xref: /linux/security/integrity/evm/evm_main.c

131 static int evm_find_protected_xattrs(struct dentry *dentry)  in evm_find_protected_xattrs()  argument
133 	struct inode *inode = d_backing_inode(dentry);  in evm_find_protected_xattrs()
142 		error = __vfs_getxattr(dentry, inode, xattr->name, NULL, 0);  in evm_find_protected_xattrs()
154 static int is_unsupported_hmac_fs(struct dentry *dentry)  in is_unsupported_hmac_fs()  argument
156 	struct inode *inode = d_backing_inode(dentry);  in is_unsupported_hmac_fs()
178 static enum integrity_status evm_verify_hmac(struct dentry *dentry,  in evm_verify_hmac()  argument
187 	struct inode *inode = d_backing_inode(dentry);  in evm_verify_hmac()
200 	    is_unsupported_hmac_fs(dentry))  in evm_verify_hmac()
206 	rc = vfs_getxattr_alloc(&nop_mnt_idmap, dentry, XATTR_NAME_EVM,  in evm_verify_hmac()
211 			rc = evm_find_protected_xattrs(dentry);  in evm_verify_hmac()
233 		rc = evm_calc_hmac(dentry, xattr_name, xattr_value,  in evm_verify_hmac()
254 		rc = evm_calc_hash(dentry, xattr_name, xattr_value,  in evm_verify_hmac()
270 				   !is_unsupported_hmac_fs(dentry)) {  in evm_verify_hmac()
271 				evm_update_evmxattr(dentry, xattr_name,  in evm_verify_hmac()
351 int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,  in evm_read_protected_xattrs()  argument
358 		rc = __vfs_getxattr(dentry, d_backing_inode(dentry),  in evm_read_protected_xattrs()
387 				rc = __vfs_getxattr(dentry,  in evm_read_protected_xattrs()
388 					d_backing_inode(dentry), xattr->name,  in evm_read_protected_xattrs()
421 enum integrity_status evm_verifyxattr(struct dentry *dentry,  in evm_verifyxattr()  argument
428 	return evm_verify_hmac(dentry, xattr_name, xattr_value,  in evm_verifyxattr()
440 static enum integrity_status evm_verify_current_integrity(struct dentry *dentry)  in evm_verify_current_integrity()  argument
442 	struct inode *inode = d_backing_inode(dentry);  in evm_verify_current_integrity()
446 	return evm_verify_hmac(dentry, NULL, NULL, 0);  in evm_verify_current_integrity()
462 			    struct dentry *dentry, const char *xattr_name,  in evm_xattr_change()  argument
468 	rc = vfs_getxattr_alloc(&nop_mnt_idmap, dentry, xattr_name, &xattr_data,  in evm_xattr_change()
498 			     struct dentry *dentry, const char *xattr_name,  in evm_protect_xattr()  argument
506 		if (is_unsupported_hmac_fs(dentry))  in evm_protect_xattr()
511 		if (is_unsupported_hmac_fs(dentry))  in evm_protect_xattr()
514 		evm_status = evm_verify_current_integrity(dentry);  in evm_protect_xattr()
519 	} else if (is_unsupported_hmac_fs(dentry))  in evm_protect_xattr()
522 	evm_status = evm_verify_current_integrity(dentry);  in evm_protect_xattr()
530 		iint = evm_iint_inode(d_backing_inode(dentry));  in evm_protect_xattr()
535 		if (dentry->d_sb->s_magic == TMPFS_MAGIC  in evm_protect_xattr()
536 		    || dentry->d_sb->s_magic == SYSFS_MAGIC)  in evm_protect_xattr()
540 				    dentry->d_inode, dentry->d_name.name,  in evm_protect_xattr()
559 	    !evm_xattr_change(idmap, dentry, xattr_name, xattr_value,  in evm_protect_xattr()
565 		integrity_audit_msg(AUDIT_INTEGRITY_METADATA, d_backing_inode(dentry),  in evm_protect_xattr()
566 				    dentry->d_name.name, "appraise_metadata",  in evm_protect_xattr()
587 static int evm_inode_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,  in evm_inode_setxattr()  argument
606 	return evm_protect_xattr(idmap, dentry, xattr_name, xattr_value,  in evm_inode_setxattr()
619 static int evm_inode_removexattr(struct mnt_idmap *idmap, struct dentry *dentry,  in evm_inode_removexattr()  argument
628 	return evm_protect_xattr(idmap, dentry, xattr_name, NULL, 0);  in evm_inode_removexattr()
633 				    struct dentry *dentry, const char *name,  in evm_inode_set_acl_change()  argument
639 	struct inode *inode = d_backing_inode(dentry);  in evm_inode_set_acl_change()
652 					   struct dentry *dentry,  in evm_inode_set_acl_change()  argument
673 static int evm_inode_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,  in evm_inode_set_acl()  argument
684 	evm_status = evm_verify_current_integrity(dentry);  in evm_inode_set_acl()
702 	    !evm_inode_set_acl_change(idmap, dentry, acl_name, kacl))  in evm_inode_set_acl()
706 		integrity_audit_msg(AUDIT_INTEGRITY_METADATA, d_backing_inode(dentry),  in evm_inode_set_acl()
707 				    dentry->d_name.name, "appraise_metadata",  in evm_inode_set_acl()
725 static int evm_inode_remove_acl(struct mnt_idmap *idmap, struct dentry *dentry,  in evm_inode_remove_acl()  argument
728 	return evm_inode_set_acl(idmap, dentry, acl_name, NULL);  in evm_inode_remove_acl()
804 static void evm_inode_post_setxattr(struct dentry *dentry,  in evm_inode_post_setxattr()  argument
813 	evm_reset_status(dentry->d_inode);  in evm_inode_post_setxattr()
821 	if (is_unsupported_hmac_fs(dentry))  in evm_inode_post_setxattr()
824 	evm_update_evmxattr(dentry, xattr_name, xattr_value, xattr_value_len);  in evm_inode_post_setxattr()
836 static void evm_inode_post_set_acl(struct dentry *dentry, const char *acl_name,  in evm_inode_post_set_acl()  argument
839 	return evm_inode_post_setxattr(dentry, acl_name, NULL, 0, 0);  in evm_inode_post_set_acl()
852 static void evm_inode_post_removexattr(struct dentry *dentry,  in evm_inode_post_removexattr()  argument
858 	evm_reset_status(dentry->d_inode);  in evm_inode_post_removexattr()
866 	evm_update_evmxattr(dentry, xattr_name, NULL, 0);  in evm_inode_post_removexattr()
879 					     struct dentry *dentry,  in evm_inode_post_remove_acl()  argument
882 	evm_inode_post_removexattr(dentry, acl_name);  in evm_inode_post_remove_acl()
886 			   struct dentry *dentry, struct iattr *attr)  in evm_attr_change()  argument
888 	struct inode *inode = d_backing_inode(dentry);  in evm_attr_change()
908 static int evm_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,  in evm_inode_setattr()  argument
920 	if (is_unsupported_hmac_fs(dentry))  in evm_inode_setattr()
926 	evm_status = evm_verify_current_integrity(dentry);  in evm_inode_setattr()
939 	    !evm_attr_change(idmap, dentry, attr))  in evm_inode_setattr()
942 	integrity_audit_msg(AUDIT_INTEGRITY_METADATA, d_backing_inode(dentry),  in evm_inode_setattr()
943 			    dentry->d_name.name, "appraise_metadata",  in evm_inode_setattr()
961 				   struct dentry *dentry, int ia_valid)  in evm_inode_post_setattr()  argument
966 	evm_reset_status(dentry->d_inode);  in evm_inode_post_setattr()
971 	if (is_unsupported_hmac_fs(dentry))  in evm_inode_post_setattr()
975 		evm_update_evmxattr(dentry, NULL, NULL, 0);  in evm_inode_post_setattr()
978 static int evm_inode_copy_up_xattr(struct dentry *src, const char *name)  in evm_inode_copy_up_xattr()
1092 static void evm_post_path_mknod(struct mnt_idmap *idmap, struct dentry *dentry)  in evm_post_path_mknod()  argument
1094 	struct inode *inode = d_backing_inode(dentry);  in evm_post_path_mknod()

Last Index update Fri Aug 22 08:59:00 CST 2025