security: imbed evm calls in security hooks

/*

 * evm.h

 *

 * Copyright (c) 2009 IBM Corporation

 * Author: Mimi Zohar <zohar@us.ibm.com>

 */

#ifndef _LINUX_EVM_H

#define _LINUX_EVM_H

#include <linux/integrity.h>

#ifdef CONFIG_EVM

extern enum integrity_status evm_verifyxattr(struct dentry *dentry,

					     const char *xattr_name,

					     void *xattr_value,

					     size_t xattr_value_len);

extern int evm_inode_setxattr(struct dentry *dentry, const char *name,

			      const void *value, size_t size);

extern void evm_inode_post_setxattr(struct dentry *dentry,

				    const char *xattr_name,

				    const void *xattr_value,

				    size_t xattr_value_len);

extern int evm_inode_removexattr(struct dentry *dentry, const char *xattr_name);

#else

#ifdef CONFIG_INTEGRITY

static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,

						    const char *xattr_name,

						    void *xattr_value,

						    size_t xattr_value_len)

{

	return INTEGRITY_UNKNOWN;

}

#endif

static inline int evm_inode_setxattr(struct dentry *dentry, const char *name,

				     const void *value, size_t size)

{

	return 0;

}

static inline void evm_inode_post_setxattr(struct dentry *dentry,

					   const char *xattr_name,

					   const void *xattr_value,

					   size_t xattr_value_len)

{

	return;

}

static inline int evm_inode_removexattr(struct dentry *dentry,

					const char *xattr_name)

{

	return 0;

}

#endif /* CONFIG_EVM_H */

#endif /* LINUX_EVM_H */

#include <linux/crypto.h>

#include <linux/xattr.h>

#include <linux/integrity.h>

#include <linux/evm.h>

#include "evm.h"

int evm_initialized;

#include <linux/security.h>

#include <linux/integrity.h>

#include <linux/ima.h>

#include <linux/evm.h>

#define MAX_LSM_XATTR	1

int security_inode_setxattr(struct dentry *dentry, const char *name,

			    const void *value, size_t size, int flags)

{

	int ret;

	if (unlikely(IS_PRIVATE(dentry->d_inode)))

		return 0;

	return security_ops->inode_setxattr(dentry, name, value, size, flags);

	ret = security_ops->inode_setxattr(dentry, name, value, size, flags);

	if (ret)

		return ret;

	return evm_inode_setxattr(dentry, name, value, size);

}

void security_inode_post_setxattr(struct dentry *dentry, const char *name,

	if (unlikely(IS_PRIVATE(dentry->d_inode)))

		return;

	security_ops->inode_post_setxattr(dentry, name, value, size, flags);

	evm_inode_post_setxattr(dentry, name, value, size);

}

int security_inode_getxattr(struct dentry *dentry, const char *name)

int security_inode_removexattr(struct dentry *dentry, const char *name)

{

	int ret;

	if (unlikely(IS_PRIVATE(dentry->d_inode)))

		return 0;

	return security_ops->inode_removexattr(dentry, name);

	ret = security_ops->inode_removexattr(dentry, name);

	if (ret)

		return ret;

	return evm_inode_removexattr(dentry, name);

}

int security_inode_need_killpriv(struct dentry *dentry)