Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ac60ab4b authored by James Morris's avatar James Morris
Browse files

Merge branch 'next' of...

parents a0cfd75f a2d61ed5
Loading
Loading
Loading
Loading
+1 −1
Original line number Diff line number Diff line
@@ -3058,7 +3058,7 @@ opened:
	error = open_check_o_direct(file);
	if (error)
		goto exit_fput;
	error = ima_file_check(file, op->acc_mode);
	error = ima_file_check(file, op->acc_mode, *opened);
	if (error)
		goto exit_fput;

+1 −1
Original line number Diff line number Diff line
@@ -709,7 +709,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type,
		host_err = PTR_ERR(*filp);
		*filp = NULL;
	} else {
		host_err = ima_file_check(*filp, may_flags);
		host_err = ima_file_check(*filp, may_flags, 0);

		if (may_flags & NFSD_MAY_64BIT_COOKIE)
			(*filp)->f_mode |= FMODE_64BITHASH;
+2 −2
Original line number Diff line number Diff line
@@ -15,7 +15,7 @@ struct linux_binprm;

#ifdef CONFIG_IMA
extern int ima_bprm_check(struct linux_binprm *bprm);
extern int ima_file_check(struct file *file, int mask);
extern int ima_file_check(struct file *file, int mask, int opened);
extern void ima_file_free(struct file *file);
extern int ima_file_mmap(struct file *file, unsigned long prot);
extern int ima_module_check(struct file *file);
@@ -27,7 +27,7 @@ static inline int ima_bprm_check(struct linux_binprm *bprm)
	return 0;
}

static inline int ima_file_check(struct file *file, int mask)
static inline int ima_file_check(struct file *file, int mask, int opened)
{
	return 0;
}
+30 −16
Original line number Diff line number Diff line
#
config INTEGRITY
	def_bool y
	depends on IMA || EVM
	bool "Integrity subsystem"
	depends on SECURITY
	default y
	help
	  This option enables the integrity subsystem, which is comprised
	  of a number of different components including the Integrity
	  Measurement Architecture (IMA), Extended Verification Module
	  (EVM), IMA-appraisal extension, digital signature verification
	  extension and audit measurement log support.

	  Each of these components can be enabled/disabled separately.
	  Refer to the individual components for additional details.

if INTEGRITY

config INTEGRITY_SIGNATURE
	boolean "Digital signature verification using multiple keyrings"
	depends on INTEGRITY && KEYS
	depends on KEYS
	default n
	select SIGNATURE
	help
@@ -17,9 +29,21 @@ config INTEGRITY_SIGNATURE
	  This is useful for evm and module keyrings, when keys are
	  usually only added from initramfs.

config INTEGRITY_ASYMMETRIC_KEYS
	boolean "Enable asymmetric keys support"
	depends on INTEGRITY_SIGNATURE
	default n
        select ASYMMETRIC_KEY_TYPE
        select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
        select PUBLIC_KEY_ALGO_RSA
        select X509_CERTIFICATE_PARSER
	help
	  This option enables digital signature verification using
	  asymmetric keys.

config INTEGRITY_AUDIT
	bool "Enables integrity auditing support "
	depends on INTEGRITY && AUDIT
	depends on AUDIT
	default y
	help
	  In addition to enabling integrity auditing support, this
@@ -32,17 +56,7 @@ config INTEGRITY_AUDIT
	  be enabled by specifying 'integrity_audit=1' on the kernel
	  command line.

config INTEGRITY_ASYMMETRIC_KEYS
	boolean "Enable asymmetric keys support"
	depends on INTEGRITY_SIGNATURE
	default n
        select ASYMMETRIC_KEY_TYPE
        select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
        select PUBLIC_KEY_ALGO_RSA
        select X509_CERTIFICATE_PARSER
	help
	  This option enables digital signature verification using
	  asymmetric keys.

source security/integrity/ima/Kconfig
source security/integrity/evm/Kconfig

endif   # if INTEGRITY
+3 −3
Original line number Diff line number Diff line
@@ -3,11 +3,11 @@
#

obj-$(CONFIG_INTEGRITY) += integrity.o
obj-$(CONFIG_INTEGRITY_AUDIT) += integrity_audit.o
obj-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o
obj-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o

integrity-y := iint.o
integrity-$(CONFIG_INTEGRITY_AUDIT) += integrity_audit.o
integrity-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o
integrity-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o

subdir-$(CONFIG_IMA)			+= ima
obj-$(CONFIG_IMA)			+= ima/
Loading