include/linux/ima.h at v6.5 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / include / linux / ima.h
at v6.5 6.7 kB view raw
  1/* SPDX-License-Identifier: GPL-2.0-only */
  2/*
  3 * Copyright (C) 2008 IBM Corporation
  4 * Author: Mimi Zohar <zohar@us.ibm.com>
  5 */
  6
  7#ifndef _LINUX_IMA_H
  8#define _LINUX_IMA_H
  9
 10#include <linux/kernel_read_file.h>
 11#include <linux/fs.h>
 12#include <linux/security.h>
 13#include <linux/kexec.h>
 14#include <crypto/hash_info.h>
 15struct linux_binprm;
 16
 17#ifdef CONFIG_IMA
 18extern enum hash_algo ima_get_current_hash_algo(void);
 19extern int ima_bprm_check(struct linux_binprm *bprm);
 20extern int ima_file_check(struct file *file, int mask);
 21extern void ima_post_create_tmpfile(struct mnt_idmap *idmap,
 22				    struct inode *inode);
 23extern void ima_file_free(struct file *file);
 24extern int ima_file_mmap(struct file *file, unsigned long reqprot,
 25			 unsigned long prot, unsigned long flags);
 26extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot);
 27extern int ima_load_data(enum kernel_load_data_id id, bool contents);
 28extern int ima_post_load_data(char *buf, loff_t size,
 29			      enum kernel_load_data_id id, char *description);
 30extern int ima_read_file(struct file *file, enum kernel_read_file_id id,
 31			 bool contents);
 32extern int ima_post_read_file(struct file *file, void *buf, loff_t size,
 33			      enum kernel_read_file_id id);
 34extern void ima_post_path_mknod(struct mnt_idmap *idmap,
 35				struct dentry *dentry);
 36extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
 37extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size);
 38extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
 39extern int ima_measure_critical_data(const char *event_label,
 40				     const char *event_name,
 41				     const void *buf, size_t buf_len,
 42				     bool hash, u8 *digest, size_t digest_len);
 43
 44#ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
 45extern void ima_appraise_parse_cmdline(void);
 46#else
 47static inline void ima_appraise_parse_cmdline(void) {}
 48#endif
 49
 50#ifdef CONFIG_IMA_KEXEC
 51extern void ima_add_kexec_buffer(struct kimage *image);
 52#endif
 53
 54#else
 55static inline enum hash_algo ima_get_current_hash_algo(void)
 56{
 57	return HASH_ALGO__LAST;
 58}
 59
 60static inline int ima_bprm_check(struct linux_binprm *bprm)
 61{
 62	return 0;
 63}
 64
 65static inline int ima_file_check(struct file *file, int mask)
 66{
 67	return 0;
 68}
 69
 70static inline void ima_post_create_tmpfile(struct mnt_idmap *idmap,
 71					   struct inode *inode)
 72{
 73}
 74
 75static inline void ima_file_free(struct file *file)
 76{
 77	return;
 78}
 79
 80static inline int ima_file_mmap(struct file *file, unsigned long reqprot,
 81				unsigned long prot, unsigned long flags)
 82{
 83	return 0;
 84}
 85
 86static inline int ima_file_mprotect(struct vm_area_struct *vma,
 87				    unsigned long prot)
 88{
 89	return 0;
 90}
 91
 92static inline int ima_load_data(enum kernel_load_data_id id, bool contents)
 93{
 94	return 0;
 95}
 96
 97static inline int ima_post_load_data(char *buf, loff_t size,
 98				     enum kernel_load_data_id id,
 99				     char *description)
100{
101	return 0;
102}
103
104static inline int ima_read_file(struct file *file, enum kernel_read_file_id id,
105				bool contents)
106{
107	return 0;
108}
109
110static inline int ima_post_read_file(struct file *file, void *buf, loff_t size,
111				     enum kernel_read_file_id id)
112{
113	return 0;
114}
115
116static inline void ima_post_path_mknod(struct mnt_idmap *idmap,
117				       struct dentry *dentry)
118{
119	return;
120}
121
122static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size)
123{
124	return -EOPNOTSUPP;
125}
126
127static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size)
128{
129	return -EOPNOTSUPP;
130}
131
132static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {}
133
134static inline int ima_measure_critical_data(const char *event_label,
135					     const char *event_name,
136					     const void *buf, size_t buf_len,
137					     bool hash, u8 *digest,
138					     size_t digest_len)
139{
140	return -ENOENT;
141}
142
143#endif /* CONFIG_IMA */
144
145#ifdef CONFIG_HAVE_IMA_KEXEC
146int __init ima_free_kexec_buffer(void);
147int __init ima_get_kexec_buffer(void **addr, size_t *size);
148#endif
149
150#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
151extern bool arch_ima_get_secureboot(void);
152extern const char * const *arch_get_ima_policy(void);
153#else
154static inline bool arch_ima_get_secureboot(void)
155{
156	return false;
157}
158
159static inline const char * const *arch_get_ima_policy(void)
160{
161	return NULL;
162}
163#endif
164
165#ifndef CONFIG_IMA_KEXEC
166struct kimage;
167
168static inline void ima_add_kexec_buffer(struct kimage *image)
169{}
170#endif
171
172#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
173extern void ima_post_key_create_or_update(struct key *keyring,
174					  struct key *key,
175					  const void *payload, size_t plen,
176					  unsigned long flags, bool create);
177#else
178static inline void ima_post_key_create_or_update(struct key *keyring,
179						 struct key *key,
180						 const void *payload,
181						 size_t plen,
182						 unsigned long flags,
183						 bool create) {}
184#endif  /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */
185
186#ifdef CONFIG_IMA_APPRAISE
187extern bool is_ima_appraise_enabled(void);
188extern void ima_inode_post_setattr(struct mnt_idmap *idmap,
189				   struct dentry *dentry);
190extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
191		       const void *xattr_value, size_t xattr_value_len);
192extern int ima_inode_set_acl(struct mnt_idmap *idmap,
193			     struct dentry *dentry, const char *acl_name,
194			     struct posix_acl *kacl);
195static inline int ima_inode_remove_acl(struct mnt_idmap *idmap,
196				       struct dentry *dentry,
197				       const char *acl_name)
198{
199	return ima_inode_set_acl(idmap, dentry, acl_name, NULL);
200}
201extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name);
202#else
203static inline bool is_ima_appraise_enabled(void)
204{
205	return 0;
206}
207
208static inline void ima_inode_post_setattr(struct mnt_idmap *idmap,
209					  struct dentry *dentry)
210{
211	return;
212}
213
214static inline int ima_inode_setxattr(struct dentry *dentry,
215				     const char *xattr_name,
216				     const void *xattr_value,
217				     size_t xattr_value_len)
218{
219	return 0;
220}
221
222static inline int ima_inode_set_acl(struct mnt_idmap *idmap,
223				    struct dentry *dentry, const char *acl_name,
224				    struct posix_acl *kacl)
225{
226
227	return 0;
228}
229
230static inline int ima_inode_removexattr(struct dentry *dentry,
231					const char *xattr_name)
232{
233	return 0;
234}
235
236static inline int ima_inode_remove_acl(struct mnt_idmap *idmap,
237				       struct dentry *dentry,
238				       const char *acl_name)
239{
240	return 0;
241}
242#endif /* CONFIG_IMA_APPRAISE */
243
244#if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
245extern bool ima_appraise_signature(enum kernel_read_file_id func);
246#else
247static inline bool ima_appraise_signature(enum kernel_read_file_id func)
248{
249	return false;
250}
251#endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */
252#endif /* _LINUX_IMA_H */