certs: Add wrapper function to check blacklisted binary hash
authorNayna Jain <nayna@linux.ibm.com>
Thu, 31 Oct 2019 03:31:31 +0000 (23:31 -0400)
committerMichael Ellerman <mpe@ellerman.id.au>
Tue, 12 Nov 2019 01:25:50 +0000 (12:25 +1100)
commit2434f7d2d488c3301ae81f1031e1c66c6f076fb7
treeaa7a3fe1afeffd5f6c08cb78228a82d1da56e018
parente14555e3d0e9edfad0a6840c0152f71aba97e793
certs: Add wrapper function to check blacklisted binary hash

The -EKEYREJECTED error returned by existing is_hash_blacklisted() is
misleading when called for checking against blacklisted hash of a
binary.

This patch adds a wrapper function is_binary_blacklisted() to return
-EPERM error if binary is blacklisted.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1572492694-6520-7-git-send-email-zohar@linux.ibm.com
certs/blacklist.c
include/keys/system_keyring.h