From 0c343af8065be5ceb0c03a876af7c513e960e2ff Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@google.com>
Date: Fri, 11 May 2018 16:12:34 -0700
Subject: integrity: Add an integrity directory in securityfs

We want to add additional evm control nodes, and it'd be preferable not
to clutter up the securityfs root directory any further. Create a new
integrity directory, move the ima directory into it, create an evm
directory for the evm attribute and add compatibility symlinks.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
 security/integrity/iint.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'security/integrity/iint.c')

diff --git a/security/integrity/iint.c b/security/integrity/iint.c
index f266e4b3b7d4..149faa81f6f0 100644
--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c
@@ -21,12 +21,15 @@
 #include <linux/rbtree.h>
 #include <linux/file.h>
 #include <linux/uaccess.h>
+#include <linux/security.h>
 #include "integrity.h"
 
 static struct rb_root integrity_iint_tree = RB_ROOT;
 static DEFINE_RWLOCK(integrity_iint_lock);
 static struct kmem_cache *iint_cache __read_mostly;
 
+struct dentry *integrity_dir;
+
 /*
  * __integrity_iint_find - return the iint associated with an inode
  */
@@ -211,3 +214,18 @@ void __init integrity_load_keys(void)
 	ima_load_x509();
 	evm_load_x509();
 }
+
+static int __init integrity_fs_init(void)
+{
+	integrity_dir = securityfs_create_dir("integrity", NULL);
+	if (IS_ERR(integrity_dir)) {
+		pr_err("Unable to create integrity sysfs dir: %ld\n",
+		       PTR_ERR(integrity_dir));
+		integrity_dir = NULL;
+		return PTR_ERR(integrity_dir);
+	}
+
+	return 0;
+}
+
+late_initcall(integrity_fs_init)
-- 
cgit v1.2.3-59-g8ed1b