1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Copyright (C) 2008 IBM Corporation 4 * Author: Mimi Zohar <[email protected]> 5 */ 6 7 #ifndef _LINUX_IMA_H 8 #define _LINUX_IMA_H 9 10 #include <linux/kernel_read_file.h> 11 #include <linux/fs.h> 12 #include <linux/security.h> 13 #include <linux/kexec.h> 14 struct linux_binprm; 15 16 #ifdef CONFIG_IMA 17 extern int ima_bprm_check(struct linux_binprm *bprm); 18 extern int ima_file_check(struct file *file, int mask); 19 extern void ima_post_create_tmpfile(struct inode *inode); 20 extern void ima_file_free(struct file *file); 21 extern int ima_file_mmap(struct file *file, unsigned long prot); 22 extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot); 23 extern int ima_load_data(enum kernel_load_data_id id, bool contents); 24 extern int ima_post_load_data(char *buf, loff_t size, 25 enum kernel_load_data_id id, char *description); 26 extern int ima_read_file(struct file *file, enum kernel_read_file_id id, 27 bool contents); 28 extern int ima_post_read_file(struct file *file, void *buf, loff_t size, 29 enum kernel_read_file_id id); 30 extern void ima_post_path_mknod(struct dentry *dentry); 31 extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); 32 extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size); 33 extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size); 34 extern void ima_measure_critical_data(const char *event_label, 35 const char *event_name, 36 const void *buf, size_t buf_len, 37 bool hash); 38 39 #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM 40 extern void ima_appraise_parse_cmdline(void); 41 #else 42 static inline void ima_appraise_parse_cmdline(void) {} 43 #endif 44 45 #ifdef CONFIG_IMA_KEXEC 46 extern void ima_add_kexec_buffer(struct kimage *image); 47 #endif 48 49 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT 50 extern bool arch_ima_get_secureboot(void); 51 extern const char * const *arch_get_ima_policy(void); 52 #else 53 static inline bool arch_ima_get_secureboot(void) 54 { 55 return false; 56 } 57 58 static inline const char * const *arch_get_ima_policy(void) 59 { 60 return NULL; 61 } 62 #endif 63 64 #else 65 static inline int ima_bprm_check(struct linux_binprm *bprm) 66 { 67 return 0; 68 } 69 70 static inline int ima_file_check(struct file *file, int mask) 71 { 72 return 0; 73 } 74 75 static inline void ima_post_create_tmpfile(struct inode *inode) 76 { 77 } 78 79 static inline void ima_file_free(struct file *file) 80 { 81 return; 82 } 83 84 static inline int ima_file_mmap(struct file *file, unsigned long prot) 85 { 86 return 0; 87 } 88 89 static inline int ima_file_mprotect(struct vm_area_struct *vma, 90 unsigned long prot) 91 { 92 return 0; 93 } 94 95 static inline int ima_load_data(enum kernel_load_data_id id, bool contents) 96 { 97 return 0; 98 } 99 100 static inline int ima_post_load_data(char *buf, loff_t size, 101 enum kernel_load_data_id id, 102 char *description) 103 { 104 return 0; 105 } 106 107 static inline int ima_read_file(struct file *file, enum kernel_read_file_id id, 108 bool contents) 109 { 110 return 0; 111 } 112 113 static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, 114 enum kernel_read_file_id id) 115 { 116 return 0; 117 } 118 119 static inline void ima_post_path_mknod(struct dentry *dentry) 120 { 121 return; 122 } 123 124 static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) 125 { 126 return -EOPNOTSUPP; 127 } 128 129 static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size) 130 { 131 return -EOPNOTSUPP; 132 } 133 134 static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {} 135 136 static inline void ima_measure_critical_data(const char *event_label, 137 const char *event_name, 138 const void *buf, size_t buf_len, 139 bool hash) {} 140 141 #endif /* CONFIG_IMA */ 142 143 #ifndef CONFIG_IMA_KEXEC 144 struct kimage; 145 146 static inline void ima_add_kexec_buffer(struct kimage *image) 147 {} 148 #endif 149 150 #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS 151 extern void ima_post_key_create_or_update(struct key *keyring, 152 struct key *key, 153 const void *payload, size_t plen, 154 unsigned long flags, bool create); 155 #else 156 static inline void ima_post_key_create_or_update(struct key *keyring, 157 struct key *key, 158 const void *payload, 159 size_t plen, 160 unsigned long flags, 161 bool create) {} 162 #endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ 163 164 #ifdef CONFIG_IMA_APPRAISE 165 extern bool is_ima_appraise_enabled(void); 166 extern void ima_inode_post_setattr(struct dentry *dentry); 167 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 168 const void *xattr_value, size_t xattr_value_len); 169 extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); 170 #else 171 static inline bool is_ima_appraise_enabled(void) 172 { 173 return 0; 174 } 175 176 static inline void ima_inode_post_setattr(struct dentry *dentry) 177 { 178 return; 179 } 180 181 static inline int ima_inode_setxattr(struct dentry *dentry, 182 const char *xattr_name, 183 const void *xattr_value, 184 size_t xattr_value_len) 185 { 186 return 0; 187 } 188 189 static inline int ima_inode_removexattr(struct dentry *dentry, 190 const char *xattr_name) 191 { 192 return 0; 193 } 194 #endif /* CONFIG_IMA_APPRAISE */ 195 196 #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) 197 extern bool ima_appraise_signature(enum kernel_read_file_id func); 198 #else 199 static inline bool ima_appraise_signature(enum kernel_read_file_id func) 200 { 201 return false; 202 } 203 #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ 204 #endif /* _LINUX_IMA_H */ 205