summaryrefslogtreecommitdiff
path: root/security/ipe/hooks.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/ipe/hooks.c')
-rw-r--r--security/ipe/hooks.c29
1 files changed, 29 insertions, 0 deletions
diff --git a/security/ipe/hooks.c b/security/ipe/hooks.c
index 0b7c66dc15d3..d0323b81cd8f 100644
--- a/security/ipe/hooks.c
+++ b/security/ipe/hooks.c
@@ -283,3 +283,32 @@ err:
return -ENOMEM;
}
#endif /* CONFIG_IPE_PROP_DM_VERITY */
+
+#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
+/**
+ * ipe_inode_setintegrity() - save integrity data from a inode to IPE's LSM blob.
+ * @inode: The inode to source the security blob from.
+ * @type: Supplies the integrity type.
+ * @value: The value to be stored.
+ * @size: The size of @value.
+ *
+ * This hook is currently used to save the existence of a validated fs-verity
+ * builtin signature into LSM blob.
+ *
+ * Return: %0 on success. If an error occurs, the function will return the
+ * -errno.
+ */
+int ipe_inode_setintegrity(const struct inode *inode,
+ enum lsm_integrity_type type,
+ const void *value, size_t size)
+{
+ struct ipe_inode *inode_sec = ipe_inode(inode);
+
+ if (type == LSM_INT_FSVERITY_BUILTINSIG_VALID) {
+ inode_sec->fs_verity_signed = size > 0 && value;
+ return 0;
+ }
+
+ return -EINVAL;
+}
+#endif /* CONFIG_CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */