0001
0002
0003
0004
0005
0006
0007 #ifndef _LINUX_IMA_H
0008 #define _LINUX_IMA_H
0009
0010 #include <linux/kernel_read_file.h>
0011 #include <linux/fs.h>
0012 #include <linux/security.h>
0013 #include <linux/kexec.h>
0014 #include <crypto/hash_info.h>
0015 struct linux_binprm;
0016
0017 #ifdef CONFIG_IMA
0018 extern enum hash_algo ima_get_current_hash_algo(void);
0019 extern int ima_bprm_check(struct linux_binprm *bprm);
0020 extern int ima_file_check(struct file *file, int mask);
0021 extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
0022 struct inode *inode);
0023 extern void ima_file_free(struct file *file);
0024 extern int ima_file_mmap(struct file *file, unsigned long prot);
0025 extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot);
0026 extern int ima_load_data(enum kernel_load_data_id id, bool contents);
0027 extern int ima_post_load_data(char *buf, loff_t size,
0028 enum kernel_load_data_id id, char *description);
0029 extern int ima_read_file(struct file *file, enum kernel_read_file_id id,
0030 bool contents);
0031 extern int ima_post_read_file(struct file *file, void *buf, loff_t size,
0032 enum kernel_read_file_id id);
0033 extern void ima_post_path_mknod(struct user_namespace *mnt_userns,
0034 struct dentry *dentry);
0035 extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
0036 extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size);
0037 extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
0038 extern int ima_measure_critical_data(const char *event_label,
0039 const char *event_name,
0040 const void *buf, size_t buf_len,
0041 bool hash, u8 *digest, size_t digest_len);
0042
0043 #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
0044 extern void ima_appraise_parse_cmdline(void);
0045 #else
0046 static inline void ima_appraise_parse_cmdline(void) {}
0047 #endif
0048
0049 #ifdef CONFIG_IMA_KEXEC
0050 extern void ima_add_kexec_buffer(struct kimage *image);
0051 #endif
0052
0053 #else
0054 static inline enum hash_algo ima_get_current_hash_algo(void)
0055 {
0056 return HASH_ALGO__LAST;
0057 }
0058
0059 static inline int ima_bprm_check(struct linux_binprm *bprm)
0060 {
0061 return 0;
0062 }
0063
0064 static inline int ima_file_check(struct file *file, int mask)
0065 {
0066 return 0;
0067 }
0068
0069 static inline void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
0070 struct inode *inode)
0071 {
0072 }
0073
0074 static inline void ima_file_free(struct file *file)
0075 {
0076 return;
0077 }
0078
0079 static inline int ima_file_mmap(struct file *file, unsigned long prot)
0080 {
0081 return 0;
0082 }
0083
0084 static inline int ima_file_mprotect(struct vm_area_struct *vma,
0085 unsigned long prot)
0086 {
0087 return 0;
0088 }
0089
0090 static inline int ima_load_data(enum kernel_load_data_id id, bool contents)
0091 {
0092 return 0;
0093 }
0094
0095 static inline int ima_post_load_data(char *buf, loff_t size,
0096 enum kernel_load_data_id id,
0097 char *description)
0098 {
0099 return 0;
0100 }
0101
0102 static inline int ima_read_file(struct file *file, enum kernel_read_file_id id,
0103 bool contents)
0104 {
0105 return 0;
0106 }
0107
0108 static inline int ima_post_read_file(struct file *file, void *buf, loff_t size,
0109 enum kernel_read_file_id id)
0110 {
0111 return 0;
0112 }
0113
0114 static inline void ima_post_path_mknod(struct user_namespace *mnt_userns,
0115 struct dentry *dentry)
0116 {
0117 return;
0118 }
0119
0120 static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size)
0121 {
0122 return -EOPNOTSUPP;
0123 }
0124
0125 static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size)
0126 {
0127 return -EOPNOTSUPP;
0128 }
0129
0130 static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {}
0131
0132 static inline int ima_measure_critical_data(const char *event_label,
0133 const char *event_name,
0134 const void *buf, size_t buf_len,
0135 bool hash, u8 *digest,
0136 size_t digest_len)
0137 {
0138 return -ENOENT;
0139 }
0140
0141 #endif
0142
0143 #ifdef CONFIG_HAVE_IMA_KEXEC
0144 int __init ima_free_kexec_buffer(void);
0145 int __init ima_get_kexec_buffer(void **addr, size_t *size);
0146 #endif
0147
0148 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
0149 extern bool arch_ima_get_secureboot(void);
0150 extern const char * const *arch_get_ima_policy(void);
0151 #else
0152 static inline bool arch_ima_get_secureboot(void)
0153 {
0154 return false;
0155 }
0156
0157 static inline const char * const *arch_get_ima_policy(void)
0158 {
0159 return NULL;
0160 }
0161 #endif
0162
0163 #ifndef CONFIG_IMA_KEXEC
0164 struct kimage;
0165
0166 static inline void ima_add_kexec_buffer(struct kimage *image)
0167 {}
0168 #endif
0169
0170 #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
0171 extern void ima_post_key_create_or_update(struct key *keyring,
0172 struct key *key,
0173 const void *payload, size_t plen,
0174 unsigned long flags, bool create);
0175 #else
0176 static inline void ima_post_key_create_or_update(struct key *keyring,
0177 struct key *key,
0178 const void *payload,
0179 size_t plen,
0180 unsigned long flags,
0181 bool create) {}
0182 #endif
0183
0184 #ifdef CONFIG_IMA_APPRAISE
0185 extern bool is_ima_appraise_enabled(void);
0186 extern void ima_inode_post_setattr(struct user_namespace *mnt_userns,
0187 struct dentry *dentry);
0188 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
0189 const void *xattr_value, size_t xattr_value_len);
0190 extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name);
0191 #else
0192 static inline bool is_ima_appraise_enabled(void)
0193 {
0194 return 0;
0195 }
0196
0197 static inline void ima_inode_post_setattr(struct user_namespace *mnt_userns,
0198 struct dentry *dentry)
0199 {
0200 return;
0201 }
0202
0203 static inline int ima_inode_setxattr(struct dentry *dentry,
0204 const char *xattr_name,
0205 const void *xattr_value,
0206 size_t xattr_value_len)
0207 {
0208 return 0;
0209 }
0210
0211 static inline int ima_inode_removexattr(struct dentry *dentry,
0212 const char *xattr_name)
0213 {
0214 return 0;
0215 }
0216 #endif
0217
0218 #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
0219 extern bool ima_appraise_signature(enum kernel_read_file_id func);
0220 #else
0221 static inline bool ima_appraise_signature(enum kernel_read_file_id func)
0222 {
0223 return false;
0224 }
0225 #endif
0226 #endif