From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: linux-security-module@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
James Morris <jmorris@namei.org>,
David Safford <safford@watson.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Greg KH <greg@kroah.com>,
Dmitry Kasatkin <dmitry.s.kasatkin@gmail.com>,
Chris Mason <chris.mason@oracle.com>,
linux-btrfs@vger.kernel.org, Mimi Zohar <zohar@us.ibm.com>
Subject: [PATCH v6 11/20] evm: add evm_inode_post_init call in btrfs
Date: Thu, 2 Jun 2011 08:23:34 -0400 [thread overview]
Message-ID: <1307017423-15093-12-git-send-email-zohar@linux.vnet.ibm.com> (raw)
In-Reply-To: <1307017423-15093-1-git-send-email-zohar@linux.vnet.ibm.com>
After creating the initial LSM security extended attribute, call
evm_inode_post_init_security() to create the 'security.evm'
extended attribute.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
---
fs/btrfs/xattr.c | 39 +++++++++++++++++++++++++++++----------
1 files changed, 29 insertions(+), 10 deletions(-)
diff --git a/fs/btrfs/xattr.c b/fs/btrfs/xattr.c
index f3107e4..8e9afcb2 100644
--- a/fs/btrfs/xattr.c
+++ b/fs/btrfs/xattr.c
@@ -22,6 +22,7 @@
#include <linux/rwsem.h>
#include <linux/xattr.h>
#include <linux/security.h>
+#include <linux/evm.h>
#include "ctree.h"
#include "btrfs_inode.h"
#include "transaction.h"
@@ -367,31 +368,49 @@ int btrfs_xattr_security_init(struct btrfs_trans_handle *trans,
const struct qstr *qstr)
{
int err;
- size_t len;
- void *value;
- char *suffix;
+ struct xattr lsm_xattr;
+ struct xattr evm_xattr;
char *name;
- err = security_inode_init_security(inode, dir, qstr, &suffix, &value,
- &len);
+ err = security_inode_init_security(inode, dir, qstr, &lsm_xattr.name,
+ &lsm_xattr.value,
+ &lsm_xattr.value_len);
if (err) {
if (err == -EOPNOTSUPP)
return 0;
return err;
}
- name = kmalloc(XATTR_SECURITY_PREFIX_LEN + strlen(suffix) + 1,
+ name = kmalloc(XATTR_SECURITY_PREFIX_LEN + strlen(lsm_xattr.name) + 1,
GFP_NOFS);
if (!name) {
err = -ENOMEM;
} else {
strcpy(name, XATTR_SECURITY_PREFIX);
- strcpy(name + XATTR_SECURITY_PREFIX_LEN, suffix);
- err = __btrfs_setxattr(trans, inode, name, value, len, 0);
+ strcpy(name + XATTR_SECURITY_PREFIX_LEN, lsm_xattr.name);
+ err = __btrfs_setxattr(trans, inode, name, lsm_xattr.value,
+ lsm_xattr.value_len, 0);
kfree(name);
}
+ if (err)
+ goto out;
+
+ err = evm_inode_post_init_security(inode, &lsm_xattr, &evm_xattr);
+ if (err)
+ goto out;
- kfree(suffix);
- kfree(value);
+ name = kasprintf(GFP_NOFS, "%s%s", XATTR_SECURITY_PREFIX,
+ evm_xattr.name);
+ if (!name)
+ err = -ENOMEM;
+ else {
+ err = __btrfs_setxattr(trans, inode, name, evm_xattr.value,
+ evm_xattr.value_len, 0);
+ kfree(name);
+ }
+ kfree(evm_xattr.value);
+out:
+ kfree(lsm_xattr.name);
+ kfree(lsm_xattr.value);
return err;
}
--
1.7.3.4
next prev parent reply other threads:[~2011-06-02 12:23 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-02 12:23 [PATCH v6 00/20] EVM Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 01/20] integrity: move ima inode integrity data management Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 02/20] xattr: define vfs_getxattr_alloc and vfs_xattr_cmp Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 03/20] evm: re-release Mimi Zohar
2011-06-02 22:38 ` Serge E. Hallyn
2011-06-02 12:23 ` [PATCH v6 04/20] evm: add support for different security.evm data types Mimi Zohar
2011-06-02 22:50 ` Serge E. Hallyn
2011-06-03 12:31 ` Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 05/20] security: imbed evm calls in security hooks Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 06/20] evm: evm_inode_post_removexattr Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 07/20] evm: imbed evm_inode_post_setattr Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 08/20] evm: evm_inode_post_init Mimi Zohar
2011-06-03 2:21 ` Dave Chinner
2011-06-03 5:06 ` Mimi Zohar
2011-06-04 23:50 ` Dave Chinner
2011-06-05 2:46 ` Mimi Zohar
2011-06-07 15:56 ` Casey Schaufler
2011-06-02 12:23 ` [PATCH v6 09/20] fs: add evm_inode_post_init calls Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 10/20] evm: crypto hash replaced by shash Mimi Zohar
2011-06-02 12:23 ` Mimi Zohar [this message]
2011-06-02 12:23 ` [PATCH v6 12/20] evm: add evm_inode_post_init call in gfs2 Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 13/20] evm: add evm_inode_post_init call in jffs2 Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 14/20] evm: add evm_inode_post_init call in jfs Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 15/20] evm: add evm_inode_post_init call in xfs Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 16/20] evm: additional parameter to pass integrity cache entry 'iint' Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 17/20] evm: evm_verify_hmac must not return INTEGRITY_UNKNOWN Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 18/20] evm: replace hmac_status with evm_status Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 19/20] evm: permit only valid security.evm xattrs to be updated Mimi Zohar
2011-06-02 12:23 ` [PATCH v6 20/20] evm: add evm_inode_setattr to prevent updating an invalid security.evm Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1307017423-15093-12-git-send-email-zohar@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=chris.mason@oracle.com \
--cc=dmitry.s.kasatkin@gmail.com \
--cc=greg@kroah.com \
--cc=jmorris@namei.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=safford@watson.ibm.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).