summaryrefslogtreecommitdiffstats
path: root/security/integrity/evm/evm_crypto.c
diff options
context:
space:
mode:
authorDmitry Kasatkin <d.kasatkin@samsung.com>2014-03-28 13:31:04 +0100
committerMimi Zohar <zohar@linux.vnet.ibm.com>2014-06-12 23:58:06 +0200
commitd3b33679481d52ef02311119d4342a9a1f3d84db (patch)
tree5e23d255b52239a4d478dc8b56e49871a4b732c4 /security/integrity/evm/evm_crypto.c
parentima: prevent new digsig xattr from being replaced (diff)
downloadlinux-d3b33679481d52ef02311119d4342a9a1f3d84db.tar.xz
linux-d3b33679481d52ef02311119d4342a9a1f3d84db.zip
evm: replace HMAC version with attribute mask
Using HMAC version limits the posibility to arbitrarily add new attributes such as SMACK64EXEC to the hmac calculation. This patch replaces hmac version with attribute mask. Desired attributes can be enabled with configuration parameter. It allows to build kernels which works with previously labeled filesystems. Currently supported attribute is 'fsuuid' which is equivalent of the former version 2. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/evm/evm_crypto.c')
-rw-r--r--security/integrity/evm/evm_crypto.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 6b540f1822e0..5e9687f02e1b 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -112,7 +112,7 @@ static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid);
hmac_misc.mode = inode->i_mode;
crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc));
- if (evm_hmac_version > 1)
+ if (evm_hmac_attrs & EVM_ATTR_FSUUID)
crypto_shash_update(desc, inode->i_sb->s_uuid,
sizeof(inode->i_sb->s_uuid));
crypto_shash_final(desc, digest);
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-16 21:52:14 +0100