diff options
Diffstat (limited to 'security/integrity/ima/ima_main.c')
| -rw-r--r-- | security/integrity/ima/ima_main.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 73c9a268253e..45de18e9a6f2 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c | |||
| @@ -280,6 +280,27 @@ int ima_file_check(struct file *file, int mask) | |||
| 280 | } | 280 | } |
| 281 | EXPORT_SYMBOL_GPL(ima_file_check); | 281 | EXPORT_SYMBOL_GPL(ima_file_check); |
| 282 | 282 | ||
| 283 | /** | ||
| 284 | * ima_module_check - based on policy, collect/store/appraise measurement. | ||
| 285 | * @file: pointer to the file to be measured/appraised | ||
| 286 | * | ||
| 287 | * Measure/appraise kernel modules based on policy. | ||
| 288 | * | ||
| 289 | * Always return 0 and audit dentry_open failures. | ||
| 290 | * Return code is based upon measurement appraisal. | ||
| 291 | */ | ||
| 292 | int ima_module_check(struct file *file) | ||
| 293 | { | ||
| 294 | int rc; | ||
| 295 | |||
| 296 | if (!file) | ||
| 297 | rc = INTEGRITY_UNKNOWN; | ||
| 298 | else | ||
| 299 | rc = process_measurement(file, file->f_dentry->d_name.name, | ||
| 300 | MAY_EXEC, MODULE_CHECK); | ||
| 301 | return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; | ||
| 302 | } | ||
| 303 | |||
| 283 | static int __init init_ima(void) | 304 | static int __init init_ima(void) |
| 284 | { | 305 | { |
| 285 | int error; | 306 | int error; |