1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | /* |
3 | * Copyright (C) 2008 IBM Corporation |
4 | * Author: Mimi Zohar <zohar@us.ibm.com> |
5 | */ |
6 | |
7 | #ifndef _LINUX_IMA_H |
8 | #define _LINUX_IMA_H |
9 | |
10 | #include <linux/kernel_read_file.h> |
11 | #include <linux/fs.h> |
12 | #include <linux/security.h> |
13 | #include <linux/kexec.h> |
14 | #include <crypto/hash_info.h> |
15 | struct linux_binprm; |
16 | |
17 | #ifdef CONFIG_IMA |
18 | extern enum hash_algo ima_get_current_hash_algo(void); |
19 | extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); |
20 | extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size); |
21 | extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size); |
22 | extern int ima_measure_critical_data(const char *event_label, |
23 | const char *event_name, |
24 | const void *buf, size_t buf_len, |
25 | bool hash, u8 *digest, size_t digest_len); |
26 | |
27 | #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM |
28 | extern void ima_appraise_parse_cmdline(void); |
29 | #else |
30 | static inline void ima_appraise_parse_cmdline(void) {} |
31 | #endif |
32 | |
33 | #ifdef CONFIG_IMA_KEXEC |
34 | extern void ima_add_kexec_buffer(struct kimage *image); |
35 | #endif |
36 | |
37 | #else |
38 | static inline enum hash_algo ima_get_current_hash_algo(void) |
39 | { |
40 | return HASH_ALGO__LAST; |
41 | } |
42 | |
43 | static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) |
44 | { |
45 | return -EOPNOTSUPP; |
46 | } |
47 | |
48 | static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size) |
49 | { |
50 | return -EOPNOTSUPP; |
51 | } |
52 | |
53 | static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {} |
54 | |
55 | static inline int ima_measure_critical_data(const char *event_label, |
56 | const char *event_name, |
57 | const void *buf, size_t buf_len, |
58 | bool hash, u8 *digest, |
59 | size_t digest_len) |
60 | { |
61 | return -ENOENT; |
62 | } |
63 | |
64 | #endif /* CONFIG_IMA */ |
65 | |
66 | #ifdef CONFIG_HAVE_IMA_KEXEC |
67 | int __init ima_free_kexec_buffer(void); |
68 | int __init ima_get_kexec_buffer(void **addr, size_t *size); |
69 | #endif |
70 | |
71 | #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT |
72 | extern bool arch_ima_get_secureboot(void); |
73 | extern const char * const *arch_get_ima_policy(void); |
74 | #else |
75 | static inline bool arch_ima_get_secureboot(void) |
76 | { |
77 | return false; |
78 | } |
79 | |
80 | static inline const char * const *arch_get_ima_policy(void) |
81 | { |
82 | return NULL; |
83 | } |
84 | #endif |
85 | |
86 | #ifndef CONFIG_IMA_KEXEC |
87 | struct kimage; |
88 | |
89 | static inline void ima_add_kexec_buffer(struct kimage *image) |
90 | {} |
91 | #endif |
92 | |
93 | #ifdef CONFIG_IMA_APPRAISE |
94 | extern bool is_ima_appraise_enabled(void); |
95 | #else |
96 | static inline bool is_ima_appraise_enabled(void) |
97 | { |
98 | return 0; |
99 | } |
100 | #endif /* CONFIG_IMA_APPRAISE */ |
101 | |
102 | #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) |
103 | extern bool ima_appraise_signature(enum kernel_read_file_id func); |
104 | #else |
105 | static inline bool ima_appraise_signature(enum kernel_read_file_id func) |
106 | { |
107 | return false; |
108 | } |
109 | #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ |
110 | #endif /* _LINUX_IMA_H */ |
111 | |