Commit | Line | Data |
---|---|---|
b886d83c | 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
6146f0d5 MZ |
2 | /* |
3 | * Copyright (C) 2008 IBM Corporation | |
4 | * Author: Mimi Zohar <zohar@us.ibm.com> | |
6146f0d5 MZ |
5 | */ |
6 | ||
6146f0d5 MZ |
7 | #ifndef _LINUX_IMA_H |
8 | #define _LINUX_IMA_H | |
9 | ||
ed850a52 | 10 | #include <linux/fs.h> |
16c267aa | 11 | #include <linux/security.h> |
7b8589cc | 12 | #include <linux/kexec.h> |
ed850a52 MZ |
13 | struct linux_binprm; |
14 | ||
3323eec9 MZ |
15 | #ifdef CONFIG_IMA |
16 | extern int ima_bprm_check(struct linux_binprm *bprm); | |
6035a27b | 17 | extern int ima_file_check(struct file *file, int mask); |
fdb2410f | 18 | extern void ima_post_create_tmpfile(struct inode *inode); |
3323eec9 MZ |
19 | extern void ima_file_free(struct file *file); |
20 | extern int ima_file_mmap(struct file *file, unsigned long prot); | |
8eb613c0 | 21 | extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot); |
16c267aa | 22 | extern int ima_load_data(enum kernel_load_data_id id); |
39eeb4fb | 23 | extern int ima_read_file(struct file *file, enum kernel_read_file_id id); |
cf222217 MZ |
24 | extern int ima_post_read_file(struct file *file, void *buf, loff_t size, |
25 | enum kernel_read_file_id id); | |
05d1a717 | 26 | extern void ima_post_path_mknod(struct dentry *dentry); |
6beea7af | 27 | extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); |
b0935123 | 28 | extern void ima_kexec_cmdline(const void *buf, int size); |
3323eec9 | 29 | |
7b8589cc MZ |
30 | #ifdef CONFIG_IMA_KEXEC |
31 | extern void ima_add_kexec_buffer(struct kimage *image); | |
32 | #endif | |
33 | ||
9e2b4be3 | 34 | #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT |
0914ade2 | 35 | extern bool arch_ima_get_secureboot(void); |
d958083a | 36 | extern const char * const *arch_get_ima_policy(void); |
0914ade2 NJ |
37 | #else |
38 | static inline bool arch_ima_get_secureboot(void) | |
39 | { | |
40 | return false; | |
41 | } | |
0914ade2 | 42 | |
61917062 NJ |
43 | static inline const char * const *arch_get_ima_policy(void) |
44 | { | |
45 | return NULL; | |
46 | } | |
d958083a | 47 | #endif |
61917062 | 48 | |
3323eec9 | 49 | #else |
6146f0d5 MZ |
50 | static inline int ima_bprm_check(struct linux_binprm *bprm) |
51 | { | |
52 | return 0; | |
53 | } | |
54 | ||
6035a27b | 55 | static inline int ima_file_check(struct file *file, int mask) |
6146f0d5 MZ |
56 | { |
57 | return 0; | |
58 | } | |
59 | ||
fdb2410f MZ |
60 | static inline void ima_post_create_tmpfile(struct inode *inode) |
61 | { | |
62 | } | |
63 | ||
6146f0d5 MZ |
64 | static inline void ima_file_free(struct file *file) |
65 | { | |
66 | return; | |
67 | } | |
68 | ||
69 | static inline int ima_file_mmap(struct file *file, unsigned long prot) | |
70 | { | |
71 | return 0; | |
72 | } | |
9957a504 | 73 | |
8eb613c0 MZ |
74 | static inline int ima_file_mprotect(struct vm_area_struct *vma, |
75 | unsigned long prot) | |
76 | { | |
77 | return 0; | |
78 | } | |
79 | ||
16c267aa MZ |
80 | static inline int ima_load_data(enum kernel_load_data_id id) |
81 | { | |
82 | return 0; | |
83 | } | |
84 | ||
39eeb4fb MZ |
85 | static inline int ima_read_file(struct file *file, enum kernel_read_file_id id) |
86 | { | |
87 | return 0; | |
88 | } | |
89 | ||
cf222217 MZ |
90 | static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, |
91 | enum kernel_read_file_id id) | |
92 | { | |
93 | return 0; | |
94 | } | |
95 | ||
05d1a717 MZ |
96 | static inline void ima_post_path_mknod(struct dentry *dentry) |
97 | { | |
98 | return; | |
99 | } | |
100 | ||
6beea7af FR |
101 | static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) |
102 | { | |
103 | return -EOPNOTSUPP; | |
104 | } | |
105 | ||
b0935123 | 106 | static inline void ima_kexec_cmdline(const void *buf, int size) {} |
e05a4f4f | 107 | #endif /* CONFIG_IMA */ |
9957a504 | 108 | |
7b8589cc MZ |
109 | #ifndef CONFIG_IMA_KEXEC |
110 | struct kimage; | |
111 | ||
112 | static inline void ima_add_kexec_buffer(struct kimage *image) | |
113 | {} | |
114 | #endif | |
115 | ||
ea78979d | 116 | #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS |
cb1aa382 LR |
117 | extern void ima_post_key_create_or_update(struct key *keyring, |
118 | struct key *key, | |
119 | const void *payload, size_t plen, | |
120 | unsigned long flags, bool create); | |
121 | #else | |
122 | static inline void ima_post_key_create_or_update(struct key *keyring, | |
123 | struct key *key, | |
124 | const void *payload, | |
125 | size_t plen, | |
126 | unsigned long flags, | |
127 | bool create) {} | |
ea78979d | 128 | #endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ |
cb1aa382 | 129 | |
9957a504 | 130 | #ifdef CONFIG_IMA_APPRAISE |
6f6723e2 | 131 | extern bool is_ima_appraise_enabled(void); |
9957a504 | 132 | extern void ima_inode_post_setattr(struct dentry *dentry); |
42c63330 MZ |
133 | extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, |
134 | const void *xattr_value, size_t xattr_value_len); | |
135 | extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); | |
9957a504 | 136 | #else |
6f6723e2 MZ |
137 | static inline bool is_ima_appraise_enabled(void) |
138 | { | |
139 | return 0; | |
140 | } | |
141 | ||
9957a504 MZ |
142 | static inline void ima_inode_post_setattr(struct dentry *dentry) |
143 | { | |
144 | return; | |
145 | } | |
42c63330 MZ |
146 | |
147 | static inline int ima_inode_setxattr(struct dentry *dentry, | |
148 | const char *xattr_name, | |
149 | const void *xattr_value, | |
150 | size_t xattr_value_len) | |
151 | { | |
152 | return 0; | |
153 | } | |
154 | ||
155 | static inline int ima_inode_removexattr(struct dentry *dentry, | |
156 | const char *xattr_name) | |
157 | { | |
158 | return 0; | |
159 | } | |
e05a4f4f | 160 | #endif /* CONFIG_IMA_APPRAISE */ |
29d3c1c8 MG |
161 | |
162 | #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) | |
163 | extern bool ima_appraise_signature(enum kernel_read_file_id func); | |
164 | #else | |
165 | static inline bool ima_appraise_signature(enum kernel_read_file_id func) | |
166 | { | |
167 | return false; | |
168 | } | |
169 | #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ | |
6146f0d5 | 170 | #endif /* _LINUX_IMA_H */ |