diff options
| author | Lakshmi Ramasubramanian <nramas@linux.microsoft.com> | 2019-12-11 19:47:05 +0300 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2019-12-12 16:53:50 +0300 |
| commit | cb1aa3823c9280f2bb8218cdb5cb05721e0376b1 (patch) | |
| tree | 2306ed9ff2c3b018d3d007fdd785d96db2678f60 /security | |
| parent | 88e70da170e8945f6b1c1299083d1b942705beb5 (diff) | |
| download | linux-cb1aa3823c9280f2bb8218cdb5cb05721e0376b1.tar.xz | |
KEYS: Call the IMA hook to measure keys
Call the IMA hook from key_create_or_update() function to measure
the payload when a new key is created or an existing key is updated.
This patch adds the call to the IMA hook from key_create_or_update()
function to measure the key on key create or update.
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/keys/key.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/security/keys/key.c b/security/keys/key.c index 764f4c57913e..718bf7217420 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -13,6 +13,7 @@ #include <linux/security.h> #include <linux/workqueue.h> #include <linux/random.h> +#include <linux/ima.h> #include <linux/err.h> #include "internal.h" @@ -936,6 +937,9 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, goto error_link_end; } + ima_post_key_create_or_update(keyring, key, payload, plen, + flags, true); + key_ref = make_key_ref(key, is_key_possessed(keyring_ref)); error_link_end: @@ -965,6 +969,12 @@ error: } key_ref = __key_update(key_ref, &prep); + + if (!IS_ERR(key_ref)) + ima_post_key_create_or_update(keyring, key, + payload, plen, + flags, false); + goto error_free_prep; } EXPORT_SYMBOL(key_create_or_update); |