summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorJames Morris <james.l.morris@oracle.com>2015-12-26 06:06:53 +0100
committerJames Morris <james.l.morris@oracle.com>2015-12-26 06:06:53 +0100
commit3cb92fe48138d225b8d0ceedf148642f9103f841 (patch)
treecbb877002d9d39777be13df3876e05f2542da234 /include
parentkeys, trusted: seal with a TPM2 authorization policy (diff)
parentIMA: policy can be updated zero times (diff)
downloadlinux-3cb92fe48138d225b8d0ceedf148642f9103f841.tar.xz
linux-3cb92fe48138d225b8d0ceedf148642f9103f841.zip
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next
Diffstat (limited to 'include')
-rw-r--r--include/keys/system_keyring.h24
-rw-r--r--include/linux/evm.h7
-rw-r--r--include/linux/key.h1
3 files changed, 32 insertions, 0 deletions
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index b20cd885c1fd..39fd38cfa8c9 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -35,4 +35,28 @@ extern int system_verify_data(const void *data, unsigned long len,
enum key_being_used_for usage);
#endif
+#ifdef CONFIG_IMA_MOK_KEYRING
+extern struct key *ima_mok_keyring;
+extern struct key *ima_blacklist_keyring;
+
+static inline struct key *get_ima_mok_keyring(void)
+{
+ return ima_mok_keyring;
+}
+static inline struct key *get_ima_blacklist_keyring(void)
+{
+ return ima_blacklist_keyring;
+}
+#else
+static inline struct key *get_ima_mok_keyring(void)
+{
+ return NULL;
+}
+static inline struct key *get_ima_blacklist_keyring(void)
+{
+ return NULL;
+}
+#endif /* CONFIG_IMA_MOK_KEYRING */
+
+
#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/include/linux/evm.h b/include/linux/evm.h
index 1fcb88ca88de..35ed9a8a403a 100644
--- a/include/linux/evm.h
+++ b/include/linux/evm.h
@@ -14,6 +14,7 @@
struct integrity_iint_cache;
#ifdef CONFIG_EVM
+extern int evm_set_key(void *key, size_t keylen);
extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
const char *xattr_name,
void *xattr_value,
@@ -42,6 +43,12 @@ static inline int posix_xattr_acl(const char *xattrname)
}
#endif
#else
+
+static inline int evm_set_key(void *key, size_t keylen)
+{
+ return -EOPNOTSUPP;
+}
+
#ifdef CONFIG_INTEGRITY
static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
const char *xattr_name,
diff --git a/include/linux/key.h b/include/linux/key.h
index 66f705243985..7321ab8ef949 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -177,6 +177,7 @@ struct key {
#define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */
#define KEY_FLAG_BUILTIN 10 /* set if key is builtin */
#define KEY_FLAG_ROOT_CAN_INVAL 11 /* set if key can be invalidated by root without permission */
+#define KEY_FLAG_KEEP 12 /* set if key should not be removed */
/* the key type and key description string
* - the desc is used to match a key against search criteria