On Fri, 2023-03-31 at 14:32 +0200, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > > Currently, evm_inode_init_security() processes a single LSM xattr from the > array passed by security_inode_init_security(), and calculates the HMAC on > it and other inode metadata. > > As the LSM infrastructure now can pass to EVM an array with multiple > xattrs, scan them until the terminator (xattr name NULL), and calculate the > HMAC on all of them. > > Also, double check that the xattrs array terminator is the first non-filled > slot (obtained with lsm_get_xattr_slot()). Consumers of the xattrs array, > such as the initxattrs() callbacks, rely on the terminator. > > Finally, change the name of the lsm_xattr parameter of evm_init_hmac() to > xattrs, to reflect the new type of information passed. > > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>