1 files changed, 28 insertions, 0 deletions
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index b4af4ebc5be2..8d4fbff8b87c 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -13,7 +13,9 @@
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 #include <linux/err.h>
+#include <linux/sched.h>
 #include <linux/rbtree.h>
+#include <linux/cred.h>
 #include <linux/key-type.h>
 #include <linux/digsig.h>
@@ -24,7 +26,11 @@ static struct key *keyring[INTEGRITY_KEYRING_MAX];
 static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
        "_evm",
        "_module",
+#ifndef CONFIG_IMA_TRUSTED_KEYRING
        "_ima",
+#else
+        ".ima",
+#endif
 };
 int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
@@ -56,3 +62,25 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
        return -EOPNOTSUPP;
 }
+int integrity_init_keyring(const unsigned int id)
+{
+        const struct cred *cred = current_cred();
+        int err = 0;
+        keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0),
+                                    KGIDT_INIT(0), cred,
+                                    ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
+                                     KEY_USR_VIEW | KEY_USR_READ |
+                                     KEY_USR_WRITE | KEY_USR_SEARCH),
+                                    KEY_ALLOC_NOT_IN_QUOTA, NULL);
+        if (!IS_ERR(keyring[id]))
+                set_bit(KEY_FLAG_TRUSTED_ONLY, &keyring[id]->flags);
+        else {
+                err = PTR_ERR(keyring[id]);
+                pr_info("Can't allocate %s keyring (%d)\n",
+                        keyring_name[id], err);
+                keyring[id] = NULL;
+        }
+        return err;
+}

diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c index b4af4ebc5be2..8d4fbff8b87c 100644 --- a/security/integrity/digsig.c +++ b/security/integrity/digsig.c
@@ -13,7 +13,9 @@
13	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt	13	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14		14
15	#include <linux/err.h>	15	#include <linux/err.h>
		16	#include <linux/sched.h>
16	#include <linux/rbtree.h>	17	#include <linux/rbtree.h>
		18	#include <linux/cred.h>
17	#include <linux/key-type.h>	19	#include <linux/key-type.h>
18	#include <linux/digsig.h>	20	#include <linux/digsig.h>
19		21
@@ -24,7 +26,11 @@ static struct key *keyring[INTEGRITY_KEYRING_MAX];
24	static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {	26	static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
25	"_evm",	27	"_evm",
26	"_module",	28	"_module",
		29	#ifndef CONFIG_IMA_TRUSTED_KEYRING
27	"_ima",	30	"_ima",
		31	#else
		32	".ima",
		33	#endif
28	};	34	};
29		35
30	int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,	36	int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
@@ -56,3 +62,25 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
56		62
57	return -EOPNOTSUPP;	63	return -EOPNOTSUPP;
58	}	64	}
		65
		66	int integrity_init_keyring(const unsigned int id)
		67	{
		68	const struct cred *cred = current_cred();
		69	int err = 0;
		70
		71	keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0),
		72	KGIDT_INIT(0), cred,
		73	((KEY_POS_ALL & ~KEY_POS_SETATTR) \|
		74	KEY_USR_VIEW \| KEY_USR_READ \|
		75	KEY_USR_WRITE \| KEY_USR_SEARCH),
		76	KEY_ALLOC_NOT_IN_QUOTA, NULL);
		77	if (!IS_ERR(keyring[id]))
		78	set_bit(KEY_FLAG_TRUSTED_ONLY, &keyring[id]->flags);
		79	else {
		80	err = PTR_ERR(keyring[id]);
		81	pr_info("Can't allocate %s keyring (%d)\n",
		82	keyring_name[id], err);
		83	keyring[id] = NULL;
		84	}
		85	return err;
		86	}