1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2008 IBM Corporation 4 * 5 * Authors: 6 * Mimi Zohar <zohar@us.ibm.com> 7 * 8 * File: integrity_iint.c 9 * - initialize the integrity directory in securityfs 10 * - load IMA and EVM keys 11 */ 12 #include <linux/security.h> 13 #include "integrity.h" 14 15 struct dentry *integrity_dir; 16 17 /* 18 * integrity_kernel_read - read data from the file 19 * 20 * This is a function for reading file content instead of kernel_read(). 21 * It does not perform locking checks to ensure it cannot be blocked. 22 * It does not perform security checks because it is irrelevant for IMA. 23 * 24 */ 25 int integrity_kernel_read(struct file *file, loff_t offset, 26 void *addr, unsigned long count) 27 { 28 return __kernel_read(file, addr, count, &offset); 29 } 30 31 /* 32 * integrity_load_keys - load integrity keys hook 33 * 34 * Hooks is called from init/main.c:kernel_init_freeable() 35 * when rootfs is ready 36 */ 37 void __init integrity_load_keys(void) 38 { 39 ima_load_x509(); 40 41 if (!IS_ENABLED(CONFIG_IMA_LOAD_X509)) 42 evm_load_x509(); 43 } 44 45 static int __init integrity_fs_init(void) 46 { 47 integrity_dir = securityfs_create_dir("integrity", NULL); 48 if (IS_ERR(integrity_dir)) { 49 int ret = PTR_ERR(integrity_dir); 50 51 if (ret != -ENODEV) 52 pr_err("Unable to create integrity sysfs dir: %d\n", 53 ret); 54 integrity_dir = NULL; 55 return ret; 56 } 57 58 return 0; 59 } 60 61 late_initcall(integrity_fs_init) 62