[linux-2.6-block.git] / security / integrity / iint.c

// SPDX-License-Identifier: GPL-2.0-only
/*
 * Copyright (C) 2008 IBM Corporation
 *
 * Authors:
 * Mimi Zohar <zohar@us.ibm.com>
 *
 * File: integrity_iint.c
 *	- initialize the integrity directory in securityfs
 *	- load IMA and EVM keys
 */
#include <linux/security.h>
#include "integrity.h"

struct dentry *integrity_dir;

/*
 * integrity_kernel_read - read data from the file
 *
 * This is a function for reading file content instead of kernel_read().
 * It does not perform locking checks to ensure it cannot be blocked.
 * It does not perform security checks because it is irrelevant for IMA.
 *
 */
int integrity_kernel_read(struct file *file, loff_t offset,
			  void *addr, unsigned long count)
{
	return __kernel_read(file, addr, count, &offset);
}

/*
 * integrity_load_keys - load integrity keys hook
 *
 * Hooks is called from init/main.c:kernel_init_freeable()
 * when rootfs is ready
 */
void __init integrity_load_keys(void)
{
	ima_load_x509();

	if (!IS_ENABLED(CONFIG_IMA_LOAD_X509))
		evm_load_x509();
}

static int __init integrity_fs_init(void)
{
	integrity_dir = securityfs_create_dir("integrity", NULL);
	if (IS_ERR(integrity_dir)) {
		int ret = PTR_ERR(integrity_dir);

		if (ret != -ENODEV)
			pr_err("Unable to create integrity sysfs dir: %d\n",
			       ret);
		integrity_dir = NULL;
		return ret;
	}

	return 0;
}

late_initcall(integrity_fs_init)
Commit	Line	Data
b886d83c	1	// SPDX-License-Identifier: GPL-2.0-only
f381c272 MZ	2	/*
	3	* Copyright (C) 2008 IBM Corporation
	4	*
	5	* Authors:
	6	* Mimi Zohar <zohar@us.ibm.com>
	7	*
f381c272	8	* File: integrity_iint.c
b6c0dec9 RS	9	* - initialize the integrity directory in securityfs
b6c0dec9 RS	10	* - load IMA and EVM keys
f381c272	11	*/
0c343af8	12	#include <linux/security.h>
f381c272 MZ	13	#include "integrity.h"
f381c272 MZ	14
0c343af8 MG	15	struct dentry *integrity_dir;
0c343af8 MG	16
e3c4abbf DK	17	/*
	18	* integrity_kernel_read - read data from the file
	19	*
	20	* This is a function for reading file content instead of kernel_read().
	21	* It does not perform locking checks to ensure it cannot be blocked.
	22	* It does not perform security checks because it is irrelevant for IMA.
	23	*
	24	*/
	25	int integrity_kernel_read(struct file *file, loff_t offset,
bb543e39	26	void *addr, unsigned long count)
e3c4abbf	27	{
a1f9b1c0	28	return __kernel_read(file, addr, count, &offset);
e3c4abbf DK	29	}
e3c4abbf DK	30
c9cd2ce2 DK	31	/*
	32	* integrity_load_keys - load integrity keys hook
	33	*
	34	* Hooks is called from init/main.c:kernel_init_freeable()
	35	* when rootfs is ready
	36	*/
	37	void __init integrity_load_keys(void)
	38	{
	39	ima_load_x509();
aa2ead71 RS	40
	41	if (!IS_ENABLED(CONFIG_IMA_LOAD_X509))
	42	evm_load_x509();
c9cd2ce2	43	}
0c343af8 MG	44
	45	static int __init integrity_fs_init(void)
	46	{
	47	integrity_dir = securityfs_create_dir("integrity", NULL);
	48	if (IS_ERR(integrity_dir)) {
ac2409a5 SH	49	int ret = PTR_ERR(integrity_dir);
	50
	51	if (ret != -ENODEV)
	52	pr_err("Unable to create integrity sysfs dir: %d\n",
	53	ret);
0c343af8	54	integrity_dir = NULL;
ac2409a5	55	return ret;
0c343af8 MG	56	}
	57
	58	return 0;
	59	}
	60
	61	late_initcall(integrity_fs_init)