1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Copyright (C) 2008 IBM Corporation 4 * Author: Mimi Zohar <[email protected]> 5 */ 6 7 #ifndef _LINUX_IMA_H 8 #define _LINUX_IMA_H 9 10 #include <linux/kernel_read_file.h> 11 #include <linux/fs.h> 12 #include <linux/security.h> 13 #include <linux/kexec.h> 14 struct linux_binprm; 15 16 #ifdef CONFIG_IMA 17 extern int ima_bprm_check(struct linux_binprm *bprm); 18 extern int ima_file_check(struct file *file, int mask); 19 extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns, 20 struct inode *inode); 21 extern void ima_file_free(struct file *file); 22 extern int ima_file_mmap(struct file *file, unsigned long prot); 23 extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot); 24 extern int ima_load_data(enum kernel_load_data_id id, bool contents); 25 extern int ima_post_load_data(char *buf, loff_t size, 26 enum kernel_load_data_id id, char *description); 27 extern int ima_read_file(struct file *file, enum kernel_read_file_id id, 28 bool contents); 29 extern int ima_post_read_file(struct file *file, void *buf, loff_t size, 30 enum kernel_read_file_id id); 31 extern void ima_post_path_mknod(struct user_namespace *mnt_userns, 32 struct dentry *dentry); 33 extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); 34 extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size); 35 extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size); 36 37 #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM 38 extern void ima_appraise_parse_cmdline(void); 39 #else 40 static inline void ima_appraise_parse_cmdline(void) {} 41 #endif 42 43 #ifdef CONFIG_IMA_KEXEC 44 extern void ima_add_kexec_buffer(struct kimage *image); 45 #endif 46 47 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT 48 extern bool arch_ima_get_secureboot(void); 49 extern const char * const *arch_get_ima_policy(void); 50 #else 51 static inline bool arch_ima_get_secureboot(void) 52 { 53 return false; 54 } 55 56 static inline const char * const *arch_get_ima_policy(void) 57 { 58 return NULL; 59 } 60 #endif 61 62 #else 63 static inline int ima_bprm_check(struct linux_binprm *bprm) 64 { 65 return 0; 66 } 67 68 static inline int ima_file_check(struct file *file, int mask) 69 { 70 return 0; 71 } 72 73 static inline void ima_post_create_tmpfile(struct user_namespace *mnt_userns, 74 struct inode *inode) 75 { 76 } 77 78 static inline void ima_file_free(struct file *file) 79 { 80 return; 81 } 82 83 static inline int ima_file_mmap(struct file *file, unsigned long prot) 84 { 85 return 0; 86 } 87 88 static inline int ima_file_mprotect(struct vm_area_struct *vma, 89 unsigned long prot) 90 { 91 return 0; 92 } 93 94 static inline int ima_load_data(enum kernel_load_data_id id, bool contents) 95 { 96 return 0; 97 } 98 99 static inline int ima_post_load_data(char *buf, loff_t size, 100 enum kernel_load_data_id id, 101 char *description) 102 { 103 return 0; 104 } 105 106 static inline int ima_read_file(struct file *file, enum kernel_read_file_id id, 107 bool contents) 108 { 109 return 0; 110 } 111 112 static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, 113 enum kernel_read_file_id id) 114 { 115 return 0; 116 } 117 118 static inline void ima_post_path_mknod(struct user_namespace *mnt_userns, 119 struct dentry *dentry) 120 { 121 return; 122 } 123 124 static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) 125 { 126 return -EOPNOTSUPP; 127 } 128 129 static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size) 130 { 131 return -EOPNOTSUPP; 132 } 133 134 static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {} 135 #endif /* CONFIG_IMA */ 136 137 #ifndef CONFIG_IMA_KEXEC 138 struct kimage; 139 140 static inline void ima_add_kexec_buffer(struct kimage *image) 141 {} 142 #endif 143 144 #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS 145 extern void ima_post_key_create_or_update(struct key *keyring, 146 struct key *key, 147 const void *payload, size_t plen, 148 unsigned long flags, bool create); 149 #else 150 static inline void ima_post_key_create_or_update(struct key *keyring, 151 struct key *key, 152 const void *payload, 153 size_t plen, 154 unsigned long flags, 155 bool create) {} 156 #endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ 157 158 #ifdef CONFIG_IMA_APPRAISE 159 extern bool is_ima_appraise_enabled(void); 160 extern void ima_inode_post_setattr(struct user_namespace *mnt_userns, 161 struct dentry *dentry); 162 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 163 const void *xattr_value, size_t xattr_value_len); 164 extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); 165 #else 166 static inline bool is_ima_appraise_enabled(void) 167 { 168 return 0; 169 } 170 171 static inline void ima_inode_post_setattr(struct user_namespace *mnt_userns, 172 struct dentry *dentry) 173 { 174 return; 175 } 176 177 static inline int ima_inode_setxattr(struct dentry *dentry, 178 const char *xattr_name, 179 const void *xattr_value, 180 size_t xattr_value_len) 181 { 182 return 0; 183 } 184 185 static inline int ima_inode_removexattr(struct dentry *dentry, 186 const char *xattr_name) 187 { 188 return 0; 189 } 190 #endif /* CONFIG_IMA_APPRAISE */ 191 192 #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) 193 extern bool ima_appraise_signature(enum kernel_read_file_id func); 194 #else 195 static inline bool ima_appraise_signature(enum kernel_read_file_id func) 196 { 197 return false; 198 } 199 #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ 200 #endif /* _LINUX_IMA_H */ 201