diff options
| author | Dmitry Kasatkin <dmitry.kasatkin@nokia.com> | 2011-05-06 11:34:13 +0300 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-07-18 12:29:47 -0400 |
| commit | 2960e6cb5f7c662b8edb6b0d2edc72095b4f5672 (patch) | |
| tree | 84e8c3378312243087089a669e4209f43d531b37 | |
| parent | d46eb3699502ba221e81e88e6c6594e2a7818532 (diff) | |
evm: additional parameter to pass integrity cache entry 'iint'
Additional iint parameter allows to skip lookup in the cache.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
| -rw-r--r-- | include/linux/evm.h | 8 | ||||
| -rw-r--r-- | security/integrity/evm/evm_main.c | 18 |
2 files changed, 14 insertions, 12 deletions
diff --git a/include/linux/evm.h b/include/linux/evm.h index 7c10761916a2..6d4e89b020c5 100644 --- a/include/linux/evm.h +++ b/include/linux/evm.h @@ -11,11 +11,14 @@ #include <linux/integrity.h> #include <linux/xattr.h> +struct integrity_iint_cache; + #ifdef CONFIG_EVM extern enum integrity_status evm_verifyxattr(struct dentry *dentry, const char *xattr_name, void *xattr_value, - size_t xattr_value_len); + size_t xattr_value_len, + struct integrity_iint_cache *iint); extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); extern int evm_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size); @@ -34,7 +37,8 @@ extern int evm_inode_init_security(struct inode *inode, static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, const char *xattr_name, void *xattr_value, - size_t xattr_value_len) + size_t xattr_value_len, + struct integrity_iint_cache *iint) { return INTEGRITY_UNKNOWN; } diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index b65adb5b06c8..0fa8261c3655 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -127,21 +127,19 @@ static int evm_protected_xattr(const char *req_xattr_name) */ enum integrity_status evm_verifyxattr(struct dentry *dentry, const char *xattr_name, - void *xattr_value, size_t xattr_value_len) + void *xattr_value, size_t xattr_value_len, + struct integrity_iint_cache *iint) { - struct inode *inode = dentry->d_inode; - struct integrity_iint_cache *iint; - enum integrity_status status; - if (!evm_initialized || !evm_protected_xattr(xattr_name)) return INTEGRITY_UNKNOWN; - iint = integrity_iint_find(inode); - if (!iint) - return INTEGRITY_UNKNOWN; - status = evm_verify_hmac(dentry, xattr_name, xattr_value, + if (!iint) { + iint = integrity_iint_find(dentry->d_inode); + if (!iint) + return INTEGRITY_UNKNOWN; + } + return evm_verify_hmac(dentry, xattr_name, xattr_value, xattr_value_len, iint); - return status; } EXPORT_SYMBOL_GPL(evm_verifyxattr); |