Commit 2960e6cb authored by Dmitry Kasatkin's avatar Dmitry Kasatkin Committed by Mimi Zohar

evm: additional parameter to pass integrity cache entry 'iint'

Additional iint parameter allows to skip lookup in the cache.
Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent d46eb369
...@@ -11,11 +11,14 @@ ...@@ -11,11 +11,14 @@
#include <linux/integrity.h> #include <linux/integrity.h>
#include <linux/xattr.h> #include <linux/xattr.h>
struct integrity_iint_cache;
#ifdef CONFIG_EVM #ifdef CONFIG_EVM
extern enum integrity_status evm_verifyxattr(struct dentry *dentry, extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
const char *xattr_name, const char *xattr_name,
void *xattr_value, void *xattr_value,
size_t xattr_value_len); size_t xattr_value_len,
struct integrity_iint_cache *iint);
extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid);
extern int evm_inode_setxattr(struct dentry *dentry, const char *name, extern int evm_inode_setxattr(struct dentry *dentry, const char *name,
const void *value, size_t size); const void *value, size_t size);
...@@ -34,7 +37,8 @@ extern int evm_inode_init_security(struct inode *inode, ...@@ -34,7 +37,8 @@ extern int evm_inode_init_security(struct inode *inode,
static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
const char *xattr_name, const char *xattr_name,
void *xattr_value, void *xattr_value,
size_t xattr_value_len) size_t xattr_value_len,
struct integrity_iint_cache *iint)
{ {
return INTEGRITY_UNKNOWN; return INTEGRITY_UNKNOWN;
} }
......
...@@ -127,21 +127,19 @@ static int evm_protected_xattr(const char *req_xattr_name) ...@@ -127,21 +127,19 @@ static int evm_protected_xattr(const char *req_xattr_name)
*/ */
enum integrity_status evm_verifyxattr(struct dentry *dentry, enum integrity_status evm_verifyxattr(struct dentry *dentry,
const char *xattr_name, const char *xattr_name,
void *xattr_value, size_t xattr_value_len) void *xattr_value, size_t xattr_value_len,
struct integrity_iint_cache *iint)
{ {
struct inode *inode = dentry->d_inode;
struct integrity_iint_cache *iint;
enum integrity_status status;
if (!evm_initialized || !evm_protected_xattr(xattr_name)) if (!evm_initialized || !evm_protected_xattr(xattr_name))
return INTEGRITY_UNKNOWN; return INTEGRITY_UNKNOWN;
iint = integrity_iint_find(inode); if (!iint) {
if (!iint) iint = integrity_iint_find(dentry->d_inode);
return INTEGRITY_UNKNOWN; if (!iint)
status = evm_verify_hmac(dentry, xattr_name, xattr_value, return INTEGRITY_UNKNOWN;
}
return evm_verify_hmac(dentry, xattr_name, xattr_value,
xattr_value_len, iint); xattr_value_len, iint);
return status;
} }
EXPORT_SYMBOL_GPL(evm_verifyxattr); EXPORT_SYMBOL_GPL(evm_verifyxattr);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment