diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2009-02-04 09:06:57 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-02-06 09:05:30 +1100 |
commit | 6146f0d5e47ca4047ffded0fb79b6c25359b386c (patch) | |
tree | edd792e52ad56d4a5d3ac6caa8437d3283fc157e /fs/inode.c | |
parent | 659aaf2bb5496a425ba14036b5b5900f593e4484 (diff) | |
download | op-kernel-dev-6146f0d5e47ca4047ffded0fb79b6c25359b386c.zip op-kernel-dev-6146f0d5e47ca4047ffded0fb79b6c25359b386c.tar.gz |
integrity: IMA hooks
This patch replaces the generic integrity hooks, for which IMA registered
itself, with IMA integrity hooks in the appropriate places directly
in the fs directory.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/inode.c')
-rw-r--r-- | fs/inode.c | 24 |
1 files changed, 17 insertions, 7 deletions
@@ -17,6 +17,7 @@ #include <linux/hash.h> #include <linux/swap.h> #include <linux/security.h> +#include <linux/ima.h> #include <linux/pagemap.h> #include <linux/cdev.h> #include <linux/bootmem.h> @@ -144,13 +145,13 @@ struct inode *inode_init_always(struct super_block *sb, struct inode *inode) inode->i_cdev = NULL; inode->i_rdev = 0; inode->dirtied_when = 0; - if (security_inode_alloc(inode)) { - if (inode->i_sb->s_op->destroy_inode) - inode->i_sb->s_op->destroy_inode(inode); - else - kmem_cache_free(inode_cachep, (inode)); - return NULL; - } + + if (security_inode_alloc(inode)) + goto out_free_inode; + + /* allocate and initialize an i_integrity */ + if (ima_inode_alloc(inode)) + goto out_free_security; spin_lock_init(&inode->i_lock); lockdep_set_class(&inode->i_lock, &sb->s_type->i_lock_key); @@ -186,6 +187,15 @@ struct inode *inode_init_always(struct super_block *sb, struct inode *inode) inode->i_mapping = mapping; return inode; + +out_free_security: + security_inode_free(inode); +out_free_inode: + if (inode->i_sb->s_op->destroy_inode) + inode->i_sb->s_op->destroy_inode(inode); + else + kmem_cache_free(inode_cachep, (inode)); + return NULL; } EXPORT_SYMBOL(inode_init_always); |