diff options
| author |   Christoph Hellwig <hch@lst.de> | 2017-09-10 09:49:45 +0200 |
|---|---|---|
| committer |   Mimi Zohar <zohar@linux.vnet.ibm.com> | 2017-11-08 15:16:36 -0500 |
| commit | a7d3d0392a325d630225b7dbccf2558f944114e5 (patch) | |
| tree | fa0e65c07ebf6e6df340d6f0ab0b9f2ca62d3acd /security/integrity/integrity.h | |
| parent | ima: always measure and audit files in policy (diff) | |
| download | linux-dev-a7d3d0392a325d630225b7dbccf2558f944114e5.tar.xz linux-dev-a7d3d0392a325d630225b7dbccf2558f944114e5.zip | |
integrity: use kernel_read_file_from_path() to read x509 certs
The CONFIG_IMA_LOAD_X509 and CONFIG_EVM_LOAD_X509 options permit
loading x509 signed certificates onto the trusted keyrings without
verifying the x509 certificate file's signature.
This patch replaces the call to the integrity_read_file() specific
function with the common kernel_read_file_from_path() function.
To avoid verifying the file signature, this patch defines
READING_X509_CERTFICATE.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/integrity.h')
| -rw-r--r-- | security/integrity/integrity.h | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index a53e7e4ab06c..e1bf040fb110 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -120,8 +120,6 @@ struct integrity_iint_cache *integrity_iint_find(struct inode *inode); int integrity_kernel_read(struct file *file, loff_t offset, void *addr, unsigned long count); -int __init integrity_read_file(const char *path, char **data); - #define INTEGRITY_KEYRING_EVM 0 #define INTEGRITY_KEYRING_IMA 1 #define INTEGRITY_KEYRING_MODULE 2 |