ima.h (371bb62158d53c1fc33e2fb9b6aeb9522caf6cf4) ima.h (86b4da8c0e7fcb6c217c604efcd9438ad55dd055)
1/* SPDX-License-Identifier: GPL-2.0-only */
2/*
3 * Copyright (C) 2005,2006,2007,2008 IBM Corporation
4 *
5 * Authors:
6 * Reiner Sailer <sailer@watson.ibm.com>
7 * Mimi Zohar <zohar@us.ibm.com>
8 *
1/*
2 * Copyright (C) 2005,2006,2007,2008 IBM Corporation
3 *
4 * Authors:
5 * Reiner Sailer <sailer@watson.ibm.com>
6 * Mimi Zohar <zohar@us.ibm.com>
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License as
10 * published by the Free Software Foundation, version 2 of the
11 * License.
12 *
9 * File: ima.h
10 * internal Integrity Measurement Architecture (IMA) definitions
11 */
12
13#ifndef __LINUX_IMA_H
14#define __LINUX_IMA_H
15
16#include <linux/types.h>

--- 39 unchanged lines hidden (view full) ---

56/* IMA event related data */
57struct ima_event_data {
58 struct integrity_iint_cache *iint;
59 struct file *file;
60 const unsigned char *filename;
61 struct evm_ima_xattr_data *xattr_value;
62 int xattr_len;
63 const char *violation;
13 * File: ima.h
14 * internal Integrity Measurement Architecture (IMA) definitions
15 */
16
17#ifndef __LINUX_IMA_H
18#define __LINUX_IMA_H
19
20#include <linux/types.h>

--- 39 unchanged lines hidden (view full) ---

60/* IMA event related data */
61struct ima_event_data {
62 struct integrity_iint_cache *iint;
63 struct file *file;
64 const unsigned char *filename;
65 struct evm_ima_xattr_data *xattr_value;
66 int xattr_len;
67 const char *violation;
68 const void *buf;
69 int buf_len;
64};
65
66/* IMA template field data definition */
67struct ima_field_data {
68 u8 *data;
69 u32 len;
70};
71

--- 65 unchanged lines hidden (view full) ---

137 struct ima_digest_data *hash);
138int __init ima_calc_boot_aggregate(struct ima_digest_data *hash);
139void ima_add_violation(struct file *file, const unsigned char *filename,
140 struct integrity_iint_cache *iint,
141 const char *op, const char *cause);
142int ima_init_crypto(void);
143void ima_putc(struct seq_file *m, void *data, int datalen);
144void ima_print_digest(struct seq_file *m, u8 *digest, u32 size);
70};
71
72/* IMA template field data definition */
73struct ima_field_data {
74 u8 *data;
75 u32 len;
76};
77

--- 65 unchanged lines hidden (view full) ---

143 struct ima_digest_data *hash);
144int __init ima_calc_boot_aggregate(struct ima_digest_data *hash);
145void ima_add_violation(struct file *file, const unsigned char *filename,
146 struct integrity_iint_cache *iint,
147 const char *op, const char *cause);
148int ima_init_crypto(void);
149void ima_putc(struct seq_file *m, void *data, int datalen);
150void ima_print_digest(struct seq_file *m, u8 *digest, u32 size);
151int template_desc_init_fields(const char *template_fmt,
152 const struct ima_template_field ***fields,
153 int *num_fields);
145struct ima_template_desc *ima_template_desc_current(void);
154struct ima_template_desc *ima_template_desc_current(void);
155struct ima_template_desc *lookup_template_desc(const char *name);
146int ima_restore_measurement_entry(struct ima_template_entry *entry);
147int ima_restore_measurement_list(loff_t bufsize, void *buf);
148int ima_measurements_show(struct seq_file *m, void *v);
149unsigned long ima_get_binary_runtime_size(void);
150int ima_init_template(void);
151void ima_init_template_list(void);
152int __init ima_init_digests(void);
156int ima_restore_measurement_entry(struct ima_template_entry *entry);
157int ima_restore_measurement_list(loff_t bufsize, void *buf);
158int ima_measurements_show(struct seq_file *m, void *v);
159unsigned long ima_get_binary_runtime_size(void);
160int ima_init_template(void);
161void ima_init_template_list(void);
162int __init ima_init_digests(void);
163int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event,
164 void *lsm_data);
153
154/*
155 * used to protect h_table and sha_table
156 */
157extern spinlock_t ima_queue_lock;
158
159struct ima_h_table {
160 atomic_long_t len; /* number of stored measurements in the list */

--- 14 unchanged lines hidden (view full) ---

175 hook(BPRM_CHECK) \
176 hook(CREDS_CHECK) \
177 hook(POST_SETATTR) \
178 hook(MODULE_CHECK) \
179 hook(FIRMWARE_CHECK) \
180 hook(KEXEC_KERNEL_CHECK) \
181 hook(KEXEC_INITRAMFS_CHECK) \
182 hook(POLICY_CHECK) \
165
166/*
167 * used to protect h_table and sha_table
168 */
169extern spinlock_t ima_queue_lock;
170
171struct ima_h_table {
172 atomic_long_t len; /* number of stored measurements in the list */

--- 14 unchanged lines hidden (view full) ---

187 hook(BPRM_CHECK) \
188 hook(CREDS_CHECK) \
189 hook(POST_SETATTR) \
190 hook(MODULE_CHECK) \
191 hook(FIRMWARE_CHECK) \
192 hook(KEXEC_KERNEL_CHECK) \
193 hook(KEXEC_INITRAMFS_CHECK) \
194 hook(POLICY_CHECK) \
195 hook(KEXEC_CMDLINE) \
183 hook(MAX_CHECK)
184#define __ima_hook_enumify(ENUM) ENUM,
185
186enum ima_hooks {
187 __ima_hooks(__ima_hook_enumify)
188};
189
190/* LIM API function definitions */
191int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid,
196 hook(MAX_CHECK)
197#define __ima_hook_enumify(ENUM) ENUM,
198
199enum ima_hooks {
200 __ima_hooks(__ima_hook_enumify)
201};
202
203/* LIM API function definitions */
204int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid,
192 int mask, enum ima_hooks func, int *pcr);
205 int mask, enum ima_hooks func, int *pcr,
206 struct ima_template_desc **template_desc);
193int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func);
194int ima_collect_measurement(struct integrity_iint_cache *iint,
195 struct file *file, void *buf, loff_t size,
196 enum hash_algo algo);
197void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
198 const unsigned char *filename,
199 struct evm_ima_xattr_data *xattr_value,
207int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func);
208int ima_collect_measurement(struct integrity_iint_cache *iint,
209 struct file *file, void *buf, loff_t size,
210 enum hash_algo algo);
211void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
212 const unsigned char *filename,
213 struct evm_ima_xattr_data *xattr_value,
200 int xattr_len, int pcr);
214 int xattr_len, int pcr,
215 struct ima_template_desc *template_desc);
201void ima_audit_measurement(struct integrity_iint_cache *iint,
202 const unsigned char *filename);
203int ima_alloc_init_template(struct ima_event_data *event_data,
216void ima_audit_measurement(struct integrity_iint_cache *iint,
217 const unsigned char *filename);
218int ima_alloc_init_template(struct ima_event_data *event_data,
204 struct ima_template_entry **entry);
219 struct ima_template_entry **entry,
220 struct ima_template_desc *template_desc);
205int ima_store_template(struct ima_template_entry *entry, int violation,
206 struct inode *inode,
207 const unsigned char *filename, int pcr);
208void ima_free_template_entry(struct ima_template_entry *entry);
209const char *ima_d_path(const struct path *path, char **pathbuf, char *filename);
210
211/* IMA policy related functions */
212int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
221int ima_store_template(struct ima_template_entry *entry, int violation,
222 struct inode *inode,
223 const unsigned char *filename, int pcr);
224void ima_free_template_entry(struct ima_template_entry *entry);
225const char *ima_d_path(const struct path *path, char **pathbuf, char *filename);
226
227/* IMA policy related functions */
228int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
213 enum ima_hooks func, int mask, int flags, int *pcr);
229 enum ima_hooks func, int mask, int flags, int *pcr,
230 struct ima_template_desc **template_desc);
214void ima_init_policy(void);
215void ima_update_policy(void);
216void ima_update_policy_flag(void);
217ssize_t ima_parse_add_rule(char *);
218void ima_delete_rules(void);
219int ima_check_policy(void);
220void *ima_policy_start(struct seq_file *m, loff_t *pos);
221void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos);

--- 98 unchanged lines hidden ---
231void ima_init_policy(void);
232void ima_update_policy(void);
233void ima_update_policy_flag(void);
234ssize_t ima_parse_add_rule(char *);
235void ima_delete_rules(void);
236int ima_check_policy(void);
237void *ima_policy_start(struct seq_file *m, loff_t *pos);
238void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos);

--- 98 unchanged lines hidden ---