Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c7b87de2 authored by Mimi Zohar's avatar Mimi Zohar
Browse files

evm: evm_inode_post_removexattr 



When an EVM protected extended attribute is removed, update 'security.evm'.

Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
Acked-by: default avatarSerge Hallyn <serge.hallyn@ubuntu.com>
parent 3e1be52d

fs/xattr.c

+4 −1
Original line number Diff line number Diff line
@@ -14,6 +14,7 @@ 
#include <linux/mount.h>

#include <linux/namei.h>

#include <linux/security.h>

#include <linux/evm.h>

#include <linux/syscalls.h>

#include <linux/module.h>

#include <linux/fsnotify.h>
@@ -301,8 +302,10 @@ vfs_removexattr(struct dentry *dentry, const char *name) 
	error = inode->i_op->removexattr(dentry, name);

	mutex_unlock(&inode->i_mutex);



	if (!error)

	if (!error) {

		fsnotify_xattr(dentry);

		evm_inode_post_removexattr(dentry, name);

	}

	return error;

}

EXPORT_SYMBOL_GPL(vfs_removexattr);

include/linux/evm.h

+9 −0
Original line number Diff line number Diff line
@@ -22,6 +22,8 @@ extern void evm_inode_post_setxattr(struct dentry *dentry, 
				    const void *xattr_value,

				    size_t xattr_value_len);

extern int evm_inode_removexattr(struct dentry *dentry, const char *xattr_name);

extern void evm_inode_post_removexattr(struct dentry *dentry,

				       const char *xattr_name);

#else

#ifdef CONFIG_INTEGRITY

static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
@@ -52,5 +54,12 @@ static inline int evm_inode_removexattr(struct dentry *dentry, 
{

	return 0;

}



static inline void evm_inode_post_removexattr(struct dentry *dentry,

					      const char *xattr_name)

{

	return;

}



#endif /* CONFIG_EVM_H */

#endif /* LINUX_EVM_H */