mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-11-01 00:48:50 +00:00
c9cd2ce2bc
Keys can only be loaded once the rootfs is mounted. Initcalls are not suitable for that. This patch defines a special hook to load the x509 public keys onto the IMA keyring, before attempting to access any file. The keys are required for verifying the file's signature. The hook is called after the root filesystem is mounted and before the kernel calls 'init'. Changes in v3: * added more explanation to the patch description (Mimi) Changes in v2: * Hook renamed as 'integrity_load_keys()' to handle both IMA and EVM keys by integrity subsystem. * Hook patch moved after defining loading functions Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
46 lines
1 KiB
C
46 lines
1 KiB
C
/*
|
|
* Copyright (C) 2009 IBM Corporation
|
|
* Author: Mimi Zohar <zohar@us.ibm.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, version 2 of the License.
|
|
*/
|
|
|
|
#ifndef _LINUX_INTEGRITY_H
|
|
#define _LINUX_INTEGRITY_H
|
|
|
|
#include <linux/fs.h>
|
|
|
|
enum integrity_status {
|
|
INTEGRITY_PASS = 0,
|
|
INTEGRITY_FAIL,
|
|
INTEGRITY_NOLABEL,
|
|
INTEGRITY_NOXATTRS,
|
|
INTEGRITY_UNKNOWN,
|
|
};
|
|
|
|
/* List of EVM protected security xattrs */
|
|
#ifdef CONFIG_INTEGRITY
|
|
extern struct integrity_iint_cache *integrity_inode_get(struct inode *inode);
|
|
extern void integrity_inode_free(struct inode *inode);
|
|
extern void __init integrity_load_keys(void);
|
|
|
|
#else
|
|
static inline struct integrity_iint_cache *
|
|
integrity_inode_get(struct inode *inode)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
static inline void integrity_inode_free(struct inode *inode)
|
|
{
|
|
return;
|
|
}
|
|
|
|
static inline void integrity_load_keys(void)
|
|
{
|
|
}
|
|
#endif /* CONFIG_INTEGRITY */
|
|
|
|
#endif /* _LINUX_INTEGRITY_H */
|