review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Dmitry Kasatkin <d.kasatkin@samsung.com>
	Wed, 5 Nov 2014 15:01:14 +0000 (17:01 +0200)
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>
	Tue, 18 Nov 2014 04:12:00 +0000 (23:12 -0500)
commit	fd5f4e9054acbf4f22fac81a358baf3c27aa42ac
tree	1f17112d28c5dcf786d7edb3e950c51812d2d28d	tree \| snapshot
parent	65d543b2335ede80e5e66bc4f559f62db5f469bd	commit \| diff

ima: load x509 certificate from the kernel

Define configuration option to load X509 certificate into the
IMA trusted kernel keyring. It implements ima_load_x509() hook
to load X509 certificate into the .ima trusted kernel keyring
from the root filesystem.

Changes in v3:
* use ima_policy_flag in ima_get_action()
ima_load_x509 temporarily clears ima_policy_flag to disable
appraisal to load key. Use it to skip appraisal rules.
* Key directory path changed to /etc/keys (Mimi)
* Expand IMA_LOAD_X509 Kconfig help

Changes in v2:
* added '__init'
* use ima_policy_flag to disable appraisal to load keys

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

security/integrity/ima/Kconfig		diff \| blob \| history
security/integrity/ima/ima_api.c		diff \| blob \| history
security/integrity/ima/ima_init.c		diff \| blob \| history
security/integrity/integrity.h		diff \| blob \| history