1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Copyright (C) 2008 IBM Corporation 4 * Author: Mimi Zohar <[email protected]> 5 */ 6 7 #ifndef _LINUX_IMA_H 8 #define _LINUX_IMA_H 9 10 #include <linux/kernel_read_file.h> 11 #include <linux/fs.h> 12 #include <linux/security.h> 13 #include <linux/kexec.h> 14 struct linux_binprm; 15 16 #ifdef CONFIG_IMA 17 extern int ima_bprm_check(struct linux_binprm *bprm); 18 extern int ima_file_check(struct file *file, int mask); 19 extern void ima_post_create_tmpfile(struct inode *inode); 20 extern void ima_file_free(struct file *file); 21 extern int ima_file_mmap(struct file *file, unsigned long prot); 22 extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot); 23 extern int ima_load_data(enum kernel_load_data_id id, bool contents); 24 extern int ima_post_load_data(char *buf, loff_t size, 25 enum kernel_load_data_id id, char *description); 26 extern int ima_read_file(struct file *file, enum kernel_read_file_id id, 27 bool contents); 28 extern int ima_post_read_file(struct file *file, void *buf, loff_t size, 29 enum kernel_read_file_id id); 30 extern void ima_post_path_mknod(struct dentry *dentry); 31 extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); 32 extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size); 33 extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size); 34 35 #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM 36 extern void ima_appraise_parse_cmdline(void); 37 #else 38 static inline void ima_appraise_parse_cmdline(void) {} 39 #endif 40 41 #ifdef CONFIG_IMA_KEXEC 42 extern void ima_add_kexec_buffer(struct kimage *image); 43 #endif 44 45 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT 46 extern bool arch_ima_get_secureboot(void); 47 extern const char * const *arch_get_ima_policy(void); 48 #else 49 static inline bool arch_ima_get_secureboot(void) 50 { 51 return false; 52 } 53 54 static inline const char * const *arch_get_ima_policy(void) 55 { 56 return NULL; 57 } 58 #endif 59 60 #else 61 static inline int ima_bprm_check(struct linux_binprm *bprm) 62 { 63 return 0; 64 } 65 66 static inline int ima_file_check(struct file *file, int mask) 67 { 68 return 0; 69 } 70 71 static inline void ima_post_create_tmpfile(struct inode *inode) 72 { 73 } 74 75 static inline void ima_file_free(struct file *file) 76 { 77 return; 78 } 79 80 static inline int ima_file_mmap(struct file *file, unsigned long prot) 81 { 82 return 0; 83 } 84 85 static inline int ima_file_mprotect(struct vm_area_struct *vma, 86 unsigned long prot) 87 { 88 return 0; 89 } 90 91 static inline int ima_load_data(enum kernel_load_data_id id, bool contents) 92 { 93 return 0; 94 } 95 96 static inline int ima_post_load_data(char *buf, loff_t size, 97 enum kernel_load_data_id id, 98 char *description) 99 { 100 return 0; 101 } 102 103 static inline int ima_read_file(struct file *file, enum kernel_read_file_id id, 104 bool contents) 105 { 106 return 0; 107 } 108 109 static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, 110 enum kernel_read_file_id id) 111 { 112 return 0; 113 } 114 115 static inline void ima_post_path_mknod(struct dentry *dentry) 116 { 117 return; 118 } 119 120 static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) 121 { 122 return -EOPNOTSUPP; 123 } 124 125 static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size) 126 { 127 return -EOPNOTSUPP; 128 } 129 130 static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {} 131 #endif /* CONFIG_IMA */ 132 133 #ifndef CONFIG_IMA_KEXEC 134 struct kimage; 135 136 static inline void ima_add_kexec_buffer(struct kimage *image) 137 {} 138 #endif 139 140 #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS 141 extern void ima_post_key_create_or_update(struct key *keyring, 142 struct key *key, 143 const void *payload, size_t plen, 144 unsigned long flags, bool create); 145 #else 146 static inline void ima_post_key_create_or_update(struct key *keyring, 147 struct key *key, 148 const void *payload, 149 size_t plen, 150 unsigned long flags, 151 bool create) {} 152 #endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ 153 154 #ifdef CONFIG_IMA_APPRAISE 155 extern bool is_ima_appraise_enabled(void); 156 extern void ima_inode_post_setattr(struct dentry *dentry); 157 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 158 const void *xattr_value, size_t xattr_value_len); 159 extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); 160 #else 161 static inline bool is_ima_appraise_enabled(void) 162 { 163 return 0; 164 } 165 166 static inline void ima_inode_post_setattr(struct dentry *dentry) 167 { 168 return; 169 } 170 171 static inline int ima_inode_setxattr(struct dentry *dentry, 172 const char *xattr_name, 173 const void *xattr_value, 174 size_t xattr_value_len) 175 { 176 return 0; 177 } 178 179 static inline int ima_inode_removexattr(struct dentry *dentry, 180 const char *xattr_name) 181 { 182 return 0; 183 } 184 #endif /* CONFIG_IMA_APPRAISE */ 185 186 #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) 187 extern bool ima_appraise_signature(enum kernel_read_file_id func); 188 #else 189 static inline bool ima_appraise_signature(enum kernel_read_file_id func) 190 { 191 return false; 192 } 193 #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ 194 #endif /* _LINUX_IMA_H */ 195