]> www.infradead.org Git - users/hch/block.git/commitdiff
ima: Align ima_inode_post_setattr() definition with LSM infrastructure
authorRoberto Sassu <roberto.sassu@huawei.com>
Thu, 15 Feb 2024 10:30:49 +0000 (11:30 +0100)
committerPaul Moore <paul@paul-moore.com>
Fri, 16 Feb 2024 04:43:38 +0000 (23:43 -0500)
Change ima_inode_post_setattr() definition, so that it can be registered as
implementation of the inode_post_setattr hook (to be introduced).

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
fs/attr.c
include/linux/ima.h
security/integrity/ima/ima_appraise.c

index 5a13f0c8495fde67df096d4501d32c47e86f056e..b53ae408ad4f5e501018e61c8156d7484c4d204b 100644 (file)
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -502,7 +502,7 @@ int notify_change(struct mnt_idmap *idmap, struct dentry *dentry,
 
        if (!error) {
                fsnotify_change(dentry, ia_valid);
-               ima_inode_post_setattr(idmap, dentry);
+               ima_inode_post_setattr(idmap, dentry, ia_valid);
                evm_inode_post_setattr(dentry, ia_valid);
        }
 
index 86b57757c7b1004abc4d122e0fd555d739678fad..910a2f11a906180063f131cffd2f2bd88bf6299b 100644 (file)
@@ -186,7 +186,7 @@ static inline void ima_post_key_create_or_update(struct key *keyring,
 #ifdef CONFIG_IMA_APPRAISE
 extern bool is_ima_appraise_enabled(void);
 extern void ima_inode_post_setattr(struct mnt_idmap *idmap,
-                                  struct dentry *dentry);
+                                  struct dentry *dentry, int ia_valid);
 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
                       const void *xattr_value, size_t xattr_value_len);
 extern int ima_inode_set_acl(struct mnt_idmap *idmap,
@@ -206,7 +206,7 @@ static inline bool is_ima_appraise_enabled(void)
 }
 
 static inline void ima_inode_post_setattr(struct mnt_idmap *idmap,
-                                         struct dentry *dentry)
+                                         struct dentry *dentry, int ia_valid)
 {
        return;
 }
index 870dde67707b1f914536d401334d173e8c29db7e..36c2938a5c6935bd437160e9969dfffe4d688b2f 100644 (file)
@@ -629,6 +629,7 @@ void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file)
  * ima_inode_post_setattr - reflect file metadata changes
  * @idmap:  idmap of the mount the inode was found from
  * @dentry: pointer to the affected dentry
+ * @ia_valid: for the UID and GID status
  *
  * Changes to a dentry's metadata might result in needing to appraise.
  *
@@ -636,7 +637,7 @@ void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file)
  * to lock the inode's i_mutex.
  */
 void ima_inode_post_setattr(struct mnt_idmap *idmap,
-                           struct dentry *dentry)
+                           struct dentry *dentry, int ia_valid)
 {
        struct inode *inode = d_backing_inode(dentry);
        struct integrity_iint_cache *iint;