summaryrefslogtreecommitdiffstats
path: root/security/integrity/integrity.h
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2013-08-13 14:47:43 +0200
committerMimi Zohar <zohar@linux.vnet.ibm.com>2013-11-01 01:20:48 +0100
commit217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241 (patch)
tree3a8a39da527431153698fc73640db47e8a1bd43a /security/integrity/integrity.h
parentima: extend the measurement list to include the file signature (diff)
downloadlinux-217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241.tar.xz
linux-217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241.zip
ima: define '_ima' as a builtin 'trusted' keyring
Require all keys added to the IMA keyring be signed by an existing trusted key on the system trusted keyring. Changelog: - define stub integrity_init_keyring() function (reported-by Fengguang Wu) - differentiate between regular and trusted keyring names. - replace printk with pr_info (D. Kasatkin) Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Diffstat (limited to 'security/integrity/integrity.h')
-rw-r--r--security/integrity/integrity.h7
1 files changed, 7 insertions, 0 deletions
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 2fb5e53e927f..b9e7c133734a 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -137,12 +137,19 @@ static inline int integrity_digsig_verify(const unsigned int id,
#ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS
int asymmetric_verify(struct key *keyring, const char *sig,
int siglen, const char *data, int datalen);
+
+int integrity_init_keyring(const unsigned int id);
#else
static inline int asymmetric_verify(struct key *keyring, const char *sig,
int siglen, const char *data, int datalen)
{
return -EOPNOTSUPP;
}
+
+static int integrity_init_keyring(const unsigned int id)
+{
+ return 0;
+}
#endif
#ifdef CONFIG_INTEGRITY_AUDIT