1b886d83cSThomas Gleixner /* SPDX-License-Identifier: GPL-2.0-only */ 23323eec9SMimi Zohar /* 33323eec9SMimi Zohar * Copyright (C) 2005,2006,2007,2008 IBM Corporation 43323eec9SMimi Zohar * 53323eec9SMimi Zohar * Authors: 63323eec9SMimi Zohar * Reiner Sailer <sailer@watson.ibm.com> 73323eec9SMimi Zohar * Mimi Zohar <zohar@us.ibm.com> 83323eec9SMimi Zohar * 93323eec9SMimi Zohar * File: ima.h 103323eec9SMimi Zohar * internal Integrity Measurement Architecture (IMA) definitions 113323eec9SMimi Zohar */ 123323eec9SMimi Zohar 133323eec9SMimi Zohar #ifndef __LINUX_IMA_H 143323eec9SMimi Zohar #define __LINUX_IMA_H 153323eec9SMimi Zohar 163323eec9SMimi Zohar #include <linux/types.h> 173323eec9SMimi Zohar #include <linux/crypto.h> 18cf222217SMimi Zohar #include <linux/fs.h> 193323eec9SMimi Zohar #include <linux/security.h> 203323eec9SMimi Zohar #include <linux/hash.h> 213323eec9SMimi Zohar #include <linux/tpm.h> 223323eec9SMimi Zohar #include <linux/audit.h> 231525b06dSDmitry Kasatkin #include <crypto/hash_info.h> 243323eec9SMimi Zohar 25f381c272SMimi Zohar #include "../integrity.h" 26f381c272SMimi Zohar 2794c3aac5SMimi Zohar #ifdef CONFIG_HAVE_IMA_KEXEC 2894c3aac5SMimi Zohar #include <asm/ima.h> 2994c3aac5SMimi Zohar #endif 3094c3aac5SMimi Zohar 313e8e5503SRoberto Sassu enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_BINARY_NO_FIELD_LEN, 32c019e307SRoberto Sassu IMA_SHOW_BINARY_OLD_STRING_FMT, IMA_SHOW_ASCII }; 333323eec9SMimi Zohar enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 }; 343323eec9SMimi Zohar 353323eec9SMimi Zohar /* digest size for IMA, fits SHA1 or MD5 */ 36f381c272SMimi Zohar #define IMA_DIGEST_SIZE SHA1_DIGEST_SIZE 373323eec9SMimi Zohar #define IMA_EVENT_NAME_LEN_MAX 255 383323eec9SMimi Zohar 393323eec9SMimi Zohar #define IMA_HASH_BITS 9 403323eec9SMimi Zohar #define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS) 413323eec9SMimi Zohar 42adf53a77SRoberto Sassu #define IMA_TEMPLATE_FIELD_ID_MAX_LEN 16 43adf53a77SRoberto Sassu #define IMA_TEMPLATE_NUM_FIELDS_MAX 15 44adf53a77SRoberto Sassu 453ce1217dSRoberto Sassu #define IMA_TEMPLATE_IMA_NAME "ima" 463ce1217dSRoberto Sassu #define IMA_TEMPLATE_IMA_FMT "d|n" 473ce1217dSRoberto Sassu 48a756024eSRoberto Sassu /* current content of the policy */ 49a756024eSRoberto Sassu extern int ima_policy_flag; 50a756024eSRoberto Sassu 513323eec9SMimi Zohar /* set during initialization */ 52c7c8bb23SDmitry Kasatkin extern int ima_hash_algo; 532fe5d6deSMimi Zohar extern int ima_appraise; 545c2a640aSStefan Berger extern struct tpm_chip *ima_tpm_chip; 553323eec9SMimi Zohar 5623b57419SRoberto Sassu /* IMA event related data */ 5723b57419SRoberto Sassu struct ima_event_data { 5823b57419SRoberto Sassu struct integrity_iint_cache *iint; 5923b57419SRoberto Sassu struct file *file; 6023b57419SRoberto Sassu const unsigned char *filename; 6123b57419SRoberto Sassu struct evm_ima_xattr_data *xattr_value; 6223b57419SRoberto Sassu int xattr_len; 633878d505SThiago Jung Bauermann const struct modsig *modsig; 648d94eb9bSRoberto Sassu const char *violation; 6586b4da8cSPrakhar Srivastava const void *buf; 6686b4da8cSPrakhar Srivastava int buf_len; 6723b57419SRoberto Sassu }; 6823b57419SRoberto Sassu 69adf53a77SRoberto Sassu /* IMA template field data definition */ 70adf53a77SRoberto Sassu struct ima_field_data { 71adf53a77SRoberto Sassu u8 *data; 72adf53a77SRoberto Sassu u32 len; 73adf53a77SRoberto Sassu }; 74adf53a77SRoberto Sassu 75adf53a77SRoberto Sassu /* IMA template field definition */ 76adf53a77SRoberto Sassu struct ima_template_field { 77adf53a77SRoberto Sassu const char field_id[IMA_TEMPLATE_FIELD_ID_MAX_LEN]; 7823b57419SRoberto Sassu int (*field_init)(struct ima_event_data *event_data, 7923b57419SRoberto Sassu struct ima_field_data *field_data); 80adf53a77SRoberto Sassu void (*field_show)(struct seq_file *m, enum ima_show_type show, 81adf53a77SRoberto Sassu struct ima_field_data *field_data); 82adf53a77SRoberto Sassu }; 83adf53a77SRoberto Sassu 84adf53a77SRoberto Sassu /* IMA template descriptor definition */ 85adf53a77SRoberto Sassu struct ima_template_desc { 863f23d624SMimi Zohar struct list_head list; 87adf53a77SRoberto Sassu char *name; 88adf53a77SRoberto Sassu char *fmt; 89adf53a77SRoberto Sassu int num_fields; 90b2724d58SEric Biggers const struct ima_template_field **fields; 91adf53a77SRoberto Sassu }; 92adf53a77SRoberto Sassu 933323eec9SMimi Zohar struct ima_template_entry { 9414b1da85SEric Richter int pcr; 95140d8022SMimi Zohar u8 digest[TPM_DIGEST_SIZE]; /* sha1 or md5 measurement hash */ 96a71dc65dSRoberto Sassu struct ima_template_desc *template_desc; /* template descriptor */ 97a71dc65dSRoberto Sassu u32 template_data_len; 98a71dc65dSRoberto Sassu struct ima_field_data template_data[0]; /* template related data */ 993323eec9SMimi Zohar }; 1003323eec9SMimi Zohar 1013323eec9SMimi Zohar struct ima_queue_entry { 1023323eec9SMimi Zohar struct hlist_node hnext; /* place in hash collision list */ 1033323eec9SMimi Zohar struct list_head later; /* place in ima_measurements list */ 1043323eec9SMimi Zohar struct ima_template_entry *entry; 1053323eec9SMimi Zohar }; 1063323eec9SMimi Zohar extern struct list_head ima_measurements; /* list of all measurements */ 1073323eec9SMimi Zohar 10894c3aac5SMimi Zohar /* Some details preceding the binary serialized measurement list */ 10994c3aac5SMimi Zohar struct ima_kexec_hdr { 11094c3aac5SMimi Zohar u16 version; 11194c3aac5SMimi Zohar u16 _reserved0; 11294c3aac5SMimi Zohar u32 _reserved1; 11394c3aac5SMimi Zohar u64 buffer_size; 11494c3aac5SMimi Zohar u64 count; 11594c3aac5SMimi Zohar }; 11694c3aac5SMimi Zohar 11729d3c1c8SMatthew Garrett extern const int read_idmap[]; 11829d3c1c8SMatthew Garrett 11994c3aac5SMimi Zohar #ifdef CONFIG_HAVE_IMA_KEXEC 12094c3aac5SMimi Zohar void ima_load_kexec_buffer(void); 12194c3aac5SMimi Zohar #else 12294c3aac5SMimi Zohar static inline void ima_load_kexec_buffer(void) {} 12394c3aac5SMimi Zohar #endif /* CONFIG_HAVE_IMA_KEXEC */ 12494c3aac5SMimi Zohar 125d68a6fe9SMimi Zohar /* 126d68a6fe9SMimi Zohar * The default binary_runtime_measurements list format is defined as the 127d68a6fe9SMimi Zohar * platform native format. The canonical format is defined as little-endian. 128d68a6fe9SMimi Zohar */ 129d68a6fe9SMimi Zohar extern bool ima_canonical_fmt; 130d68a6fe9SMimi Zohar 1313323eec9SMimi Zohar /* Internal IMA function definitions */ 1323323eec9SMimi Zohar int ima_init(void); 133bab73937SMimi Zohar int ima_fs_init(void); 1343323eec9SMimi Zohar int ima_add_template_entry(struct ima_template_entry *entry, int violation, 1359803d413SRoberto Sassu const char *op, struct inode *inode, 1369803d413SRoberto Sassu const unsigned char *filename); 137c7c8bb23SDmitry Kasatkin int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash); 13811d7646dSDmitry Kasatkin int ima_calc_buffer_hash(const void *buf, loff_t len, 13911d7646dSDmitry Kasatkin struct ima_digest_data *hash); 140b6f8f16fSRoberto Sassu int ima_calc_field_array_hash(struct ima_field_data *field_data, 141b6f8f16fSRoberto Sassu struct ima_template_desc *desc, int num_fields, 142c7c8bb23SDmitry Kasatkin struct ima_digest_data *hash); 14309ef5435SDmitry Kasatkin int __init ima_calc_boot_aggregate(struct ima_digest_data *hash); 1447d802a22SRoberto Sassu void ima_add_violation(struct file *file, const unsigned char *filename, 1458d94eb9bSRoberto Sassu struct integrity_iint_cache *iint, 1463323eec9SMimi Zohar const char *op, const char *cause); 14776bb28f6SDmitry Kasatkin int ima_init_crypto(void); 1483ce1217dSRoberto Sassu void ima_putc(struct seq_file *m, void *data, int datalen); 14945b26133SMimi Zohar void ima_print_digest(struct seq_file *m, u8 *digest, u32 size); 15019453ce0SMatthew Garrett int template_desc_init_fields(const char *template_fmt, 15119453ce0SMatthew Garrett const struct ima_template_field ***fields, 15219453ce0SMatthew Garrett int *num_fields); 153a71dc65dSRoberto Sassu struct ima_template_desc *ima_template_desc_current(void); 15419453ce0SMatthew Garrett struct ima_template_desc *lookup_template_desc(const char *name); 155e5092255SThiago Jung Bauermann bool ima_template_has_modsig(const struct ima_template_desc *ima_template); 15694c3aac5SMimi Zohar int ima_restore_measurement_entry(struct ima_template_entry *entry); 15794c3aac5SMimi Zohar int ima_restore_measurement_list(loff_t bufsize, void *buf); 1587b8589ccSMimi Zohar int ima_measurements_show(struct seq_file *m, void *v); 159d158847aSMimi Zohar unsigned long ima_get_binary_runtime_size(void); 160a71dc65dSRoberto Sassu int ima_init_template(void); 1613f23d624SMimi Zohar void ima_init_template_list(void); 1620b6cf6b9SRoberto Sassu int __init ima_init_digests(void); 163b1694245SJanne Karhunen int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event, 164b1694245SJanne Karhunen void *lsm_data); 1653323eec9SMimi Zohar 1663323eec9SMimi Zohar /* 1673323eec9SMimi Zohar * used to protect h_table and sha_table 1683323eec9SMimi Zohar */ 1693323eec9SMimi Zohar extern spinlock_t ima_queue_lock; 1703323eec9SMimi Zohar 1713323eec9SMimi Zohar struct ima_h_table { 1723323eec9SMimi Zohar atomic_long_t len; /* number of stored measurements in the list */ 1733323eec9SMimi Zohar atomic_long_t violations; 1743323eec9SMimi Zohar struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE]; 1753323eec9SMimi Zohar }; 1763323eec9SMimi Zohar extern struct ima_h_table ima_htable; 1773323eec9SMimi Zohar 1783323eec9SMimi Zohar static inline unsigned long ima_hash_key(u8 *digest) 1793323eec9SMimi Zohar { 1803323eec9SMimi Zohar return hash_long(*digest, IMA_HASH_BITS); 1813323eec9SMimi Zohar } 1823323eec9SMimi Zohar 1832663218bSThiago Jung Bauermann #define __ima_hooks(hook) \ 1842663218bSThiago Jung Bauermann hook(NONE) \ 1852663218bSThiago Jung Bauermann hook(FILE_CHECK) \ 1862663218bSThiago Jung Bauermann hook(MMAP_CHECK) \ 1872663218bSThiago Jung Bauermann hook(BPRM_CHECK) \ 188d906c10dSMatthew Garrett hook(CREDS_CHECK) \ 1892663218bSThiago Jung Bauermann hook(POST_SETATTR) \ 1902663218bSThiago Jung Bauermann hook(MODULE_CHECK) \ 1912663218bSThiago Jung Bauermann hook(FIRMWARE_CHECK) \ 1922663218bSThiago Jung Bauermann hook(KEXEC_KERNEL_CHECK) \ 1932663218bSThiago Jung Bauermann hook(KEXEC_INITRAMFS_CHECK) \ 1942663218bSThiago Jung Bauermann hook(POLICY_CHECK) \ 195b0935123SPrakhar Srivastava hook(KEXEC_CMDLINE) \ 1965808611cSLakshmi Ramasubramanian hook(KEY_CHECK) \ 1972663218bSThiago Jung Bauermann hook(MAX_CHECK) 1982663218bSThiago Jung Bauermann #define __ima_hook_enumify(ENUM) ENUM, 1992663218bSThiago Jung Bauermann 2004ad87a3dSMimi Zohar enum ima_hooks { 2012663218bSThiago Jung Bauermann __ima_hooks(__ima_hook_enumify) 2024ad87a3dSMimi Zohar }; 2034ad87a3dSMimi Zohar 20439b07096SThiago Jung Bauermann extern const char *const func_tokens[]; 20539b07096SThiago Jung Bauermann 20639b07096SThiago Jung Bauermann struct modsig; 20739b07096SThiago Jung Bauermann 2089f81a2edSLakshmi Ramasubramanian #ifdef CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS 2099f81a2edSLakshmi Ramasubramanian /* 2109f81a2edSLakshmi Ramasubramanian * To track keys that need to be measured. 2119f81a2edSLakshmi Ramasubramanian */ 2129f81a2edSLakshmi Ramasubramanian struct ima_key_entry { 2139f81a2edSLakshmi Ramasubramanian struct list_head list; 2149f81a2edSLakshmi Ramasubramanian void *payload; 2159f81a2edSLakshmi Ramasubramanian size_t payload_len; 2169f81a2edSLakshmi Ramasubramanian char *keyring_name; 2179f81a2edSLakshmi Ramasubramanian }; 2185b3014b9SLakshmi Ramasubramanian void ima_init_key_queue(void); 2199f81a2edSLakshmi Ramasubramanian bool ima_should_queue_key(void); 2209f81a2edSLakshmi Ramasubramanian bool ima_queue_key(struct key *keyring, const void *payload, 2219f81a2edSLakshmi Ramasubramanian size_t payload_len); 2229f81a2edSLakshmi Ramasubramanian void ima_process_queued_keys(void); 2239f81a2edSLakshmi Ramasubramanian #else 2245b3014b9SLakshmi Ramasubramanian static inline void ima_init_key_queue(void) {} 2259f81a2edSLakshmi Ramasubramanian static inline bool ima_should_queue_key(void) { return false; } 2269f81a2edSLakshmi Ramasubramanian static inline bool ima_queue_key(struct key *keyring, 2279f81a2edSLakshmi Ramasubramanian const void *payload, 2289f81a2edSLakshmi Ramasubramanian size_t payload_len) { return false; } 2299f81a2edSLakshmi Ramasubramanian static inline void ima_process_queued_keys(void) {} 2309f81a2edSLakshmi Ramasubramanian #endif /* CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS */ 2319f81a2edSLakshmi Ramasubramanian 2323323eec9SMimi Zohar /* LIM API function definitions */ 233d906c10dSMatthew Garrett int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, 23419453ce0SMatthew Garrett int mask, enum ima_hooks func, int *pcr, 235e9085e0aSLakshmi Ramasubramanian struct ima_template_desc **template_desc, 236e9085e0aSLakshmi Ramasubramanian const char *keyring); 2374ad87a3dSMimi Zohar int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); 238f381c272SMimi Zohar int ima_collect_measurement(struct integrity_iint_cache *iint, 239cf222217SMimi Zohar struct file *file, void *buf, loff_t size, 24015588227SThiago Jung Bauermann enum hash_algo algo, struct modsig *modsig); 241f381c272SMimi Zohar void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, 242bcbc9b0cSMimi Zohar const unsigned char *filename, 243bcbc9b0cSMimi Zohar struct evm_ima_xattr_data *xattr_value, 2443878d505SThiago Jung Bauermann int xattr_len, const struct modsig *modsig, int pcr, 24519453ce0SMatthew Garrett struct ima_template_desc *template_desc); 246e14555e3SNayna Jain void process_buffer_measurement(const void *buf, int size, 247e14555e3SNayna Jain const char *eventname, enum ima_hooks func, 248e9085e0aSLakshmi Ramasubramanian int pcr, const char *keyring); 249e7c568e0SPeter Moody void ima_audit_measurement(struct integrity_iint_cache *iint, 250e7c568e0SPeter Moody const unsigned char *filename); 25123b57419SRoberto Sassu int ima_alloc_init_template(struct ima_event_data *event_data, 25219453ce0SMatthew Garrett struct ima_template_entry **entry, 25319453ce0SMatthew Garrett struct ima_template_desc *template_desc); 2543323eec9SMimi Zohar int ima_store_template(struct ima_template_entry *entry, int violation, 25514b1da85SEric Richter struct inode *inode, 25614b1da85SEric Richter const unsigned char *filename, int pcr); 257a7ed7c60SRoberto Sassu void ima_free_template_entry(struct ima_template_entry *entry); 258bc15ed66SMimi Zohar const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); 2593323eec9SMimi Zohar 2603323eec9SMimi Zohar /* IMA policy related functions */ 261d906c10dSMatthew Garrett int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, 26219453ce0SMatthew Garrett enum ima_hooks func, int mask, int flags, int *pcr, 263e9085e0aSLakshmi Ramasubramanian struct ima_template_desc **template_desc, 264e9085e0aSLakshmi Ramasubramanian const char *keyring); 2653323eec9SMimi Zohar void ima_init_policy(void); 2663323eec9SMimi Zohar void ima_update_policy(void); 267a756024eSRoberto Sassu void ima_update_policy_flag(void); 2686ccd0456SEric Paris ssize_t ima_parse_add_rule(char *); 2694af4662fSMimi Zohar void ima_delete_rules(void); 2700112721dSSasha Levin int ima_check_policy(void); 27180eae209SPetko Manolov void *ima_policy_start(struct seq_file *m, loff_t *pos); 27280eae209SPetko Manolov void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos); 27380eae209SPetko Manolov void ima_policy_stop(struct seq_file *m, void *v); 27480eae209SPetko Manolov int ima_policy_show(struct seq_file *m, void *v); 2754af4662fSMimi Zohar 2762fe5d6deSMimi Zohar /* Appraise integrity measurements */ 2772fe5d6deSMimi Zohar #define IMA_APPRAISE_ENFORCE 0x01 2782fe5d6deSMimi Zohar #define IMA_APPRAISE_FIX 0x02 2792faa6ef3SDmitry Kasatkin #define IMA_APPRAISE_LOG 0x04 2802faa6ef3SDmitry Kasatkin #define IMA_APPRAISE_MODULES 0x08 2812faa6ef3SDmitry Kasatkin #define IMA_APPRAISE_FIRMWARE 0x10 28219f8a847SMimi Zohar #define IMA_APPRAISE_POLICY 0x20 28316c267aaSMimi Zohar #define IMA_APPRAISE_KEXEC 0x40 2842fe5d6deSMimi Zohar 2852fe5d6deSMimi Zohar #ifdef CONFIG_IMA_APPRAISE 286273df864SNayna Jain int ima_check_blacklist(struct integrity_iint_cache *iint, 287273df864SNayna Jain const struct modsig *modsig, int pcr); 2884ad87a3dSMimi Zohar int ima_appraise_measurement(enum ima_hooks func, 2894ad87a3dSMimi Zohar struct integrity_iint_cache *iint, 290d3634d0fSDmitry Kasatkin struct file *file, const unsigned char *filename, 291d3634d0fSDmitry Kasatkin struct evm_ima_xattr_data *xattr_value, 29239b07096SThiago Jung Bauermann int xattr_len, const struct modsig *modsig); 293d26e1936SDmitry Kasatkin int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func); 2942fe5d6deSMimi Zohar void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file); 295d79d72e0SMimi Zohar enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint, 2964ad87a3dSMimi Zohar enum ima_hooks func); 2971525b06dSDmitry Kasatkin enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, 2981525b06dSDmitry Kasatkin int xattr_len); 299d3634d0fSDmitry Kasatkin int ima_read_xattr(struct dentry *dentry, 300d3634d0fSDmitry Kasatkin struct evm_ima_xattr_data **xattr_value); 3012fe5d6deSMimi Zohar 3022fe5d6deSMimi Zohar #else 303273df864SNayna Jain static inline int ima_check_blacklist(struct integrity_iint_cache *iint, 304273df864SNayna Jain const struct modsig *modsig, int pcr) 305273df864SNayna Jain { 306273df864SNayna Jain return 0; 307273df864SNayna Jain } 308273df864SNayna Jain 3094ad87a3dSMimi Zohar static inline int ima_appraise_measurement(enum ima_hooks func, 310d79d72e0SMimi Zohar struct integrity_iint_cache *iint, 3112fe5d6deSMimi Zohar struct file *file, 312d3634d0fSDmitry Kasatkin const unsigned char *filename, 313d3634d0fSDmitry Kasatkin struct evm_ima_xattr_data *xattr_value, 31439b07096SThiago Jung Bauermann int xattr_len, 31539b07096SThiago Jung Bauermann const struct modsig *modsig) 3162fe5d6deSMimi Zohar { 3172fe5d6deSMimi Zohar return INTEGRITY_UNKNOWN; 3182fe5d6deSMimi Zohar } 3192fe5d6deSMimi Zohar 320d26e1936SDmitry Kasatkin static inline int ima_must_appraise(struct inode *inode, int mask, 321d26e1936SDmitry Kasatkin enum ima_hooks func) 3222fe5d6deSMimi Zohar { 3232fe5d6deSMimi Zohar return 0; 3242fe5d6deSMimi Zohar } 3252fe5d6deSMimi Zohar 3262fe5d6deSMimi Zohar static inline void ima_update_xattr(struct integrity_iint_cache *iint, 3272fe5d6deSMimi Zohar struct file *file) 3282fe5d6deSMimi Zohar { 3292fe5d6deSMimi Zohar } 330d79d72e0SMimi Zohar 331d79d72e0SMimi Zohar static inline enum integrity_status ima_get_cache_status(struct integrity_iint_cache 3324ad87a3dSMimi Zohar *iint, 3334ad87a3dSMimi Zohar enum ima_hooks func) 334d79d72e0SMimi Zohar { 335d79d72e0SMimi Zohar return INTEGRITY_UNKNOWN; 336d79d72e0SMimi Zohar } 337d3634d0fSDmitry Kasatkin 3381525b06dSDmitry Kasatkin static inline enum hash_algo 3391525b06dSDmitry Kasatkin ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len) 340d3634d0fSDmitry Kasatkin { 3411525b06dSDmitry Kasatkin return ima_hash_algo; 342d3634d0fSDmitry Kasatkin } 343d3634d0fSDmitry Kasatkin 344d3634d0fSDmitry Kasatkin static inline int ima_read_xattr(struct dentry *dentry, 345d3634d0fSDmitry Kasatkin struct evm_ima_xattr_data **xattr_value) 346d3634d0fSDmitry Kasatkin { 347d3634d0fSDmitry Kasatkin return 0; 348d3634d0fSDmitry Kasatkin } 349d3634d0fSDmitry Kasatkin 350bb543e39SThiago Jung Bauermann #endif /* CONFIG_IMA_APPRAISE */ 3512fe5d6deSMimi Zohar 3529044d627SThiago Jung Bauermann #ifdef CONFIG_IMA_APPRAISE_MODSIG 3539044d627SThiago Jung Bauermann bool ima_hook_supports_modsig(enum ima_hooks func); 35439b07096SThiago Jung Bauermann int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len, 35539b07096SThiago Jung Bauermann struct modsig **modsig); 35615588227SThiago Jung Bauermann void ima_collect_modsig(struct modsig *modsig, const void *buf, loff_t size); 3573878d505SThiago Jung Bauermann int ima_get_modsig_digest(const struct modsig *modsig, enum hash_algo *algo, 3583878d505SThiago Jung Bauermann const u8 **digest, u32 *digest_size); 3593878d505SThiago Jung Bauermann int ima_get_raw_modsig(const struct modsig *modsig, const void **data, 3603878d505SThiago Jung Bauermann u32 *data_len); 36139b07096SThiago Jung Bauermann void ima_free_modsig(struct modsig *modsig); 3629044d627SThiago Jung Bauermann #else 3639044d627SThiago Jung Bauermann static inline bool ima_hook_supports_modsig(enum ima_hooks func) 3649044d627SThiago Jung Bauermann { 3659044d627SThiago Jung Bauermann return false; 3669044d627SThiago Jung Bauermann } 36739b07096SThiago Jung Bauermann 36839b07096SThiago Jung Bauermann static inline int ima_read_modsig(enum ima_hooks func, const void *buf, 36939b07096SThiago Jung Bauermann loff_t buf_len, struct modsig **modsig) 37039b07096SThiago Jung Bauermann { 37139b07096SThiago Jung Bauermann return -EOPNOTSUPP; 37239b07096SThiago Jung Bauermann } 37339b07096SThiago Jung Bauermann 37415588227SThiago Jung Bauermann static inline void ima_collect_modsig(struct modsig *modsig, const void *buf, 37515588227SThiago Jung Bauermann loff_t size) 37615588227SThiago Jung Bauermann { 37715588227SThiago Jung Bauermann } 37815588227SThiago Jung Bauermann 3793878d505SThiago Jung Bauermann static inline int ima_get_modsig_digest(const struct modsig *modsig, 3803878d505SThiago Jung Bauermann enum hash_algo *algo, const u8 **digest, 3813878d505SThiago Jung Bauermann u32 *digest_size) 3823878d505SThiago Jung Bauermann { 3833878d505SThiago Jung Bauermann return -EOPNOTSUPP; 3843878d505SThiago Jung Bauermann } 3853878d505SThiago Jung Bauermann 3863878d505SThiago Jung Bauermann static inline int ima_get_raw_modsig(const struct modsig *modsig, 3873878d505SThiago Jung Bauermann const void **data, u32 *data_len) 3883878d505SThiago Jung Bauermann { 3893878d505SThiago Jung Bauermann return -EOPNOTSUPP; 3903878d505SThiago Jung Bauermann } 3913878d505SThiago Jung Bauermann 39239b07096SThiago Jung Bauermann static inline void ima_free_modsig(struct modsig *modsig) 39339b07096SThiago Jung Bauermann { 39439b07096SThiago Jung Bauermann } 3959044d627SThiago Jung Bauermann #endif /* CONFIG_IMA_APPRAISE_MODSIG */ 3969044d627SThiago Jung Bauermann 3974af4662fSMimi Zohar /* LSM based policy rules require audit */ 3984af4662fSMimi Zohar #ifdef CONFIG_IMA_LSM_RULES 3994af4662fSMimi Zohar 4004af4662fSMimi Zohar #define security_filter_rule_init security_audit_rule_init 4014af4662fSMimi Zohar #define security_filter_rule_match security_audit_rule_match 4024af4662fSMimi Zohar 4034af4662fSMimi Zohar #else 4044af4662fSMimi Zohar 4054af4662fSMimi Zohar static inline int security_filter_rule_init(u32 field, u32 op, char *rulestr, 4064af4662fSMimi Zohar void **lsmrule) 4074af4662fSMimi Zohar { 4084af4662fSMimi Zohar return -EINVAL; 4094af4662fSMimi Zohar } 4104af4662fSMimi Zohar 4114af4662fSMimi Zohar static inline int security_filter_rule_match(u32 secid, u32 field, u32 op, 41290462a5bSRichard Guy Briggs void *lsmrule) 4134af4662fSMimi Zohar { 4144af4662fSMimi Zohar return -EINVAL; 4154af4662fSMimi Zohar } 4165d659f28STycho Andersen #endif /* CONFIG_IMA_LSM_RULES */ 41780eae209SPetko Manolov 41880eae209SPetko Manolov #ifdef CONFIG_IMA_READ_POLICY 41980eae209SPetko Manolov #define POLICY_FILE_FLAGS (S_IWUSR | S_IRUSR) 42080eae209SPetko Manolov #else 42180eae209SPetko Manolov #define POLICY_FILE_FLAGS S_IWUSR 4225d659f28STycho Andersen #endif /* CONFIG_IMA_READ_POLICY */ 42380eae209SPetko Manolov 42480eae209SPetko Manolov #endif /* __LINUX_IMA_H */ 425