aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDmitry Kasatkin <dmitry.kasatkin@nokia.com>2011-05-06 04:34:13 -0400
committerMimi Zohar <zohar@linux.vnet.ibm.com>2011-07-18 12:29:47 -0400
commit2960e6cb5f7c662b8edb6b0d2edc72095b4f5672 (patch)
tree84e8c3378312243087089a669e4209f43d531b37
parentd46eb3699502ba221e81e88e6c6594e2a7818532 (diff)
evm: additional parameter to pass integrity cache entry 'iint'
Additional iint parameter allows to skip lookup in the cache. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-rw-r--r--include/linux/evm.h8
-rw-r--r--security/integrity/evm/evm_main.c18
2 files changed, 14 insertions, 12 deletions
diff --git a/include/linux/evm.h b/include/linux/evm.h
index 7c10761916a2..6d4e89b020c5 100644
--- a/include/linux/evm.h
+++ b/include/linux/evm.h
@@ -11,11 +11,14 @@
11#include <linux/integrity.h> 11#include <linux/integrity.h>
12#include <linux/xattr.h> 12#include <linux/xattr.h>
13 13
14struct integrity_iint_cache;
15
14#ifdef CONFIG_EVM 16#ifdef CONFIG_EVM
15extern enum integrity_status evm_verifyxattr(struct dentry *dentry, 17extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
16 const char *xattr_name, 18 const char *xattr_name,
17 void *xattr_value, 19 void *xattr_value,
18 size_t xattr_value_len); 20 size_t xattr_value_len,
21 struct integrity_iint_cache *iint);
19extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); 22extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid);
20extern int evm_inode_setxattr(struct dentry *dentry, const char *name, 23extern int evm_inode_setxattr(struct dentry *dentry, const char *name,
21 const void *value, size_t size); 24 const void *value, size_t size);
@@ -34,7 +37,8 @@ extern int evm_inode_init_security(struct inode *inode,
34static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, 37static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
35 const char *xattr_name, 38 const char *xattr_name,
36 void *xattr_value, 39 void *xattr_value,
37 size_t xattr_value_len) 40 size_t xattr_value_len,
41 struct integrity_iint_cache *iint)
38{ 42{
39 return INTEGRITY_UNKNOWN; 43 return INTEGRITY_UNKNOWN;
40} 44}
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index b65adb5b06c8..0fa8261c3655 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -127,21 +127,19 @@ static int evm_protected_xattr(const char *req_xattr_name)
127 */ 127 */
128enum integrity_status evm_verifyxattr(struct dentry *dentry, 128enum integrity_status evm_verifyxattr(struct dentry *dentry,
129 const char *xattr_name, 129 const char *xattr_name,
130 void *xattr_value, size_t xattr_value_len) 130 void *xattr_value, size_t xattr_value_len,
131 struct integrity_iint_cache *iint)
131{ 132{
132 struct inode *inode = dentry->d_inode;
133 struct integrity_iint_cache *iint;
134 enum integrity_status status;
135
136 if (!evm_initialized || !evm_protected_xattr(xattr_name)) 133 if (!evm_initialized || !evm_protected_xattr(xattr_name))
137 return INTEGRITY_UNKNOWN; 134 return INTEGRITY_UNKNOWN;
138 135
139 iint = integrity_iint_find(inode); 136 if (!iint) {
140 if (!iint) 137 iint = integrity_iint_find(dentry->d_inode);
141 return INTEGRITY_UNKNOWN; 138 if (!iint)
142 status = evm_verify_hmac(dentry, xattr_name, xattr_value, 139 return INTEGRITY_UNKNOWN;
140 }
141 return evm_verify_hmac(dentry, xattr_name, xattr_value,
143 xattr_value_len, iint); 142 xattr_value_len, iint);
144 return status;
145} 143}
146EXPORT_SYMBOL_GPL(evm_verifyxattr); 144EXPORT_SYMBOL_GPL(evm_verifyxattr);
147 145