tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / linux / ima.h
at v5.8 4.3 kB view raw
1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * Copyright (C) 2008 IBM Corporation 4 * Author: Mimi Zohar <zohar@us.ibm.com> 5 */ 6 7#ifndef _LINUX_IMA_H 8#define _LINUX_IMA_H 9 10#include <linux/fs.h> 11#include <linux/security.h> 12#include <linux/kexec.h> 13struct linux_binprm; 14 15#ifdef CONFIG_IMA 16extern int ima_bprm_check(struct linux_binprm *bprm); 17extern int ima_file_check(struct file *file, int mask); 18extern void ima_post_create_tmpfile(struct inode *inode); 19extern void ima_file_free(struct file *file); 20extern int ima_file_mmap(struct file *file, unsigned long prot); 21extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot); 22extern int ima_load_data(enum kernel_load_data_id id); 23extern int ima_read_file(struct file *file, enum kernel_read_file_id id); 24extern int ima_post_read_file(struct file *file, void *buf, loff_t size, 25 enum kernel_read_file_id id); 26extern void ima_post_path_mknod(struct dentry *dentry); 27extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); 28extern void ima_kexec_cmdline(const void *buf, int size); 29 30#ifdef CONFIG_IMA_KEXEC 31extern void ima_add_kexec_buffer(struct kimage *image); 32#endif 33 34#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT 35extern bool arch_ima_get_secureboot(void); 36extern const char * const *arch_get_ima_policy(void); 37#else 38static inline bool arch_ima_get_secureboot(void) 39{ 40 return false; 41} 42 43static inline const char * const *arch_get_ima_policy(void) 44{ 45 return NULL; 46} 47#endif 48 49#else 50static inline int ima_bprm_check(struct linux_binprm *bprm) 51{ 52 return 0; 53} 54 55static inline int ima_file_check(struct file *file, int mask) 56{ 57 return 0; 58} 59 60static inline void ima_post_create_tmpfile(struct inode *inode) 61{ 62} 63 64static inline void ima_file_free(struct file *file) 65{ 66 return; 67} 68 69static inline int ima_file_mmap(struct file *file, unsigned long prot) 70{ 71 return 0; 72} 73 74static inline int ima_file_mprotect(struct vm_area_struct *vma, 75 unsigned long prot) 76{ 77 return 0; 78} 79 80static inline int ima_load_data(enum kernel_load_data_id id) 81{ 82 return 0; 83} 84 85static inline int ima_read_file(struct file *file, enum kernel_read_file_id id) 86{ 87 return 0; 88} 89 90static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, 91 enum kernel_read_file_id id) 92{ 93 return 0; 94} 95 96static inline void ima_post_path_mknod(struct dentry *dentry) 97{ 98 return; 99} 100 101static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) 102{ 103 return -EOPNOTSUPP; 104} 105 106static inline void ima_kexec_cmdline(const void *buf, int size) {} 107#endif /* CONFIG_IMA */ 108 109#ifndef CONFIG_IMA_KEXEC 110struct kimage; 111 112static inline void ima_add_kexec_buffer(struct kimage *image) 113{} 114#endif 115 116#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS 117extern void ima_post_key_create_or_update(struct key *keyring, 118 struct key *key, 119 const void *payload, size_t plen, 120 unsigned long flags, bool create); 121#else 122static inline void ima_post_key_create_or_update(struct key *keyring, 123 struct key *key, 124 const void *payload, 125 size_t plen, 126 unsigned long flags, 127 bool create) {} 128#endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ 129 130#ifdef CONFIG_IMA_APPRAISE 131extern bool is_ima_appraise_enabled(void); 132extern void ima_inode_post_setattr(struct dentry *dentry); 133extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 134 const void *xattr_value, size_t xattr_value_len); 135extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); 136#else 137static inline bool is_ima_appraise_enabled(void) 138{ 139 return 0; 140} 141 142static inline void ima_inode_post_setattr(struct dentry *dentry) 143{ 144 return; 145} 146 147static inline int ima_inode_setxattr(struct dentry *dentry, 148 const char *xattr_name, 149 const void *xattr_value, 150 size_t xattr_value_len) 151{ 152 return 0; 153} 154 155static inline int ima_inode_removexattr(struct dentry *dentry, 156 const char *xattr_name) 157{ 158 return 0; 159} 160#endif /* CONFIG_IMA_APPRAISE */ 161 162#if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) 163extern bool ima_appraise_signature(enum kernel_read_file_id func); 164#else 165static inline bool ima_appraise_signature(enum kernel_read_file_id func) 166{ 167 return false; 168} 169#endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ 170#endif /* _LINUX_IMA_H */