ima: Move IMA-Appraisal to LSM infrastructure

[linux-2.6-block.git] / security / integrity / ima / ima_appraise.c

diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 36abc84ba299fbed4fc06799a25c9c6e5a98ea02..0764511096378f31f99201f71765d8b240e2ff3a 100644 (file)
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -636,8 +636,8 @@ void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file)
  * This function is called from notify_change(), which expects the caller
  * to lock the inode's i_mutex.
  */
-void ima_inode_post_setattr(struct mnt_idmap *idmap,
-                           struct dentry *dentry, int ia_valid)
+static void ima_inode_post_setattr(struct mnt_idmap *idmap,
+                                  struct dentry *dentry, int ia_valid)
 {
        struct inode *inode = d_backing_inode(dentry);
        struct integrity_iint_cache *iint;
@@ -750,9 +750,9 @@ static int validate_hash_algo(struct dentry *dentry,
        return -EACCES;
 }
 
-int ima_inode_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,
-                      const char *xattr_name, const void *xattr_value,
-                      size_t xattr_value_len, int flags)
+static int ima_inode_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,
+                             const char *xattr_name, const void *xattr_value,
+                             size_t xattr_value_len, int flags)
 {
        const struct evm_ima_xattr_data *xvalue = xattr_value;
        int digsig = 0;
@@ -781,8 +781,8 @@ int ima_inode_setxattr(struct mnt_idmap *idmap, struct dentry *dentry,
        return result;
 }
 
-int ima_inode_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
-                     const char *acl_name, struct posix_acl *kacl)
+static int ima_inode_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
+                            const char *acl_name, struct posix_acl *kacl)
 {
        if (evm_revalidate_status(acl_name))
                ima_reset_appraise_flags(d_backing_inode(dentry), 0);
@@ -790,8 +790,8 @@ int ima_inode_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
        return 0;
 }
 
-int ima_inode_removexattr(struct mnt_idmap *idmap, struct dentry *dentry,
-                         const char *xattr_name)
+static int ima_inode_removexattr(struct mnt_idmap *idmap, struct dentry *dentry,
+                                const char *xattr_name)
 {
        int result;
 
@@ -803,3 +803,23 @@ int ima_inode_removexattr(struct mnt_idmap *idmap, struct dentry *dentry,
        }
        return result;
 }
+
+static int ima_inode_remove_acl(struct mnt_idmap *idmap, struct dentry *dentry,
+                               const char *acl_name)
+{
+       return ima_inode_set_acl(idmap, dentry, acl_name, NULL);
+}
+
+static struct security_hook_list ima_appraise_hooks[] __ro_after_init = {
+       LSM_HOOK_INIT(inode_post_setattr, ima_inode_post_setattr),
+       LSM_HOOK_INIT(inode_setxattr, ima_inode_setxattr),
+       LSM_HOOK_INIT(inode_set_acl, ima_inode_set_acl),
+       LSM_HOOK_INIT(inode_removexattr, ima_inode_removexattr),
+       LSM_HOOK_INIT(inode_remove_acl, ima_inode_remove_acl),
+};
+
+void __init init_ima_appraise_lsm(const struct lsm_id *lsmid)
+{
+       security_add_hooks(ima_appraise_hooks, ARRAY_SIZE(ima_appraise_hooks),
+                          lsmid);
+}