tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / linux / ima.h
at v5.11 5.0 kB view raw
1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * Copyright (C) 2008 IBM Corporation 4 * Author: Mimi Zohar <zohar@us.ibm.com> 5 */ 6 7#ifndef _LINUX_IMA_H 8#define _LINUX_IMA_H 9 10#include <linux/kernel_read_file.h> 11#include <linux/fs.h> 12#include <linux/security.h> 13#include <linux/kexec.h> 14struct linux_binprm; 15 16#ifdef CONFIG_IMA 17extern int ima_bprm_check(struct linux_binprm *bprm); 18extern int ima_file_check(struct file *file, int mask); 19extern void ima_post_create_tmpfile(struct inode *inode); 20extern void ima_file_free(struct file *file); 21extern int ima_file_mmap(struct file *file, unsigned long prot); 22extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot); 23extern int ima_load_data(enum kernel_load_data_id id, bool contents); 24extern int ima_post_load_data(char *buf, loff_t size, 25 enum kernel_load_data_id id, char *description); 26extern int ima_read_file(struct file *file, enum kernel_read_file_id id, 27 bool contents); 28extern int ima_post_read_file(struct file *file, void *buf, loff_t size, 29 enum kernel_read_file_id id); 30extern void ima_post_path_mknod(struct dentry *dentry); 31extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); 32extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size); 33extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size); 34 35#ifdef CONFIG_IMA_APPRAISE_BOOTPARAM 36extern void ima_appraise_parse_cmdline(void); 37#else 38static inline void ima_appraise_parse_cmdline(void) {} 39#endif 40 41#ifdef CONFIG_IMA_KEXEC 42extern void ima_add_kexec_buffer(struct kimage *image); 43#endif 44 45#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT 46extern bool arch_ima_get_secureboot(void); 47extern const char * const *arch_get_ima_policy(void); 48#else 49static inline bool arch_ima_get_secureboot(void) 50{ 51 return false; 52} 53 54static inline const char * const *arch_get_ima_policy(void) 55{ 56 return NULL; 57} 58#endif 59 60#else 61static inline int ima_bprm_check(struct linux_binprm *bprm) 62{ 63 return 0; 64} 65 66static inline int ima_file_check(struct file *file, int mask) 67{ 68 return 0; 69} 70 71static inline void ima_post_create_tmpfile(struct inode *inode) 72{ 73} 74 75static inline void ima_file_free(struct file *file) 76{ 77 return; 78} 79 80static inline int ima_file_mmap(struct file *file, unsigned long prot) 81{ 82 return 0; 83} 84 85static inline int ima_file_mprotect(struct vm_area_struct *vma, 86 unsigned long prot) 87{ 88 return 0; 89} 90 91static inline int ima_load_data(enum kernel_load_data_id id, bool contents) 92{ 93 return 0; 94} 95 96static inline int ima_post_load_data(char *buf, loff_t size, 97 enum kernel_load_data_id id, 98 char *description) 99{ 100 return 0; 101} 102 103static inline int ima_read_file(struct file *file, enum kernel_read_file_id id, 104 bool contents) 105{ 106 return 0; 107} 108 109static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, 110 enum kernel_read_file_id id) 111{ 112 return 0; 113} 114 115static inline void ima_post_path_mknod(struct dentry *dentry) 116{ 117 return; 118} 119 120static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) 121{ 122 return -EOPNOTSUPP; 123} 124 125static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size) 126{ 127 return -EOPNOTSUPP; 128} 129 130static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {} 131#endif /* CONFIG_IMA */ 132 133#ifndef CONFIG_IMA_KEXEC 134struct kimage; 135 136static inline void ima_add_kexec_buffer(struct kimage *image) 137{} 138#endif 139 140#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS 141extern void ima_post_key_create_or_update(struct key *keyring, 142 struct key *key, 143 const void *payload, size_t plen, 144 unsigned long flags, bool create); 145#else 146static inline void ima_post_key_create_or_update(struct key *keyring, 147 struct key *key, 148 const void *payload, 149 size_t plen, 150 unsigned long flags, 151 bool create) {} 152#endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ 153 154#ifdef CONFIG_IMA_APPRAISE 155extern bool is_ima_appraise_enabled(void); 156extern void ima_inode_post_setattr(struct dentry *dentry); 157extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 158 const void *xattr_value, size_t xattr_value_len); 159extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); 160#else 161static inline bool is_ima_appraise_enabled(void) 162{ 163 return 0; 164} 165 166static inline void ima_inode_post_setattr(struct dentry *dentry) 167{ 168 return; 169} 170 171static inline int ima_inode_setxattr(struct dentry *dentry, 172 const char *xattr_name, 173 const void *xattr_value, 174 size_t xattr_value_len) 175{ 176 return 0; 177} 178 179static inline int ima_inode_removexattr(struct dentry *dentry, 180 const char *xattr_name) 181{ 182 return 0; 183} 184#endif /* CONFIG_IMA_APPRAISE */ 185 186#if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) 187extern bool ima_appraise_signature(enum kernel_read_file_id func); 188#else 189static inline bool ima_appraise_signature(enum kernel_read_file_id func) 190{ 191 return false; 192} 193#endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ 194#endif /* _LINUX_IMA_H */