diff options
author | Dmitry Kasatkin <dmitry.kasatkin@nokia.com> | 2011-05-06 04:34:13 -0400 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-07-18 12:29:47 -0400 |
commit | 2960e6cb5f7c662b8edb6b0d2edc72095b4f5672 (patch) | |
tree | 84e8c3378312243087089a669e4209f43d531b37 | |
parent | d46eb3699502ba221e81e88e6c6594e2a7818532 (diff) |
evm: additional parameter to pass integrity cache entry 'iint'
Additional iint parameter allows to skip lookup in the cache.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-rw-r--r-- | include/linux/evm.h | 8 | ||||
-rw-r--r-- | security/integrity/evm/evm_main.c | 18 |
2 files changed, 14 insertions, 12 deletions
diff --git a/include/linux/evm.h b/include/linux/evm.h index 7c10761916a2..6d4e89b020c5 100644 --- a/include/linux/evm.h +++ b/include/linux/evm.h | |||
@@ -11,11 +11,14 @@ | |||
11 | #include <linux/integrity.h> | 11 | #include <linux/integrity.h> |
12 | #include <linux/xattr.h> | 12 | #include <linux/xattr.h> |
13 | 13 | ||
14 | struct integrity_iint_cache; | ||
15 | |||
14 | #ifdef CONFIG_EVM | 16 | #ifdef CONFIG_EVM |
15 | extern enum integrity_status evm_verifyxattr(struct dentry *dentry, | 17 | extern enum integrity_status evm_verifyxattr(struct dentry *dentry, |
16 | const char *xattr_name, | 18 | const char *xattr_name, |
17 | void *xattr_value, | 19 | void *xattr_value, |
18 | size_t xattr_value_len); | 20 | size_t xattr_value_len, |
21 | struct integrity_iint_cache *iint); | ||
19 | extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); | 22 | extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); |
20 | extern int evm_inode_setxattr(struct dentry *dentry, const char *name, | 23 | extern int evm_inode_setxattr(struct dentry *dentry, const char *name, |
21 | const void *value, size_t size); | 24 | const void *value, size_t size); |
@@ -34,7 +37,8 @@ extern int evm_inode_init_security(struct inode *inode, | |||
34 | static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, | 37 | static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, |
35 | const char *xattr_name, | 38 | const char *xattr_name, |
36 | void *xattr_value, | 39 | void *xattr_value, |
37 | size_t xattr_value_len) | 40 | size_t xattr_value_len, |
41 | struct integrity_iint_cache *iint) | ||
38 | { | 42 | { |
39 | return INTEGRITY_UNKNOWN; | 43 | return INTEGRITY_UNKNOWN; |
40 | } | 44 | } |
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index b65adb5b06c8..0fa8261c3655 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c | |||
@@ -127,21 +127,19 @@ static int evm_protected_xattr(const char *req_xattr_name) | |||
127 | */ | 127 | */ |
128 | enum integrity_status evm_verifyxattr(struct dentry *dentry, | 128 | enum integrity_status evm_verifyxattr(struct dentry *dentry, |
129 | const char *xattr_name, | 129 | const char *xattr_name, |
130 | void *xattr_value, size_t xattr_value_len) | 130 | void *xattr_value, size_t xattr_value_len, |
131 | struct integrity_iint_cache *iint) | ||
131 | { | 132 | { |
132 | struct inode *inode = dentry->d_inode; | ||
133 | struct integrity_iint_cache *iint; | ||
134 | enum integrity_status status; | ||
135 | |||
136 | if (!evm_initialized || !evm_protected_xattr(xattr_name)) | 133 | if (!evm_initialized || !evm_protected_xattr(xattr_name)) |
137 | return INTEGRITY_UNKNOWN; | 134 | return INTEGRITY_UNKNOWN; |
138 | 135 | ||
139 | iint = integrity_iint_find(inode); | 136 | if (!iint) { |
140 | if (!iint) | 137 | iint = integrity_iint_find(dentry->d_inode); |
141 | return INTEGRITY_UNKNOWN; | 138 | if (!iint) |
142 | status = evm_verify_hmac(dentry, xattr_name, xattr_value, | 139 | return INTEGRITY_UNKNOWN; |
140 | } | ||
141 | return evm_verify_hmac(dentry, xattr_name, xattr_value, | ||
143 | xattr_value_len, iint); | 142 | xattr_value_len, iint); |
144 | return status; | ||
145 | } | 143 | } |
146 | EXPORT_SYMBOL_GPL(evm_verifyxattr); | 144 | EXPORT_SYMBOL_GPL(evm_verifyxattr); |
147 | 145 | ||