xref: /linux-6.15/include/linux/ima.h (revision b64fcae7) 
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3  * Copyright (C) 2008 IBM Corporation
4  * Author: Mimi Zohar <[email protected]>
5  */
6 
7 #ifndef _LINUX_IMA_H
8 #define _LINUX_IMA_H
9 
10 #include <linux/kernel_read_file.h>
11 #include <linux/fs.h>
12 #include <linux/security.h>
13 #include <linux/kexec.h>
14 struct linux_binprm;
15 
16 #ifdef CONFIG_IMA
17 extern int ima_bprm_check(struct linux_binprm *bprm);
18 extern int ima_file_check(struct file *file, int mask);
19 extern void ima_post_create_tmpfile(struct inode *inode);
20 extern void ima_file_free(struct file *file);
21 extern int ima_file_mmap(struct file *file, unsigned long prot);
22 extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot);
23 extern int ima_load_data(enum kernel_load_data_id id, bool contents);
24 extern int ima_post_load_data(char *buf, loff_t size,
25 			      enum kernel_load_data_id id, char *description);
26 extern int ima_read_file(struct file *file, enum kernel_read_file_id id);
27 extern int ima_post_read_file(struct file *file, void *buf, loff_t size,
28 			      enum kernel_read_file_id id);
29 extern void ima_post_path_mknod(struct dentry *dentry);
30 extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
31 extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
32 
33 #ifdef CONFIG_IMA_KEXEC
34 extern void ima_add_kexec_buffer(struct kimage *image);
35 #endif
36 
37 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
38 extern bool arch_ima_get_secureboot(void);
39 extern const char * const *arch_get_ima_policy(void);
40 #else
41 static inline bool arch_ima_get_secureboot(void)
42 {
43 	return false;
44 }
45 
46 static inline const char * const *arch_get_ima_policy(void)
47 {
48 	return NULL;
49 }
50 #endif
51 
52 #else
53 static inline int ima_bprm_check(struct linux_binprm *bprm)
54 {
55 	return 0;
56 }
57 
58 static inline int ima_file_check(struct file *file, int mask)
59 {
60 	return 0;
61 }
62 
63 static inline void ima_post_create_tmpfile(struct inode *inode)
64 {
65 }
66 
67 static inline void ima_file_free(struct file *file)
68 {
69 	return;
70 }
71 
72 static inline int ima_file_mmap(struct file *file, unsigned long prot)
73 {
74 	return 0;
75 }
76 
77 static inline int ima_file_mprotect(struct vm_area_struct *vma,
78 				    unsigned long prot)
79 {
80 	return 0;
81 }
82 
83 static inline int ima_load_data(enum kernel_load_data_id id, bool contents)
84 {
85 	return 0;
86 }
87 
88 static inline int ima_post_load_data(char *buf, loff_t size,
89 				     enum kernel_load_data_id id,
90 				     char *description)
91 {
92 	return 0;
93 }
94 
95 static inline int ima_read_file(struct file *file, enum kernel_read_file_id id)
96 {
97 	return 0;
98 }
99 
100 static inline int ima_post_read_file(struct file *file, void *buf, loff_t size,
101 				     enum kernel_read_file_id id)
102 {
103 	return 0;
104 }
105 
106 static inline void ima_post_path_mknod(struct dentry *dentry)
107 {
108 	return;
109 }
110 
111 static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size)
112 {
113 	return -EOPNOTSUPP;
114 }
115 
116 static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {}
117 #endif /* CONFIG_IMA */
118 
119 #ifndef CONFIG_IMA_KEXEC
120 struct kimage;
121 
122 static inline void ima_add_kexec_buffer(struct kimage *image)
123 {}
124 #endif
125 
126 #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
127 extern void ima_post_key_create_or_update(struct key *keyring,
128 					  struct key *key,
129 					  const void *payload, size_t plen,
130 					  unsigned long flags, bool create);
131 #else
132 static inline void ima_post_key_create_or_update(struct key *keyring,
133 						 struct key *key,
134 						 const void *payload,
135 						 size_t plen,
136 						 unsigned long flags,
137 						 bool create) {}
138 #endif  /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */
139 
140 #ifdef CONFIG_IMA_APPRAISE
141 extern bool is_ima_appraise_enabled(void);
142 extern void ima_inode_post_setattr(struct dentry *dentry);
143 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
144 		       const void *xattr_value, size_t xattr_value_len);
145 extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name);
146 #else
147 static inline bool is_ima_appraise_enabled(void)
148 {
149 	return 0;
150 }
151 
152 static inline void ima_inode_post_setattr(struct dentry *dentry)
153 {
154 	return;
155 }
156 
157 static inline int ima_inode_setxattr(struct dentry *dentry,
158 				     const char *xattr_name,
159 				     const void *xattr_value,
160 				     size_t xattr_value_len)
161 {
162 	return 0;
163 }
164 
165 static inline int ima_inode_removexattr(struct dentry *dentry,
166 					const char *xattr_name)
167 {
168 	return 0;
169 }
170 #endif /* CONFIG_IMA_APPRAISE */
171 
172 #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
173 extern bool ima_appraise_signature(enum kernel_read_file_id func);
174 #else
175 static inline bool ima_appraise_signature(enum kernel_read_file_id func)
176 {
177 	return false;
178 }
179 #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */
180 #endif /* _LINUX_IMA_H */
181