Merge branch 'next-ima-appraisal' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next

As requested by Mimi, this adds the IMA Appraisal feature.
author: James Morris <james.l.morris@oracle.com> 2012-09-11 23:16:37 -0400
committer: James Morris <james.l.morris@oracle.com> 2012-09-11 23:16:37 -0400
commit: 9ddf6aa8cbc07764c7fe33cfdb8644ca5e828252 (patch)
tree: d0796f172c096147e1a7c0337279bf7dca6f13f2 /include/linux
parent: b25b09ecf98bf6a32f3732281c2db13be6aeb14c (diff)
parent: 8606404fa555c2ee691376fcc640ab89fe752035 (diff)
3 files changed, 34 insertions, 3 deletions
diff --git a/include/linux/ima.h b/include/linux/ima.h
index 6ac8e50c6cf5..2c7223d7e73b 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -39,5 +39,32 @@ static inline int ima_file_mmap(struct file *file, unsigned long prot)
 {
        return 0;
 }
 #endif /* CONFIG_IMA_H */
+#ifdef CONFIG_IMA_APPRAISE
+extern void ima_inode_post_setattr(struct dentry *dentry);
+extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
+                       const void *xattr_value, size_t xattr_value_len);
+extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name);
+#else
+static inline void ima_inode_post_setattr(struct dentry *dentry)
+{
+        return;
+}
+static inline int ima_inode_setxattr(struct dentry *dentry,
+                                     const char *xattr_name,
+                                     const void *xattr_value,
+                                     size_t xattr_value_len)
+{
+        return 0;
+}
+static inline int ima_inode_removexattr(struct dentry *dentry,
+                                        const char *xattr_name)
+{
+        return 0;
+}
+#endif /* CONFIG_IMA_APPRAISE_H */
 #endif /* _LINUX_IMA_H */
diff --git a/include/linux/integrity.h b/include/linux/integrity.h
index a0c41256cb92..66c5fe9550a5 100644
--- a/include/linux/integrity.h
+++ b/include/linux/integrity.h
@@ -22,13 +22,14 @@ enum integrity_status {
 /* List of EVM protected security xattrs */
 #ifdef CONFIG_INTEGRITY
-extern int integrity_inode_alloc(struct inode *inode);
+extern struct integrity_iint_cache *integrity_inode_get(struct inode *inode);
 extern void integrity_inode_free(struct inode *inode);
 #else
-static inline int integrity_inode_alloc(struct inode *inode)
+static inline struct integrity_iint_cache *
+                                integrity_inode_get(struct inode *inode)
 {
-        return 0;
+        return NULL;
 }
 static inline void integrity_inode_free(struct inode *inode)
diff --git a/include/linux/xattr.h b/include/linux/xattr.h
index e5d122031542..77a3e686d566 100644
--- a/include/linux/xattr.h
+++ b/include/linux/xattr.h
@@ -33,6 +33,9 @@
 #define XATTR_EVM_SUFFIX "evm"
 #define XATTR_NAME_EVM XATTR_SECURITY_PREFIX XATTR_EVM_SUFFIX
+#define XATTR_IMA_SUFFIX "ima"
+#define XATTR_NAME_IMA XATTR_SECURITY_PREFIX XATTR_IMA_SUFFIX
 #define XATTR_SELINUX_SUFFIX "selinux"
 #define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
author	James Morris <james.l.morris@oracle.com>	2012-09-11 23:16:37 -0400
committer	James Morris <james.l.morris@oracle.com>	2012-09-11 23:16:37 -0400
commit	9ddf6aa8cbc07764c7fe33cfdb8644ca5e828252 (patch)
tree	d0796f172c096147e1a7c0337279bf7dca6f13f2 /include/linux
parent	b25b09ecf98bf6a32f3732281c2db13be6aeb14c (diff)
parent	8606404fa555c2ee691376fcc640ab89fe752035 (diff)

diff --git a/include/linux/ima.h b/include/linux/ima.h index 6ac8e50c6cf5..2c7223d7e73b 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h
@@ -39,5 +39,32 @@ static inline int ima_file_mmap(struct file *file, unsigned long prot)
39	{	39	{
40	return 0;	40	return 0;
41	}	41	}
		42
42	#endif /* CONFIG_IMA_H */	43	#endif /* CONFIG_IMA_H */
		44
		45	#ifdef CONFIG_IMA_APPRAISE
		46	extern void ima_inode_post_setattr(struct dentry *dentry);
		47	extern int ima_inode_setxattr(struct dentry dentry, const char xattr_name,
		48	const void *xattr_value, size_t xattr_value_len);
		49	extern int ima_inode_removexattr(struct dentry dentry, const char xattr_name);
		50	#else
		51	static inline void ima_inode_post_setattr(struct dentry *dentry)
		52	{
		53	return;
		54	}
		55
		56	static inline int ima_inode_setxattr(struct dentry *dentry,
		57	const char *xattr_name,
		58	const void *xattr_value,
		59	size_t xattr_value_len)
		60	{
		61	return 0;
		62	}
		63
		64	static inline int ima_inode_removexattr(struct dentry *dentry,
		65	const char *xattr_name)
		66	{
		67	return 0;
		68	}
		69	#endif /* CONFIG_IMA_APPRAISE_H */
43	#endif /* _LINUX_IMA_H */	70	#endif /* _LINUX_IMA_H */


diff --git a/include/linux/integrity.h b/include/linux/integrity.h index a0c41256cb92..66c5fe9550a5 100644 --- a/include/linux/integrity.h +++ b/include/linux/integrity.h
@@ -22,13 +22,14 @@ enum integrity_status {
22		22
23	/* List of EVM protected security xattrs */	23	/* List of EVM protected security xattrs */
24	#ifdef CONFIG_INTEGRITY	24	#ifdef CONFIG_INTEGRITY
25	extern int integrity_inode_alloc(struct inode *inode);	25	extern struct integrity_iint_cache integrity_inode_get(struct inode inode);
26	extern void integrity_inode_free(struct inode *inode);	26	extern void integrity_inode_free(struct inode *inode);
27		27
28	#else	28	#else
29	static inline int integrity_inode_alloc(struct inode *inode)	29	static inline struct integrity_iint_cache *
		30	integrity_inode_get(struct inode *inode)
30	{	31	{
31	return 0;	32	return NULL;
32	}	33	}
33		34
34	static inline void integrity_inode_free(struct inode *inode)	35	static inline void integrity_inode_free(struct inode *inode)


diff --git a/include/linux/xattr.h b/include/linux/xattr.h index e5d122031542..77a3e686d566 100644 --- a/include/linux/xattr.h +++ b/include/linux/xattr.h
@@ -33,6 +33,9 @@
33	#define XATTR_EVM_SUFFIX "evm"	33	#define XATTR_EVM_SUFFIX "evm"
34	#define XATTR_NAME_EVM XATTR_SECURITY_PREFIX XATTR_EVM_SUFFIX	34	#define XATTR_NAME_EVM XATTR_SECURITY_PREFIX XATTR_EVM_SUFFIX
35		35
		36	#define XATTR_IMA_SUFFIX "ima"
		37	#define XATTR_NAME_IMA XATTR_SECURITY_PREFIX XATTR_IMA_SUFFIX
		38
36	#define XATTR_SELINUX_SUFFIX "selinux"	39	#define XATTR_SELINUX_SUFFIX "selinux"
37	#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX	40	#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
38		41