Back to home page

OSCL-LXR

 
 

    


0001 /* SPDX-License-Identifier: GPL-2.0-only */
0002 /*
0003  * Copyright (C) 2008 IBM Corporation
0004  * Author: Mimi Zohar <zohar@us.ibm.com>
0005  */
0006 
0007 #ifndef _LINUX_IMA_H
0008 #define _LINUX_IMA_H
0009 
0010 #include <linux/kernel_read_file.h>
0011 #include <linux/fs.h>
0012 #include <linux/security.h>
0013 #include <linux/kexec.h>
0014 #include <crypto/hash_info.h>
0015 struct linux_binprm;
0016 
0017 #ifdef CONFIG_IMA
0018 extern enum hash_algo ima_get_current_hash_algo(void);
0019 extern int ima_bprm_check(struct linux_binprm *bprm);
0020 extern int ima_file_check(struct file *file, int mask);
0021 extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
0022                     struct inode *inode);
0023 extern void ima_file_free(struct file *file);
0024 extern int ima_file_mmap(struct file *file, unsigned long prot);
0025 extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot);
0026 extern int ima_load_data(enum kernel_load_data_id id, bool contents);
0027 extern int ima_post_load_data(char *buf, loff_t size,
0028                   enum kernel_load_data_id id, char *description);
0029 extern int ima_read_file(struct file *file, enum kernel_read_file_id id,
0030              bool contents);
0031 extern int ima_post_read_file(struct file *file, void *buf, loff_t size,
0032                   enum kernel_read_file_id id);
0033 extern void ima_post_path_mknod(struct user_namespace *mnt_userns,
0034                 struct dentry *dentry);
0035 extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
0036 extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size);
0037 extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
0038 extern int ima_measure_critical_data(const char *event_label,
0039                      const char *event_name,
0040                      const void *buf, size_t buf_len,
0041                      bool hash, u8 *digest, size_t digest_len);
0042 
0043 #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
0044 extern void ima_appraise_parse_cmdline(void);
0045 #else
0046 static inline void ima_appraise_parse_cmdline(void) {}
0047 #endif
0048 
0049 #ifdef CONFIG_IMA_KEXEC
0050 extern void ima_add_kexec_buffer(struct kimage *image);
0051 #endif
0052 
0053 #else
0054 static inline enum hash_algo ima_get_current_hash_algo(void)
0055 {
0056     return HASH_ALGO__LAST;
0057 }
0058 
0059 static inline int ima_bprm_check(struct linux_binprm *bprm)
0060 {
0061     return 0;
0062 }
0063 
0064 static inline int ima_file_check(struct file *file, int mask)
0065 {
0066     return 0;
0067 }
0068 
0069 static inline void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
0070                        struct inode *inode)
0071 {
0072 }
0073 
0074 static inline void ima_file_free(struct file *file)
0075 {
0076     return;
0077 }
0078 
0079 static inline int ima_file_mmap(struct file *file, unsigned long prot)
0080 {
0081     return 0;
0082 }
0083 
0084 static inline int ima_file_mprotect(struct vm_area_struct *vma,
0085                     unsigned long prot)
0086 {
0087     return 0;
0088 }
0089 
0090 static inline int ima_load_data(enum kernel_load_data_id id, bool contents)
0091 {
0092     return 0;
0093 }
0094 
0095 static inline int ima_post_load_data(char *buf, loff_t size,
0096                      enum kernel_load_data_id id,
0097                      char *description)
0098 {
0099     return 0;
0100 }
0101 
0102 static inline int ima_read_file(struct file *file, enum kernel_read_file_id id,
0103                 bool contents)
0104 {
0105     return 0;
0106 }
0107 
0108 static inline int ima_post_read_file(struct file *file, void *buf, loff_t size,
0109                      enum kernel_read_file_id id)
0110 {
0111     return 0;
0112 }
0113 
0114 static inline void ima_post_path_mknod(struct user_namespace *mnt_userns,
0115                        struct dentry *dentry)
0116 {
0117     return;
0118 }
0119 
0120 static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size)
0121 {
0122     return -EOPNOTSUPP;
0123 }
0124 
0125 static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size)
0126 {
0127     return -EOPNOTSUPP;
0128 }
0129 
0130 static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {}
0131 
0132 static inline int ima_measure_critical_data(const char *event_label,
0133                          const char *event_name,
0134                          const void *buf, size_t buf_len,
0135                          bool hash, u8 *digest,
0136                          size_t digest_len)
0137 {
0138     return -ENOENT;
0139 }
0140 
0141 #endif /* CONFIG_IMA */
0142 
0143 #ifdef CONFIG_HAVE_IMA_KEXEC
0144 int __init ima_free_kexec_buffer(void);
0145 int __init ima_get_kexec_buffer(void **addr, size_t *size);
0146 #endif
0147 
0148 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
0149 extern bool arch_ima_get_secureboot(void);
0150 extern const char * const *arch_get_ima_policy(void);
0151 #else
0152 static inline bool arch_ima_get_secureboot(void)
0153 {
0154     return false;
0155 }
0156 
0157 static inline const char * const *arch_get_ima_policy(void)
0158 {
0159     return NULL;
0160 }
0161 #endif
0162 
0163 #ifndef CONFIG_IMA_KEXEC
0164 struct kimage;
0165 
0166 static inline void ima_add_kexec_buffer(struct kimage *image)
0167 {}
0168 #endif
0169 
0170 #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
0171 extern void ima_post_key_create_or_update(struct key *keyring,
0172                       struct key *key,
0173                       const void *payload, size_t plen,
0174                       unsigned long flags, bool create);
0175 #else
0176 static inline void ima_post_key_create_or_update(struct key *keyring,
0177                          struct key *key,
0178                          const void *payload,
0179                          size_t plen,
0180                          unsigned long flags,
0181                          bool create) {}
0182 #endif  /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */
0183 
0184 #ifdef CONFIG_IMA_APPRAISE
0185 extern bool is_ima_appraise_enabled(void);
0186 extern void ima_inode_post_setattr(struct user_namespace *mnt_userns,
0187                    struct dentry *dentry);
0188 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
0189                const void *xattr_value, size_t xattr_value_len);
0190 extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name);
0191 #else
0192 static inline bool is_ima_appraise_enabled(void)
0193 {
0194     return 0;
0195 }
0196 
0197 static inline void ima_inode_post_setattr(struct user_namespace *mnt_userns,
0198                       struct dentry *dentry)
0199 {
0200     return;
0201 }
0202 
0203 static inline int ima_inode_setxattr(struct dentry *dentry,
0204                      const char *xattr_name,
0205                      const void *xattr_value,
0206                      size_t xattr_value_len)
0207 {
0208     return 0;
0209 }
0210 
0211 static inline int ima_inode_removexattr(struct dentry *dentry,
0212                     const char *xattr_name)
0213 {
0214     return 0;
0215 }
0216 #endif /* CONFIG_IMA_APPRAISE */
0217 
0218 #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
0219 extern bool ima_appraise_signature(enum kernel_read_file_id func);
0220 #else
0221 static inline bool ima_appraise_signature(enum kernel_read_file_id func)
0222 {
0223     return false;
0224 }
0225 #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */
0226 #endif /* _LINUX_IMA_H */