review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Roberto Sassu <roberto.sassu@huawei.com>
	Fri, 14 May 2021 15:27:45 +0000 (17:27 +0200)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Fri, 21 May 2021 16:47:12 +0000 (12:47 -0400)
commit	e3ccfe1ad7d895487977ef64eda3441d16c9851a
tree	ac8af8a6855ea01c478a01d9e504a1ea44d9a5d9	tree \| snapshot
parent	9acc89d31f0c94c8e573ed61f3e4340bbd526d0c	commit \| diff

evm: Introduce evm_revalidate_status()

When EVM_ALLOW_METADATA_WRITES is set, EVM allows any operation on
metadata. Its main purpose is to allow users to freely set metadata when it
is protected by a portable signature, until an HMAC key is loaded.

However, callers of evm_verifyxattr() are not notified about metadata
changes and continue to rely on the last status returned by the function.
For example IMA, since it caches the appraisal result, will not call again
evm_verifyxattr() until the appraisal flags are cleared, and will grant
access to the file even if there was a metadata operation that made the
portable signature invalid.

This patch introduces evm_revalidate_status(), which callers of
evm_verifyxattr() can use in their xattr hooks to determine whether
re-validation is necessary and to do the proper actions. IMA calls it in
its xattr hooks to reset the appraisal flags, so that the EVM status is
re-evaluated after a metadata operation.

Lastly, this patch also adds a call to evm_reset_status() in
evm_inode_post_setattr() to invalidate the cached EVM status after a
setattr operation.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

include/linux/evm.h		diff \| blob \| history
security/integrity/evm/evm_main.c		diff \| blob \| history
security/integrity/ima/ima_appraise.c		diff \| blob \| history