| // SPDX-License-Identifier: GPL-2.0-only |
| /* |
| * Copyright (C) 2008 IBM Corporation |
| * |
| * Authors: |
| * Mimi Zohar <zohar@us.ibm.com> |
| * |
| * File: integrity_iint.c |
| * - initialize the integrity directory in securityfs |
| * - load IMA and EVM keys |
| */ |
| #include <linux/security.h> |
| #include "integrity.h" |
| |
| struct dentry *integrity_dir; |
| |
| /* |
| * integrity_kernel_read - read data from the file |
| * |
| * This is a function for reading file content instead of kernel_read(). |
| * It does not perform locking checks to ensure it cannot be blocked. |
| * It does not perform security checks because it is irrelevant for IMA. |
| * |
| */ |
| int integrity_kernel_read(struct file *file, loff_t offset, |
| void *addr, unsigned long count) |
| { |
| return __kernel_read(file, addr, count, &offset); |
| } |
| |
| /* |
| * integrity_load_keys - load integrity keys hook |
| * |
| * Hooks is called from init/main.c:kernel_init_freeable() |
| * when rootfs is ready |
| */ |
| void __init integrity_load_keys(void) |
| { |
| ima_load_x509(); |
| |
| if (!IS_ENABLED(CONFIG_IMA_LOAD_X509)) |
| evm_load_x509(); |
| } |
| |
| static int __init integrity_fs_init(void) |
| { |
| integrity_dir = securityfs_create_dir("integrity", NULL); |
| if (IS_ERR(integrity_dir)) { |
| int ret = PTR_ERR(integrity_dir); |
| |
| if (ret != -ENODEV) |
| pr_err("Unable to create integrity sysfs dir: %d\n", |
| ret); |
| integrity_dir = NULL; |
| return ret; |
| } |
| |
| return 0; |
| } |
| |
| late_initcall(integrity_fs_init) |
