From 1d61b5b771babdf338d29b02cabf94655536fe8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=9B=A2=E8=BE=89?= <shituanhui@huawei.com>
Date: Mon, 6 Jan 2025 20:37:33 +0800
Subject: [PATCH] =?UTF-8?q?code=20sign=20=E7=BC=96=E8=AF=91=E4=BE=9D?=
 =?UTF-8?q?=E8=B5=96=E9=97=AE=E9=A2=98=E4=BF=AE=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 团辉 <shituanhui@huawei.com>
---
 code_sign/Makefile            | 1 +
 code_sign/verify_cert_chain.c | 4 ++--
 code_sign/verify_cert_chain.h | 3 ++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/code_sign/Makefile b/code_sign/Makefile
index 8a2af5b..0fc5dde 100644
--- a/code_sign/Makefile
+++ b/code_sign/Makefile
@@ -9,6 +9,7 @@ obj-$(CONFIG_SECURITY_CODE_SIGN)	+= \
 	code_sign_ext.o
 
 ccflags-$(CONFIG_SECURITY_CODE_SIGN) += \
+	-I$(srctree)/fs/verity \
 	-I$(srctree)/fs/code_sign \
 	-I$(srctree)/security/selinux/include \
 	-I$(srctree)/security/selinux \
diff --git a/code_sign/verify_cert_chain.c b/code_sign/verify_cert_chain.c
index 3e9d096..8163da9 100644
--- a/code_sign/verify_cert_chain.c
+++ b/code_sign/verify_cert_chain.c
@@ -122,7 +122,7 @@ static struct cert_source *find_matched_source(const struct x509_certificate *si
 }
 
 void code_sign_verify_certchain(const void *raw_pkcs7, size_t pkcs7_len,
-	struct cs_info *cs_info, int *ret)
+	struct fsverity_info *vi, int *ret)
 {
 	struct pkcs7_message *pkcs7;
 	struct pkcs7_signed_info *sinfo;
@@ -205,7 +205,7 @@ void code_sign_verify_certchain(const void *raw_pkcs7, size_t pkcs7_len,
 		}
 		if (cert_chain_depth_without_root == (source->max_path_depth - 1)) {
 			code_sign_log_info("cert subject and issuer trusted");
-			set_file_ownerid(cs_info, source->path_type, pkcs7->signed_infos);
+			set_file_ownerid(&vi->fcs_info, source->path_type, pkcs7->signed_infos);
 			*ret = source->path_type;
 			goto exit;
 		} else {
diff --git a/code_sign/verify_cert_chain.h b/code_sign/verify_cert_chain.h
index eb5a8dd..b2f7b06 100644
--- a/code_sign/verify_cert_chain.h
+++ b/code_sign/verify_cert_chain.h
@@ -7,11 +7,12 @@
 #define _VERIFY_CERT_CHAIN_H
 
 #include <linux/xpm_types.h>
+#include "fsverity_private.h"
 
 /*
  * verify_cert_chain.c
  */
 void code_sign_verify_certchain(const void *raw_pkcs7, size_t pkcs7_len,
-	struct cs_info *cs_info, int *ret);
+	struct fsverity_info *vi, int *ret);
 
 #endif /* _VERIFY_CERT_CHAIN_H */
-- 
Gitee