iint.c 1.5 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * Copyright (C) 2008 IBM Corporation
  4. *
  5. * Authors:
  6. * Mimi Zohar <zohar@us.ibm.com>
  7. *
  8. * File: integrity_iint.c
  9. * - initialize the integrity directory in securityfs
  10. * - load IMA and EVM keys
  11. */
  12. #include <linux/security.h>
  13. #include "integrity.h"
  14. struct dentry *integrity_dir;
  15. /*
  16. * integrity_kernel_read - read data from the file
  17. *
  18. * This is a function for reading file content instead of kernel_read().
  19. * It does not perform locking checks to ensure it cannot be blocked.
  20. * It does not perform security checks because it is irrelevant for IMA.
  21. *
  22. */
  23. int integrity_kernel_read(struct file *file, loff_t offset,
  24. void *addr, unsigned long count)
  25. {
  26. return __kernel_read(file, addr, count, &offset);
  27. }
  28. /*
  29. * integrity_load_keys - load integrity keys hook
  30. *
  31. * Hooks is called from init/main.c:kernel_init_freeable()
  32. * when rootfs is ready
  33. */
  34. void __init integrity_load_keys(void)
  35. {
  36. ima_load_x509();
  37. if (!IS_ENABLED(CONFIG_IMA_LOAD_X509))
  38. evm_load_x509();
  39. }
  40. int __init integrity_fs_init(void)
  41. {
  42. if (integrity_dir)
  43. return 0;
  44. integrity_dir = securityfs_create_dir("integrity", NULL);
  45. if (IS_ERR(integrity_dir)) {
  46. int ret = PTR_ERR(integrity_dir);
  47. if (ret != -ENODEV)
  48. pr_err("Unable to create integrity sysfs dir: %d\n",
  49. ret);
  50. integrity_dir = NULL;
  51. return ret;
  52. }
  53. return 0;
  54. }
  55. void __init integrity_fs_fini(void)
  56. {
  57. if (!integrity_dir || !simple_empty(integrity_dir))
  58. return;
  59. securityfs_remove(integrity_dir);
  60. integrity_dir = NULL;
  61. }