1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright (C) 2008 IBM Corporation
4 *
5 * Authors:
6 * Mimi Zohar <zohar@us.ibm.com>
7 *
8 * File: integrity_iint.c
9 * - initialize the integrity directory in securityfs
10 * - load IMA and EVM keys
11 */
12#include <linux/security.h>
13#include "integrity.h"
14
15struct dentry *integrity_dir;
16
17/*
18 * integrity_kernel_read - read data from the file
19 *
20 * This is a function for reading file content instead of kernel_read().
21 * It does not perform locking checks to ensure it cannot be blocked.
22 * It does not perform security checks because it is irrelevant for IMA.
23 *
24 */
25int integrity_kernel_read(struct file *file, loff_t offset,
26 void *addr, unsigned long count)
27{
28 return __kernel_read(file, buf: addr, count, pos: &offset);
29}
30
31/*
32 * integrity_load_keys - load integrity keys hook
33 *
34 * Hooks is called from init/main.c:kernel_init_freeable()
35 * when rootfs is ready
36 */
37void __init integrity_load_keys(void)
38{
39 ima_load_x509();
40
41 if (!IS_ENABLED(CONFIG_IMA_LOAD_X509))
42 evm_load_x509();
43}
44
45int __init integrity_fs_init(void)
46{
47 if (integrity_dir)
48 return 0;
49
50 integrity_dir = securityfs_create_dir(name: "integrity", NULL);
51 if (IS_ERR(ptr: integrity_dir)) {
52 int ret = PTR_ERR(ptr: integrity_dir);
53
54 if (ret != -ENODEV)
55 pr_err("Unable to create integrity sysfs dir: %d\n",
56 ret);
57 integrity_dir = NULL;
58 return ret;
59 }
60
61 return 0;
62}
63
64void __init integrity_fs_fini(void)
65{
66 if (!integrity_dir || !simple_empty(integrity_dir))
67 return;
68
69 securityfs_remove(dentry: integrity_dir);
70 integrity_dir = NULL;
71}
72

source code of linux/security/integrity/iint.c