xref: /linux/security/integrity/iint.c (revision da5b2ad1c2f18834cb1ce429e2e5a5cf5cbdf21b)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2008 IBM Corporation
4  *
5  * Authors:
6  * Mimi Zohar <zohar@us.ibm.com>
7  *
8  * File: integrity_iint.c
9  *	- initialize the integrity directory in securityfs
10  *	- load IMA and EVM keys
11  */
12 #include <linux/security.h>
13 #include "integrity.h"
14 
15 struct dentry *integrity_dir;
16 
17 /*
18  * integrity_kernel_read - read data from the file
19  *
20  * This is a function for reading file content instead of kernel_read().
21  * It does not perform locking checks to ensure it cannot be blocked.
22  * It does not perform security checks because it is irrelevant for IMA.
23  *
24  */
25 int integrity_kernel_read(struct file *file, loff_t offset,
26 			  void *addr, unsigned long count)
27 {
28 	return __kernel_read(file, addr, count, &offset);
29 }
30 
31 /*
32  * integrity_load_keys - load integrity keys hook
33  *
34  * Hooks is called from init/main.c:kernel_init_freeable()
35  * when rootfs is ready
36  */
37 void __init integrity_load_keys(void)
38 {
39 	ima_load_x509();
40 
41 	if (!IS_ENABLED(CONFIG_IMA_LOAD_X509))
42 		evm_load_x509();
43 }
44 
45 static int __init integrity_fs_init(void)
46 {
47 	integrity_dir = securityfs_create_dir("integrity", NULL);
48 	if (IS_ERR(integrity_dir)) {
49 		int ret = PTR_ERR(integrity_dir);
50 
51 		if (ret != -ENODEV)
52 			pr_err("Unable to create integrity sysfs dir: %d\n",
53 			       ret);
54 		integrity_dir = NULL;
55 		return ret;
56 	}
57 
58 	return 0;
59 }
60 
61 late_initcall(integrity_fs_init)
62