tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / linux / ima.h
at v5.12 5.6 kB view raw
1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * Copyright (C) 2008 IBM Corporation 4 * Author: Mimi Zohar <zohar@us.ibm.com> 5 */ 6 7#ifndef _LINUX_IMA_H 8#define _LINUX_IMA_H 9 10#include <linux/kernel_read_file.h> 11#include <linux/fs.h> 12#include <linux/security.h> 13#include <linux/kexec.h> 14struct linux_binprm; 15 16#ifdef CONFIG_IMA 17extern int ima_bprm_check(struct linux_binprm *bprm); 18extern int ima_file_check(struct file *file, int mask); 19extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns, 20 struct inode *inode); 21extern void ima_file_free(struct file *file); 22extern int ima_file_mmap(struct file *file, unsigned long prot); 23extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot); 24extern int ima_load_data(enum kernel_load_data_id id, bool contents); 25extern int ima_post_load_data(char *buf, loff_t size, 26 enum kernel_load_data_id id, char *description); 27extern int ima_read_file(struct file *file, enum kernel_read_file_id id, 28 bool contents); 29extern int ima_post_read_file(struct file *file, void *buf, loff_t size, 30 enum kernel_read_file_id id); 31extern void ima_post_path_mknod(struct user_namespace *mnt_userns, 32 struct dentry *dentry); 33extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); 34extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size); 35extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size); 36extern void ima_measure_critical_data(const char *event_label, 37 const char *event_name, 38 const void *buf, size_t buf_len, 39 bool hash); 40 41#ifdef CONFIG_IMA_APPRAISE_BOOTPARAM 42extern void ima_appraise_parse_cmdline(void); 43#else 44static inline void ima_appraise_parse_cmdline(void) {} 45#endif 46 47#ifdef CONFIG_IMA_KEXEC 48extern void ima_add_kexec_buffer(struct kimage *image); 49#endif 50 51#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT 52extern bool arch_ima_get_secureboot(void); 53extern const char * const *arch_get_ima_policy(void); 54#else 55static inline bool arch_ima_get_secureboot(void) 56{ 57 return false; 58} 59 60static inline const char * const *arch_get_ima_policy(void) 61{ 62 return NULL; 63} 64#endif 65 66#else 67static inline int ima_bprm_check(struct linux_binprm *bprm) 68{ 69 return 0; 70} 71 72static inline int ima_file_check(struct file *file, int mask) 73{ 74 return 0; 75} 76 77static inline void ima_post_create_tmpfile(struct user_namespace *mnt_userns, 78 struct inode *inode) 79{ 80} 81 82static inline void ima_file_free(struct file *file) 83{ 84 return; 85} 86 87static inline int ima_file_mmap(struct file *file, unsigned long prot) 88{ 89 return 0; 90} 91 92static inline int ima_file_mprotect(struct vm_area_struct *vma, 93 unsigned long prot) 94{ 95 return 0; 96} 97 98static inline int ima_load_data(enum kernel_load_data_id id, bool contents) 99{ 100 return 0; 101} 102 103static inline int ima_post_load_data(char *buf, loff_t size, 104 enum kernel_load_data_id id, 105 char *description) 106{ 107 return 0; 108} 109 110static inline int ima_read_file(struct file *file, enum kernel_read_file_id id, 111 bool contents) 112{ 113 return 0; 114} 115 116static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, 117 enum kernel_read_file_id id) 118{ 119 return 0; 120} 121 122static inline void ima_post_path_mknod(struct user_namespace *mnt_userns, 123 struct dentry *dentry) 124{ 125 return; 126} 127 128static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) 129{ 130 return -EOPNOTSUPP; 131} 132 133static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size) 134{ 135 return -EOPNOTSUPP; 136} 137 138static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {} 139 140static inline void ima_measure_critical_data(const char *event_label, 141 const char *event_name, 142 const void *buf, size_t buf_len, 143 bool hash) {} 144 145#endif /* CONFIG_IMA */ 146 147#ifndef CONFIG_IMA_KEXEC 148struct kimage; 149 150static inline void ima_add_kexec_buffer(struct kimage *image) 151{} 152#endif 153 154#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS 155extern void ima_post_key_create_or_update(struct key *keyring, 156 struct key *key, 157 const void *payload, size_t plen, 158 unsigned long flags, bool create); 159#else 160static inline void ima_post_key_create_or_update(struct key *keyring, 161 struct key *key, 162 const void *payload, 163 size_t plen, 164 unsigned long flags, 165 bool create) {} 166#endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ 167 168#ifdef CONFIG_IMA_APPRAISE 169extern bool is_ima_appraise_enabled(void); 170extern void ima_inode_post_setattr(struct user_namespace *mnt_userns, 171 struct dentry *dentry); 172extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 173 const void *xattr_value, size_t xattr_value_len); 174extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); 175#else 176static inline bool is_ima_appraise_enabled(void) 177{ 178 return 0; 179} 180 181static inline void ima_inode_post_setattr(struct user_namespace *mnt_userns, 182 struct dentry *dentry) 183{ 184 return; 185} 186 187static inline int ima_inode_setxattr(struct dentry *dentry, 188 const char *xattr_name, 189 const void *xattr_value, 190 size_t xattr_value_len) 191{ 192 return 0; 193} 194 195static inline int ima_inode_removexattr(struct dentry *dentry, 196 const char *xattr_name) 197{ 198 return 0; 199} 200#endif /* CONFIG_IMA_APPRAISE */ 201 202#if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) 203extern bool ima_appraise_signature(enum kernel_read_file_id func); 204#else 205static inline bool ima_appraise_signature(enum kernel_read_file_id func) 206{ 207 return false; 208} 209#endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ 210#endif /* _LINUX_IMA_H */