Mimi Zohar a1db742094 module: replace copy_module_from_fd with kernel version ... Replace copy_module_from_fd() with kernel_read_file_from_fd(). Although none of the upstreamed LSMs define a kernel_module_from_file hook, IMA is called, based on policy, to prevent unsigned kernel modules from being loaded by the original kernel module syscall and to measure/appraise signed kernel modules. The security function security_kernel_module_from_file() was called prior to reading a kernel module. Preventing unsigned kernel modules from being loaded by the original kernel module syscall remains on the pre-read kernel_read_file() security hook. Instead of reading the kernel module twice, once for measuring/appraising and again for loading the kernel module, the signature validation is moved to the kernel_post_read_file() security hook. This patch removes the security_kernel_module_from_file() hook and security call. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Luis R. Rodriguez <mcgrof@kernel.org> Cc: Rusty Russell <rusty@rustcorp.com.au>		2016-02-21 09:06:12 -05:00
..
evm	evm: EVM_LOAD_X509 depends on EVM	2015-12-15 09:57:21 -05:00
ima	module: replace copy_module_from_fd with kernel version	2016-02-21 09:06:12 -05:00
Kconfig	integrity: define '.evm' as a builtin 'trusted' keyring	2015-11-23 14:30:02 -05:00
Makefile	integrity: make integrity files as 'integrity' module	2014-09-09 10:28:58 -04:00
digsig.c	integrity: define '.evm' as a builtin 'trusted' keyring	2015-11-23 14:30:02 -05:00
digsig_asymmetric.c	IMA: create machine owner and blacklist keyrings	2015-12-15 10:01:43 -05:00
iint.c	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2016-01-17 19:13:15 -08:00
integrity.h	ima: define a new hook to measure and appraise a file already in memory	2016-02-20 22:35:08 -05:00
integrity_audit.c	Merge git://git.infradead.org/users/eparis/audit	2014-04-12 12:38:53 -07:00