evm: Align evm_inode_post_setattr() definition with LSM infrastructure

Change evm_inode_post_setattr() definition, so that it can be registered as
implementation of the inode_post_setattr hook (to be introduced).

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/fs/attr.c b/fs/attr.c
index b53ae408ad4f5e501018e61c8156d7484c4d204b..adeba0ec40f1ec555e6d442aee69e1e941ace5e7 100644 (file)
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -503,7 +503,7 @@ int notify_change(struct mnt_idmap *idmap, struct dentry *dentry,
        if (!error) {
                fsnotify_change(dentry, ia_valid);
                ima_inode_post_setattr(idmap, dentry, ia_valid);
-               evm_inode_post_setattr(dentry, ia_valid);
+               evm_inode_post_setattr(idmap, dentry, ia_valid);
        }
 
        return error;

diff --git a/include/linux/evm.h b/include/linux/evm.h
index 36ec884320d9f5adab2ba5fc258ea0edc2b363ee..5cc386312b5a610b149f362d6d800b05da0e4ed6 100644 (file)
--- a/include/linux/evm.h
+++ b/include/linux/evm.h
@@ -23,7 +23,8 @@ extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
                                             struct integrity_iint_cache *iint);
 extern int evm_inode_setattr(struct mnt_idmap *idmap,
                             struct dentry *dentry, struct iattr *attr);
-extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid);
+extern void evm_inode_post_setattr(struct mnt_idmap *idmap,
+                                  struct dentry *dentry, int ia_valid);
 extern int evm_inode_setxattr(struct mnt_idmap *idmap,
                              struct dentry *dentry, const char *name,
                              const void *value, size_t size);
@@ -98,7 +99,8 @@ static inline int evm_inode_setattr(struct mnt_idmap *idmap,
        return 0;
 }
 
-static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
+static inline void evm_inode_post_setattr(struct mnt_idmap *idmap,
+                                         struct dentry *dentry, int ia_valid)
 {
        return;
 }

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index cc7956d7878b3d79d0cbd48c1175a329869bd1a7..ac34f21122cddd90e9d5134fee75865ed964fda7 100644 (file)
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -870,6 +870,7 @@ int evm_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
 
 /**
  * evm_inode_post_setattr - update 'security.evm' after modifying metadata
+ * @idmap: idmap of the idmapped mount
  * @dentry: pointer to the affected dentry
  * @ia_valid: for the UID and GID status
  *
@@ -879,7 +880,8 @@ int evm_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
  * This function is called from notify_change(), which expects the caller
  * to lock the inode's i_mutex.
  */
-void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
+void evm_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
+                           int ia_valid)
 {
        if (!evm_revalidate_status(NULL))
                return;