summaryrefslogtreecommitdiff
path: root/include/linux/ima.h
diff options
context:
space:
mode:
authorNayna Jain <nayna@linux.ibm.com>2018-10-09 23:00:36 +0530
committerMimi Zohar <zohar@linux.ibm.com>2018-12-11 07:13:40 -0500
commit6191706246de99ff2fac4b6f157f20205a0943cd (patch)
tree28eb00237285957066fc1c0b2299e279038c1395 /include/linux/ima.h
parentc52657d93b0530449233979514a08cf9fe5c24bc (diff)
ima: add support for arch specific policies
Builtin IMA policies can be enabled on the boot command line, and replaced with a custom policy, normally during early boot in the initramfs. Build time IMA policy rules were recently added. These rules are automatically enabled on boot and persist after loading a custom policy. There is a need for yet another type of policy, an architecture specific policy, which is derived at runtime during kernel boot, based on the runtime secure boot flags. Like the build time policy rules, these rules persist after loading a custom policy. This patch adds support for loading an architecture specific IMA policy. Signed-off-by: Nayna Jain <nayna@linux.ibm.com> Co-Developed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'include/linux/ima.h')
-rw-r--r--include/linux/ima.h5
1 files changed, 5 insertions, 0 deletions
diff --git a/include/linux/ima.h b/include/linux/ima.h
index 948135fb60f1..62c5241b0899 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -39,6 +39,11 @@ static inline bool arch_ima_get_secureboot(void)
}
#endif
+static inline const char * const *arch_get_ima_policy(void)
+{
+ return NULL;
+}
+
#else
static inline int ima_bprm_check(struct linux_binprm *bprm)
{