Message ID | 20231107134012.682009-9-roberto.sassu@huaweicloud.com (mailing list archive) |
---|---|
State | Changes Requested |
Delegated to: | Paul Moore |
Headers | show |
Series | security: Move IMA and EVM to the LSM infrastructure | expand |
On 11/7/2023 5:39 AM, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu@huawei.com> > > Change evm_inode_post_setxattr() definition, so that it can be registered > as implementation of the inode_post_setxattr hook. > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> > Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> > --- > include/linux/evm.h | 8 +++++--- > security/integrity/evm/evm_main.c | 4 +++- > security/security.c | 2 +- > 3 files changed, 9 insertions(+), 5 deletions(-) > > diff --git a/include/linux/evm.h b/include/linux/evm.h > index 7c6a74dbc093..437d4076a3b3 100644 > --- a/include/linux/evm.h > +++ b/include/linux/evm.h > @@ -31,7 +31,8 @@ extern int evm_inode_setxattr(struct mnt_idmap *idmap, > extern void evm_inode_post_setxattr(struct dentry *dentry, > const char *xattr_name, > const void *xattr_value, > - size_t xattr_value_len); > + size_t xattr_value_len, > + int flags); > extern int evm_inode_removexattr(struct mnt_idmap *idmap, > struct dentry *dentry, const char *xattr_name); > extern void evm_inode_post_removexattr(struct dentry *dentry, > @@ -55,7 +56,7 @@ static inline void evm_inode_post_set_acl(struct dentry *dentry, > const char *acl_name, > struct posix_acl *kacl) > { > - return evm_inode_post_setxattr(dentry, acl_name, NULL, 0); > + return evm_inode_post_setxattr(dentry, acl_name, NULL, 0, 0); > } > > int evm_inode_init_security(struct inode *inode, struct inode *dir, > @@ -114,7 +115,8 @@ static inline int evm_inode_setxattr(struct mnt_idmap *idmap, > static inline void evm_inode_post_setxattr(struct dentry *dentry, > const char *xattr_name, > const void *xattr_value, > - size_t xattr_value_len) > + size_t xattr_value_len, > + int flags) > { > return; > } > diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c > index 7fc083d53fdf..ea84a6f835ff 100644 > --- a/security/integrity/evm/evm_main.c > +++ b/security/integrity/evm/evm_main.c > @@ -730,6 +730,7 @@ bool evm_revalidate_status(const char *xattr_name) > * @xattr_name: pointer to the affected extended attribute name > * @xattr_value: pointer to the new extended attribute value > * @xattr_value_len: pointer to the new extended attribute value length > + * @flags: flags to pass into filesystem operations > * > * Update the HMAC stored in 'security.evm' to reflect the change. > * > @@ -738,7 +739,8 @@ bool evm_revalidate_status(const char *xattr_name) > * i_mutex lock. > */ > void evm_inode_post_setxattr(struct dentry *dentry, const char *xattr_name, > - const void *xattr_value, size_t xattr_value_len) > + const void *xattr_value, size_t xattr_value_len, > + int flags) > { > if (!evm_revalidate_status(xattr_name)) > return; > diff --git a/security/security.c b/security/security.c > index ae3625198c9f..53793f3cb36a 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -2367,7 +2367,7 @@ void security_inode_post_setxattr(struct dentry *dentry, const char *name, > if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) > return; > call_void_hook(inode_post_setxattr, dentry, name, value, size, flags); > - evm_inode_post_setxattr(dentry, name, value, size); > + evm_inode_post_setxattr(dentry, name, value, size, flags); > } > > /**
diff --git a/include/linux/evm.h b/include/linux/evm.h index 7c6a74dbc093..437d4076a3b3 100644 --- a/include/linux/evm.h +++ b/include/linux/evm.h @@ -31,7 +31,8 @@ extern int evm_inode_setxattr(struct mnt_idmap *idmap, extern void evm_inode_post_setxattr(struct dentry *dentry, const char *xattr_name, const void *xattr_value, - size_t xattr_value_len); + size_t xattr_value_len, + int flags); extern int evm_inode_removexattr(struct mnt_idmap *idmap, struct dentry *dentry, const char *xattr_name); extern void evm_inode_post_removexattr(struct dentry *dentry, @@ -55,7 +56,7 @@ static inline void evm_inode_post_set_acl(struct dentry *dentry, const char *acl_name, struct posix_acl *kacl) { - return evm_inode_post_setxattr(dentry, acl_name, NULL, 0); + return evm_inode_post_setxattr(dentry, acl_name, NULL, 0, 0); } int evm_inode_init_security(struct inode *inode, struct inode *dir, @@ -114,7 +115,8 @@ static inline int evm_inode_setxattr(struct mnt_idmap *idmap, static inline void evm_inode_post_setxattr(struct dentry *dentry, const char *xattr_name, const void *xattr_value, - size_t xattr_value_len) + size_t xattr_value_len, + int flags) { return; } diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 7fc083d53fdf..ea84a6f835ff 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -730,6 +730,7 @@ bool evm_revalidate_status(const char *xattr_name) * @xattr_name: pointer to the affected extended attribute name * @xattr_value: pointer to the new extended attribute value * @xattr_value_len: pointer to the new extended attribute value length + * @flags: flags to pass into filesystem operations * * Update the HMAC stored in 'security.evm' to reflect the change. * @@ -738,7 +739,8 @@ bool evm_revalidate_status(const char *xattr_name) * i_mutex lock. */ void evm_inode_post_setxattr(struct dentry *dentry, const char *xattr_name, - const void *xattr_value, size_t xattr_value_len) + const void *xattr_value, size_t xattr_value_len, + int flags) { if (!evm_revalidate_status(xattr_name)) return; diff --git a/security/security.c b/security/security.c index ae3625198c9f..53793f3cb36a 100644 --- a/security/security.c +++ b/security/security.c @@ -2367,7 +2367,7 @@ void security_inode_post_setxattr(struct dentry *dentry, const char *name, if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return; call_void_hook(inode_post_setxattr, dentry, name, value, size, flags); - evm_inode_post_setxattr(dentry, name, value, size); + evm_inode_post_setxattr(dentry, name, value, size, flags); } /**