555d6d71d5
The #define for formatting log messages, pr_fmt, is duplicated in the
files under security/integrity.
This change moves the definition to security/integrity/integrity.h and
removes the duplicate definitions in the other files under
security/integrity.
With this change, the messages in the following files will be prefixed
with 'integrity'.
security/integrity/platform_certs/platform_keyring.c
security/integrity/platform_certs/load_powerpc.c
security/integrity/platform_certs/load_uefi.c
security/integrity/iint.c
e.g. "integrity: Error adding keys to platform keyring %s\n"
And the messages in the following file will be prefixed with 'ima'.
security/integrity/ima/ima_mok.c
e.g. "ima: Allocating IMA blacklist keyring.\n"
For the rest of the files under security/integrity, there will be no
change in the message format.
Suggested-by: Shuah Khan <skhan@linuxfoundation.org>
Suggested-by: Joe Perches <joe@perches.com>
Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
65 lines
1.9 KiB
C
65 lines
1.9 KiB
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* Copyright (C) 2019 Microsoft Corporation
|
|
*
|
|
* Author: Lakshmi Ramasubramanian (nramas@linux.microsoft.com)
|
|
*
|
|
* File: ima_asymmetric_keys.c
|
|
* Defines an IMA hook to measure asymmetric keys on key
|
|
* create or update.
|
|
*/
|
|
|
|
#include <keys/asymmetric-type.h>
|
|
#include "ima.h"
|
|
|
|
/**
|
|
* ima_post_key_create_or_update - measure asymmetric keys
|
|
* @keyring: keyring to which the key is linked to
|
|
* @key: created or updated key
|
|
* @payload: The data used to instantiate or update the key.
|
|
* @payload_len: The length of @payload.
|
|
* @flags: key flags
|
|
* @create: flag indicating whether the key was created or updated
|
|
*
|
|
* Keys can only be measured, not appraised.
|
|
* The payload data used to instantiate or update the key is measured.
|
|
*/
|
|
void ima_post_key_create_or_update(struct key *keyring, struct key *key,
|
|
const void *payload, size_t payload_len,
|
|
unsigned long flags, bool create)
|
|
{
|
|
bool queued = false;
|
|
|
|
/* Only asymmetric keys are handled by this hook. */
|
|
if (key->type != &key_type_asymmetric)
|
|
return;
|
|
|
|
if (!payload || (payload_len == 0))
|
|
return;
|
|
|
|
if (ima_should_queue_key())
|
|
queued = ima_queue_key(keyring, payload, payload_len);
|
|
|
|
if (queued)
|
|
return;
|
|
|
|
/*
|
|
* keyring->description points to the name of the keyring
|
|
* (such as ".builtin_trusted_keys", ".ima", etc.) to
|
|
* which the given key is linked to.
|
|
*
|
|
* The name of the keyring is passed in the "eventname"
|
|
* parameter to process_buffer_measurement() and is set
|
|
* in the "eventname" field in ima_event_data for
|
|
* the key measurement IMA event.
|
|
*
|
|
* The name of the keyring is also passed in the "keyring"
|
|
* parameter to process_buffer_measurement() to check
|
|
* if the IMA policy is configured to measure a key linked
|
|
* to the given keyring.
|
|
*/
|
|
process_buffer_measurement(payload, payload_len,
|
|
keyring->description, KEY_CHECK, 0,
|
|
keyring->description);
|
|
}
|