1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Copyright (C) 2008 IBM Corporation 4 * Author: Mimi Zohar <[email protected]> 5 */ 6 7 #ifndef _LINUX_IMA_H 8 #define _LINUX_IMA_H 9 10 #include <linux/fs.h> 11 #include <linux/security.h> 12 #include <linux/kexec.h> 13 struct linux_binprm; 14 15 #ifdef CONFIG_IMA 16 extern int ima_bprm_check(struct linux_binprm *bprm); 17 extern int ima_file_check(struct file *file, int mask); 18 extern void ima_post_create_tmpfile(struct inode *inode); 19 extern void ima_file_free(struct file *file); 20 extern int ima_file_mmap(struct file *file, unsigned long prot); 21 extern int ima_load_data(enum kernel_load_data_id id); 22 extern int ima_read_file(struct file *file, enum kernel_read_file_id id); 23 extern int ima_post_read_file(struct file *file, void *buf, loff_t size, 24 enum kernel_read_file_id id); 25 extern void ima_post_path_mknod(struct dentry *dentry); 26 27 #ifdef CONFIG_IMA_KEXEC 28 extern void ima_add_kexec_buffer(struct kimage *image); 29 #endif 30 31 #if (defined(CONFIG_X86) && defined(CONFIG_EFI)) || defined(CONFIG_S390) 32 extern bool arch_ima_get_secureboot(void); 33 extern const char * const *arch_get_ima_policy(void); 34 #else 35 static inline bool arch_ima_get_secureboot(void) 36 { 37 return false; 38 } 39 40 static inline const char * const *arch_get_ima_policy(void) 41 { 42 return NULL; 43 } 44 #endif 45 46 #else 47 static inline int ima_bprm_check(struct linux_binprm *bprm) 48 { 49 return 0; 50 } 51 52 static inline int ima_file_check(struct file *file, int mask) 53 { 54 return 0; 55 } 56 57 static inline void ima_post_create_tmpfile(struct inode *inode) 58 { 59 } 60 61 static inline void ima_file_free(struct file *file) 62 { 63 return; 64 } 65 66 static inline int ima_file_mmap(struct file *file, unsigned long prot) 67 { 68 return 0; 69 } 70 71 static inline int ima_load_data(enum kernel_load_data_id id) 72 { 73 return 0; 74 } 75 76 static inline int ima_read_file(struct file *file, enum kernel_read_file_id id) 77 { 78 return 0; 79 } 80 81 static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, 82 enum kernel_read_file_id id) 83 { 84 return 0; 85 } 86 87 static inline void ima_post_path_mknod(struct dentry *dentry) 88 { 89 return; 90 } 91 92 #endif /* CONFIG_IMA */ 93 94 #ifndef CONFIG_IMA_KEXEC 95 struct kimage; 96 97 static inline void ima_add_kexec_buffer(struct kimage *image) 98 {} 99 #endif 100 101 #ifdef CONFIG_IMA_APPRAISE 102 extern bool is_ima_appraise_enabled(void); 103 extern void ima_inode_post_setattr(struct dentry *dentry); 104 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 105 const void *xattr_value, size_t xattr_value_len); 106 extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); 107 #else 108 static inline bool is_ima_appraise_enabled(void) 109 { 110 return 0; 111 } 112 113 static inline void ima_inode_post_setattr(struct dentry *dentry) 114 { 115 return; 116 } 117 118 static inline int ima_inode_setxattr(struct dentry *dentry, 119 const char *xattr_name, 120 const void *xattr_value, 121 size_t xattr_value_len) 122 { 123 return 0; 124 } 125 126 static inline int ima_inode_removexattr(struct dentry *dentry, 127 const char *xattr_name) 128 { 129 return 0; 130 } 131 #endif /* CONFIG_IMA_APPRAISE */ 132 #endif /* _LINUX_IMA_H */ 133