linux/security/integrity
KP Singh 403319be5d ima: Implement ima_inode_hash
This is in preparation to add a helper for BPF LSM programs to use
IMA hashes when attached to LSM hooks. There are LSM hooks like
inode_unlink which do not have a struct file * argument and cannot
use the existing ima_file_hash API.

An inode based API is, therefore, useful in LSM based detections like an
executable trying to delete itself which rely on the inode_unlink LSM
hook.

Moreover, the ima_file_hash function does nothing with the struct file
pointer apart from calling file_inode on it and converting it to an
inode.

Signed-off-by: KP Singh <kpsingh@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Link: https://lore.kernel.org/bpf/20201124151210.1081188-2-kpsingh@chromium.org
2020-11-26 00:04:04 +01:00
..
evm evm: Check size of security.evm before using it 2020-09-15 13:47:42 -04:00
ima ima: Implement ima_inode_hash 2020-11-26 00:04:04 +01:00
platform_certs integrity: Load certs from the EFI MOK config table 2020-09-16 18:53:42 +03:00
digsig_asymmetric.c integrity-v5.10 2020-10-15 15:58:18 -07:00
digsig.c fs/kernel_file_read: Add "offset" arg for partial reads 2020-10-05 13:37:04 +02:00
iint.c integrity/ima: switch to using __kernel_read 2020-07-08 08:27:57 +02:00
integrity_audit.c integrity: Use current_uid() in integrity_audit_message() 2020-08-31 17:46:50 -04:00
integrity.h integrity: Add errno field in audit message 2020-07-16 21:48:11 -04:00
Kconfig powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00
Makefile powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00