forked from mirrors/linux
KEYS: Call the IMA hook to measure keys
Call the IMA hook from key_create_or_update() function to measure the payload when a new key is created or an existing key is updated. This patch adds the call to the IMA hook from key_create_or_update() function to measure the key on key create or update. Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Cc: David Howells <dhowells@redhat.com> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Lakshmi Ramasubramanian
Mimi Zohar
parent
88e70da170
commit
cb1aa3823c
2 changed files with 24 additions and 0 deletions
|
|
@ -101,6 +101,20 @@ static inline void ima_add_kexec_buffer(struct kimage *image)
|
||||||
{}
|
{}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(CONFIG_IMA) && defined(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
|
||||||
|
extern void ima_post_key_create_or_update(struct key *keyring,
|
||||||
|
struct key *key,
|
||||||
|
const void *payload, size_t plen,
|
||||||
|
unsigned long flags, bool create);
|
||||||
|
#else
|
||||||
|
static inline void ima_post_key_create_or_update(struct key *keyring,
|
||||||
|
struct key *key,
|
||||||
|
const void *payload,
|
||||||
|
size_t plen,
|
||||||
|
unsigned long flags,
|
||||||
|
bool create) {}
|
||||||
|
#endif /* CONFIG_IMA && CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE */
|
||||||
|
|
||||||
#ifdef CONFIG_IMA_APPRAISE
|
#ifdef CONFIG_IMA_APPRAISE
|
||||||
extern bool is_ima_appraise_enabled(void);
|
extern bool is_ima_appraise_enabled(void);
|
||||||
extern void ima_inode_post_setattr(struct dentry *dentry);
|
extern void ima_inode_post_setattr(struct dentry *dentry);
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@
|
||||||
#include <linux/security.h>
|
#include <linux/security.h>
|
||||||
#include <linux/workqueue.h>
|
#include <linux/workqueue.h>
|
||||||
#include <linux/random.h>
|
#include <linux/random.h>
|
||||||
|
#include <linux/ima.h>
|
||||||
#include <linux/err.h>
|
#include <linux/err.h>
|
||||||
#include "internal.h"
|
#include "internal.h"
|
||||||
|
|
||||||
|
|
@ -936,6 +937,9 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
|
||||||
goto error_link_end;
|
goto error_link_end;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ima_post_key_create_or_update(keyring, key, payload, plen,
|
||||||
|
flags, true);
|
||||||
|
|
||||||
key_ref = make_key_ref(key, is_key_possessed(keyring_ref));
|
key_ref = make_key_ref(key, is_key_possessed(keyring_ref));
|
||||||
|
|
||||||
error_link_end:
|
error_link_end:
|
||||||
|
|
@ -965,6 +969,12 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
|
||||||
}
|
}
|
||||||
|
|
||||||
key_ref = __key_update(key_ref, &prep);
|
key_ref = __key_update(key_ref, &prep);
|
||||||
|
|
||||||
|
if (!IS_ERR(key_ref))
|
||||||
|
ima_post_key_create_or_update(keyring, key,
|
||||||
|
payload, plen,
|
||||||
|
flags, false);
|
||||||
|
|
||||||
goto error_free_prep;
|
goto error_free_prep;
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(key_create_or_update);
|
EXPORT_SYMBOL(key_create_or_update);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue