]>
Commit | Line | Data |
---|---|---|
b886d83c | 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
6146f0d5 MZ |
2 | /* |
3 | * Copyright (C) 2008 IBM Corporation | |
4 | * Author: Mimi Zohar <zohar@us.ibm.com> | |
6146f0d5 MZ |
5 | */ |
6 | ||
6146f0d5 MZ |
7 | #ifndef _LINUX_IMA_H |
8 | #define _LINUX_IMA_H | |
9 | ||
b89999d0 | 10 | #include <linux/kernel_read_file.h> |
ed850a52 | 11 | #include <linux/fs.h> |
16c267aa | 12 | #include <linux/security.h> |
7b8589cc | 13 | #include <linux/kexec.h> |
ed850a52 MZ |
14 | struct linux_binprm; |
15 | ||
3323eec9 MZ |
16 | #ifdef CONFIG_IMA |
17 | extern int ima_bprm_check(struct linux_binprm *bprm); | |
6035a27b | 18 | extern int ima_file_check(struct file *file, int mask); |
a2d2329e CB |
19 | extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns, |
20 | struct inode *inode); | |
3323eec9 MZ |
21 | extern void ima_file_free(struct file *file); |
22 | extern int ima_file_mmap(struct file *file, unsigned long prot); | |
8eb613c0 | 23 | extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot); |
b64fcae7 KC |
24 | extern int ima_load_data(enum kernel_load_data_id id, bool contents); |
25 | extern int ima_post_load_data(char *buf, loff_t size, | |
26 | enum kernel_load_data_id id, char *description); | |
2039bda1 KC |
27 | extern int ima_read_file(struct file *file, enum kernel_read_file_id id, |
28 | bool contents); | |
cf222217 MZ |
29 | extern int ima_post_read_file(struct file *file, void *buf, loff_t size, |
30 | enum kernel_read_file_id id); | |
a2d2329e CB |
31 | extern void ima_post_path_mknod(struct user_namespace *mnt_userns, |
32 | struct dentry *dentry); | |
6beea7af | 33 | extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); |
403319be | 34 | extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size); |
4834177e | 35 | extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size); |
9f5d7d23 TS |
36 | extern void ima_measure_critical_data(const char *event_label, |
37 | const char *event_name, | |
d6e64501 TS |
38 | const void *buf, size_t buf_len, |
39 | bool hash); | |
3323eec9 | 40 | |
b000d5cb AB |
41 | #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM |
42 | extern void ima_appraise_parse_cmdline(void); | |
43 | #else | |
44 | static inline void ima_appraise_parse_cmdline(void) {} | |
45 | #endif | |
46 | ||
7b8589cc MZ |
47 | #ifdef CONFIG_IMA_KEXEC |
48 | extern void ima_add_kexec_buffer(struct kimage *image); | |
49 | #endif | |
50 | ||
9e2b4be3 | 51 | #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT |
0914ade2 | 52 | extern bool arch_ima_get_secureboot(void); |
d958083a | 53 | extern const char * const *arch_get_ima_policy(void); |
0914ade2 NJ |
54 | #else |
55 | static inline bool arch_ima_get_secureboot(void) | |
56 | { | |
57 | return false; | |
58 | } | |
0914ade2 | 59 | |
61917062 NJ |
60 | static inline const char * const *arch_get_ima_policy(void) |
61 | { | |
62 | return NULL; | |
63 | } | |
d958083a | 64 | #endif |
61917062 | 65 | |
3323eec9 | 66 | #else |
6146f0d5 MZ |
67 | static inline int ima_bprm_check(struct linux_binprm *bprm) |
68 | { | |
69 | return 0; | |
70 | } | |
71 | ||
6035a27b | 72 | static inline int ima_file_check(struct file *file, int mask) |
6146f0d5 MZ |
73 | { |
74 | return 0; | |
75 | } | |
76 | ||
a2d2329e CB |
77 | static inline void ima_post_create_tmpfile(struct user_namespace *mnt_userns, |
78 | struct inode *inode) | |
fdb2410f MZ |
79 | { |
80 | } | |
81 | ||
6146f0d5 MZ |
82 | static inline void ima_file_free(struct file *file) |
83 | { | |
84 | return; | |
85 | } | |
86 | ||
87 | static inline int ima_file_mmap(struct file *file, unsigned long prot) | |
88 | { | |
89 | return 0; | |
90 | } | |
9957a504 | 91 | |
8eb613c0 MZ |
92 | static inline int ima_file_mprotect(struct vm_area_struct *vma, |
93 | unsigned long prot) | |
94 | { | |
95 | return 0; | |
96 | } | |
97 | ||
b64fcae7 KC |
98 | static inline int ima_load_data(enum kernel_load_data_id id, bool contents) |
99 | { | |
100 | return 0; | |
101 | } | |
102 | ||
103 | static inline int ima_post_load_data(char *buf, loff_t size, | |
104 | enum kernel_load_data_id id, | |
105 | char *description) | |
16c267aa MZ |
106 | { |
107 | return 0; | |
108 | } | |
109 | ||
2039bda1 KC |
110 | static inline int ima_read_file(struct file *file, enum kernel_read_file_id id, |
111 | bool contents) | |
39eeb4fb MZ |
112 | { |
113 | return 0; | |
114 | } | |
115 | ||
cf222217 MZ |
116 | static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, |
117 | enum kernel_read_file_id id) | |
118 | { | |
119 | return 0; | |
120 | } | |
121 | ||
a2d2329e CB |
122 | static inline void ima_post_path_mknod(struct user_namespace *mnt_userns, |
123 | struct dentry *dentry) | |
05d1a717 MZ |
124 | { |
125 | return; | |
126 | } | |
127 | ||
6beea7af FR |
128 | static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) |
129 | { | |
130 | return -EOPNOTSUPP; | |
131 | } | |
132 | ||
403319be KS |
133 | static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size) |
134 | { | |
135 | return -EOPNOTSUPP; | |
136 | } | |
137 | ||
4834177e | 138 | static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {} |
d6e64501 | 139 | |
9f5d7d23 TS |
140 | static inline void ima_measure_critical_data(const char *event_label, |
141 | const char *event_name, | |
d6e64501 TS |
142 | const void *buf, size_t buf_len, |
143 | bool hash) {} | |
9f5d7d23 | 144 | |
e05a4f4f | 145 | #endif /* CONFIG_IMA */ |
9957a504 | 146 | |
7b8589cc MZ |
147 | #ifndef CONFIG_IMA_KEXEC |
148 | struct kimage; | |
149 | ||
150 | static inline void ima_add_kexec_buffer(struct kimage *image) | |
151 | {} | |
152 | #endif | |
153 | ||
ea78979d | 154 | #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS |
cb1aa382 LR |
155 | extern void ima_post_key_create_or_update(struct key *keyring, |
156 | struct key *key, | |
157 | const void *payload, size_t plen, | |
158 | unsigned long flags, bool create); | |
159 | #else | |
160 | static inline void ima_post_key_create_or_update(struct key *keyring, | |
161 | struct key *key, | |
162 | const void *payload, | |
163 | size_t plen, | |
164 | unsigned long flags, | |
165 | bool create) {} | |
ea78979d | 166 | #endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ |
cb1aa382 | 167 | |
9957a504 | 168 | #ifdef CONFIG_IMA_APPRAISE |
6f6723e2 | 169 | extern bool is_ima_appraise_enabled(void); |
a2d2329e CB |
170 | extern void ima_inode_post_setattr(struct user_namespace *mnt_userns, |
171 | struct dentry *dentry); | |
42c63330 MZ |
172 | extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, |
173 | const void *xattr_value, size_t xattr_value_len); | |
174 | extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); | |
9957a504 | 175 | #else |
6f6723e2 MZ |
176 | static inline bool is_ima_appraise_enabled(void) |
177 | { | |
178 | return 0; | |
179 | } | |
180 | ||
a2d2329e CB |
181 | static inline void ima_inode_post_setattr(struct user_namespace *mnt_userns, |
182 | struct dentry *dentry) | |
9957a504 MZ |
183 | { |
184 | return; | |
185 | } | |
42c63330 MZ |
186 | |
187 | static inline int ima_inode_setxattr(struct dentry *dentry, | |
188 | const char *xattr_name, | |
189 | const void *xattr_value, | |
190 | size_t xattr_value_len) | |
191 | { | |
192 | return 0; | |
193 | } | |
194 | ||
195 | static inline int ima_inode_removexattr(struct dentry *dentry, | |
196 | const char *xattr_name) | |
197 | { | |
198 | return 0; | |
199 | } | |
e05a4f4f | 200 | #endif /* CONFIG_IMA_APPRAISE */ |
29d3c1c8 MG |
201 | |
202 | #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) | |
203 | extern bool ima_appraise_signature(enum kernel_read_file_id func); | |
204 | #else | |
205 | static inline bool ima_appraise_signature(enum kernel_read_file_id func) | |
206 | { | |
207 | return false; | |
208 | } | |
209 | #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ | |
6146f0d5 | 210 | #endif /* _LINUX_IMA_H */ |