proc: convert /proc/$PID/syscall to seq_file interface

[cascardo/linux.git] / security / integrity / digsig.c

diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index b4af4eb..8d4fbff 100644 (file)
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -13,7 +13,9 @@
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 
 #include <linux/err.h>
+#include <linux/sched.h>
 #include <linux/rbtree.h>
+#include <linux/cred.h>
 #include <linux/key-type.h>
 #include <linux/digsig.h>
 
@@ -24,7 +26,11 @@ static struct key *keyring[INTEGRITY_KEYRING_MAX];
 static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
        "_evm",
        "_module",
+#ifndef CONFIG_IMA_TRUSTED_KEYRING
        "_ima",
+#else
+       ".ima",
+#endif
 };
 
 int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
@@ -56,3 +62,25 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
 
        return -EOPNOTSUPP;
 }
+
+int integrity_init_keyring(const unsigned int id)
+{
+       const struct cred *cred = current_cred();
+       int err = 0;
+
+       keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0),
+                                   KGIDT_INIT(0), cred,
+                                   ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
+                                    KEY_USR_VIEW | KEY_USR_READ |
+                                    KEY_USR_WRITE | KEY_USR_SEARCH),
+                                   KEY_ALLOC_NOT_IN_QUOTA, NULL);
+       if (!IS_ERR(keyring[id]))
+               set_bit(KEY_FLAG_TRUSTED_ONLY, &keyring[id]->flags);
+       else {
+               err = PTR_ERR(keyring[id]);
+               pr_info("Can't allocate %s keyring (%d)\n",
+                       keyring_name[id], err);
+               keyring[id] = NULL;
+       }
+       return err;
+}