linux/security
Roberto Sassu dae52cbf58 security: Introduce inode_post_removexattr hook
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_removexattr hook.

At inode_removexattr hook, EVM verifies the file's existing HMAC value. At
inode_post_removexattr, EVM re-calculates the file's HMAC with the passed
xattr removed and other file metadata.

Other LSMs could similarly take some action after successful xattr removal.

The new hook cannot return an error and cannot cause the operation to be
reverted.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2024-02-15 23:43:42 -05:00
..
apparmor exec: Check __FMODE_EXEC instead of in_execve for LSMs 2024-01-24 11:38:58 -08:00
bpf lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
integrity evm: Align evm_inode_post_setxattr() definition with LSM infrastructure 2024-02-15 23:43:41 -05:00
keys Revert "KEYS: encrypted: Add check for strsep" 2024-01-24 16:11:59 -05:00
landlock Landlock updates for v6.8-rc1 2024-01-09 13:22:15 -08:00
loadpin lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
lockdown LSM: Identify modules by more than name 2023-11-12 22:54:42 -05:00
safesetid lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
selinux security: Align inode_setattr hook definition with EVM 2024-02-15 23:43:41 -05:00
smack security: Align inode_setattr hook definition with EVM 2024-02-15 23:43:41 -05:00
tomoyo exec: Check __FMODE_EXEC instead of in_execve for LSMs 2024-01-24 11:38:58 -08:00
yama lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
commoncap.c lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c security: convert to new timestamp accessors 2023-10-18 14:08:31 +02:00
Kconfig mm/slab: remove HAVE_HARDENED_USERCOPY_ALLOCATOR 2023-05-24 15:38:17 +02:00
Kconfig.hardening hardening: Move BUG_ON_DATA_CORRUPTION to hardening options 2023-08-15 14:57:25 -07:00
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
lsm_syscalls.c LSM: Helpers for attribute names and filling lsm_ctx 2023-11-12 22:54:42 -05:00
Makefile LSM: syscalls for current process attributes 2023-11-12 22:54:42 -05:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c security: Introduce inode_post_removexattr hook 2024-02-15 23:43:42 -05:00