LXR linux/include/linux/ima.h

   1/* SPDX-License-Identifier: GPL-2.0-only */
   2/*
   3 * Copyright (C) 2008 IBM Corporation
   4 * Author: Mimi Zohar <zohar@us.ibm.com>
   5 */
   6
   7#ifndef _LINUX_IMA_H
   8#define _LINUX_IMA_H
   9
  10#include <linux/kernel_read_file.h>
  11#include <linux/fs.h>
  12#include <linux/security.h>
  13#include <linux/kexec.h>
  14struct linux_binprm;
  15
  16#ifdef CONFIG_IMA
  17extern int ima_bprm_check(struct linux_binprm *bprm);
  18extern int ima_file_check(struct file *file, int mask);
  19extern void ima_post_create_tmpfile(struct inode *inode);
  20extern void ima_file_free(struct file *file);
  21extern int ima_file_mmap(struct file *file, unsigned long prot);
  22extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot);
  23extern int ima_load_data(enum kernel_load_data_id id, bool contents);
  24extern int ima_post_load_data(char *buf, loff_t size,
  25                              enum kernel_load_data_id id, char *description);
  26extern int ima_read_file(struct file *file, enum kernel_read_file_id id,
  27                         bool contents);
  28extern int ima_post_read_file(struct file *file, void *buf, loff_t size,
  29                              enum kernel_read_file_id id);
  30extern void ima_post_path_mknod(struct dentry *dentry);
  31extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
  32extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
  33
  34#ifdef CONFIG_IMA_KEXEC
  35extern void ima_add_kexec_buffer(struct kimage *image);
  36#endif
  37
  38#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
  39extern bool arch_ima_get_secureboot(void);
  40extern const char * const *arch_get_ima_policy(void);
  41#else
  42static inline bool arch_ima_get_secureboot(void)
  43{
  44        return false;
  45}
  46
  47static inline const char * const *arch_get_ima_policy(void)
  48{
  49        return NULL;
  50}
  51#endif
  52
  53#else
  54static inline int ima_bprm_check(struct linux_binprm *bprm)
  55{
  56        return 0;
  57}
  58
  59static inline int ima_file_check(struct file *file, int mask)
  60{
  61        return 0;
  62}
  63
  64static inline void ima_post_create_tmpfile(struct inode *inode)
  65{
  66}
  67
  68static inline void ima_file_free(struct file *file)
  69{
  70        return;
  71}
  72
  73static inline int ima_file_mmap(struct file *file, unsigned long prot)
  74{
  75        return 0;
  76}
  77
  78static inline int ima_file_mprotect(struct vm_area_struct *vma,
  79                                    unsigned long prot)
  80{
  81        return 0;
  82}
  83
  84static inline int ima_load_data(enum kernel_load_data_id id, bool contents)
  85{
  86        return 0;
  87}
  88
  89static inline int ima_post_load_data(char *buf, loff_t size,
  90                                     enum kernel_load_data_id id,
  91                                     char *description)
  92{
  93        return 0;
  94}
  95
  96static inline int ima_read_file(struct file *file, enum kernel_read_file_id id,
  97                                bool contents)
  98{
  99        return 0;
 100}
 101
 102static inline int ima_post_read_file(struct file *file, void *buf, loff_t size,
 103                                     enum kernel_read_file_id id)
 104{
 105        return 0;
 106}
 107
 108static inline void ima_post_path_mknod(struct dentry *dentry)
 109{
 110        return;
 111}
 112
 113static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size)
 114{
 115        return -EOPNOTSUPP;
 116}
 117
 118static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {}
 119#endif /* CONFIG_IMA */
 120
 121#ifndef CONFIG_IMA_KEXEC
 122struct kimage;
 123
 124static inline void ima_add_kexec_buffer(struct kimage *image)
 125{}
 126#endif
 127
 128#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
 129extern void ima_post_key_create_or_update(struct key *keyring,
 130                                          struct key *key,
 131                                          const void *payload, size_t plen,
 132                                          unsigned long flags, bool create);
 133#else
 134static inline void ima_post_key_create_or_update(struct key *keyring,
 135                                                 struct key *key,
 136                                                 const void *payload,
 137                                                 size_t plen,
 138                                                 unsigned long flags,
 139                                                 bool create) {}
 140#endif  /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */
 141
 142#ifdef CONFIG_IMA_APPRAISE
 143extern bool is_ima_appraise_enabled(void);
 144extern void ima_inode_post_setattr(struct dentry *dentry);
 145extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
 146                       const void *xattr_value, size_t xattr_value_len);
 147extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name);
 148#else
 149static inline bool is_ima_appraise_enabled(void)
 150{
 151        return 0;
 152}
 153
 154static inline void ima_inode_post_setattr(struct dentry *dentry)
 155{
 156        return;
 157}
 158
 159static inline int ima_inode_setxattr(struct dentry *dentry,
 160                                     const char *xattr_name,
 161                                     const void *xattr_value,
 162                                     size_t xattr_value_len)
 163{
 164        return 0;
 165}
 166
 167static inline int ima_inode_removexattr(struct dentry *dentry,
 168                                        const char *xattr_name)
 169{
 170        return 0;
 171}
 172#endif /* CONFIG_IMA_APPRAISE */
 173
 174#if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
 175extern bool ima_appraise_signature(enum kernel_read_file_id func);
 176#else
 177static inline bool ima_appraise_signature(enum kernel_read_file_id func)
 178{
 179        return false;
 180}
 181#endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */
 182#endif /* _LINUX_IMA_H */
 183