xref: /linux-6.15/include/linux/ima.h (revision c8a950d0) 
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3  * Copyright (C) 2008 IBM Corporation
4  * Author: Mimi Zohar <[email protected]>
5  */
6 
7 #ifndef _LINUX_IMA_H
8 #define _LINUX_IMA_H
9 
10 #include <linux/kernel_read_file.h>
11 #include <linux/fs.h>
12 #include <linux/security.h>
13 #include <linux/kexec.h>
14 struct linux_binprm;
15 
16 #ifdef CONFIG_IMA
17 extern int ima_bprm_check(struct linux_binprm *bprm);
18 extern int ima_file_check(struct file *file, int mask);
19 extern void ima_post_create_tmpfile(struct inode *inode);
20 extern void ima_file_free(struct file *file);
21 extern int ima_file_mmap(struct file *file, unsigned long prot);
22 extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot);
23 extern int ima_load_data(enum kernel_load_data_id id, bool contents);
24 extern int ima_post_load_data(char *buf, loff_t size,
25 			      enum kernel_load_data_id id, char *description);
26 extern int ima_read_file(struct file *file, enum kernel_read_file_id id,
27 			 bool contents);
28 extern int ima_post_read_file(struct file *file, void *buf, loff_t size,
29 			      enum kernel_read_file_id id);
30 extern void ima_post_path_mknod(struct dentry *dentry);
31 extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
32 extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
33 
34 #ifdef CONFIG_IMA_KEXEC
35 extern void ima_add_kexec_buffer(struct kimage *image);
36 #endif
37 
38 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
39 extern bool arch_ima_get_secureboot(void);
40 extern const char * const *arch_get_ima_policy(void);
41 #else
42 static inline bool arch_ima_get_secureboot(void)
43 {
44 	return false;
45 }
46 
47 static inline const char * const *arch_get_ima_policy(void)
48 {
49 	return NULL;
50 }
51 #endif
52 
53 #else
54 static inline int ima_bprm_check(struct linux_binprm *bprm)
55 {
56 	return 0;
57 }
58 
59 static inline int ima_file_check(struct file *file, int mask)
60 {
61 	return 0;
62 }
63 
64 static inline void ima_post_create_tmpfile(struct inode *inode)
65 {
66 }
67 
68 static inline void ima_file_free(struct file *file)
69 {
70 	return;
71 }
72 
73 static inline int ima_file_mmap(struct file *file, unsigned long prot)
74 {
75 	return 0;
76 }
77 
78 static inline int ima_file_mprotect(struct vm_area_struct *vma,
79 				    unsigned long prot)
80 {
81 	return 0;
82 }
83 
84 static inline int ima_load_data(enum kernel_load_data_id id, bool contents)
85 {
86 	return 0;
87 }
88 
89 static inline int ima_post_load_data(char *buf, loff_t size,
90 				     enum kernel_load_data_id id,
91 				     char *description)
92 {
93 	return 0;
94 }
95 
96 static inline int ima_read_file(struct file *file, enum kernel_read_file_id id,
97 				bool contents)
98 {
99 	return 0;
100 }
101 
102 static inline int ima_post_read_file(struct file *file, void *buf, loff_t size,
103 				     enum kernel_read_file_id id)
104 {
105 	return 0;
106 }
107 
108 static inline void ima_post_path_mknod(struct dentry *dentry)
109 {
110 	return;
111 }
112 
113 static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size)
114 {
115 	return -EOPNOTSUPP;
116 }
117 
118 static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {}
119 #endif /* CONFIG_IMA */
120 
121 #ifndef CONFIG_IMA_KEXEC
122 struct kimage;
123 
124 static inline void ima_add_kexec_buffer(struct kimage *image)
125 {}
126 #endif
127 
128 #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
129 extern void ima_post_key_create_or_update(struct key *keyring,
130 					  struct key *key,
131 					  const void *payload, size_t plen,
132 					  unsigned long flags, bool create);
133 #else
134 static inline void ima_post_key_create_or_update(struct key *keyring,
135 						 struct key *key,
136 						 const void *payload,
137 						 size_t plen,
138 						 unsigned long flags,
139 						 bool create) {}
140 #endif  /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */
141 
142 #ifdef CONFIG_IMA_APPRAISE
143 extern bool is_ima_appraise_enabled(void);
144 extern void ima_inode_post_setattr(struct dentry *dentry);
145 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
146 		       const void *xattr_value, size_t xattr_value_len);
147 extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name);
148 #else
149 static inline bool is_ima_appraise_enabled(void)
150 {
151 	return 0;
152 }
153 
154 static inline void ima_inode_post_setattr(struct dentry *dentry)
155 {
156 	return;
157 }
158 
159 static inline int ima_inode_setxattr(struct dentry *dentry,
160 				     const char *xattr_name,
161 				     const void *xattr_value,
162 				     size_t xattr_value_len)
163 {
164 	return 0;
165 }
166 
167 static inline int ima_inode_removexattr(struct dentry *dentry,
168 					const char *xattr_name)
169 {
170 	return 0;
171 }
172 #endif /* CONFIG_IMA_APPRAISE */
173 
174 #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
175 extern bool ima_appraise_signature(enum kernel_read_file_id func);
176 #else
177 static inline bool ima_appraise_signature(enum kernel_read_file_id func)
178 {
179 	return false;
180 }
181 #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */
182 #endif /* _LINUX_IMA_H */
183