diff options
| author | Roberto Sassu <roberto.sassu@huawei.com> | 2023-06-10 10:57:37 +0300 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2023-07-10 20:59:38 +0300 |
| commit | 6db7d1dee8003921b353d7e613471fe8995f46b5 (patch) | |
| tree | cd4c88e6eb047849624f2d3bc7839bd551f6e687 /security/security.c | |
| parent | baed456a6a2f6b8bec2913a6c6a72cc811252c6e (diff) | |
| download | linux-6db7d1dee8003921b353d7e613471fe8995f46b5.tar.xz | |
evm: Align evm_inode_init_security() definition with LSM infrastructure
Change the evm_inode_init_security() definition to align with the LSM
infrastructure. Keep the existing behavior of including in the HMAC
calculation only the first xattr provided by LSMs.
Changing the evm_inode_init_security() definition requires passing the
xattr array allocated by security_inode_init_security(), and the number of
xattrs filled by previously invoked LSMs.
Use the newly introduced lsm_get_xattr_slot() to position EVM correctly in
the xattrs array, like a regular LSM, and to increment the number of filled
slots. For now, the LSM infrastructure allocates enough xattrs slots to
store the EVM xattr, without using the reservation mechanism.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/security.c b/security/security.c index b3ba030c7546..cfdd0cbbcb91 100644 --- a/security/security.c +++ b/security/security.c @@ -1647,8 +1647,8 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, if (!xattr_count) goto out; - ret = evm_inode_init_security(inode, new_xattrs, - &new_xattrs[xattr_count]); + ret = evm_inode_init_security(inode, dir, qstr, new_xattrs, + &xattr_count); if (ret) goto out; ret = initxattrs(inode, new_xattrs, fs_data); |