summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/keys/system_keyring.h24
-rw-r--r--include/linux/evm.h7
-rw-r--r--include/linux/key.h1
3 files changed, 32 insertions, 0 deletions
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index b20cd885c1fd..39fd38cfa8c9 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -35,4 +35,28 @@ extern int system_verify_data(const void *data, unsigned long len,
enum key_being_used_for usage);
#endif
+#ifdef CONFIG_IMA_MOK_KEYRING
+extern struct key *ima_mok_keyring;
+extern struct key *ima_blacklist_keyring;
+
+static inline struct key *get_ima_mok_keyring(void)
+{
+ return ima_mok_keyring;
+}
+static inline struct key *get_ima_blacklist_keyring(void)
+{
+ return ima_blacklist_keyring;
+}
+#else
+static inline struct key *get_ima_mok_keyring(void)
+{
+ return NULL;
+}
+static inline struct key *get_ima_blacklist_keyring(void)
+{
+ return NULL;
+}
+#endif /* CONFIG_IMA_MOK_KEYRING */
+
+
#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/include/linux/evm.h b/include/linux/evm.h
index 1fcb88ca88de..35ed9a8a403a 100644
--- a/include/linux/evm.h
+++ b/include/linux/evm.h
@@ -14,6 +14,7 @@
struct integrity_iint_cache;
#ifdef CONFIG_EVM
+extern int evm_set_key(void *key, size_t keylen);
extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
const char *xattr_name,
void *xattr_value,
@@ -42,6 +43,12 @@ static inline int posix_xattr_acl(const char *xattrname)
}
#endif
#else
+
+static inline int evm_set_key(void *key, size_t keylen)
+{
+ return -EOPNOTSUPP;
+}
+
#ifdef CONFIG_INTEGRITY
static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
const char *xattr_name,
diff --git a/include/linux/key.h b/include/linux/key.h
index 66f705243985..7321ab8ef949 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -177,6 +177,7 @@ struct key {
#define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */
#define KEY_FLAG_BUILTIN 10 /* set if key is builtin */
#define KEY_FLAG_ROOT_CAN_INVAL 11 /* set if key can be invalidated by root without permission */
+#define KEY_FLAG_KEEP 12 /* set if key should not be removed */
/* the key type and key description string
* - the desc is used to match a key against search criteria