1
2
3
4
5
6
7#ifndef _LINUX_IMA_H
8#define _LINUX_IMA_H
9
10#include <linux/fs.h>
11#include <linux/security.h>
12#include <linux/kexec.h>
13struct linux_binprm;
14
15#ifdef CONFIG_IMA
16extern int ima_bprm_check(struct linux_binprm *bprm);
17extern int ima_file_check(struct file *file, int mask);
18extern void ima_post_create_tmpfile(struct inode *inode);
19extern void ima_file_free(struct file *file);
20extern int ima_file_mmap(struct file *file, unsigned long prot);
21extern int ima_load_data(enum kernel_load_data_id id);
22extern int ima_read_file(struct file *file, enum kernel_read_file_id id);
23extern int ima_post_read_file(struct file *file, void *buf, loff_t size,
24 enum kernel_read_file_id id);
25extern void ima_post_path_mknod(struct dentry *dentry);
26extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
27extern void ima_kexec_cmdline(const void *buf, int size);
28
29#ifdef CONFIG_IMA_KEXEC
30extern void ima_add_kexec_buffer(struct kimage *image);
31#endif
32
33#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
34extern bool arch_ima_get_secureboot(void);
35extern const char * const *arch_get_ima_policy(void);
36#else
37static inline bool arch_ima_get_secureboot(void)
38{
39 return false;
40}
41
42static inline const char * const *arch_get_ima_policy(void)
43{
44 return NULL;
45}
46#endif
47
48#else
49static inline int ima_bprm_check(struct linux_binprm *bprm)
50{
51 return 0;
52}
53
54static inline int ima_file_check(struct file *file, int mask)
55{
56 return 0;
57}
58
59static inline void ima_post_create_tmpfile(struct inode *inode)
60{
61}
62
63static inline void ima_file_free(struct file *file)
64{
65 return;
66}
67
68static inline int ima_file_mmap(struct file *file, unsigned long prot)
69{
70 return 0;
71}
72
73static inline int ima_load_data(enum kernel_load_data_id id)
74{
75 return 0;
76}
77
78static inline int ima_read_file(struct file *file, enum kernel_read_file_id id)
79{
80 return 0;
81}
82
83static inline int ima_post_read_file(struct file *file, void *buf, loff_t size,
84 enum kernel_read_file_id id)
85{
86 return 0;
87}
88
89static inline void ima_post_path_mknod(struct dentry *dentry)
90{
91 return;
92}
93
94static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size)
95{
96 return -EOPNOTSUPP;
97}
98
99static inline void ima_kexec_cmdline(const void *buf, int size) {}
100#endif
101
102#ifndef CONFIG_IMA_KEXEC
103struct kimage;
104
105static inline void ima_add_kexec_buffer(struct kimage *image)
106{}
107#endif
108
109#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
110extern void ima_post_key_create_or_update(struct key *keyring,
111 struct key *key,
112 const void *payload, size_t plen,
113 unsigned long flags, bool create);
114#else
115static inline void ima_post_key_create_or_update(struct key *keyring,
116 struct key *key,
117 const void *payload,
118 size_t plen,
119 unsigned long flags,
120 bool create) {}
121#endif
122
123#ifdef CONFIG_IMA_APPRAISE
124extern bool is_ima_appraise_enabled(void);
125extern void ima_inode_post_setattr(struct dentry *dentry);
126extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
127 const void *xattr_value, size_t xattr_value_len);
128extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name);
129#else
130static inline bool is_ima_appraise_enabled(void)
131{
132 return 0;
133}
134
135static inline void ima_inode_post_setattr(struct dentry *dentry)
136{
137 return;
138}
139
140static inline int ima_inode_setxattr(struct dentry *dentry,
141 const char *xattr_name,
142 const void *xattr_value,
143 size_t xattr_value_len)
144{
145 return 0;
146}
147
148static inline int ima_inode_removexattr(struct dentry *dentry,
149 const char *xattr_name)
150{
151 return 0;
152}
153#endif
154
155#if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
156extern bool ima_appraise_signature(enum kernel_read_file_id func);
157#else
158static inline bool ima_appraise_signature(enum kernel_read_file_id func)
159{
160 return false;
161}
162#endif
163#endif
164