[PATCH 2/2] fs: extend the trusted_for syscall to call IMA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Extend the trusted_for syscall to call the newly defined
ima_trusted_for hook.

Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---
 fs/open.c           | 3 +++
 include/linux/ima.h | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/fs/open.c b/fs/open.c
index c79c138a638c..4d54e2a727e1 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -585,6 +585,9 @@ SYSCALL_DEFINE3(trusted_for, const int, fd, const enum trusted_for_usage, usage,
 	err = inode_permission(file_mnt_user_ns(f.file), inode,
 			mask | MAY_ACCESS);
 
+	if (!err)
+		err = ima_trusted_for(f.file, usage);
+
 out_fd:
 	fdput(f);
 	return err;
diff --git a/include/linux/ima.h b/include/linux/ima.h
index b6ab66a546ae..603df9932817 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -12,12 +12,15 @@
 #include <linux/security.h>
 #include <linux/kexec.h>
 #include <crypto/hash_info.h>
+#include <uapi/linux/trusted-for.h>
 struct linux_binprm;
 
 #ifdef CONFIG_IMA
 extern enum hash_algo ima_get_current_hash_algo(void);
 extern int ima_bprm_check(struct linux_binprm *bprm);
 extern int ima_file_check(struct file *file, int mask);
+extern int ima_trusted_for(struct file *file,
+			   const enum trusted_for_usage usage);
 extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
 				    struct inode *inode);
 extern void ima_file_free(struct file *file);
@@ -81,6 +84,12 @@ static inline int ima_file_check(struct file *file, int mask)
 	return 0;
 }
 
+static inline int ima_trusted_for(struct file *file,
+				  const enum trusted_for_usage usage)
+{
+	return 0;
+}
+
 static inline void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
 					   struct inode *inode)
 {
-- 
2.27.0




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux