1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Copyright (C) 2008 IBM Corporation 4 * Author: Mimi Zohar <[email protected]> 5 */ 6 7 #ifndef _LINUX_IMA_H 8 #define _LINUX_IMA_H 9 10 #include <linux/kernel_read_file.h> 11 #include <linux/fs.h> 12 #include <linux/security.h> 13 #include <linux/kexec.h> 14 struct linux_binprm; 15 16 #ifdef CONFIG_IMA 17 extern int ima_bprm_check(struct linux_binprm *bprm); 18 extern int ima_file_check(struct file *file, int mask); 19 extern void ima_post_create_tmpfile(struct inode *inode); 20 extern void ima_file_free(struct file *file); 21 extern int ima_file_mmap(struct file *file, unsigned long prot); 22 extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot); 23 extern int ima_load_data(enum kernel_load_data_id id, bool contents); 24 extern int ima_post_load_data(char *buf, loff_t size, 25 enum kernel_load_data_id id, char *description); 26 extern int ima_read_file(struct file *file, enum kernel_read_file_id id, 27 bool contents); 28 extern int ima_post_read_file(struct file *file, void *buf, loff_t size, 29 enum kernel_read_file_id id); 30 extern void ima_post_path_mknod(struct dentry *dentry); 31 extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); 32 extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size); 33 extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size); 34 extern void ima_measure_critical_data(const char *event_name, 35 const void *buf, size_t buf_len, 36 bool hash); 37 38 #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM 39 extern void ima_appraise_parse_cmdline(void); 40 #else 41 static inline void ima_appraise_parse_cmdline(void) {} 42 #endif 43 44 #ifdef CONFIG_IMA_KEXEC 45 extern void ima_add_kexec_buffer(struct kimage *image); 46 #endif 47 48 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT 49 extern bool arch_ima_get_secureboot(void); 50 extern const char * const *arch_get_ima_policy(void); 51 #else 52 static inline bool arch_ima_get_secureboot(void) 53 { 54 return false; 55 } 56 57 static inline const char * const *arch_get_ima_policy(void) 58 { 59 return NULL; 60 } 61 #endif 62 63 #else 64 static inline int ima_bprm_check(struct linux_binprm *bprm) 65 { 66 return 0; 67 } 68 69 static inline int ima_file_check(struct file *file, int mask) 70 { 71 return 0; 72 } 73 74 static inline void ima_post_create_tmpfile(struct inode *inode) 75 { 76 } 77 78 static inline void ima_file_free(struct file *file) 79 { 80 return; 81 } 82 83 static inline int ima_file_mmap(struct file *file, unsigned long prot) 84 { 85 return 0; 86 } 87 88 static inline int ima_file_mprotect(struct vm_area_struct *vma, 89 unsigned long prot) 90 { 91 return 0; 92 } 93 94 static inline int ima_load_data(enum kernel_load_data_id id, bool contents) 95 { 96 return 0; 97 } 98 99 static inline int ima_post_load_data(char *buf, loff_t size, 100 enum kernel_load_data_id id, 101 char *description) 102 { 103 return 0; 104 } 105 106 static inline int ima_read_file(struct file *file, enum kernel_read_file_id id, 107 bool contents) 108 { 109 return 0; 110 } 111 112 static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, 113 enum kernel_read_file_id id) 114 { 115 return 0; 116 } 117 118 static inline void ima_post_path_mknod(struct dentry *dentry) 119 { 120 return; 121 } 122 123 static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) 124 { 125 return -EOPNOTSUPP; 126 } 127 128 static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size) 129 { 130 return -EOPNOTSUPP; 131 } 132 133 static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {} 134 135 static inline void ima_measure_critical_data(const char *event_name, 136 const void *buf, size_t buf_len, 137 bool hash) {} 138 #endif /* CONFIG_IMA */ 139 140 #ifndef CONFIG_IMA_KEXEC 141 struct kimage; 142 143 static inline void ima_add_kexec_buffer(struct kimage *image) 144 {} 145 #endif 146 147 #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS 148 extern void ima_post_key_create_or_update(struct key *keyring, 149 struct key *key, 150 const void *payload, size_t plen, 151 unsigned long flags, bool create); 152 #else 153 static inline void ima_post_key_create_or_update(struct key *keyring, 154 struct key *key, 155 const void *payload, 156 size_t plen, 157 unsigned long flags, 158 bool create) {} 159 #endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ 160 161 #ifdef CONFIG_IMA_APPRAISE 162 extern bool is_ima_appraise_enabled(void); 163 extern void ima_inode_post_setattr(struct dentry *dentry); 164 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 165 const void *xattr_value, size_t xattr_value_len); 166 extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); 167 #else 168 static inline bool is_ima_appraise_enabled(void) 169 { 170 return 0; 171 } 172 173 static inline void ima_inode_post_setattr(struct dentry *dentry) 174 { 175 return; 176 } 177 178 static inline int ima_inode_setxattr(struct dentry *dentry, 179 const char *xattr_name, 180 const void *xattr_value, 181 size_t xattr_value_len) 182 { 183 return 0; 184 } 185 186 static inline int ima_inode_removexattr(struct dentry *dentry, 187 const char *xattr_name) 188 { 189 return 0; 190 } 191 #endif /* CONFIG_IMA_APPRAISE */ 192 193 #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) 194 extern bool ima_appraise_signature(enum kernel_read_file_id func); 195 #else 196 static inline bool ima_appraise_signature(enum kernel_read_file_id func) 197 { 198 return false; 199 } 200 #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ 201 #endif /* _LINUX_IMA_H */ 202