summaryrefslogtreecommitdiffstats
path: root/security/integrity/digsig.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/integrity/digsig.c')
-rw-r--r--security/integrity/digsig.c33
1 files changed, 32 insertions, 1 deletions
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 659566c2200b..d647178c6bbd 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -18,6 +18,8 @@
#include <linux/cred.h>
#include <linux/key-type.h>
#include <linux/digsig.h>
+#include <crypto/public_key.h>
+#include <keys/system_keyring.h>
#include "integrity.h"
@@ -40,6 +42,35 @@ static bool init_keyring __initdata = true;
static bool init_keyring __initdata;
#endif
+#ifdef CONFIG_SYSTEM_TRUSTED_KEYRING
+/*
+ * Restrict the addition of keys into the IMA keyring.
+ *
+ * Any key that needs to go in .ima keyring must be signed by CA in
+ * either .system or .ima_mok keyrings.
+ */
+static int restrict_link_by_ima_mok(struct key *keyring,
+ const struct key_type *type,
+ unsigned long flags,
+ const union key_payload *payload)
+{
+ int ret;
+
+ ret = restrict_link_by_builtin_trusted(keyring, type, flags, payload);
+ if (ret != -ENOKEY)
+ return ret;
+
+ return restrict_link_by_signature(get_ima_mok_keyring(),
+ type, payload);
+}
+#else
+/*
+ * If there's no system trusted keyring, then keys cannot be loaded into
+ * .ima_mok and added keys cannot be marked trusted.
+ */
+#define restrict_link_by_ima_mok restrict_link_reject
+#endif
+
int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
const char *digest, int digestlen)
{
@@ -84,7 +115,7 @@ int __init integrity_init_keyring(const unsigned int id)
KEY_USR_VIEW | KEY_USR_READ |
KEY_USR_WRITE | KEY_USR_SEARCH),
KEY_ALLOC_NOT_IN_QUOTA,
- NULL, NULL);
+ restrict_link_by_ima_mok, NULL);
if (IS_ERR(keyring[id])) {
err = PTR_ERR(keyring[id]);
pr_info("Can't allocate %s keyring (%d)\n",