Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/integrity/ima/ima_mok.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3)  * Copyright (C) 2015 Juniper Networks, Inc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5)  * Author:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6)  * Petko Manolov <petko.manolov@konsulko.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) #include <linux/export.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <linux/sched.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/cred.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/err.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <linux/init.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <keys/system_keyring.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) struct key *ima_blacklist_keyring;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22)  * Allocate the IMA blacklist keyring
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) static __init int ima_mok_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) 	struct key_restriction *restriction;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) 	pr_notice("Allocating IMA blacklist keyring.\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) 	restriction = kzalloc(sizeof(struct key_restriction), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) 	if (!restriction)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) 		panic("Can't allocate IMA blacklist restriction.");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) 	restriction->check = restrict_link_by_builtin_trusted;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) 	ima_blacklist_keyring = keyring_alloc(".ima_blacklist",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) 				KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) 				(KEY_POS_ALL & ~KEY_POS_SETATTR) |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) 				KEY_USR_VIEW | KEY_USR_READ |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) 				KEY_USR_WRITE | KEY_USR_SEARCH,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) 				KEY_ALLOC_NOT_IN_QUOTA |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) 				KEY_ALLOC_SET_KEEP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) 				restriction, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) 	if (IS_ERR(ima_blacklist_keyring))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) 		panic("Can't allocate IMA blacklist keyring.");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) device_initcall(ima_mok_init);
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.