tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / linux / ima.h
at v5.10 4.7 kB view raw
1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * Copyright (C) 2008 IBM Corporation 4 * Author: Mimi Zohar <zohar@us.ibm.com> 5 */ 6 7#ifndef _LINUX_IMA_H 8#define _LINUX_IMA_H 9 10#include <linux/kernel_read_file.h> 11#include <linux/fs.h> 12#include <linux/security.h> 13#include <linux/kexec.h> 14struct linux_binprm; 15 16#ifdef CONFIG_IMA 17extern int ima_bprm_check(struct linux_binprm *bprm); 18extern int ima_file_check(struct file *file, int mask); 19extern void ima_post_create_tmpfile(struct inode *inode); 20extern void ima_file_free(struct file *file); 21extern int ima_file_mmap(struct file *file, unsigned long prot); 22extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot); 23extern int ima_load_data(enum kernel_load_data_id id, bool contents); 24extern int ima_post_load_data(char *buf, loff_t size, 25 enum kernel_load_data_id id, char *description); 26extern int ima_read_file(struct file *file, enum kernel_read_file_id id, 27 bool contents); 28extern int ima_post_read_file(struct file *file, void *buf, loff_t size, 29 enum kernel_read_file_id id); 30extern void ima_post_path_mknod(struct dentry *dentry); 31extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); 32extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size); 33 34#ifdef CONFIG_IMA_KEXEC 35extern void ima_add_kexec_buffer(struct kimage *image); 36#endif 37 38#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT 39extern bool arch_ima_get_secureboot(void); 40extern const char * const *arch_get_ima_policy(void); 41#else 42static inline bool arch_ima_get_secureboot(void) 43{ 44 return false; 45} 46 47static inline const char * const *arch_get_ima_policy(void) 48{ 49 return NULL; 50} 51#endif 52 53#else 54static inline int ima_bprm_check(struct linux_binprm *bprm) 55{ 56 return 0; 57} 58 59static inline int ima_file_check(struct file *file, int mask) 60{ 61 return 0; 62} 63 64static inline void ima_post_create_tmpfile(struct inode *inode) 65{ 66} 67 68static inline void ima_file_free(struct file *file) 69{ 70 return; 71} 72 73static inline int ima_file_mmap(struct file *file, unsigned long prot) 74{ 75 return 0; 76} 77 78static inline int ima_file_mprotect(struct vm_area_struct *vma, 79 unsigned long prot) 80{ 81 return 0; 82} 83 84static inline int ima_load_data(enum kernel_load_data_id id, bool contents) 85{ 86 return 0; 87} 88 89static inline int ima_post_load_data(char *buf, loff_t size, 90 enum kernel_load_data_id id, 91 char *description) 92{ 93 return 0; 94} 95 96static inline int ima_read_file(struct file *file, enum kernel_read_file_id id, 97 bool contents) 98{ 99 return 0; 100} 101 102static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, 103 enum kernel_read_file_id id) 104{ 105 return 0; 106} 107 108static inline void ima_post_path_mknod(struct dentry *dentry) 109{ 110 return; 111} 112 113static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) 114{ 115 return -EOPNOTSUPP; 116} 117 118static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {} 119#endif /* CONFIG_IMA */ 120 121#ifndef CONFIG_IMA_KEXEC 122struct kimage; 123 124static inline void ima_add_kexec_buffer(struct kimage *image) 125{} 126#endif 127 128#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS 129extern void ima_post_key_create_or_update(struct key *keyring, 130 struct key *key, 131 const void *payload, size_t plen, 132 unsigned long flags, bool create); 133#else 134static inline void ima_post_key_create_or_update(struct key *keyring, 135 struct key *key, 136 const void *payload, 137 size_t plen, 138 unsigned long flags, 139 bool create) {} 140#endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ 141 142#ifdef CONFIG_IMA_APPRAISE 143extern bool is_ima_appraise_enabled(void); 144extern void ima_inode_post_setattr(struct dentry *dentry); 145extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 146 const void *xattr_value, size_t xattr_value_len); 147extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); 148#else 149static inline bool is_ima_appraise_enabled(void) 150{ 151 return 0; 152} 153 154static inline void ima_inode_post_setattr(struct dentry *dentry) 155{ 156 return; 157} 158 159static inline int ima_inode_setxattr(struct dentry *dentry, 160 const char *xattr_name, 161 const void *xattr_value, 162 size_t xattr_value_len) 163{ 164 return 0; 165} 166 167static inline int ima_inode_removexattr(struct dentry *dentry, 168 const char *xattr_name) 169{ 170 return 0; 171} 172#endif /* CONFIG_IMA_APPRAISE */ 173 174#if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) 175extern bool ima_appraise_signature(enum kernel_read_file_id func); 176#else 177static inline bool ima_appraise_signature(enum kernel_read_file_id func) 178{ 179 return false; 180} 181#endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ 182#endif /* _LINUX_IMA_H */