evm_revalidate_status(NULL)) > return;
diff --git a/fs/attr.c b/fs/attr.c index 9bddc0a6352c..498e673bdf06 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -503,7 +503,7 @@ int notify_change(struct mnt_idmap *idmap, struct dentry *dentry, if (!error) { fsnotify_change(dentry, ia_valid); ima_inode_post_setattr(idmap, dentry, ia_valid); - evm_inode_post_setattr(dentry, ia_valid); + evm_inode_post_setattr(idmap, dentry, ia_valid); } return error; diff --git a/include/linux/evm.h b/include/linux/evm.h index 01fc495a83e2..cf976d8dbd7a 100644 --- a/include/linux/evm.h +++ b/include/linux/evm.h @@ -23,7 +23,8 @@ extern enum integrity_status evm_verifyxattr(struct dentry *dentry, struct integrity_iint_cache *iint); extern int evm_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, struct iattr *attr); -extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); +extern void evm_inode_post_setattr(struct mnt_idmap *idmap, + struct dentry *dentry, int ia_valid); extern int evm_inode_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, const char *name, const void *value, size_t size); @@ -97,7 +98,8 @@ static inline int evm_inode_setattr(struct mnt_idmap *idmap, return 0; } -static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) +static inline void evm_inode_post_setattr(struct mnt_idmap *idmap, + struct dentry *dentry, int ia_valid) { return; } diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 894570fe39bc..d452d469c503 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -840,6 +840,7 @@ int evm_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, /** * evm_inode_post_setattr - update 'security.evm' after modifying metadata + * @idmap: idmap of the idmapped mount * @dentry: pointer to the affected dentry * @ia_valid: for the UID and GID status * @@ -849,7 +850,8 @@ int evm_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry, * This function is called from notify_change(), which expects the caller * to lock the inode's i_mutex. */ -void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) +void evm_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry, + int ia_valid) { if (!evm_revalidate_status(NULL)) return;