|
Linux Kernel
3.7.1
|
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
|
Linux Kernel
3.7.1
|
#include <linux/module.h>#include <linux/crypto.h>#include <linux/xattr.h>#include <linux/integrity.h>#include <linux/evm.h>#include <crypto/hash.h>#include "evm.h"Go to the source code of this file.
Variables | |
| int | evm_initialized |
| char * | evm_hmac = "hmac(sha1)" |
| char * | evm_hash = "sha1" |
| char * | evm_config_xattrnames [] |
| __setup | ( | ) |
| int evm_inode_init_security | ( | struct inode * | inode, |
| const struct xattr * | lsm_xattr, | ||
| struct xattr * | evm_xattr | ||
| ) |
Definition at line 386 of file evm_main.c.
evm_inode_post_setattr - update 'security.evm' after modifying metadata : pointer to the affected dentry : for the UID and GID status
For now, update the HMAC stored in 'security.evm' to reflect UID/GID changes.
This function is called from notify_change(), which expects the caller to lock the inode's i_mutex.
Definition at line 373 of file evm_main.c.
| void evm_inode_post_setxattr | ( | struct dentry * | dentry, |
| const char * | xattr_name, | ||
| const void * | xattr_value, | ||
| size_t | xattr_value_len | ||
| ) |
evm_inode_post_setxattr - update 'security.evm' to reflect the changes : pointer to the affected dentry : pointer to the affected extended attribute name : pointer to the new extended attribute value : pointer to the new extended attribute value length
Update the HMAC stored in 'security.evm' to reflect the change.
No need to take the i_mutex lock here, as this function is called from __vfs_setxattr_noperm(). The caller of which has taken the inode's i_mutex lock.
Definition at line 313 of file evm_main.c.
evm_inode_setattr - prevent updating an invalid EVM extended attribute : pointer to the affected dentry
Definition at line 348 of file evm_main.c.
| int evm_inode_setxattr | ( | struct dentry * | dentry, |
| const char * | xattr_name, | ||
| const void * | xattr_value, | ||
| size_t | xattr_value_len | ||
| ) |
evm_inode_setxattr - protect the EVM extended attribute : pointer to the affected dentry : pointer to the affected extended attribute name : pointer to the new extended attribute value : pointer to the new extended attribute value length
Updating 'security.evm' requires CAP_SYS_ADMIN privileges and that the current value is valid.
Definition at line 280 of file evm_main.c.
| enum integrity_status evm_verifyxattr | ( | struct dentry * | dentry, |
| const char * | xattr_name, | ||
| void * | xattr_value, | ||
| size_t | xattr_value_len, | ||
| struct integrity_iint_cache * | iint | ||
| ) |
evm_verifyxattr - verify the integrity of the requested xattr : object of the verify xattr : requested xattr : requested xattr value : requested xattr value length
Calculate the HMAC for the given dentry and verify it against the stored security.evm xattr. For performance, use the xattr value and length previously retrieved to calculate the HMAC.
Returns the xattr integrity status.
This function requires the caller to lock the inode's i_mutex before it is executed.
Definition at line 203 of file evm_main.c.
| EXPORT_SYMBOL_GPL | ( | evm_verifyxattr | ) |
| EXPORT_SYMBOL_GPL | ( | evm_inode_init_security | ) |
| late_initcall | ( | init_evm | ) |
| MODULE_DESCRIPTION | ( | "Extended Verification Module" | ) |
| MODULE_LICENSE | ( | "GPL" | ) |
| pure_initcall | ( | evm_display_config | ) |
| char* evm_config_xattrnames[] |
Definition at line 30 of file evm_main.c.
| char* evm_hash = "sha1" |
Definition at line 28 of file evm_main.c.
| char* evm_hmac = "hmac(sha1)" |
Definition at line 27 of file evm_main.c.
| int evm_initialized |
Definition at line 25 of file evm_main.c.
1.8.2