141c89b64SPetko Manolov /* 241c89b64SPetko Manolov * Copyright (C) 2015 Juniper Networks, Inc. 341c89b64SPetko Manolov * 441c89b64SPetko Manolov * Author: 541c89b64SPetko Manolov * Petko Manolov <petko.manolov@konsulko.com> 641c89b64SPetko Manolov * 741c89b64SPetko Manolov * This program is free software; you can redistribute it and/or 841c89b64SPetko Manolov * modify it under the terms of the GNU General Public License as 941c89b64SPetko Manolov * published by the Free Software Foundation, version 2 of the 1041c89b64SPetko Manolov * License. 1141c89b64SPetko Manolov * 1241c89b64SPetko Manolov */ 1341c89b64SPetko Manolov 1441c89b64SPetko Manolov #include <linux/export.h> 1541c89b64SPetko Manolov #include <linux/kernel.h> 1641c89b64SPetko Manolov #include <linux/sched.h> 1741c89b64SPetko Manolov #include <linux/cred.h> 1841c89b64SPetko Manolov #include <linux/err.h> 1941c89b64SPetko Manolov #include <linux/module.h> 2041c89b64SPetko Manolov #include <keys/asymmetric-type.h> 2141c89b64SPetko Manolov 2241c89b64SPetko Manolov 2341c89b64SPetko Manolov struct key *ima_mok_keyring; 2441c89b64SPetko Manolov struct key *ima_blacklist_keyring; 2541c89b64SPetko Manolov 2641c89b64SPetko Manolov /* 2741c89b64SPetko Manolov * Allocate the IMA MOK and blacklist keyrings 2841c89b64SPetko Manolov */ 2941c89b64SPetko Manolov __init int ima_mok_init(void) 3041c89b64SPetko Manolov { 3141c89b64SPetko Manolov pr_notice("Allocating IMA MOK and blacklist keyrings.\n"); 3241c89b64SPetko Manolov 3341c89b64SPetko Manolov ima_mok_keyring = keyring_alloc(".ima_mok", 3441c89b64SPetko Manolov KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), 3541c89b64SPetko Manolov (KEY_POS_ALL & ~KEY_POS_SETATTR) | 3641c89b64SPetko Manolov KEY_USR_VIEW | KEY_USR_READ | 3741c89b64SPetko Manolov KEY_USR_WRITE | KEY_USR_SEARCH, 3841c89b64SPetko Manolov KEY_ALLOC_NOT_IN_QUOTA, NULL); 3941c89b64SPetko Manolov 4041c89b64SPetko Manolov ima_blacklist_keyring = keyring_alloc(".ima_blacklist", 4141c89b64SPetko Manolov KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), 4241c89b64SPetko Manolov (KEY_POS_ALL & ~KEY_POS_SETATTR) | 4341c89b64SPetko Manolov KEY_USR_VIEW | KEY_USR_READ | 4441c89b64SPetko Manolov KEY_USR_WRITE | KEY_USR_SEARCH, 4541c89b64SPetko Manolov KEY_ALLOC_NOT_IN_QUOTA, NULL); 4641c89b64SPetko Manolov 4741c89b64SPetko Manolov if (IS_ERR(ima_mok_keyring) || IS_ERR(ima_blacklist_keyring)) 4841c89b64SPetko Manolov panic("Can't allocate IMA MOK or blacklist keyrings."); 4941c89b64SPetko Manolov set_bit(KEY_FLAG_TRUSTED_ONLY, &ima_mok_keyring->flags); 5041c89b64SPetko Manolov set_bit(KEY_FLAG_TRUSTED_ONLY, &ima_blacklist_keyring->flags); 5141c89b64SPetko Manolov return 0; 5241c89b64SPetko Manolov } 5341c89b64SPetko Manolov 5441c89b64SPetko Manolov module_init(ima_mok_init); 55