ima.h (371bb62158d53c1fc33e2fb9b6aeb9522caf6cf4) | ima.h (86b4da8c0e7fcb6c217c604efcd9438ad55dd055) |
---|---|
1/* SPDX-License-Identifier: GPL-2.0-only */ | |
2/* 3 * Copyright (C) 2005,2006,2007,2008 IBM Corporation 4 * 5 * Authors: 6 * Reiner Sailer <sailer@watson.ibm.com> 7 * Mimi Zohar <zohar@us.ibm.com> 8 * | 1/* 2 * Copyright (C) 2005,2006,2007,2008 IBM Corporation 3 * 4 * Authors: 5 * Reiner Sailer <sailer@watson.ibm.com> 6 * Mimi Zohar <zohar@us.ibm.com> 7 * |
8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License as 10 * published by the Free Software Foundation, version 2 of the 11 * License. 12 * |
|
9 * File: ima.h 10 * internal Integrity Measurement Architecture (IMA) definitions 11 */ 12 13#ifndef __LINUX_IMA_H 14#define __LINUX_IMA_H 15 16#include <linux/types.h> --- 39 unchanged lines hidden (view full) --- 56/* IMA event related data */ 57struct ima_event_data { 58 struct integrity_iint_cache *iint; 59 struct file *file; 60 const unsigned char *filename; 61 struct evm_ima_xattr_data *xattr_value; 62 int xattr_len; 63 const char *violation; | 13 * File: ima.h 14 * internal Integrity Measurement Architecture (IMA) definitions 15 */ 16 17#ifndef __LINUX_IMA_H 18#define __LINUX_IMA_H 19 20#include <linux/types.h> --- 39 unchanged lines hidden (view full) --- 60/* IMA event related data */ 61struct ima_event_data { 62 struct integrity_iint_cache *iint; 63 struct file *file; 64 const unsigned char *filename; 65 struct evm_ima_xattr_data *xattr_value; 66 int xattr_len; 67 const char *violation; |
68 const void *buf; 69 int buf_len; |
|
64}; 65 66/* IMA template field data definition */ 67struct ima_field_data { 68 u8 *data; 69 u32 len; 70}; 71 --- 65 unchanged lines hidden (view full) --- 137 struct ima_digest_data *hash); 138int __init ima_calc_boot_aggregate(struct ima_digest_data *hash); 139void ima_add_violation(struct file *file, const unsigned char *filename, 140 struct integrity_iint_cache *iint, 141 const char *op, const char *cause); 142int ima_init_crypto(void); 143void ima_putc(struct seq_file *m, void *data, int datalen); 144void ima_print_digest(struct seq_file *m, u8 *digest, u32 size); | 70}; 71 72/* IMA template field data definition */ 73struct ima_field_data { 74 u8 *data; 75 u32 len; 76}; 77 --- 65 unchanged lines hidden (view full) --- 143 struct ima_digest_data *hash); 144int __init ima_calc_boot_aggregate(struct ima_digest_data *hash); 145void ima_add_violation(struct file *file, const unsigned char *filename, 146 struct integrity_iint_cache *iint, 147 const char *op, const char *cause); 148int ima_init_crypto(void); 149void ima_putc(struct seq_file *m, void *data, int datalen); 150void ima_print_digest(struct seq_file *m, u8 *digest, u32 size); |
151int template_desc_init_fields(const char *template_fmt, 152 const struct ima_template_field ***fields, 153 int *num_fields); |
|
145struct ima_template_desc *ima_template_desc_current(void); | 154struct ima_template_desc *ima_template_desc_current(void); |
155struct ima_template_desc *lookup_template_desc(const char *name); |
|
146int ima_restore_measurement_entry(struct ima_template_entry *entry); 147int ima_restore_measurement_list(loff_t bufsize, void *buf); 148int ima_measurements_show(struct seq_file *m, void *v); 149unsigned long ima_get_binary_runtime_size(void); 150int ima_init_template(void); 151void ima_init_template_list(void); 152int __init ima_init_digests(void); | 156int ima_restore_measurement_entry(struct ima_template_entry *entry); 157int ima_restore_measurement_list(loff_t bufsize, void *buf); 158int ima_measurements_show(struct seq_file *m, void *v); 159unsigned long ima_get_binary_runtime_size(void); 160int ima_init_template(void); 161void ima_init_template_list(void); 162int __init ima_init_digests(void); |
163int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event, 164 void *lsm_data); |
|
153 154/* 155 * used to protect h_table and sha_table 156 */ 157extern spinlock_t ima_queue_lock; 158 159struct ima_h_table { 160 atomic_long_t len; /* number of stored measurements in the list */ --- 14 unchanged lines hidden (view full) --- 175 hook(BPRM_CHECK) \ 176 hook(CREDS_CHECK) \ 177 hook(POST_SETATTR) \ 178 hook(MODULE_CHECK) \ 179 hook(FIRMWARE_CHECK) \ 180 hook(KEXEC_KERNEL_CHECK) \ 181 hook(KEXEC_INITRAMFS_CHECK) \ 182 hook(POLICY_CHECK) \ | 165 166/* 167 * used to protect h_table and sha_table 168 */ 169extern spinlock_t ima_queue_lock; 170 171struct ima_h_table { 172 atomic_long_t len; /* number of stored measurements in the list */ --- 14 unchanged lines hidden (view full) --- 187 hook(BPRM_CHECK) \ 188 hook(CREDS_CHECK) \ 189 hook(POST_SETATTR) \ 190 hook(MODULE_CHECK) \ 191 hook(FIRMWARE_CHECK) \ 192 hook(KEXEC_KERNEL_CHECK) \ 193 hook(KEXEC_INITRAMFS_CHECK) \ 194 hook(POLICY_CHECK) \ |
195 hook(KEXEC_CMDLINE) \ |
|
183 hook(MAX_CHECK) 184#define __ima_hook_enumify(ENUM) ENUM, 185 186enum ima_hooks { 187 __ima_hooks(__ima_hook_enumify) 188}; 189 190/* LIM API function definitions */ 191int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, | 196 hook(MAX_CHECK) 197#define __ima_hook_enumify(ENUM) ENUM, 198 199enum ima_hooks { 200 __ima_hooks(__ima_hook_enumify) 201}; 202 203/* LIM API function definitions */ 204int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, |
192 int mask, enum ima_hooks func, int *pcr); | 205 int mask, enum ima_hooks func, int *pcr, 206 struct ima_template_desc **template_desc); |
193int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); 194int ima_collect_measurement(struct integrity_iint_cache *iint, 195 struct file *file, void *buf, loff_t size, 196 enum hash_algo algo); 197void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, 198 const unsigned char *filename, 199 struct evm_ima_xattr_data *xattr_value, | 207int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); 208int ima_collect_measurement(struct integrity_iint_cache *iint, 209 struct file *file, void *buf, loff_t size, 210 enum hash_algo algo); 211void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, 212 const unsigned char *filename, 213 struct evm_ima_xattr_data *xattr_value, |
200 int xattr_len, int pcr); | 214 int xattr_len, int pcr, 215 struct ima_template_desc *template_desc); |
201void ima_audit_measurement(struct integrity_iint_cache *iint, 202 const unsigned char *filename); 203int ima_alloc_init_template(struct ima_event_data *event_data, | 216void ima_audit_measurement(struct integrity_iint_cache *iint, 217 const unsigned char *filename); 218int ima_alloc_init_template(struct ima_event_data *event_data, |
204 struct ima_template_entry **entry); | 219 struct ima_template_entry **entry, 220 struct ima_template_desc *template_desc); |
205int ima_store_template(struct ima_template_entry *entry, int violation, 206 struct inode *inode, 207 const unsigned char *filename, int pcr); 208void ima_free_template_entry(struct ima_template_entry *entry); 209const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); 210 211/* IMA policy related functions */ 212int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, | 221int ima_store_template(struct ima_template_entry *entry, int violation, 222 struct inode *inode, 223 const unsigned char *filename, int pcr); 224void ima_free_template_entry(struct ima_template_entry *entry); 225const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); 226 227/* IMA policy related functions */ 228int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, |
213 enum ima_hooks func, int mask, int flags, int *pcr); | 229 enum ima_hooks func, int mask, int flags, int *pcr, 230 struct ima_template_desc **template_desc); |
214void ima_init_policy(void); 215void ima_update_policy(void); 216void ima_update_policy_flag(void); 217ssize_t ima_parse_add_rule(char *); 218void ima_delete_rules(void); 219int ima_check_policy(void); 220void *ima_policy_start(struct seq_file *m, loff_t *pos); 221void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos); --- 98 unchanged lines hidden --- | 231void ima_init_policy(void); 232void ima_update_policy(void); 233void ima_update_policy_flag(void); 234ssize_t ima_parse_add_rule(char *); 235void ima_delete_rules(void); 236int ima_check_policy(void); 237void *ima_policy_start(struct seq_file *m, loff_t *pos); 238void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos); --- 98 unchanged lines hidden --- |