18 #include <linux/xattr.h>
134 	struct xattr_list *xattr;
141 	list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
142 		error = __vfs_getxattr(dentry, inode, xattr->name, NULL, 0);
166  * evm_verify_hmac - calculate and compare the HMAC with the EVM xattr
169  * and compare it against the stored security.evm xattr.
172  * - use the previoulsy retrieved xattr value and length to calculate the
241 		/* accept xattr with non-empty signature field */
297 	struct xattr_list *xattr;
300 	list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
301 		if (!all_xattrs && !xattr->enabled)
304 		if ((strlen(xattr->name) == namelen)
305 		    && (strncmp(req_xattr_name, xattr->name, namelen) == 0)) {
310 			    xattr->name + XATTR_SECURITY_PREFIX_LEN,
331  * evm_read_protected_xattrs - read EVM protected xattr names, lengths, values
333  * @buffer: buffer xattr names, lengths or values are copied to
338  * Read protected xattr names (separated by |), lengths (u32) or values for a
347 	struct xattr_list *xattr;
350 	list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
352 				    xattr->name, NULL, 0);
360 			size = strlen(xattr->name) + 1;
365 				memcpy(buffer + total_size, xattr->name, size);
381 					d_backing_inode(dentry), xattr->name,
399  * evm_verifyxattr - verify the integrity of the requested xattr
400  * @dentry: object of the verify xattr
401  * @xattr_name: requested xattr
402  * @xattr_value: requested xattr value
403  * @xattr_value_len: requested xattr value length
406  * security.evm xattr. For performance, use the xattr value and length
409  * Returns the xattr integrity status.
446  * evm_xattr_change - check if passed xattr value differs from current value
449  * @xattr_name: requested xattr
450  * @xattr_value: requested xattr value
451  * @xattr_value_len: requested xattr value length
453  * Check if passed xattr value differs from current value.
455  * Returns 1 if passed xattr value differs from current value, 0 otherwise.
487  * The posix xattr acls are 'system' prefixed, which normally would not
488  * affect security.evm.  An interesting side affect of writing posix xattr
490  * For posix xattr acls only, permit security.evm, even if it currently
577  * Before allowing the 'security.evm' protected xattr to be updated,
664  * and 'security.evm' xattr updated, unless the existing 'security.evm' is
716  * and 'security.evm' xattr updated, unless the existing 'security.evm' is
804  * Update the 'security.evm' xattr with the EVM HMAC re-calculated after setting
814  * evm_inode_post_removexattr - update 'security.evm' after removing the xattr
818  * Update the HMAC stored in 'security.evm' to reflect removal of the xattr.
846  * Update the 'security.evm' xattr with the EVM HMAC re-calculated after
960 			    const struct qstr *qstr, struct xattr *xattrs,
964 	struct xattr *xattr, *evm_xattr;
976 	for (xattr = xattrs; xattr->name; xattr++) {
977 		if (evm_protected_xattr(xattr->name))
981 	/* EVM xattr not needed. */
987 	 * Array terminator (xattr name = NULL) must be the first non-filled
988 	 * xattr slot.
990 	WARN_ONCE(evm_xattr != xattr,

Indexes created Fri Apr 26 00:00:17 MDT 2024