evm: additional parameter to pass integrity cache entry 'iint' (2960e6cb) · Commits · EulixOS / Software / Kernel

include/linux/evm.h

+6 −2

Original line number	Diff line number	Diff line
		@@ -11,11 +11,14 @@
		#include <linux/integrity.h>
		#include <linux/xattr.h>

		struct integrity_iint_cache;

		#ifdef CONFIG_EVM
		extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
		const char *xattr_name,
		void *xattr_value,
		size_t xattr_value_len);
		size_t xattr_value_len,
		struct integrity_iint_cache *iint);
		extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid);
		extern int evm_inode_setxattr(struct dentry dentry, const char name,
		const void *value, size_t size);
		@@ -34,7 +37,8 @@ extern int evm_inode_init_security(struct inode *inode,
		static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
		const char *xattr_name,
		void *xattr_value,
		size_t xattr_value_len)
		size_t xattr_value_len,
		struct integrity_iint_cache *iint)
		{
		return INTEGRITY_UNKNOWN;
		}

+8 −10

Original line number	Diff line number	Diff line
		@@ -127,21 +127,19 @@ static int evm_protected_xattr(const char *req_xattr_name)
		*/
		enum integrity_status evm_verifyxattr(struct dentry *dentry,
		const char *xattr_name,
		void *xattr_value, size_t xattr_value_len)
		void *xattr_value, size_t xattr_value_len,
		struct integrity_iint_cache *iint)
		{
		struct inode *inode = dentry->d_inode;
		struct integrity_iint_cache *iint;
		enum integrity_status status;

		if (!evm_initialized \|\| !evm_protected_xattr(xattr_name))
		return INTEGRITY_UNKNOWN;

		iint = integrity_iint_find(inode);
		if (!iint) {
		iint = integrity_iint_find(dentry->d_inode);
		if (!iint)
		return INTEGRITY_UNKNOWN;
		status = evm_verify_hmac(dentry, xattr_name, xattr_value,
		}
		return evm_verify_hmac(dentry, xattr_name, xattr_value,
		xattr_value_len, iint);
		return status;
		}
		EXPORT_SYMBOL_GPL(evm_verifyxattr);