1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* |
3 | * Copyright (C) 2008 IBM Corporation |
4 | * |
5 | * Authors: |
6 | * Mimi Zohar <zohar@us.ibm.com> |
7 | * |
8 | * File: integrity_iint.c |
9 | * - initialize the integrity directory in securityfs |
10 | * - load IMA and EVM keys |
11 | */ |
12 | #include <linux/security.h> |
13 | #include "integrity.h" |
14 | |
15 | struct dentry *integrity_dir; |
16 | |
17 | /* |
18 | * integrity_kernel_read - read data from the file |
19 | * |
20 | * This is a function for reading file content instead of kernel_read(). |
21 | * It does not perform locking checks to ensure it cannot be blocked. |
22 | * It does not perform security checks because it is irrelevant for IMA. |
23 | * |
24 | */ |
25 | int integrity_kernel_read(struct file *file, loff_t offset, |
26 | void *addr, unsigned long count) |
27 | { |
28 | return __kernel_read(file, buf: addr, count, pos: &offset); |
29 | } |
30 | |
31 | /* |
32 | * integrity_load_keys - load integrity keys hook |
33 | * |
34 | * Hooks is called from init/main.c:kernel_init_freeable() |
35 | * when rootfs is ready |
36 | */ |
37 | void __init integrity_load_keys(void) |
38 | { |
39 | ima_load_x509(); |
40 | |
41 | if (!IS_ENABLED(CONFIG_IMA_LOAD_X509)) |
42 | evm_load_x509(); |
43 | } |
44 | |
45 | static int __init integrity_fs_init(void) |
46 | { |
47 | integrity_dir = securityfs_create_dir(name: "integrity" , NULL); |
48 | if (IS_ERR(ptr: integrity_dir)) { |
49 | int ret = PTR_ERR(ptr: integrity_dir); |
50 | |
51 | if (ret != -ENODEV) |
52 | pr_err("Unable to create integrity sysfs dir: %d\n" , |
53 | ret); |
54 | integrity_dir = NULL; |
55 | return ret; |
56 | } |
57 | |
58 | return 0; |
59 | } |
60 | |
61 | late_initcall(integrity_fs_init) |
62 | |