1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Copyright (C) 2008 IBM Corporation 4 * Author: Mimi Zohar <zohar@us.ibm.com> 5 */ 6 7 #ifndef _LINUX_IMA_H 8 #define _LINUX_IMA_H 9 10 #include <linux/kernel_read_file.h> 11 #include <linux/fs.h> 12 #include <linux/security.h> 13 #include <linux/kexec.h> 14 struct linux_binprm; 15 16 #ifdef CONFIG_IMA 17 extern int ima_bprm_check(struct linux_binprm *bprm); 18 extern int ima_file_check(struct file *file, int mask); 19 extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns, 20 struct inode *inode); 21 extern void ima_file_free(struct file *file); 22 extern int ima_file_mmap(struct file *file, unsigned long prot); 23 extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot); 24 extern int ima_load_data(enum kernel_load_data_id id, bool contents); 25 extern int ima_post_load_data(char *buf, loff_t size, 26 enum kernel_load_data_id id, char *description); 27 extern int ima_read_file(struct file *file, enum kernel_read_file_id id, 28 bool contents); 29 extern int ima_post_read_file(struct file *file, void *buf, loff_t size, 30 enum kernel_read_file_id id); 31 extern void ima_post_path_mknod(struct user_namespace *mnt_userns, 32 struct dentry *dentry); 33 extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); 34 extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size); 35 extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size); 36 extern void ima_measure_critical_data(const char *event_label, 37 const char *event_name, 38 const void *buf, size_t buf_len, 39 bool hash); 40 41 #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM 42 extern void ima_appraise_parse_cmdline(void); 43 #else 44 static inline void ima_appraise_parse_cmdline(void) {} 45 #endif 46 47 #ifdef CONFIG_IMA_KEXEC 48 extern void ima_add_kexec_buffer(struct kimage *image); 49 #endif 50 51 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT 52 extern bool arch_ima_get_secureboot(void); 53 extern const char * const *arch_get_ima_policy(void); 54 #else 55 static inline bool arch_ima_get_secureboot(void) 56 { 57 return false; 58 } 59 60 static inline const char * const *arch_get_ima_policy(void) 61 { 62 return NULL; 63 } 64 #endif 65 66 #else 67 static inline int ima_bprm_check(struct linux_binprm *bprm) 68 { 69 return 0; 70 } 71 72 static inline int ima_file_check(struct file *file, int mask) 73 { 74 return 0; 75 } 76 77 static inline void ima_post_create_tmpfile(struct user_namespace *mnt_userns, 78 struct inode *inode) 79 { 80 } 81 82 static inline void ima_file_free(struct file *file) 83 { 84 return; 85 } 86 87 static inline int ima_file_mmap(struct file *file, unsigned long prot) 88 { 89 return 0; 90 } 91 92 static inline int ima_file_mprotect(struct vm_area_struct *vma, 93 unsigned long prot) 94 { 95 return 0; 96 } 97 98 static inline int ima_load_data(enum kernel_load_data_id id, bool contents) 99 { 100 return 0; 101 } 102 103 static inline int ima_post_load_data(char *buf, loff_t size, 104 enum kernel_load_data_id id, 105 char *description) 106 { 107 return 0; 108 } 109 110 static inline int ima_read_file(struct file *file, enum kernel_read_file_id id, 111 bool contents) 112 { 113 return 0; 114 } 115 116 static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, 117 enum kernel_read_file_id id) 118 { 119 return 0; 120 } 121 122 static inline void ima_post_path_mknod(struct user_namespace *mnt_userns, 123 struct dentry *dentry) 124 { 125 return; 126 } 127 128 static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) 129 { 130 return -EOPNOTSUPP; 131 } 132 133 static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size) 134 { 135 return -EOPNOTSUPP; 136 } 137 138 static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {} 139 140 static inline void ima_measure_critical_data(const char *event_label, 141 const char *event_name, 142 const void *buf, size_t buf_len, 143 bool hash) {} 144 145 #endif /* CONFIG_IMA */ 146 147 #ifndef CONFIG_IMA_KEXEC 148 struct kimage; 149 150 static inline void ima_add_kexec_buffer(struct kimage *image) 151 {} 152 #endif 153 154 #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS 155 extern void ima_post_key_create_or_update(struct key *keyring, 156 struct key *key, 157 const void *payload, size_t plen, 158 unsigned long flags, bool create); 159 #else 160 static inline void ima_post_key_create_or_update(struct key *keyring, 161 struct key *key, 162 const void *payload, 163 size_t plen, 164 unsigned long flags, 165 bool create) {} 166 #endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ 167 168 #ifdef CONFIG_IMA_APPRAISE 169 extern bool is_ima_appraise_enabled(void); 170 extern void ima_inode_post_setattr(struct user_namespace *mnt_userns, 171 struct dentry *dentry); 172 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 173 const void *xattr_value, size_t xattr_value_len); 174 extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); 175 #else 176 static inline bool is_ima_appraise_enabled(void) 177 { 178 return 0; 179 } 180 181 static inline void ima_inode_post_setattr(struct user_namespace *mnt_userns, 182 struct dentry *dentry) 183 { 184 return; 185 } 186 187 static inline int ima_inode_setxattr(struct dentry *dentry, 188 const char *xattr_name, 189 const void *xattr_value, 190 size_t xattr_value_len) 191 { 192 return 0; 193 } 194 195 static inline int ima_inode_removexattr(struct dentry *dentry, 196 const char *xattr_name) 197 { 198 return 0; 199 } 200 #endif /* CONFIG_IMA_APPRAISE */ 201 202 #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) 203 extern bool ima_appraise_signature(enum kernel_read_file_id func); 204 #else 205 static inline bool ima_appraise_signature(enum kernel_read_file_id func) 206 { 207 return false; 208 } 209 #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ 210 #endif /* _LINUX_IMA_H */ 211