!2042 ima: Add macros to isolate the IMA digest list (027dc48c) · Commits · EulixOS / Software / Kernel

fs/xattr.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -16,7 +16,9 @@
		#include <linux/namei.h>
		#include <linux/security.h>
		#include <linux/evm.h>
		#ifdef CONFIG_IMA_DIGEST_LIST
		#include <linux/ima.h>
		#endif
		#include <linux/syscalls.h>
		#include <linux/export.h>
		#include <linux/fsnotify.h>
		@@ -475,7 +477,9 @@ __vfs_removexattr_locked(struct dentry dentry, const char name,

		if (!error) {
		fsnotify_xattr(dentry);
		#ifdef CONFIG_IMA_DIGEST_LIST
		ima_inode_post_removexattr(dentry, name);
		#endif
		evm_inode_post_removexattr(dentry, name);
		}

+4 −1

Original line number	Diff line number	Diff line
		@@ -35,7 +35,9 @@ extern void evm_inode_post_removexattr(struct dentry *dentry,
		extern int evm_inode_init_security(struct inode *inode,
		const struct xattr *xattr_array,
		struct xattr *evm);
		#ifdef CONFIG_IMA_DIGEST_LIST
		extern bool evm_status_revalidate(const char *xattr_name);
		#endif
		#ifdef CONFIG_FS_POSIX_ACL
		extern int posix_xattr_acl(const char *xattrname);
		#else
		@@ -105,10 +107,11 @@ static inline int evm_inode_init_security(struct inode *inode,
		return 0;
		}

		#ifdef CONFIG_IMA_DIGEST_LIST
		static inline bool evm_status_revalidate(const char *xattr_name)
		{
		return false;
		}

		#endif /* CONFIG_IMA_DIGEST_LIST */
		#endif /* CONFIG_EVM */
		#endif /* LINUX_EVM_H */

+8 −0

Original line number	Diff line number	Diff line
		@@ -144,13 +144,17 @@ extern bool is_ima_appraise_enabled(void);
		extern void ima_inode_post_setattr(struct dentry *dentry);
		extern int ima_inode_setxattr(struct dentry dentry, const char xattr_name,
		const void *xattr_value, size_t xattr_value_len);
		#ifdef CONFIG_IMA_DIGEST_LIST
		extern void ima_inode_post_setxattr(struct dentry *dentry,
		const char *xattr_name,
		const void *xattr_value,
		size_t xattr_value_len);
		#endif
		extern int ima_inode_removexattr(struct dentry dentry, const char xattr_name);
		#ifdef CONFIG_IMA_DIGEST_LIST
		extern void ima_inode_post_removexattr(struct dentry *dentry,
		const char *xattr_name);
		#endif
		#else
		static inline bool is_ima_appraise_enabled(void)
		{
		@@ -170,12 +174,14 @@ static inline int ima_inode_setxattr(struct dentry *dentry,
		return 0;
		}

		#ifdef CONFIG_IMA_DIGEST_LIST
		static inline void ima_inode_post_setxattr(struct dentry *dentry,
		const char *xattr_name,
		const void *xattr_value,
		size_t xattr_value_len)
		{
		}
		#endif

		static inline int ima_inode_removexattr(struct dentry *dentry,
		const char *xattr_name)
		@@ -183,10 +189,12 @@ static inline int ima_inode_removexattr(struct dentry *dentry,
		return 0;
		}

		#ifdef CONFIG_IMA_DIGEST_LIST
		static inline void ima_inode_post_removexattr(struct dentry *dentry,
		const char *xattr_name)
		{
		}
		#endif
		#endif /* CONFIG_IMA_APPRAISE */

		#if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)

+2 −0

+4 −0

Original line number	Diff line number	Diff line
		@@ -9,7 +9,9 @@
		#include <linux/err.h>
		#include <linux/ratelimit.h>
		#include <linux/key-type.h>
		#ifdef CONFIG_IMA_DIGEST_LIST
		#include <linux/verification.h>
		#endif
		#include <crypto/public_key.h>
		#include <crypto/hash_info.h>
		#include <keys/asymmetric-type.h>
		@@ -55,6 +57,7 @@ static struct key request_asymmetric_key(struct key keyring, uint32_t keyid)
		key = request_key(&key_type_asymmetric, name, NULL);
		}

		#ifdef CONFIG_IMA_DIGEST_LIST
		if (IS_ERR(key)) {
		#ifdef CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
		keyring = VERIFY_USE_SECONDARY_KEYRING;
		@@ -63,6 +66,7 @@ static struct key request_asymmetric_key(struct key keyring, uint32_t keyid)
		#endif
		key = search_trusted_key(keyring, &key_type_asymmetric, name);
		}
		#endif

		if (IS_ERR(key)) {
		if (keyring)