summaryrefslogtreecommitdiff
path: root/security/integrity/evm
diff options
context:
space:
mode:
authorMatthew Garrett <mjg59@google.com>2018-05-12 02:12:34 +0300
committerMimi Zohar <zohar@linux.vnet.ibm.com>2018-05-17 15:03:07 +0300
commit0c343af8065be5ceb0c03a876af7c513e960e2ff (patch)
tree908d997e4a9eaaef301fd220b9b61bc17158611f /security/integrity/evm
parent4ecd9934ba1c2edf95588a364d49ddfd85c61bd1 (diff)
downloadlinux-0c343af8065be5ceb0c03a876af7c513e960e2ff.tar.xz
integrity: Add an integrity directory in securityfs
We want to add additional evm control nodes, and it'd be preferable not to clutter up the securityfs root directory any further. Create a new integrity directory, move the ima directory into it, create an evm directory for the evm attribute and add compatibility symlinks. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/evm')
-rw-r--r--security/integrity/evm/evm_secfs.c27
1 files changed, 24 insertions, 3 deletions
diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index feba03bbedae..e44380f0cb45 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -19,7 +19,9 @@
#include <linux/module.h>
#include "evm.h"
+static struct dentry *evm_dir;
static struct dentry *evm_init_tpm;
+static struct dentry *evm_symlink;
/**
* evm_read_key - read() for <securityfs>/evm
@@ -111,9 +113,28 @@ int __init evm_init_secfs(void)
{
int error = 0;
- evm_init_tpm = securityfs_create_file("evm", S_IRUSR | S_IRGRP,
- NULL, NULL, &evm_key_ops);
- if (!evm_init_tpm || IS_ERR(evm_init_tpm))
+ evm_dir = securityfs_create_dir("evm", integrity_dir);
+ if (!evm_dir || IS_ERR(evm_dir))
+ return -EFAULT;
+
+ evm_init_tpm = securityfs_create_file("evm", 0660,
+ evm_dir, NULL, &evm_key_ops);
+ if (!evm_init_tpm || IS_ERR(evm_init_tpm)) {
+ error = -EFAULT;
+ goto out;
+ }
+
+ evm_symlink = securityfs_create_symlink("evm", NULL,
+ "integrity/evm/evm", NULL);
+ if (!evm_symlink || IS_ERR(evm_symlink)) {
error = -EFAULT;
+ goto out;
+ }
+
+ return 0;
+out:
+ securityfs_remove(evm_symlink);
+ securityfs_remove(evm_init_tpm);
+ securityfs_remove(evm_dir);
return error;
}