On Jan 15, 2024 Roberto Sassu <roberto.sa...@huaweicloud.com> wrote: > > A few additional IMA hooks are needed to reset the cached appraisal > status, causing the file's integrity to be re-evaluated on next access. > Register these IMA-appraisal only functions separately from the rest of IMA > functions, as appraisal is a separate feature not necessarily enabled in > the kernel configuration. > > Reuse the same approach as for other IMA functions, move hardcoded calls > from various places in the kernel to the LSM infrastructure. Declare the > functions as static and register them as hook implementations in > init_ima_appraise_lsm(), called by init_ima_lsm(). > > Also move the inline function ima_inode_remove_acl() from the public ima.h > header to ima_appraise.c. > > Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com> > Reviewed-by: Stefan Berger <stef...@linux.ibm.com> > Reviewed-by: Mimi Zohar <zo...@linux.ibm.com> > Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com> > --- > fs/attr.c | 2 - > include/linux/ima.h | 55 --------------------------- > security/integrity/ima/ima.h | 5 +++ > security/integrity/ima/ima_appraise.c | 38 +++++++++++++----- > security/integrity/ima/ima_main.c | 1 + > security/security.c | 13 ------- > 6 files changed, 35 insertions(+), 79 deletions(-)
Acked-by: Paul Moore <p...@paul-moore.com> -- paul-moore.com