16
16
#include <linux/init.h>
17
17
#include <linux/kernel.h>
18
18
#include <linux/security.h>
19
#include <linux/integrity.h>
19
20
#include <linux/ima.h>
21
#include <linux/evm.h>
23
#define MAX_LSM_EVM_XATTR 2
21
25
/* Boot-time LSM user choice */
22
26
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
353
357
void security_inode_free(struct inode *inode)
355
ima_inode_free(inode);
359
integrity_inode_free(inode);
356
360
security_ops->inode_free_security(inode);
359
363
int security_inode_init_security(struct inode *inode, struct inode *dir,
360
const struct qstr *qstr, char **name,
361
void **value, size_t *len)
363
if (unlikely(IS_PRIVATE(inode)))
364
const struct qstr *qstr,
365
const initxattrs initxattrs, void *fs_data)
367
struct xattr new_xattrs[MAX_LSM_EVM_XATTR + 1];
368
struct xattr *lsm_xattr, *evm_xattr, *xattr;
371
if (unlikely(IS_PRIVATE(inode)))
374
memset(new_xattrs, 0, sizeof new_xattrs);
376
return security_ops->inode_init_security(inode, dir, qstr,
378
lsm_xattr = new_xattrs;
379
ret = security_ops->inode_init_security(inode, dir, qstr,
382
&lsm_xattr->value_len);
386
evm_xattr = lsm_xattr + 1;
387
ret = evm_inode_init_security(inode, lsm_xattr, evm_xattr);
390
ret = initxattrs(inode, new_xattrs, fs_data);
392
for (xattr = new_xattrs; xattr->name != NULL; xattr++) {
396
return (ret == -EOPNOTSUPP) ? 0 : ret;
398
EXPORT_SYMBOL(security_inode_init_security);
400
int security_old_inode_init_security(struct inode *inode, struct inode *dir,
401
const struct qstr *qstr, char **name,
402
void **value, size_t *len)
404
if (unlikely(IS_PRIVATE(inode)))
365
406
return security_ops->inode_init_security(inode, dir, qstr, name, value,
368
EXPORT_SYMBOL(security_inode_init_security);
409
EXPORT_SYMBOL(security_old_inode_init_security);
370
411
#ifdef CONFIG_SECURITY_PATH
371
412
int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
554
595
if (unlikely(IS_PRIVATE(inode)))
556
return security_ops->inode_permission(inode, mask, 0);
597
return security_ops->inode_permission(inode, mask);
558
599
EXPORT_SYMBOL(security_inode_permission);
560
int security_inode_exec_permission(struct inode *inode, unsigned int flags)
562
if (unlikely(IS_PRIVATE(inode)))
564
return security_ops->inode_permission(inode, MAY_EXEC, flags);
567
601
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
569
605
if (unlikely(IS_PRIVATE(dentry->d_inode)))
571
return security_ops->inode_setattr(dentry, attr);
607
ret = security_ops->inode_setattr(dentry, attr);
610
return evm_inode_setattr(dentry, attr);
573
612
EXPORT_SYMBOL_GPL(security_inode_setattr);
582
621
int security_inode_setxattr(struct dentry *dentry, const char *name,
583
622
const void *value, size_t size, int flags)
585
626
if (unlikely(IS_PRIVATE(dentry->d_inode)))
587
return security_ops->inode_setxattr(dentry, name, value, size, flags);
628
ret = security_ops->inode_setxattr(dentry, name, value, size, flags);
631
return evm_inode_setxattr(dentry, name, value, size);
590
634
void security_inode_post_setxattr(struct dentry *dentry, const char *name,
593
637
if (unlikely(IS_PRIVATE(dentry->d_inode)))
595
639
security_ops->inode_post_setxattr(dentry, name, value, size, flags);
640
evm_inode_post_setxattr(dentry, name, value, size);
598
643
int security_inode_getxattr(struct dentry *dentry, const char *name)
612
657
int security_inode_removexattr(struct dentry *dentry, const char *name)
614
661
if (unlikely(IS_PRIVATE(dentry->d_inode)))
616
return security_ops->inode_removexattr(dentry, name);
663
ret = security_ops->inode_removexattr(dentry, name);
666
return evm_inode_removexattr(dentry, name);
619
669
int security_inode_need_killpriv(struct dentry *dentry)