From 05017f3e9872910bb0f232f122981c345196fb7c Mon Sep 17 00:00:00 2001
From: Dmitry Kasatkin <d.kasatkin@samsung.com>
Date: Thu, 16 Jan 2014 16:39:57 +0200
Subject: [PATCH] Use lgetxattr() instead of getxattr()

IMA/EVM extended attributes should be get for symbolic links themselves,
not to the entries pointed by them. setxattr() dereference symbolic links.
It is necessary to use lgetxattr().

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
---
 src/evmctl.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/evmctl.c b/src/evmctl.c
index 12df66b..dcd051f 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -773,7 +773,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
 	}
 
 	for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++) {
-		err = getxattr(file, *xattrname, xattr_value, sizeof(xattr_value));
+		err = lgetxattr(file, *xattrname, xattr_value, sizeof(xattr_value));
 		if (err < 0) {
 			log_info("no xattr: %s\n", *xattrname);
 			continue;
@@ -1230,7 +1230,7 @@ static int verify_evm(const char *file, const char *key)
 	if (len <= 1)
 		return len;
 
-	len = getxattr(file, "security.evm", sig, sizeof(sig));
+	len = lgetxattr(file, "security.evm", sig, sizeof(sig));
 	if (len < 0) {
 		log_err("getxattr failed\n");
 		return len;
@@ -1340,7 +1340,7 @@ static int verify_ima(const char *file)
 	int len;
 
 	if (xattr) {
-		len = getxattr(file, "security.ima", sig, sizeof(sig));
+		len = lgetxattr(file, "security.ima", sig, sizeof(sig));
 		if (len < 0) {
 			log_err("getxattr failed\n");
 			return len;
@@ -1487,7 +1487,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
 	}
 
 	for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++) {
-		err = getxattr(file, *xattrname, xattr_value, sizeof(xattr_value));
+		err = lgetxattr(file, *xattrname, xattr_value, sizeof(xattr_value));
 		if (err < 0) {
 			log_info("no xattr: %s\n", *xattrname);
 			continue;