Commit | Line | Data |
---|---|---|
b886d83c | 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
6146f0d5 MZ |
2 | /* |
3 | * Copyright (C) 2008 IBM Corporation | |
4 | * Author: Mimi Zohar <zohar@us.ibm.com> | |
6146f0d5 MZ |
5 | */ |
6 | ||
6146f0d5 MZ |
7 | #ifndef _LINUX_IMA_H |
8 | #define _LINUX_IMA_H | |
9 | ||
b89999d0 | 10 | #include <linux/kernel_read_file.h> |
ed850a52 | 11 | #include <linux/fs.h> |
16c267aa | 12 | #include <linux/security.h> |
7b8589cc | 13 | #include <linux/kexec.h> |
5d1ef2ce | 14 | #include <crypto/hash_info.h> |
ed850a52 MZ |
15 | struct linux_binprm; |
16 | ||
3323eec9 | 17 | #ifdef CONFIG_IMA |
5d1ef2ce | 18 | extern enum hash_algo ima_get_current_hash_algo(void); |
3323eec9 | 19 | extern int ima_bprm_check(struct linux_binprm *bprm); |
6035a27b | 20 | extern int ima_file_check(struct file *file, int mask); |
39f60c1c | 21 | extern void ima_post_create_tmpfile(struct mnt_idmap *idmap, |
a2d2329e | 22 | struct inode *inode); |
3323eec9 | 23 | extern void ima_file_free(struct file *file); |
4971c268 RS |
24 | extern int ima_file_mmap(struct file *file, unsigned long reqprot, |
25 | unsigned long prot, unsigned long flags); | |
8eb613c0 | 26 | extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot); |
b64fcae7 KC |
27 | extern int ima_load_data(enum kernel_load_data_id id, bool contents); |
28 | extern int ima_post_load_data(char *buf, loff_t size, | |
29 | enum kernel_load_data_id id, char *description); | |
2039bda1 KC |
30 | extern int ima_read_file(struct file *file, enum kernel_read_file_id id, |
31 | bool contents); | |
cf222217 MZ |
32 | extern int ima_post_read_file(struct file *file, void *buf, loff_t size, |
33 | enum kernel_read_file_id id); | |
39f60c1c | 34 | extern void ima_post_path_mknod(struct mnt_idmap *idmap, |
a2d2329e | 35 | struct dentry *dentry); |
6beea7af | 36 | extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); |
403319be | 37 | extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size); |
4834177e | 38 | extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size); |
ce5bb5a8 RS |
39 | extern int ima_measure_critical_data(const char *event_label, |
40 | const char *event_name, | |
41 | const void *buf, size_t buf_len, | |
ca3c9bdb | 42 | bool hash, u8 *digest, size_t digest_len); |
3323eec9 | 43 | |
b000d5cb AB |
44 | #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM |
45 | extern void ima_appraise_parse_cmdline(void); | |
46 | #else | |
47 | static inline void ima_appraise_parse_cmdline(void) {} | |
48 | #endif | |
49 | ||
7b8589cc MZ |
50 | #ifdef CONFIG_IMA_KEXEC |
51 | extern void ima_add_kexec_buffer(struct kimage *image); | |
52 | #endif | |
53 | ||
3323eec9 | 54 | #else |
5d1ef2ce RS |
55 | static inline enum hash_algo ima_get_current_hash_algo(void) |
56 | { | |
57 | return HASH_ALGO__LAST; | |
58 | } | |
59 | ||
6146f0d5 MZ |
60 | static inline int ima_bprm_check(struct linux_binprm *bprm) |
61 | { | |
62 | return 0; | |
63 | } | |
64 | ||
6035a27b | 65 | static inline int ima_file_check(struct file *file, int mask) |
6146f0d5 MZ |
66 | { |
67 | return 0; | |
68 | } | |
69 | ||
39f60c1c | 70 | static inline void ima_post_create_tmpfile(struct mnt_idmap *idmap, |
a2d2329e | 71 | struct inode *inode) |
fdb2410f MZ |
72 | { |
73 | } | |
74 | ||
6146f0d5 MZ |
75 | static inline void ima_file_free(struct file *file) |
76 | { | |
77 | return; | |
78 | } | |
79 | ||
4971c268 RS |
80 | static inline int ima_file_mmap(struct file *file, unsigned long reqprot, |
81 | unsigned long prot, unsigned long flags) | |
6146f0d5 MZ |
82 | { |
83 | return 0; | |
84 | } | |
9957a504 | 85 | |
8eb613c0 MZ |
86 | static inline int ima_file_mprotect(struct vm_area_struct *vma, |
87 | unsigned long prot) | |
88 | { | |
89 | return 0; | |
90 | } | |
91 | ||
b64fcae7 KC |
92 | static inline int ima_load_data(enum kernel_load_data_id id, bool contents) |
93 | { | |
94 | return 0; | |
95 | } | |
96 | ||
97 | static inline int ima_post_load_data(char *buf, loff_t size, | |
98 | enum kernel_load_data_id id, | |
99 | char *description) | |
16c267aa MZ |
100 | { |
101 | return 0; | |
102 | } | |
103 | ||
2039bda1 KC |
104 | static inline int ima_read_file(struct file *file, enum kernel_read_file_id id, |
105 | bool contents) | |
39eeb4fb MZ |
106 | { |
107 | return 0; | |
108 | } | |
109 | ||
cf222217 MZ |
110 | static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, |
111 | enum kernel_read_file_id id) | |
112 | { | |
113 | return 0; | |
114 | } | |
115 | ||
39f60c1c | 116 | static inline void ima_post_path_mknod(struct mnt_idmap *idmap, |
a2d2329e | 117 | struct dentry *dentry) |
05d1a717 MZ |
118 | { |
119 | return; | |
120 | } | |
121 | ||
6beea7af FR |
122 | static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) |
123 | { | |
124 | return -EOPNOTSUPP; | |
125 | } | |
126 | ||
403319be KS |
127 | static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size) |
128 | { | |
129 | return -EOPNOTSUPP; | |
130 | } | |
131 | ||
4834177e | 132 | static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {} |
d6e64501 | 133 | |
ce5bb5a8 | 134 | static inline int ima_measure_critical_data(const char *event_label, |
9f5d7d23 | 135 | const char *event_name, |
d6e64501 | 136 | const void *buf, size_t buf_len, |
ca3c9bdb RS |
137 | bool hash, u8 *digest, |
138 | size_t digest_len) | |
ce5bb5a8 RS |
139 | { |
140 | return -ENOENT; | |
141 | } | |
9f5d7d23 | 142 | |
e05a4f4f | 143 | #endif /* CONFIG_IMA */ |
9957a504 | 144 | |
b69a2afd JM |
145 | #ifdef CONFIG_HAVE_IMA_KEXEC |
146 | int __init ima_free_kexec_buffer(void); | |
147 | int __init ima_get_kexec_buffer(void **addr, size_t *size); | |
148 | #endif | |
149 | ||
54bf7fa3 TI |
150 | #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT |
151 | extern bool arch_ima_get_secureboot(void); | |
152 | extern const char * const *arch_get_ima_policy(void); | |
153 | #else | |
154 | static inline bool arch_ima_get_secureboot(void) | |
155 | { | |
156 | return false; | |
157 | } | |
158 | ||
159 | static inline const char * const *arch_get_ima_policy(void) | |
160 | { | |
161 | return NULL; | |
162 | } | |
163 | #endif | |
164 | ||
7b8589cc MZ |
165 | #ifndef CONFIG_IMA_KEXEC |
166 | struct kimage; | |
167 | ||
168 | static inline void ima_add_kexec_buffer(struct kimage *image) | |
169 | {} | |
170 | #endif | |
171 | ||
ea78979d | 172 | #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS |
cb1aa382 LR |
173 | extern void ima_post_key_create_or_update(struct key *keyring, |
174 | struct key *key, | |
175 | const void *payload, size_t plen, | |
176 | unsigned long flags, bool create); | |
177 | #else | |
178 | static inline void ima_post_key_create_or_update(struct key *keyring, | |
179 | struct key *key, | |
180 | const void *payload, | |
181 | size_t plen, | |
182 | unsigned long flags, | |
183 | bool create) {} | |
ea78979d | 184 | #endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ |
cb1aa382 | 185 | |
9957a504 | 186 | #ifdef CONFIG_IMA_APPRAISE |
6f6723e2 | 187 | extern bool is_ima_appraise_enabled(void); |
39f60c1c | 188 | extern void ima_inode_post_setattr(struct mnt_idmap *idmap, |
a2d2329e | 189 | struct dentry *dentry); |
42c63330 MZ |
190 | extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, |
191 | const void *xattr_value, size_t xattr_value_len); | |
700b7940 | 192 | extern int ima_inode_set_acl(struct mnt_idmap *idmap, |
e61b135f CB |
193 | struct dentry *dentry, const char *acl_name, |
194 | struct posix_acl *kacl); | |
700b7940 | 195 | static inline int ima_inode_remove_acl(struct mnt_idmap *idmap, |
e61b135f CB |
196 | struct dentry *dentry, |
197 | const char *acl_name) | |
198 | { | |
700b7940 | 199 | return ima_inode_set_acl(idmap, dentry, acl_name, NULL); |
e61b135f | 200 | } |
42c63330 | 201 | extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); |
9957a504 | 202 | #else |
6f6723e2 MZ |
203 | static inline bool is_ima_appraise_enabled(void) |
204 | { | |
205 | return 0; | |
206 | } | |
207 | ||
39f60c1c | 208 | static inline void ima_inode_post_setattr(struct mnt_idmap *idmap, |
a2d2329e | 209 | struct dentry *dentry) |
9957a504 MZ |
210 | { |
211 | return; | |
212 | } | |
42c63330 MZ |
213 | |
214 | static inline int ima_inode_setxattr(struct dentry *dentry, | |
215 | const char *xattr_name, | |
216 | const void *xattr_value, | |
217 | size_t xattr_value_len) | |
218 | { | |
219 | return 0; | |
220 | } | |
221 | ||
700b7940 | 222 | static inline int ima_inode_set_acl(struct mnt_idmap *idmap, |
e61b135f CB |
223 | struct dentry *dentry, const char *acl_name, |
224 | struct posix_acl *kacl) | |
225 | { | |
226 | ||
227 | return 0; | |
228 | } | |
229 | ||
42c63330 MZ |
230 | static inline int ima_inode_removexattr(struct dentry *dentry, |
231 | const char *xattr_name) | |
232 | { | |
233 | return 0; | |
234 | } | |
e61b135f | 235 | |
700b7940 | 236 | static inline int ima_inode_remove_acl(struct mnt_idmap *idmap, |
e61b135f CB |
237 | struct dentry *dentry, |
238 | const char *acl_name) | |
239 | { | |
240 | return 0; | |
241 | } | |
e05a4f4f | 242 | #endif /* CONFIG_IMA_APPRAISE */ |
29d3c1c8 MG |
243 | |
244 | #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) | |
245 | extern bool ima_appraise_signature(enum kernel_read_file_id func); | |
246 | #else | |
247 | static inline bool ima_appraise_signature(enum kernel_read_file_id func) | |
248 | { | |
249 | return false; | |
250 | } | |
251 | #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ | |
6146f0d5 | 252 | #endif /* _LINUX_IMA_H */ |