integrity: Add an integrity directory in securityfs

We want to add additional evm control nodes, and it'd be preferable not to clutter up the securityfs root directory any further. Create a new integrity directory, move the ima directory into it, create an evm directory for the evm attribute and add compatibility symlinks. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2018-05-11 16:12:34 -07:00
parent 4ecd9934ba
commit 0c343af806
4 changed files with 52 additions and 4 deletions
--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c
@@ -21,12 +21,15 @@
 #include <linux/rbtree.h>
 #include <linux/file.h>
 #include <linux/uaccess.h>
+#include <linux/security.h>
 #include "integrity.h"

 static struct rb_root integrity_iint_tree = RB_ROOT;
 static DEFINE_RWLOCK(integrity_iint_lock);
 static struct kmem_cache *iint_cache __read_mostly;

+struct dentry *integrity_dir;
+
 /*
 * __integrity_iint_find - return the iint associated with an inode
 */
@@ -211,3 +214,18 @@ void __init integrity_load_keys(void)
 	ima_load_x509();
 	evm_load_x509();
 }
+
+static int __init integrity_fs_init(void)
+{
+	integrity_dir = securityfs_create_dir("integrity", NULL);
+	if (IS_ERR(integrity_dir)) {
+		pr_err("Unable to create integrity sysfs dir: %ld\n",
+		       PTR_ERR(integrity_dir));
+		integrity_dir = NULL;
+		return PTR_ERR(integrity_dir);
+	}
+
+	return 0;
+}
+
+late_initcall(integrity_fs_init)