diff options
| author | Roberto Sassu <roberto.sassu@huawei.com> | 2023-06-10 09:57:38 +0200 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2023-07-10 13:59:39 -0400 |
| commit | c31288e56c1a7bb57a1be1f9f6f3faacbeddeff6 (patch) | |
| tree | f4709a801a51b9b4f9d98b35b7c161c8433b1029 /include/linux/cred.h | |
| parent | 6db7d1dee8003921b353d7e613471fe8995f46b5 (diff) | |
evm: Support multiple LSMs providing an xattr
Currently, evm_inode_init_security() processes a single LSM xattr from the
array passed by security_inode_init_security(), and calculates the HMAC on
it and other inode metadata.
As the LSM infrastructure now can pass to EVM an array with multiple
xattrs, scan them until the terminator (xattr name NULL), and calculate the
HMAC on all of them.
Also, double check that the xattrs array terminator is the first non-filled
slot (obtained with lsm_get_xattr_slot()). Consumers of the xattrs array,
such as the initxattrs() callbacks, rely on the terminator.
Finally, change the name of the lsm_xattr parameter of evm_init_hmac() to
xattrs, to reflect the new type of information passed.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include/linux/cred.h')
0 files changed, 0 insertions, 0 deletions