summaryrefslogtreecommitdiff
path: root/security/integrity/evm/evm_main.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/integrity/evm/evm_main.c')
-rw-r--r--security/integrity/evm/evm_main.c56
1 files changed, 46 insertions, 10 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 0196168aeb7d..ee4e17a790fb 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -34,24 +34,44 @@ static const char * const integrity_status_msg[] = {
int evm_hmac_attrs;
static struct xattr_list evm_config_default_xattrnames[] = {
+ {.name = XATTR_NAME_SELINUX,
#ifdef CONFIG_SECURITY_SELINUX
- {.name = XATTR_NAME_SELINUX},
+ .enabled = true
#endif
+ },
+ {.name = XATTR_NAME_SMACK,
#ifdef CONFIG_SECURITY_SMACK
- {.name = XATTR_NAME_SMACK},
+ .enabled = true
+#endif
+ },
+ {.name = XATTR_NAME_SMACKEXEC,
+#ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
+ .enabled = true
+#endif
+ },
+ {.name = XATTR_NAME_SMACKTRANSMUTE,
#ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
- {.name = XATTR_NAME_SMACKEXEC},
- {.name = XATTR_NAME_SMACKTRANSMUTE},
- {.name = XATTR_NAME_SMACKMMAP},
+ .enabled = true
#endif
+ },
+ {.name = XATTR_NAME_SMACKMMAP,
+#ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
+ .enabled = true
#endif
+ },
+ {.name = XATTR_NAME_APPARMOR,
#ifdef CONFIG_SECURITY_APPARMOR
- {.name = XATTR_NAME_APPARMOR},
+ .enabled = true
#endif
+ },
+ {.name = XATTR_NAME_IMA,
#ifdef CONFIG_IMA_APPRAISE
- {.name = XATTR_NAME_IMA},
+ .enabled = true
#endif
- {.name = XATTR_NAME_CAPS},
+ },
+ {.name = XATTR_NAME_CAPS,
+ .enabled = true
+ },
};
LIST_HEAD(evm_config_xattrnames);
@@ -76,7 +96,9 @@ static void __init evm_init_config(void)
pr_info("Initialising EVM extended attributes:\n");
for (i = 0; i < xattrs; i++) {
- pr_info("%s\n", evm_config_default_xattrnames[i].name);
+ pr_info("%s%s\n", evm_config_default_xattrnames[i].name,
+ !evm_config_default_xattrnames[i].enabled ?
+ " (disabled)" : "");
list_add_tail(&evm_config_default_xattrnames[i].list,
&evm_config_xattrnames);
}
@@ -257,7 +279,8 @@ out:
return evm_status;
}
-static int evm_protected_xattr(const char *req_xattr_name)
+static int evm_protected_xattr_common(const char *req_xattr_name,
+ bool all_xattrs)
{
int namelen;
int found = 0;
@@ -265,6 +288,9 @@ static int evm_protected_xattr(const char *req_xattr_name)
namelen = strlen(req_xattr_name);
list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
+ if (!all_xattrs && !xattr->enabled)
+ continue;
+
if ((strlen(xattr->name) == namelen)
&& (strncmp(req_xattr_name, xattr->name, namelen) == 0)) {
found = 1;
@@ -281,6 +307,16 @@ static int evm_protected_xattr(const char *req_xattr_name)
return found;
}
+static int evm_protected_xattr(const char *req_xattr_name)
+{
+ return evm_protected_xattr_common(req_xattr_name, false);
+}
+
+int evm_protected_xattr_if_enabled(const char *req_xattr_name)
+{
+ return evm_protected_xattr_common(req_xattr_name, true);
+}
+
/**
* evm_verifyxattr - verify the integrity of the requested xattr
* @dentry: object of the verify xattr
View Lorry Controller Status