inode_setxattr should not be recording provenance any more.

CamFlow · Apr 3, 2019 · b9cb320 · b9cb320
1 parent 406fecb
commit b9cb320
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -45,6 +45,7 @@
 
 ### v0.5.4
 ```
+- Ensure inode_setxattr does not generate provenance.
 - Ensure inode_getsecurity does not generate provenance.
 - Associate task_id with relations.
 - Internal refactoring.

diff --git a/include/uapi/linux/provenance.h b/include/uapi/linux/provenance.h
@@ -31,7 +31,7 @@
 	"."xstr (CAMFLOW_VERSION_MINOR)					\
 	"."xstr (CAMFLOW_VERSION_PATCH)					\
 
-#define CAMFLOW_COMMIT "4f4001896997e7a9704b46f2c07618258636096d"
+#define CAMFLOW_COMMIT "406fecb9837107d3282d47f82fc98d5394b148d2"
 
 #define PROVENANCE_HASH                 "sha256"
 

diff --git a/security/provenance/hooks.c b/security/provenance/hooks.c
@@ -765,7 +765,7 @@ static int provenance_inode_setxattr(struct dentry *dentry,
 	if (strcmp(name, XATTR_NAME_PROVENANCE) == 0) { // Provenance xattr
 		if (size != sizeof(union prov_elt))
 			return -ENOMEM;
-		prov = get_dentry_provenance(dentry, true);
+		prov = get_dentry_provenance(dentry, false);
 		setting = (union prov_elt *)value;
 
 		if (provenance_is_tracked(setting))