Loading include/linux/evm.h +8 −0 Original line number Diff line number Diff line Loading @@ -33,6 +33,14 @@ extern void evm_inode_post_removexattr(struct dentry *dentry, extern int evm_inode_init_security(struct inode *inode, const struct xattr *xattr_array, struct xattr *evm); #ifdef CONFIG_FS_POSIX_ACL extern int posix_xattr_acl(const char *xattrname); #else static inline int posix_xattr_acl(const char *xattrname) { return 0; } #endif #else #ifdef CONFIG_INTEGRITY static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, Loading include/linux/integrity.h +1 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ enum integrity_status { INTEGRITY_PASS = 0, INTEGRITY_FAIL, INTEGRITY_NOLABEL, INTEGRITY_NOXATTRS, INTEGRITY_UNKNOWN, }; Loading include/linux/xattr.h +5 −0 Original line number Diff line number Diff line Loading @@ -52,6 +52,11 @@ #define XATTR_CAPS_SUFFIX "capability" #define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX #define XATTR_POSIX_ACL_ACCESS "posix_acl_access" #define XATTR_NAME_POSIX_ACL_ACCESS XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_ACCESS #define XATTR_POSIX_ACL_DEFAULT "posix_acl_default" #define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT #ifdef __KERNEL__ #include <linux/types.h> Loading security/Kconfig +3 −1 Original line number Diff line number Diff line Loading @@ -38,7 +38,9 @@ config TRUSTED_KEYS config ENCRYPTED_KEYS tristate "ENCRYPTED KEYS" depends on KEYS && TRUSTED_KEYS depends on KEYS select CRYPTO select CRYPTO_HMAC select CRYPTO_AES select CRYPTO_CBC select CRYPTO_SHA256 Loading security/integrity/evm/Kconfig +1 −2 Original line number Diff line number Diff line config EVM boolean "EVM support" depends on SECURITY && KEYS && TCG_TPM depends on SECURITY && KEYS && (TRUSTED_KEYS=y || TRUSTED_KEYS=n) select CRYPTO_HMAC select CRYPTO_MD5 select CRYPTO_SHA1 select ENCRYPTED_KEYS select TRUSTED_KEYS default n help EVM protects a file's security extended attributes against Loading Loading
include/linux/evm.h +8 −0 Original line number Diff line number Diff line Loading @@ -33,6 +33,14 @@ extern void evm_inode_post_removexattr(struct dentry *dentry, extern int evm_inode_init_security(struct inode *inode, const struct xattr *xattr_array, struct xattr *evm); #ifdef CONFIG_FS_POSIX_ACL extern int posix_xattr_acl(const char *xattrname); #else static inline int posix_xattr_acl(const char *xattrname) { return 0; } #endif #else #ifdef CONFIG_INTEGRITY static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, Loading
include/linux/integrity.h +1 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ enum integrity_status { INTEGRITY_PASS = 0, INTEGRITY_FAIL, INTEGRITY_NOLABEL, INTEGRITY_NOXATTRS, INTEGRITY_UNKNOWN, }; Loading
include/linux/xattr.h +5 −0 Original line number Diff line number Diff line Loading @@ -52,6 +52,11 @@ #define XATTR_CAPS_SUFFIX "capability" #define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX #define XATTR_POSIX_ACL_ACCESS "posix_acl_access" #define XATTR_NAME_POSIX_ACL_ACCESS XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_ACCESS #define XATTR_POSIX_ACL_DEFAULT "posix_acl_default" #define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT #ifdef __KERNEL__ #include <linux/types.h> Loading
security/Kconfig +3 −1 Original line number Diff line number Diff line Loading @@ -38,7 +38,9 @@ config TRUSTED_KEYS config ENCRYPTED_KEYS tristate "ENCRYPTED KEYS" depends on KEYS && TRUSTED_KEYS depends on KEYS select CRYPTO select CRYPTO_HMAC select CRYPTO_AES select CRYPTO_CBC select CRYPTO_SHA256 Loading
security/integrity/evm/Kconfig +1 −2 Original line number Diff line number Diff line config EVM boolean "EVM support" depends on SECURITY && KEYS && TCG_TPM depends on SECURITY && KEYS && (TRUSTED_KEYS=y || TRUSTED_KEYS=n) select CRYPTO_HMAC select CRYPTO_MD5 select CRYPTO_SHA1 select ENCRYPTED_KEYS select TRUSTED_KEYS default n help EVM protects a file's security extended attributes against Loading
