[linux-block.git] / include / linux / ima.h

/* SPDX-License-Identifier: GPL-2.0-only */
/*
 * Copyright (C) 2008 IBM Corporation
 * Author: Mimi Zohar <zohar@us.ibm.com>
 */

#ifndef _LINUX_IMA_H
#define _LINUX_IMA_H

#include <linux/fs.h>
#include <linux/security.h>
#include <linux/kexec.h>
struct linux_binprm;

#ifdef CONFIG_IMA
extern int ima_bprm_check(struct linux_binprm *bprm);
extern int ima_file_check(struct file *file, int mask);
extern void ima_post_create_tmpfile(struct inode *inode);
extern void ima_file_free(struct file *file);
extern int ima_file_mmap(struct file *file, unsigned long prot);
extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot);
extern int ima_load_data(enum kernel_load_data_id id);
extern int ima_read_file(struct file *file, enum kernel_read_file_id id);
extern int ima_post_read_file(struct file *file, void *buf, loff_t size,
			      enum kernel_read_file_id id);
extern void ima_post_path_mknod(struct dentry *dentry);
extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
extern void ima_kexec_cmdline(const void *buf, int size);

#ifdef CONFIG_IMA_KEXEC
extern void ima_add_kexec_buffer(struct kimage *image);
#endif

#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
extern bool arch_ima_get_secureboot(void);
extern const char * const *arch_get_ima_policy(void);
#else
static inline bool arch_ima_get_secureboot(void)
{
	return false;
}

static inline const char * const *arch_get_ima_policy(void)
{
	return NULL;
}
#endif

#else
static inline int ima_bprm_check(struct linux_binprm *bprm)
{
	return 0;
}

static inline int ima_file_check(struct file *file, int mask)
{
	return 0;
}

static inline void ima_post_create_tmpfile(struct inode *inode)
{
}

static inline void ima_file_free(struct file *file)
{
	return;
}

static inline int ima_file_mmap(struct file *file, unsigned long prot)
{
	return 0;
}

static inline int ima_file_mprotect(struct vm_area_struct *vma,
				    unsigned long prot)
{
	return 0;
}

static inline int ima_load_data(enum kernel_load_data_id id)
{
	return 0;
}

static inline int ima_read_file(struct file *file, enum kernel_read_file_id id)
{
	return 0;
}

static inline int ima_post_read_file(struct file *file, void *buf, loff_t size,
				     enum kernel_read_file_id id)
{
	return 0;
}

static inline void ima_post_path_mknod(struct dentry *dentry)
{
	return;
}

static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size)
{
	return -EOPNOTSUPP;
}

static inline void ima_kexec_cmdline(const void *buf, int size) {}
#endif /* CONFIG_IMA */

#ifndef CONFIG_IMA_KEXEC
struct kimage;

static inline void ima_add_kexec_buffer(struct kimage *image)
{}
#endif

#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
extern void ima_post_key_create_or_update(struct key *keyring,
					  struct key *key,
					  const void *payload, size_t plen,
					  unsigned long flags, bool create);
#else
static inline void ima_post_key_create_or_update(struct key *keyring,
						 struct key *key,
						 const void *payload,
						 size_t plen,
						 unsigned long flags,
						 bool create) {}
#endif  /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */

#ifdef CONFIG_IMA_APPRAISE
extern bool is_ima_appraise_enabled(void);
extern void ima_inode_post_setattr(struct dentry *dentry);
extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
		       const void *xattr_value, size_t xattr_value_len);
extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name);
#else
static inline bool is_ima_appraise_enabled(void)
{
	return 0;
}

static inline void ima_inode_post_setattr(struct dentry *dentry)
{
	return;
}

static inline int ima_inode_setxattr(struct dentry *dentry,
				     const char *xattr_name,
				     const void *xattr_value,
				     size_t xattr_value_len)
{
	return 0;
}

static inline int ima_inode_removexattr(struct dentry *dentry,
					const char *xattr_name)
{
	return 0;
}
#endif /* CONFIG_IMA_APPRAISE */

#if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
extern bool ima_appraise_signature(enum kernel_read_file_id func);
#else
static inline bool ima_appraise_signature(enum kernel_read_file_id func)
{
	return false;
}
#endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */
#endif /* _LINUX_IMA_H */
Commit	Line	Data
b886d83c	1	/* SPDX-License-Identifier: GPL-2.0-only */
6146f0d5 MZ	2	/*
	3	* Copyright (C) 2008 IBM Corporation
	4	* Author: Mimi Zohar <zohar@us.ibm.com>
6146f0d5 MZ	5	*/
6146f0d5 MZ	6
6146f0d5 MZ	7	#ifndef _LINUX_IMA_H
	8	#define _LINUX_IMA_H
	9
ed850a52	10	#include <linux/fs.h>
16c267aa	11	#include <linux/security.h>
7b8589cc	12	#include <linux/kexec.h>
ed850a52 MZ	13	struct linux_binprm;
ed850a52 MZ	14
3323eec9 MZ	15	#ifdef CONFIG_IMA
3323eec9 MZ	16	extern int ima_bprm_check(struct linux_binprm *bprm);
6035a27b	17	extern int ima_file_check(struct file *file, int mask);
fdb2410f	18	extern void ima_post_create_tmpfile(struct inode *inode);
3323eec9 MZ	19	extern void ima_file_free(struct file *file);
3323eec9 MZ	20	extern int ima_file_mmap(struct file *file, unsigned long prot);
8eb613c0	21	extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot);
16c267aa	22	extern int ima_load_data(enum kernel_load_data_id id);
39eeb4fb	23	extern int ima_read_file(struct file *file, enum kernel_read_file_id id);
cf222217 MZ	24	extern int ima_post_read_file(struct file file, void buf, loff_t size,
cf222217 MZ	25	enum kernel_read_file_id id);
05d1a717	26	extern void ima_post_path_mknod(struct dentry *dentry);
6beea7af	27	extern int ima_file_hash(struct file file, char buf, size_t buf_size);
b0935123	28	extern void ima_kexec_cmdline(const void *buf, int size);
3323eec9	29
7b8589cc MZ	30	#ifdef CONFIG_IMA_KEXEC
	31	extern void ima_add_kexec_buffer(struct kimage *image);
	32	#endif
	33
9e2b4be3	34	#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
0914ade2	35	extern bool arch_ima_get_secureboot(void);
d958083a	36	extern const char * const *arch_get_ima_policy(void);
0914ade2 NJ	37	#else
	38	static inline bool arch_ima_get_secureboot(void)
	39	{
	40	return false;
	41	}
0914ade2	42
61917062 NJ	43	static inline const char * const *arch_get_ima_policy(void)
	44	{
	45	return NULL;
	46	}
d958083a	47	#endif
61917062	48
3323eec9	49	#else
6146f0d5 MZ	50	static inline int ima_bprm_check(struct linux_binprm *bprm)
	51	{
	52	return 0;
	53	}
	54
6035a27b	55	static inline int ima_file_check(struct file *file, int mask)
6146f0d5 MZ	56	{
	57	return 0;
	58	}
	59
fdb2410f MZ	60	static inline void ima_post_create_tmpfile(struct inode *inode)
	61	{
	62	}
	63
6146f0d5 MZ	64	static inline void ima_file_free(struct file *file)
	65	{
	66	return;
	67	}
	68
	69	static inline int ima_file_mmap(struct file *file, unsigned long prot)
	70	{
	71	return 0;
	72	}
9957a504	73
8eb613c0 MZ	74	static inline int ima_file_mprotect(struct vm_area_struct *vma,
	75	unsigned long prot)
	76	{
	77	return 0;
	78	}
	79
16c267aa MZ	80	static inline int ima_load_data(enum kernel_load_data_id id)
	81	{
	82	return 0;
	83	}
	84
39eeb4fb MZ	85	static inline int ima_read_file(struct file *file, enum kernel_read_file_id id)
	86	{
	87	return 0;
	88	}
	89
cf222217 MZ	90	static inline int ima_post_read_file(struct file file, void buf, loff_t size,
	91	enum kernel_read_file_id id)
	92	{
	93	return 0;
	94	}
	95
05d1a717 MZ	96	static inline void ima_post_path_mknod(struct dentry *dentry)
	97	{
	98	return;
	99	}
	100
6beea7af FR	101	static inline int ima_file_hash(struct file file, char buf, size_t buf_size)
	102	{
	103	return -EOPNOTSUPP;
	104	}
	105
b0935123	106	static inline void ima_kexec_cmdline(const void *buf, int size) {}
e05a4f4f	107	#endif /* CONFIG_IMA */
9957a504	108
7b8589cc MZ	109	#ifndef CONFIG_IMA_KEXEC
	110	struct kimage;
	111
	112	static inline void ima_add_kexec_buffer(struct kimage *image)
	113	{}
	114	#endif
	115
ea78979d	116	#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
cb1aa382 LR	117	extern void ima_post_key_create_or_update(struct key *keyring,
	118	struct key *key,
	119	const void *payload, size_t plen,
	120	unsigned long flags, bool create);
	121	#else
	122	static inline void ima_post_key_create_or_update(struct key *keyring,
	123	struct key *key,
	124	const void *payload,
	125	size_t plen,
	126	unsigned long flags,
	127	bool create) {}
ea78979d	128	#endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */
cb1aa382	129
9957a504	130	#ifdef CONFIG_IMA_APPRAISE
6f6723e2	131	extern bool is_ima_appraise_enabled(void);
9957a504	132	extern void ima_inode_post_setattr(struct dentry *dentry);
42c63330 MZ	133	extern int ima_inode_setxattr(struct dentry dentry, const char xattr_name,
	134	const void *xattr_value, size_t xattr_value_len);
	135	extern int ima_inode_removexattr(struct dentry dentry, const char xattr_name);
9957a504	136	#else
6f6723e2 MZ	137	static inline bool is_ima_appraise_enabled(void)
	138	{
	139	return 0;
	140	}
	141
9957a504 MZ	142	static inline void ima_inode_post_setattr(struct dentry *dentry)
	143	{
	144	return;
	145	}
42c63330 MZ	146
	147	static inline int ima_inode_setxattr(struct dentry *dentry,
	148	const char *xattr_name,
	149	const void *xattr_value,
	150	size_t xattr_value_len)
	151	{
	152	return 0;
	153	}
	154
	155	static inline int ima_inode_removexattr(struct dentry *dentry,
	156	const char *xattr_name)
	157	{
	158	return 0;
	159	}
e05a4f4f	160	#endif /* CONFIG_IMA_APPRAISE */
29d3c1c8 MG	161
	162	#if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
	163	extern bool ima_appraise_signature(enum kernel_read_file_id func);
	164	#else
	165	static inline bool ima_appraise_signature(enum kernel_read_file_id func)
	166	{
	167	return false;
	168	}
	169	#endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */
6146f0d5	170	#endif /* _LINUX_IMA_H */