summaryrefslogtreecommitdiff
path: root/security/integrity/ima/ima_api.c
diff options
context:
space:
mode:
authorDmitry Kasatkin <d.kasatkin@samsung.com>2014-11-05 18:01:14 +0300
committerMimi Zohar <zohar@linux.vnet.ibm.com>2014-11-18 07:12:00 +0300
commitfd5f4e9054acbf4f22fac81a358baf3c27aa42ac (patch)
tree1f17112d28c5dcf786d7edb3e950c51812d2d28d /security/integrity/ima/ima_api.c
parent65d543b2335ede80e5e66bc4f559f62db5f469bd (diff)
downloadlinux-fd5f4e9054acbf4f22fac81a358baf3c27aa42ac.tar.xz
ima: load x509 certificate from the kernel
Define configuration option to load X509 certificate into the IMA trusted kernel keyring. It implements ima_load_x509() hook to load X509 certificate into the .ima trusted kernel keyring from the root filesystem. Changes in v3: * use ima_policy_flag in ima_get_action() ima_load_x509 temporarily clears ima_policy_flag to disable appraisal to load key. Use it to skip appraisal rules. * Key directory path changed to /etc/keys (Mimi) * Expand IMA_LOAD_X509 Kconfig help Changes in v2: * added '__init' * use ima_policy_flag to disable appraisal to load keys Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_api.c')
-rw-r--r--security/integrity/ima/ima_api.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index a99eb6d4bc09..b0dc922d8be3 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -173,8 +173,7 @@ int ima_get_action(struct inode *inode, int mask, int function)
{
int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE;
- if (!ima_appraise)
- flags &= ~IMA_APPRAISE;
+ flags &= ima_policy_flag;
return ima_match_policy(inode, function, mask, flags);
}