[PATCH 5/6] security/integrity/evm: Drop direct dependency on key_type_encrypted
From: Dan Williams
Date: Tue Mar 19 2019 - 02:19:24 EST
Lookup the key type by name and protect evm from encrypted_keys.ko
module load failures.
Cc: Mimi Zohar <zohar@xxxxxxxxxxxxx>
Cc: <linux-integrity@xxxxxxxxxxxxxxx>
Signed-off-by: Dan Williams <dan.j.williams@xxxxxxxxx>
---
security/integrity/evm/evm_crypto.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index c37d08118af5..5c65c3aef427 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -354,10 +354,15 @@ int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr,
int evm_init_key(void)
{
struct key *evm_key;
+ struct key_type *type;
struct encrypted_key_payload *ekp;
int rc;
- evm_key = request_key(&key_type_encrypted, EVMKEY, NULL);
+ type = key_type_lookup("encrypted");
+ if (IS_ERR(type))
+ return PTR_ERR(type);
+
+ evm_key = request_key(type, EVMKEY, NULL);
if (IS_ERR(evm_key))
return -ENOENT;
@@ -372,3 +377,5 @@ int evm_init_key(void)
key_put(evm_key);
return rc;
}
+
+MODULE_SOFTDEP("pre: encrypted_keys");