diff options
| -rw-r--r-- | include/linux/evm.h | 8 | ||||
| -rw-r--r-- | security/integrity/evm/evm_main.c | 18 |
2 files changed, 14 insertions, 12 deletions
diff --git a/include/linux/evm.h b/include/linux/evm.h index 7c10761916a2..6d4e89b020c5 100644 --- a/include/linux/evm.h +++ b/include/linux/evm.h | |||
| @@ -11,11 +11,14 @@ | |||
| 11 | #include <linux/integrity.h> | 11 | #include <linux/integrity.h> |
| 12 | #include <linux/xattr.h> | 12 | #include <linux/xattr.h> |
| 13 | 13 | ||
| 14 | struct integrity_iint_cache; | ||
| 15 | |||
| 14 | #ifdef CONFIG_EVM | 16 | #ifdef CONFIG_EVM |
| 15 | extern enum integrity_status evm_verifyxattr(struct dentry *dentry, | 17 | extern enum integrity_status evm_verifyxattr(struct dentry *dentry, |
| 16 | const char *xattr_name, | 18 | const char *xattr_name, |
| 17 | void *xattr_value, | 19 | void *xattr_value, |
| 18 | size_t xattr_value_len); | 20 | size_t xattr_value_len, |
| 21 | struct integrity_iint_cache *iint); | ||
| 19 | extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); | 22 | extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); |
| 20 | extern int evm_inode_setxattr(struct dentry *dentry, const char *name, | 23 | extern int evm_inode_setxattr(struct dentry *dentry, const char *name, |
| 21 | const void *value, size_t size); | 24 | const void *value, size_t size); |
| @@ -34,7 +37,8 @@ extern int evm_inode_init_security(struct inode *inode, | |||
| 34 | static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, | 37 | static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, |
| 35 | const char *xattr_name, | 38 | const char *xattr_name, |
| 36 | void *xattr_value, | 39 | void *xattr_value, |
| 37 | size_t xattr_value_len) | 40 | size_t xattr_value_len, |
| 41 | struct integrity_iint_cache *iint) | ||
| 38 | { | 42 | { |
| 39 | return INTEGRITY_UNKNOWN; | 43 | return INTEGRITY_UNKNOWN; |
| 40 | } | 44 | } |
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index b65adb5b06c8..0fa8261c3655 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c | |||
| @@ -127,21 +127,19 @@ static int evm_protected_xattr(const char *req_xattr_name) | |||
| 127 | */ | 127 | */ |
| 128 | enum integrity_status evm_verifyxattr(struct dentry *dentry, | 128 | enum integrity_status evm_verifyxattr(struct dentry *dentry, |
| 129 | const char *xattr_name, | 129 | const char *xattr_name, |
| 130 | void *xattr_value, size_t xattr_value_len) | 130 | void *xattr_value, size_t xattr_value_len, |
| 131 | struct integrity_iint_cache *iint) | ||
| 131 | { | 132 | { |
| 132 | struct inode *inode = dentry->d_inode; | ||
| 133 | struct integrity_iint_cache *iint; | ||
| 134 | enum integrity_status status; | ||
| 135 | |||
| 136 | if (!evm_initialized || !evm_protected_xattr(xattr_name)) | 133 | if (!evm_initialized || !evm_protected_xattr(xattr_name)) |
| 137 | return INTEGRITY_UNKNOWN; | 134 | return INTEGRITY_UNKNOWN; |
| 138 | 135 | ||
| 139 | iint = integrity_iint_find(inode); | 136 | if (!iint) { |
| 140 | if (!iint) | 137 | iint = integrity_iint_find(dentry->d_inode); |
| 141 | return INTEGRITY_UNKNOWN; | 138 | if (!iint) |
| 142 | status = evm_verify_hmac(dentry, xattr_name, xattr_value, | 139 | return INTEGRITY_UNKNOWN; |
| 140 | } | ||
| 141 | return evm_verify_hmac(dentry, xattr_name, xattr_value, | ||
| 143 | xattr_value_len, iint); | 142 | xattr_value_len, iint); |
| 144 | return status; | ||
| 145 | } | 143 | } |
| 146 | EXPORT_SYMBOL_GPL(evm_verifyxattr); | 144 | EXPORT_SYMBOL_GPL(evm_verifyxattr); |
| 147 | 145 | ||