mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-29 07:34:06 +08:00
6be5cc5246
EVM protects a file's security extended attributes(xattrs) against integrity attacks. The current patchset maintains an HMAC-sha1 value across the security xattrs, storing the value as the extended attribute 'security.evm'. We anticipate other methods for protecting the security extended attributes. This patch reserves the first byte of 'security.evm' as a place holder for the type of method. Changelog v6: - move evm_ima_xattr_type definition to security/integrity/integrity.h - defined a structure for the EVM xattr called evm_ima_xattr_data (based on Serge Hallyn's suggestion) - removed unnecessary memset Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
39 lines
877 B
C
39 lines
877 B
C
/*
|
|
* Copyright (C) 2009 IBM Corporation
|
|
* Author: Mimi Zohar <zohar@us.ibm.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, version 2 of the License.
|
|
*/
|
|
|
|
#ifndef _LINUX_INTEGRITY_H
|
|
#define _LINUX_INTEGRITY_H
|
|
|
|
#include <linux/fs.h>
|
|
|
|
enum integrity_status {
|
|
INTEGRITY_PASS = 0,
|
|
INTEGRITY_FAIL,
|
|
INTEGRITY_NOLABEL,
|
|
INTEGRITY_UNKNOWN,
|
|
};
|
|
|
|
/* List of EVM protected security xattrs */
|
|
#ifdef CONFIG_INTEGRITY
|
|
extern int integrity_inode_alloc(struct inode *inode);
|
|
extern void integrity_inode_free(struct inode *inode);
|
|
|
|
#else
|
|
static inline int integrity_inode_alloc(struct inode *inode)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline void integrity_inode_free(struct inode *inode)
|
|
{
|
|
return;
|
|
}
|
|
#endif /* CONFIG_INTEGRITY_H */
|
|
#endif /* _LINUX_INTEGRITY_H */
|