ima.h source code [linux/include/linux/ima.h]

1	/ SPDX-License-Identifier: GPL-2.0-only /
2	/*
3	* Copyright (C) 2008 IBM Corporation
4	* Author: Mimi Zohar <zohar@us.ibm.com>
5	*/
6
7	#ifndef _LINUX_IMA_H
8	#define _LINUX_IMA_H
9
10	#include <linux/kernel_read_file.h>
11	#include <linux/fs.h>
12	#include <linux/security.h>
13	#include <linux/kexec.h>
14	#include <crypto/hash_info.h>
15	struct linux_binprm;
16
17	#ifdef CONFIG_IMA
18	extern enum hash_algo ima_get_current_hash_algo(void);
19	extern int ima_bprm_check(struct linux_binprm *bprm);
20	extern int ima_file_check(struct file file, int* mask);
21	extern void ima_post_create_tmpfile(struct mnt_idmap *idmap,
22	struct inode *inode);
23	extern void ima_file_free(struct file *file);
24	extern int ima_file_mmap(struct file file, unsigned* long reqprot,
25	unsigned long prot, unsigned long flags);
26	extern int ima_file_mprotect(struct vm_area_struct vma, unsigned* long prot);
27	extern int ima_load_data(enum kernel_load_data_id id, bool contents);
28	extern int ima_post_load_data(char *buf, loff_t size,
29	enum kernel_load_data_id id, char *description);
30	extern int ima_read_file(struct file file, enum* kernel_read_file_id id,
31	bool contents);
32	extern int ima_post_read_file(struct file file, void* *buf, loff_t size,
33	enum kernel_read_file_id id);
34	extern void ima_post_path_mknod(struct mnt_idmap *idmap,
35	struct dentry *dentry);
36	extern int ima_file_hash(struct file file, char* *buf, size_t buf_size);
37	extern int ima_inode_hash(struct inode inode, char* *buf, size_t buf_size);
38	extern void ima_kexec_cmdline(int kernel_fd, const void buf, int* size);
39	extern int ima_measure_critical_data(const char *event_label,
40	const char *event_name,
41	const void *buf, size_t buf_len,
42	bool hash, u8 *digest, size_t digest_len);
43
44	#ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
45	extern void ima_appraise_parse_cmdline(void);
46	#else
47	static inline void ima_appraise_parse_cmdline(void) {}
48	#endif
49
50	#ifdef CONFIG_IMA_KEXEC
51	extern void ima_add_kexec_buffer(struct kimage *image);
52	#endif
53
54	#else
55	static inline enum hash_algo ima_get_current_hash_algo(void)
56	{
57	return HASH_ALGO__LAST;
58	}
59
60	static inline int ima_bprm_check(struct linux_binprm *bprm)
61	{
62	return `0`;
63	}
64
65	static inline int ima_file_check(struct file file, int* mask)
66	{
67	return `0`;
68	}
69
70	static inline void ima_post_create_tmpfile(struct mnt_idmap *idmap,
71	struct inode *inode)
72	{
73	}
74
75	static inline void ima_file_free(struct file *file)
76	{
77	return;
78	}
79
80	static inline int ima_file_mmap(struct file file, unsigned* long reqprot,
81	unsigned long prot, unsigned long flags)
82	{
83	return `0`;
84	}
85
86	static inline int ima_file_mprotect(struct vm_area_struct *vma,
87	unsigned long prot)
88	{
89	return `0`;
90	}
91
92	static inline int ima_load_data(enum kernel_load_data_id id, bool contents)
93	{
94	return `0`;
95	}
96
97	static inline int ima_post_load_data(char *buf, loff_t size,
98	enum kernel_load_data_id id,
99	char *description)
100	{
101	return `0`;
102	}
103
104	static inline int ima_read_file(struct file file, enum* kernel_read_file_id id,
105	bool contents)
106	{
107	return `0`;
108	}
109
110	static inline int ima_post_read_file(struct file file, void* *buf, loff_t size,
111	enum kernel_read_file_id id)
112	{
113	return `0`;
114	}
115
116	static inline void ima_post_path_mknod(struct mnt_idmap *idmap,
117	struct dentry *dentry)
118	{
119	return;
120	}
121
122	static inline int ima_file_hash(struct file file, char* *buf, size_t buf_size)
123	{
124	return -EOPNOTSUPP;
125	}
126
127	static inline int ima_inode_hash(struct inode inode, char* *buf, size_t buf_size)
128	{
129	return -EOPNOTSUPP;
130	}
131
132	static inline void ima_kexec_cmdline(int kernel_fd, const void buf, int* size) {}
133
134	static inline int ima_measure_critical_data(const char *event_label,
135	const char *event_name,
136	const void *buf, size_t buf_len,
137	bool hash, u8 *digest,
138	size_t digest_len)
139	{
140	return -ENOENT;
141	}
142
143	#endif /* CONFIG_IMA */
144
145	#ifdef CONFIG_HAVE_IMA_KEXEC
146	int __init ima_free_kexec_buffer(void);
147	int __init ima_get_kexec_buffer(void *addr, size_t size);
148	#endif
149
150	#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
151	extern bool arch_ima_get_secureboot(void);
152	extern const char * const arch_get_ima_policy(void*);
153	#else
154	static inline bool arch_ima_get_secureboot(void)
155	{
156	return false;
157	}
158
159	static inline const char * const arch_get_ima_policy(void*)
160	{
161	return NULL;
162	}
163	#endif
164
165	#ifndef CONFIG_IMA_KEXEC
166	struct kimage;
167
168	static inline void ima_add_kexec_buffer(struct kimage *image)
169	{}
170	#endif
171
172	#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
173	extern void ima_post_key_create_or_update(struct key *keyring,
174	struct key *key,
175	const void *payload, size_t plen,
176	unsigned long flags, bool create);
177	#else
178	static inline void ima_post_key_create_or_update(struct key *keyring,
179	struct key *key,
180	const void *payload,
181	size_t plen,
182	unsigned long flags,
183	bool create) {}
184	#endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */
185
186	#ifdef CONFIG_IMA_APPRAISE
187	extern bool is_ima_appraise_enabled(void);
188	extern void ima_inode_post_setattr(struct mnt_idmap *idmap,
189	struct dentry *dentry);
190	extern int ima_inode_setxattr(struct dentry dentry, const* char *xattr_name,
191	const void *xattr_value, size_t xattr_value_len);
192	extern int ima_inode_set_acl(struct mnt_idmap *idmap,
193	struct dentry dentry, const* char *acl_name,
194	struct posix_acl *kacl);
195	static inline int ima_inode_remove_acl(struct mnt_idmap *idmap,
196	struct dentry *dentry,
197	const char *acl_name)
198	{
199	return ima_inode_set_acl(idmap, dentry, acl_name, NULL);
200	}
201	extern int ima_inode_removexattr(struct dentry dentry, const* char *xattr_name);
202	#else
203	static inline bool is_ima_appraise_enabled(void)
204	{
205	return `0`;
206	}
207
208	static inline void ima_inode_post_setattr(struct mnt_idmap *idmap,
209	struct dentry *dentry)
210	{
211	return;
212	}
213
214	static inline int ima_inode_setxattr(struct dentry *dentry,
215	const char *xattr_name,
216	const void *xattr_value,
217	size_t xattr_value_len)
218	{
219	return `0`;
220	}
221
222	static inline int ima_inode_set_acl(struct mnt_idmap *idmap,
223	struct dentry dentry, const* char *acl_name,
224	struct posix_acl *kacl)
225	{
226
227	return `0`;
228	}
229
230	static inline int ima_inode_removexattr(struct dentry *dentry,
231	const char *xattr_name)
232	{
233	return `0`;
234	}
235
236	static inline int ima_inode_remove_acl(struct mnt_idmap *idmap,
237	struct dentry *dentry,
238	const char *acl_name)
239	{
240	return `0`;
241	}
242	#endif /* CONFIG_IMA_APPRAISE */
243
244	#if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
245	extern bool ima_appraise_signature(enum kernel_read_file_id func);
246	#else
247	static inline bool ima_appraise_signature(enum kernel_read_file_id func)
248	{
249	return false;
250	}
251	#endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */
252	#endif /* _LINUX_IMA_H */
253

source code of linux/include/linux/ima.h