diff options
| author |   Nayna Jain <nayna@linux.ibm.com> | 2019-10-30 23:31:31 -0400 |
|---|---|---|
| committer |   Michael Ellerman <mpe@ellerman.id.au> | 2019-11-12 12:25:50 +1100 |
| commit | 2434f7d2d488c3301ae81f1031e1c66c6f076fb7 (patch) | |
| tree | aa7a3fe1afeffd5f6c08cb78228a82d1da56e018 /include/keys | |
| parent | ima: Make process_buffer_measurement() generic (diff) | |
| download | linux-dev-2434f7d2d488c3301ae81f1031e1c66c6f076fb7.tar.xz linux-dev-2434f7d2d488c3301ae81f1031e1c66c6f076fb7.zip | |
certs: Add wrapper function to check blacklisted binary hash
The -EKEYREJECTED error returned by existing is_hash_blacklisted() is
misleading when called for checking against blacklisted hash of a
binary.
This patch adds a wrapper function is_binary_blacklisted() to return
-EPERM error if binary is blacklisted.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1572492694-6520-7-git-send-email-zohar@linux.ibm.com
Diffstat (limited to 'include/keys')
| -rw-r--r-- | include/keys/system_keyring.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h index c1a96fdf598b..fb8b07daa9d1 100644 --- a/include/keys/system_keyring.h +++ b/include/keys/system_keyring.h @@ -35,12 +35,18 @@ extern int restrict_link_by_builtin_and_secondary_trusted( extern int mark_hash_blacklisted(const char *hash); extern int is_hash_blacklisted(const u8 *hash, size_t hash_len, const char *type); +extern int is_binary_blacklisted(const u8 *hash, size_t hash_len); #else static inline int is_hash_blacklisted(const u8 *hash, size_t hash_len, const char *type) { return 0; } + +static inline int is_binary_blacklisted(const u8 *hash, size_t hash_len) +{ + return 0; +} #endif #ifdef CONFIG_IMA_BLACKLIST_KEYRING |