[RFC PATCH 2/4] evm: call evm_inode_init_security from security_inode_init_security

Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> · Fri, 17 Jun 2011 10:46:58 -0400

Option 1: security_inode_init_security returning xattr array

Changelog v7:
- moved the initialization call to security_inode_init_security,
  renaming evm_inode_post_init_security to evm_inode_init_security
- increase size of xattr array for EVM xattr

Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxx>
---
 fs/ext4/xattr_security.c |    2 +-
 include/linux/security.h |    2 +-
 security/security.c      |   15 ++++++++++-----
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/fs/ext4/xattr_security.c b/fs/ext4/xattr_security.c
index ccf3347..6b6a330 100644
--- a/fs/ext4/xattr_security.c
+++ b/fs/ext4/xattr_security.c
@@ -52,7 +52,7 @@ int
 ext4_init_security(handle_t *handle, struct inode *inode, struct inode *dir,
 		   const struct qstr *qstr)
 {
-	struct xattr new_xattrs[MAX_LSM_XATTR + 1];
+	struct xattr new_xattrs[MAX_LSM_EVM_XATTR + 1];
 	struct xattr *xattr_array = &new_xattrs[0], *xattr;
 	int err;
 
diff --git a/include/linux/security.h b/include/linux/security.h
index bf593c1..577fcf8 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -41,7 +41,7 @@
 
 /* Maximum number of letters for an LSM name string */
 #define SECURITY_NAME_MAX	10
-#define MAX_LSM_XATTR	1
+#define MAX_LSM_EVM_XATTR	2
 
 /* If capable should audit the security request */
 #define SECURITY_CAP_NOAUDIT 0
diff --git a/security/security.c b/security/security.c
index 2cfb7c9..f8f21c0 100644
--- a/security/security.c
+++ b/security/security.c
@@ -344,7 +344,8 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
 				 const struct qstr *qstr,
 				 struct xattr **xattr_array)
 {
-	struct xattr *lsm_xattr;
+	struct xattr *lsm_xattr, *evm_xattr;
+	int ret;
 
 	if (unlikely(IS_PRIVATE(inode)))
 		return -EOPNOTSUPP;
@@ -353,10 +354,14 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
 		return security_ops->inode_init_security(inode, dir, qstr,
 							 NULL, NULL, NULL);
 	lsm_xattr = *xattr_array;
-	return security_ops->inode_init_security(inode, dir, qstr,
-						 &lsm_xattr->name,
-						 &lsm_xattr->value,
-						 &lsm_xattr->value_len);
+	ret = security_ops->inode_init_security(inode, dir, qstr,
+						&lsm_xattr->name,
+						&lsm_xattr->value,
+						&lsm_xattr->value_len);
+	if (ret)
+		return ret;
+	evm_xattr = lsm_xattr + 1;
+	return evm_inode_init_security(inode, lsm_xattr, evm_xattr);
 }
 EXPORT_SYMBOL(security_inode_init_security);
 
-- 
1.7.3.4

--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





