Skip to content

Commit 5e2e4d0

Browse files
stefanbergermimizohar
stefanberger
authored and
mimizohar
committed
evm: Rename is_unsupported_fs to is_unsupported_hmac_fs
Rename is_unsupported_fs to is_unsupported_hmac_fs since now only HMAC is unsupported. Co-developed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
1 parent 1f65e57 commit 5e2e4d0

File tree

1 file changed

+10
-9
lines changed

1 file changed

+10
-9
lines changed

security/integrity/evm/evm_main.c

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,7 @@ static int evm_find_protected_xattrs(struct dentry *dentry)
151151
return count;
152152
}
153153

154-
static int is_unsupported_fs(struct dentry *dentry)
154+
static int is_unsupported_hmac_fs(struct dentry *dentry)
155155
{
156156
struct inode *inode = d_backing_inode(dentry);
157157

@@ -196,7 +196,8 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
196196
* On unsupported filesystems without EVM_INIT_X509 enabled, skip
197197
* signature verification.
198198
*/
199-
if (!(evm_initialized & EVM_INIT_X509) && is_unsupported_fs(dentry))
199+
if (!(evm_initialized & EVM_INIT_X509) &&
200+
is_unsupported_hmac_fs(dentry))
200201
return INTEGRITY_UNKNOWN;
201202

202203
/* if status is not PASS, try to check again - against -ENOMEM */
@@ -266,7 +267,7 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
266267
} else if (!IS_RDONLY(inode) &&
267268
!(inode->i_sb->s_readonly_remount) &&
268269
!IS_IMMUTABLE(inode) &&
269-
!is_unsupported_fs(dentry)) {
270+
!is_unsupported_hmac_fs(dentry)) {
270271
evm_update_evmxattr(dentry, xattr_name,
271272
xattr_value,
272273
xattr_value_len);
@@ -502,20 +503,20 @@ static int evm_protect_xattr(struct mnt_idmap *idmap,
502503
if (strcmp(xattr_name, XATTR_NAME_EVM) == 0) {
503504
if (!capable(CAP_SYS_ADMIN))
504505
return -EPERM;
505-
if (is_unsupported_fs(dentry))
506+
if (is_unsupported_hmac_fs(dentry))
506507
return -EPERM;
507508
} else if (!evm_protected_xattr(xattr_name)) {
508509
if (!posix_xattr_acl(xattr_name))
509510
return 0;
510-
if (is_unsupported_fs(dentry))
511+
if (is_unsupported_hmac_fs(dentry))
511512
return 0;
512513

513514
evm_status = evm_verify_current_integrity(dentry);
514515
if ((evm_status == INTEGRITY_PASS) ||
515516
(evm_status == INTEGRITY_NOXATTRS))
516517
return 0;
517518
goto out;
518-
} else if (is_unsupported_fs(dentry))
519+
} else if (is_unsupported_hmac_fs(dentry))
519520
return 0;
520521

521522
evm_status = evm_verify_current_integrity(dentry);
@@ -817,7 +818,7 @@ static void evm_inode_post_setxattr(struct dentry *dentry,
817818
if (!(evm_initialized & EVM_INIT_HMAC))
818819
return;
819820

820-
if (is_unsupported_fs(dentry))
821+
if (is_unsupported_hmac_fs(dentry))
821822
return;
822823

823824
evm_update_evmxattr(dentry, xattr_name, xattr_value, xattr_value_len);
@@ -916,7 +917,7 @@ static int evm_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
916917
if (evm_initialized & EVM_ALLOW_METADATA_WRITES)
917918
return 0;
918919

919-
if (is_unsupported_fs(dentry))
920+
if (is_unsupported_hmac_fs(dentry))
920921
return 0;
921922

922923
if (!(ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID)))
@@ -967,7 +968,7 @@ static void evm_inode_post_setattr(struct mnt_idmap *idmap,
967968
if (!(evm_initialized & EVM_INIT_HMAC))
968969
return;
969970

970-
if (is_unsupported_fs(dentry))
971+
if (is_unsupported_hmac_fs(dentry))
971972
return;
972973

973974
if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID))

0 commit comments

Comments
 (0)