evm: replace HMAC version with attribute mask

Using HMAC version limits the posibility to arbitrarily add new attributes such as SMACK64EXEC to the hmac calculation. This patch replaces hmac version with attribute mask. Desired attributes can be enabled with configuration parameter. It allows to build kernels which works with previously labeled filesystems. Currently supported attribute is 'fsuuid' which is equivalent of the former version 2. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
author: Dmitry Kasatkin <d.kasatkin@samsung.com> 2014-03-28 16:31:04 +0400
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2014-06-13 01:58:06 +0400
commit: d3b33679481d52ef02311119d4342a9a1f3d84db (patch)
tree: 5e23d255b52239a4d478dc8b56e49871a4b732c4 /security/integrity/evm/evm.h
parent: 060bdebfb0b82751be89c0ce4b6e2c88606a354b (diff)
download: linux-d3b33679481d52ef02311119d4342a9a1f3d84db.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/security/integrity/evm/evm.h b/security/integrity/evm/evm.h
index 37c88ddb3cfe..88bfe77efa1c 100644
--- a/security/integrity/evm/evm.h
+++ b/security/integrity/evm/evm.h
@@ -24,7 +24,10 @@
 extern int evm_initialized;
 extern char *evm_hmac;
 extern char *evm_hash;
-extern int evm_hmac_version;
+
+#define EVM_ATTR_FSUUID		0x0001
+
+extern int evm_hmac_attrs;
 
 extern struct crypto_shash *hmac_tfm;
 extern struct crypto_shash *hash_tfm;
author	Dmitry Kasatkin <d.kasatkin@samsung.com>	2014-03-28 16:31:04 +0400
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2014-06-13 01:58:06 +0400
commit	d3b33679481d52ef02311119d4342a9a1f3d84db (patch)
tree	5e23d255b52239a4d478dc8b56e49871a4b732c4 /security/integrity/evm/evm.h
parent	060bdebfb0b82751be89c0ce4b6e2c88606a354b (diff)
download	linux-d3b33679481d52ef02311119d4342a9a1f3d84db.tar.xz