review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Roberto Sassu <roberto.sassu@huawei.com>
	Sat, 10 Jun 2023 07:57:38 +0000 (09:57 +0200)
committer	Paul Moore <paul@paul-moore.com>
	Mon, 10 Jul 2023 17:59:39 +0000 (13:59 -0400)
commit	c31288e56c1a7bb57a1be1f9f6f3faacbeddeff6
tree	f4709a801a51b9b4f9d98b35b7c161c8433b1029	tree \| snapshot
parent	6db7d1dee8003921b353d7e613471fe8995f46b5	commit \| diff

evm: Support multiple LSMs providing an xattr

Currently, evm_inode_init_security() processes a single LSM xattr from the
array passed by security_inode_init_security(), and calculates the HMAC on
it and other inode metadata.

As the LSM infrastructure now can pass to EVM an array with multiple
xattrs, scan them until the terminator (xattr name NULL), and calculate the
HMAC on all of them.

Also, double check that the xattrs array terminator is the first non-filled
slot (obtained with lsm_get_xattr_slot()). Consumers of the xattrs array,
such as the initxattrs() callbacks, rely on the terminator.

Finally, change the name of the lsm_xattr parameter of evm_init_hmac() to
xattrs, to reflect the new type of information passed.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

security/integrity/evm/evm.h		diff \| blob \| history
security/integrity/evm/evm_crypto.c		diff \| blob \| history
security/integrity/evm/evm_main.c		diff \| blob \| history