diff options
| author | Dmitry Kasatkin <d.kasatkin@samsung.com> | 2014-11-05 17:01:14 +0200 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-11-17 23:12:00 -0500 |
| commit | fd5f4e9054acbf4f22fac81a358baf3c27aa42ac (patch) | |
| tree | 1f17112d28c5dcf786d7edb3e950c51812d2d28d /security/integrity/integrity.h | |
| parent | 65d543b2335ede80e5e66bc4f559f62db5f469bd (diff) | |
| download | linux-fd5f4e9054acbf4f22fac81a358baf3c27aa42ac.tar.bz2 | |
ima: load x509 certificate from the kernel
Define configuration option to load X509 certificate into the
IMA trusted kernel keyring. It implements ima_load_x509() hook
to load X509 certificate into the .ima trusted kernel keyring
from the root filesystem.
Changes in v3:
* use ima_policy_flag in ima_get_action()
ima_load_x509 temporarily clears ima_policy_flag to disable
appraisal to load key. Use it to skip appraisal rules.
* Key directory path changed to /etc/keys (Mimi)
* Expand IMA_LOAD_X509 Kconfig help
Changes in v2:
* added '__init'
* use ima_policy_flag to disable appraisal to load keys
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/integrity.h')
| -rw-r--r-- | security/integrity/integrity.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 1057abbd31cd..caa1f6ca72e9 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -162,6 +162,14 @@ static inline int asymmetric_verify(struct key *keyring, const char *sig, } #endif +#ifdef CONFIG_IMA_LOAD_X509 +void __init ima_load_x509(void); +#else +static inline void ima_load_x509(void) +{ +} +#endif + #ifdef CONFIG_INTEGRITY_AUDIT /* declarations */ void integrity_audit_msg(int audit_msgno, struct inode *inode, |