evm: add evm_inode_init_security to initialize new files

Initialize 'security.evm' for new files. Changelog v7: - renamed evm_inode_post_init_security to evm_inode_init_security - moved struct xattr definition to earlier patch - allocate xattr name Changelog v6: - Use 'struct evm_ima_xattr_data' Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
author: Mimi Zohar <zohar@linux.vnet.ibm.com> 2011-03-09 14:40:44 -0500
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2011-07-18 12:29:45 -0400
commit: cb72318069d5e92eb74840118732c66eb38c812f (patch)
tree: eb4e9a6c923567e01ddd1340f9430eb3c43f4aeb /security/integrity/evm/evm_main.c
parent: 975d294373d8c1c913ad2bf4eb93966d4c7ca38f (diff)
1 files changed, 38 insertions, 0 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 1746c3669c6f..23486355f443 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -98,6 +98,12 @@ static int evm_protected_xattr(const char *req_xattr_name)
                        found = 1;
                        break;
                }
+                if (strncmp(req_xattr_name,
+                            *xattrname + XATTR_SECURITY_PREFIX_LEN,
+                            strlen(req_xattr_name)) == 0) {
+                        found = 1;
+                        break;
+                }
        }
        return found;
 }
@@ -245,6 +251,38 @@ void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
        return;
 }
+/*
+ * evm_inode_init_security - initializes security.evm
+ */
+int evm_inode_init_security(struct inode *inode,
+                                 const struct xattr *lsm_xattr,
+                                 struct xattr *evm_xattr)
+{
+        struct evm_ima_xattr_data *xattr_data;
+        int rc;
+        if (!evm_initialized || !evm_protected_xattr(lsm_xattr->name))
+                return -EOPNOTSUPP;
+        xattr_data = kzalloc(sizeof(*xattr_data), GFP_NOFS);
+        if (!xattr_data)
+                return -ENOMEM;
+        xattr_data->type = EVM_XATTR_HMAC;
+        rc = evm_init_hmac(inode, lsm_xattr, xattr_data->digest);
+        if (rc < 0)
+                goto out;
+        evm_xattr->value = xattr_data;
+        evm_xattr->value_len = sizeof(*xattr_data);
+        evm_xattr->name = kstrdup(XATTR_EVM_SUFFIX, GFP_NOFS);
+        return 0;
+out:
+        kfree(xattr_data);
+        return rc;
+}
+EXPORT_SYMBOL_GPL(evm_inode_init_security);
 static struct crypto_hash *tfm_hmac;    /* preload crypto alg */
 static int __init init_evm(void)
 {
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2011-03-09 14:40:44 -0500
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2011-07-18 12:29:45 -0400
commit	cb72318069d5e92eb74840118732c66eb38c812f (patch)
tree	eb4e9a6c923567e01ddd1340f9430eb3c43f4aeb /security/integrity/evm/evm_main.c
parent	975d294373d8c1c913ad2bf4eb93966d4c7ca38f (diff)

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 1746c3669c6f..23486355f443 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c
@@ -98,6 +98,12 @@ static int evm_protected_xattr(const char *req_xattr_name)
98	found = 1;	98	found = 1;
99	break;	99	break;
100	}	100	}
		101	if (strncmp(req_xattr_name,
		102	*xattrname + XATTR_SECURITY_PREFIX_LEN,
		103	strlen(req_xattr_name)) == 0) {
		104	found = 1;
		105	break;
		106	}
101	}	107	}
102	return found;	108	return found;
103	}	109	}
@@ -245,6 +251,38 @@ void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
245	return;	251	return;
246	}	252	}
247		253
		254	/*
		255	* evm_inode_init_security - initializes security.evm
		256	*/
		257	int evm_inode_init_security(struct inode *inode,
		258	const struct xattr *lsm_xattr,
		259	struct xattr *evm_xattr)
		260	{
		261	struct evm_ima_xattr_data *xattr_data;
		262	int rc;
		263
		264	if (!evm_initialized \|\| !evm_protected_xattr(lsm_xattr->name))
		265	return -EOPNOTSUPP;
		266
		267	xattr_data = kzalloc(sizeof(*xattr_data), GFP_NOFS);
		268	if (!xattr_data)
		269	return -ENOMEM;
		270
		271	xattr_data->type = EVM_XATTR_HMAC;
		272	rc = evm_init_hmac(inode, lsm_xattr, xattr_data->digest);
		273	if (rc < 0)
		274	goto out;
		275
		276	evm_xattr->value = xattr_data;
		277	evm_xattr->value_len = sizeof(*xattr_data);
		278	evm_xattr->name = kstrdup(XATTR_EVM_SUFFIX, GFP_NOFS);
		279	return 0;
		280	out:
		281	kfree(xattr_data);
		282	return rc;
		283	}
		284	EXPORT_SYMBOL_GPL(evm_inode_init_security);
		285
248	static struct crypto_hash tfm_hmac; / preload crypto alg */	286	static struct crypto_hash tfm_hmac; / preload crypto alg */
249	static int __init init_evm(void)	287	static int __init init_evm(void)
250	{	288	{