On 11/7/2023 5:39 AM, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
>
> Change evm_inode_setxattr() definition, so that it can be registered as
> implementation of the inode_setxattr hook.
>
> Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
> Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
Reviewed-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> ---
> include/linux/evm.h | 4 ++--
> security/integrity/evm/evm_main.c | 3 ++-
> security/security.c | 2 +-
> 3 files changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/include/linux/evm.h b/include/linux/evm.h
> index cf976d8dbd7a..7c6a74dbc093 100644
> --- a/include/linux/evm.h
> +++ b/include/linux/evm.h
> @@ -27,7 +27,7 @@ extern void evm_inode_post_setattr(struct mnt_idmap *idmap,
> struct dentry *dentry, int ia_valid);
> extern int evm_inode_setxattr(struct mnt_idmap *idmap,
> struct dentry *dentry, const char *name,
> - const void *value, size_t size);
> + const void *value, size_t size, int flags);
> extern void evm_inode_post_setxattr(struct dentry *dentry,
> const char *xattr_name,
> const void *xattr_value,
> @@ -106,7 +106,7 @@ static inline void evm_inode_post_setattr(struct mnt_idmap *idmap,
>
> static inline int evm_inode_setxattr(struct mnt_idmap *idmap,
> struct dentry *dentry, const char *name,
> - const void *value, size_t size)
> + const void *value, size_t size, int flags)
> {
> return 0;
> }
> diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
> index d452d469c503..7fc083d53fdf 100644
> --- a/security/integrity/evm/evm_main.c
> +++ b/security/integrity/evm/evm_main.c
> @@ -558,6 +558,7 @@ static int evm_protect_xattr(struct mnt_idmap *idmap,
> * @xattr_name: pointer to the affected extended attribute name
> * @xattr_value: pointer to the new extended attribute value
> * @xattr_value_len: pointer to the new extended attribute value length
> + * @flags: flags to pass into filesystem operations
> *
> * Before allowing the 'security.evm' protected xattr to be updated,
> * verify the existing value is valid. As only the kernel should have
> @@ -567,7 +568,7 @@ static int evm_protect_xattr(struct mnt_idmap *idmap,
> */
> int evm_inode_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,
> const char *xattr_name, const void *xattr_value,
> - size_t xattr_value_len)
> + size_t xattr_value_len, int flags)
> {
> const struct evm_ima_xattr_data *xattr_data = xattr_value;
>
> diff --git a/security/security.c b/security/security.c
> index 358ec01a5492..ae3625198c9f 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -2272,7 +2272,7 @@ int security_inode_setxattr(struct mnt_idmap *idmap,
> ret = ima_inode_setxattr(idmap, dentry, name, value, size, flags);
> if (ret)
> return ret;
> - return evm_inode_setxattr(idmap, dentry, name, value, size);
> + return evm_inode_setxattr(idmap, dentry, name, value, size, flags);
> }
>
> /**
