1b886d83cSThomas Gleixner /* SPDX-License-Identifier: GPL-2.0-only */ 23323eec9SMimi Zohar /* 33323eec9SMimi Zohar * Copyright (C) 2005,2006,2007,2008 IBM Corporation 43323eec9SMimi Zohar * 53323eec9SMimi Zohar * Authors: 63323eec9SMimi Zohar * Reiner Sailer <sailer@watson.ibm.com> 73323eec9SMimi Zohar * Mimi Zohar <zohar@us.ibm.com> 83323eec9SMimi Zohar * 93323eec9SMimi Zohar * File: ima.h 103323eec9SMimi Zohar * internal Integrity Measurement Architecture (IMA) definitions 113323eec9SMimi Zohar */ 123323eec9SMimi Zohar 133323eec9SMimi Zohar #ifndef __LINUX_IMA_H 143323eec9SMimi Zohar #define __LINUX_IMA_H 153323eec9SMimi Zohar 163323eec9SMimi Zohar #include <linux/types.h> 173323eec9SMimi Zohar #include <linux/crypto.h> 18cf222217SMimi Zohar #include <linux/fs.h> 193323eec9SMimi Zohar #include <linux/security.h> 203323eec9SMimi Zohar #include <linux/hash.h> 213323eec9SMimi Zohar #include <linux/tpm.h> 223323eec9SMimi Zohar #include <linux/audit.h> 231525b06dSDmitry Kasatkin #include <crypto/hash_info.h> 243323eec9SMimi Zohar 25f381c272SMimi Zohar #include "../integrity.h" 26f381c272SMimi Zohar 2794c3aac5SMimi Zohar #ifdef CONFIG_HAVE_IMA_KEXEC 2894c3aac5SMimi Zohar #include <asm/ima.h> 2994c3aac5SMimi Zohar #endif 3094c3aac5SMimi Zohar 313e8e5503SRoberto Sassu enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_BINARY_NO_FIELD_LEN, 32c019e307SRoberto Sassu IMA_SHOW_BINARY_OLD_STRING_FMT, IMA_SHOW_ASCII }; 3320c59ce0SMaurizio Drocco enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8, TPM_PCR10 = 10 }; 343323eec9SMimi Zohar 353323eec9SMimi Zohar /* digest size for IMA, fits SHA1 or MD5 */ 36f381c272SMimi Zohar #define IMA_DIGEST_SIZE SHA1_DIGEST_SIZE 373323eec9SMimi Zohar #define IMA_EVENT_NAME_LEN_MAX 255 383323eec9SMimi Zohar 391129d31bSKrzysztof Struczynski #define IMA_HASH_BITS 10 403323eec9SMimi Zohar #define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS) 413323eec9SMimi Zohar 42adf53a77SRoberto Sassu #define IMA_TEMPLATE_FIELD_ID_MAX_LEN 16 43adf53a77SRoberto Sassu #define IMA_TEMPLATE_NUM_FIELDS_MAX 15 44adf53a77SRoberto Sassu 453ce1217dSRoberto Sassu #define IMA_TEMPLATE_IMA_NAME "ima" 463ce1217dSRoberto Sassu #define IMA_TEMPLATE_IMA_FMT "d|n" 473ce1217dSRoberto Sassu 48aa724fe1SRoberto Sassu #define NR_BANKS(chip) ((chip != NULL) ? chip->nr_allocated_banks : 0) 49aa724fe1SRoberto Sassu 50a756024eSRoberto Sassu /* current content of the policy */ 51a756024eSRoberto Sassu extern int ima_policy_flag; 52a756024eSRoberto Sassu 533323eec9SMimi Zohar /* set during initialization */ 54c7c8bb23SDmitry Kasatkin extern int ima_hash_algo; 55aa724fe1SRoberto Sassu extern int ima_sha1_idx __ro_after_init; 562592677cSRoberto Sassu extern int ima_hash_algo_idx __ro_after_init; 57aa724fe1SRoberto Sassu extern int ima_extra_slots __ro_after_init; 582fe5d6deSMimi Zohar extern int ima_appraise; 595c2a640aSStefan Berger extern struct tpm_chip *ima_tpm_chip; 606cc7c266SRoberto Sassu extern const char boot_aggregate_name[]; 613323eec9SMimi Zohar 6223b57419SRoberto Sassu /* IMA event related data */ 6323b57419SRoberto Sassu struct ima_event_data { 6423b57419SRoberto Sassu struct integrity_iint_cache *iint; 6523b57419SRoberto Sassu struct file *file; 6623b57419SRoberto Sassu const unsigned char *filename; 6723b57419SRoberto Sassu struct evm_ima_xattr_data *xattr_value; 6823b57419SRoberto Sassu int xattr_len; 693878d505SThiago Jung Bauermann const struct modsig *modsig; 708d94eb9bSRoberto Sassu const char *violation; 7186b4da8cSPrakhar Srivastava const void *buf; 7286b4da8cSPrakhar Srivastava int buf_len; 7323b57419SRoberto Sassu }; 7423b57419SRoberto Sassu 75adf53a77SRoberto Sassu /* IMA template field data definition */ 76adf53a77SRoberto Sassu struct ima_field_data { 77adf53a77SRoberto Sassu u8 *data; 78adf53a77SRoberto Sassu u32 len; 79adf53a77SRoberto Sassu }; 80adf53a77SRoberto Sassu 81adf53a77SRoberto Sassu /* IMA template field definition */ 82adf53a77SRoberto Sassu struct ima_template_field { 83adf53a77SRoberto Sassu const char field_id[IMA_TEMPLATE_FIELD_ID_MAX_LEN]; 8423b57419SRoberto Sassu int (*field_init)(struct ima_event_data *event_data, 8523b57419SRoberto Sassu struct ima_field_data *field_data); 86adf53a77SRoberto Sassu void (*field_show)(struct seq_file *m, enum ima_show_type show, 87adf53a77SRoberto Sassu struct ima_field_data *field_data); 88adf53a77SRoberto Sassu }; 89adf53a77SRoberto Sassu 90adf53a77SRoberto Sassu /* IMA template descriptor definition */ 91adf53a77SRoberto Sassu struct ima_template_desc { 923f23d624SMimi Zohar struct list_head list; 93adf53a77SRoberto Sassu char *name; 94adf53a77SRoberto Sassu char *fmt; 95adf53a77SRoberto Sassu int num_fields; 96b2724d58SEric Biggers const struct ima_template_field **fields; 97adf53a77SRoberto Sassu }; 98adf53a77SRoberto Sassu 993323eec9SMimi Zohar struct ima_template_entry { 10014b1da85SEric Richter int pcr; 101aa724fe1SRoberto Sassu struct tpm_digest *digests; 102a71dc65dSRoberto Sassu struct ima_template_desc *template_desc; /* template descriptor */ 103a71dc65dSRoberto Sassu u32 template_data_len; 104a71dc65dSRoberto Sassu struct ima_field_data template_data[0]; /* template related data */ 1053323eec9SMimi Zohar }; 1063323eec9SMimi Zohar 1073323eec9SMimi Zohar struct ima_queue_entry { 1083323eec9SMimi Zohar struct hlist_node hnext; /* place in hash collision list */ 1093323eec9SMimi Zohar struct list_head later; /* place in ima_measurements list */ 1103323eec9SMimi Zohar struct ima_template_entry *entry; 1113323eec9SMimi Zohar }; 1123323eec9SMimi Zohar extern struct list_head ima_measurements; /* list of all measurements */ 1133323eec9SMimi Zohar 11494c3aac5SMimi Zohar /* Some details preceding the binary serialized measurement list */ 11594c3aac5SMimi Zohar struct ima_kexec_hdr { 11694c3aac5SMimi Zohar u16 version; 11794c3aac5SMimi Zohar u16 _reserved0; 11894c3aac5SMimi Zohar u32 _reserved1; 11994c3aac5SMimi Zohar u64 buffer_size; 12094c3aac5SMimi Zohar u64 count; 12194c3aac5SMimi Zohar }; 12294c3aac5SMimi Zohar 12329d3c1c8SMatthew Garrett extern const int read_idmap[]; 12429d3c1c8SMatthew Garrett 12594c3aac5SMimi Zohar #ifdef CONFIG_HAVE_IMA_KEXEC 12694c3aac5SMimi Zohar void ima_load_kexec_buffer(void); 12794c3aac5SMimi Zohar #else 12894c3aac5SMimi Zohar static inline void ima_load_kexec_buffer(void) {} 12994c3aac5SMimi Zohar #endif /* CONFIG_HAVE_IMA_KEXEC */ 13094c3aac5SMimi Zohar 131d68a6fe9SMimi Zohar /* 132d68a6fe9SMimi Zohar * The default binary_runtime_measurements list format is defined as the 133d68a6fe9SMimi Zohar * platform native format. The canonical format is defined as little-endian. 134d68a6fe9SMimi Zohar */ 135d68a6fe9SMimi Zohar extern bool ima_canonical_fmt; 136d68a6fe9SMimi Zohar 1373323eec9SMimi Zohar /* Internal IMA function definitions */ 1383323eec9SMimi Zohar int ima_init(void); 139bab73937SMimi Zohar int ima_fs_init(void); 1403323eec9SMimi Zohar int ima_add_template_entry(struct ima_template_entry *entry, int violation, 1419803d413SRoberto Sassu const char *op, struct inode *inode, 1429803d413SRoberto Sassu const unsigned char *filename); 143c7c8bb23SDmitry Kasatkin int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash); 14411d7646dSDmitry Kasatkin int ima_calc_buffer_hash(const void *buf, loff_t len, 14511d7646dSDmitry Kasatkin struct ima_digest_data *hash); 146b6f8f16fSRoberto Sassu int ima_calc_field_array_hash(struct ima_field_data *field_data, 1477ca79645SRoberto Sassu struct ima_template_entry *entry); 1486cc7c266SRoberto Sassu int ima_calc_boot_aggregate(struct ima_digest_data *hash); 1497d802a22SRoberto Sassu void ima_add_violation(struct file *file, const unsigned char *filename, 1508d94eb9bSRoberto Sassu struct integrity_iint_cache *iint, 1513323eec9SMimi Zohar const char *op, const char *cause); 15276bb28f6SDmitry Kasatkin int ima_init_crypto(void); 1533ce1217dSRoberto Sassu void ima_putc(struct seq_file *m, void *data, int datalen); 15445b26133SMimi Zohar void ima_print_digest(struct seq_file *m, u8 *digest, u32 size); 15519453ce0SMatthew Garrett int template_desc_init_fields(const char *template_fmt, 15619453ce0SMatthew Garrett const struct ima_template_field ***fields, 15719453ce0SMatthew Garrett int *num_fields); 158a71dc65dSRoberto Sassu struct ima_template_desc *ima_template_desc_current(void); 15919453ce0SMatthew Garrett struct ima_template_desc *lookup_template_desc(const char *name); 160e5092255SThiago Jung Bauermann bool ima_template_has_modsig(const struct ima_template_desc *ima_template); 16194c3aac5SMimi Zohar int ima_restore_measurement_entry(struct ima_template_entry *entry); 16294c3aac5SMimi Zohar int ima_restore_measurement_list(loff_t bufsize, void *buf); 1637b8589ccSMimi Zohar int ima_measurements_show(struct seq_file *m, void *v); 164d158847aSMimi Zohar unsigned long ima_get_binary_runtime_size(void); 165a71dc65dSRoberto Sassu int ima_init_template(void); 1663f23d624SMimi Zohar void ima_init_template_list(void); 1670b6cf6b9SRoberto Sassu int __init ima_init_digests(void); 168b1694245SJanne Karhunen int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event, 169b1694245SJanne Karhunen void *lsm_data); 1703323eec9SMimi Zohar 1713323eec9SMimi Zohar /* 1723323eec9SMimi Zohar * used to protect h_table and sha_table 1733323eec9SMimi Zohar */ 1743323eec9SMimi Zohar extern spinlock_t ima_queue_lock; 1753323eec9SMimi Zohar 1763323eec9SMimi Zohar struct ima_h_table { 1773323eec9SMimi Zohar atomic_long_t len; /* number of stored measurements in the list */ 1783323eec9SMimi Zohar atomic_long_t violations; 1793323eec9SMimi Zohar struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE]; 1803323eec9SMimi Zohar }; 1813323eec9SMimi Zohar extern struct ima_h_table ima_htable; 1823323eec9SMimi Zohar 1831129d31bSKrzysztof Struczynski static inline unsigned int ima_hash_key(u8 *digest) 1843323eec9SMimi Zohar { 1851129d31bSKrzysztof Struczynski /* there is no point in taking a hash of part of a digest */ 1861129d31bSKrzysztof Struczynski return (digest[0] | digest[1] << 8) % IMA_MEASURE_HTABLE_SIZE; 1873323eec9SMimi Zohar } 1883323eec9SMimi Zohar 1892663218bSThiago Jung Bauermann #define __ima_hooks(hook) \ 19034e980bbSLakshmi Ramasubramanian hook(NONE, none) \ 19134e980bbSLakshmi Ramasubramanian hook(FILE_CHECK, file) \ 19234e980bbSLakshmi Ramasubramanian hook(MMAP_CHECK, mmap) \ 19334e980bbSLakshmi Ramasubramanian hook(BPRM_CHECK, bprm) \ 19434e980bbSLakshmi Ramasubramanian hook(CREDS_CHECK, creds) \ 19534e980bbSLakshmi Ramasubramanian hook(POST_SETATTR, post_setattr) \ 19634e980bbSLakshmi Ramasubramanian hook(MODULE_CHECK, module) \ 19734e980bbSLakshmi Ramasubramanian hook(FIRMWARE_CHECK, firmware) \ 19834e980bbSLakshmi Ramasubramanian hook(KEXEC_KERNEL_CHECK, kexec_kernel) \ 19934e980bbSLakshmi Ramasubramanian hook(KEXEC_INITRAMFS_CHECK, kexec_initramfs) \ 20034e980bbSLakshmi Ramasubramanian hook(POLICY_CHECK, policy) \ 20134e980bbSLakshmi Ramasubramanian hook(KEXEC_CMDLINE, kexec_cmdline) \ 20234e980bbSLakshmi Ramasubramanian hook(KEY_CHECK, key) \ 20334e980bbSLakshmi Ramasubramanian hook(MAX_CHECK, none) 20434e980bbSLakshmi Ramasubramanian 20534e980bbSLakshmi Ramasubramanian #define __ima_hook_enumify(ENUM, str) ENUM, 20634e980bbSLakshmi Ramasubramanian #define __ima_stringify(arg) (#arg) 20734e980bbSLakshmi Ramasubramanian #define __ima_hook_measuring_stringify(ENUM, str) \ 20834e980bbSLakshmi Ramasubramanian (__ima_stringify(measuring_ ##str)), 2092663218bSThiago Jung Bauermann 2104ad87a3dSMimi Zohar enum ima_hooks { 2112663218bSThiago Jung Bauermann __ima_hooks(__ima_hook_enumify) 2124ad87a3dSMimi Zohar }; 2134ad87a3dSMimi Zohar 21434e980bbSLakshmi Ramasubramanian static const char * const ima_hooks_measure_str[] = { 21534e980bbSLakshmi Ramasubramanian __ima_hooks(__ima_hook_measuring_stringify) 21634e980bbSLakshmi Ramasubramanian }; 21734e980bbSLakshmi Ramasubramanian 21834e980bbSLakshmi Ramasubramanian static inline const char *func_measure_str(enum ima_hooks func) 21934e980bbSLakshmi Ramasubramanian { 22034e980bbSLakshmi Ramasubramanian if (func >= MAX_CHECK) 22134e980bbSLakshmi Ramasubramanian return ima_hooks_measure_str[NONE]; 22234e980bbSLakshmi Ramasubramanian 22334e980bbSLakshmi Ramasubramanian return ima_hooks_measure_str[func]; 22434e980bbSLakshmi Ramasubramanian } 22534e980bbSLakshmi Ramasubramanian 22639b07096SThiago Jung Bauermann extern const char *const func_tokens[]; 22739b07096SThiago Jung Bauermann 22839b07096SThiago Jung Bauermann struct modsig; 22939b07096SThiago Jung Bauermann 2309f81a2edSLakshmi Ramasubramanian #ifdef CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS 2319f81a2edSLakshmi Ramasubramanian /* 2329f81a2edSLakshmi Ramasubramanian * To track keys that need to be measured. 2339f81a2edSLakshmi Ramasubramanian */ 2349f81a2edSLakshmi Ramasubramanian struct ima_key_entry { 2359f81a2edSLakshmi Ramasubramanian struct list_head list; 2369f81a2edSLakshmi Ramasubramanian void *payload; 2379f81a2edSLakshmi Ramasubramanian size_t payload_len; 2389f81a2edSLakshmi Ramasubramanian char *keyring_name; 2399f81a2edSLakshmi Ramasubramanian }; 2405b3014b9SLakshmi Ramasubramanian void ima_init_key_queue(void); 2419f81a2edSLakshmi Ramasubramanian bool ima_should_queue_key(void); 2429f81a2edSLakshmi Ramasubramanian bool ima_queue_key(struct key *keyring, const void *payload, 2439f81a2edSLakshmi Ramasubramanian size_t payload_len); 2449f81a2edSLakshmi Ramasubramanian void ima_process_queued_keys(void); 2459f81a2edSLakshmi Ramasubramanian #else 2465b3014b9SLakshmi Ramasubramanian static inline void ima_init_key_queue(void) {} 2479f81a2edSLakshmi Ramasubramanian static inline bool ima_should_queue_key(void) { return false; } 2489f81a2edSLakshmi Ramasubramanian static inline bool ima_queue_key(struct key *keyring, 2499f81a2edSLakshmi Ramasubramanian const void *payload, 2509f81a2edSLakshmi Ramasubramanian size_t payload_len) { return false; } 2519f81a2edSLakshmi Ramasubramanian static inline void ima_process_queued_keys(void) {} 2529f81a2edSLakshmi Ramasubramanian #endif /* CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS */ 2539f81a2edSLakshmi Ramasubramanian 2543323eec9SMimi Zohar /* LIM API function definitions */ 255d906c10dSMatthew Garrett int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, 25619453ce0SMatthew Garrett int mask, enum ima_hooks func, int *pcr, 257e9085e0aSLakshmi Ramasubramanian struct ima_template_desc **template_desc, 258e9085e0aSLakshmi Ramasubramanian const char *keyring); 2594ad87a3dSMimi Zohar int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); 260f381c272SMimi Zohar int ima_collect_measurement(struct integrity_iint_cache *iint, 261cf222217SMimi Zohar struct file *file, void *buf, loff_t size, 26215588227SThiago Jung Bauermann enum hash_algo algo, struct modsig *modsig); 263f381c272SMimi Zohar void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, 264bcbc9b0cSMimi Zohar const unsigned char *filename, 265bcbc9b0cSMimi Zohar struct evm_ima_xattr_data *xattr_value, 2663878d505SThiago Jung Bauermann int xattr_len, const struct modsig *modsig, int pcr, 26719453ce0SMatthew Garrett struct ima_template_desc *template_desc); 2684834177eSTyler Hicks void process_buffer_measurement(struct inode *inode, const void *buf, int size, 269e14555e3SNayna Jain const char *eventname, enum ima_hooks func, 270e9085e0aSLakshmi Ramasubramanian int pcr, const char *keyring); 271e7c568e0SPeter Moody void ima_audit_measurement(struct integrity_iint_cache *iint, 272e7c568e0SPeter Moody const unsigned char *filename); 27323b57419SRoberto Sassu int ima_alloc_init_template(struct ima_event_data *event_data, 27419453ce0SMatthew Garrett struct ima_template_entry **entry, 27519453ce0SMatthew Garrett struct ima_template_desc *template_desc); 2763323eec9SMimi Zohar int ima_store_template(struct ima_template_entry *entry, int violation, 27714b1da85SEric Richter struct inode *inode, 27814b1da85SEric Richter const unsigned char *filename, int pcr); 279a7ed7c60SRoberto Sassu void ima_free_template_entry(struct ima_template_entry *entry); 280bc15ed66SMimi Zohar const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); 2813323eec9SMimi Zohar 2823323eec9SMimi Zohar /* IMA policy related functions */ 283d906c10dSMatthew Garrett int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, 28419453ce0SMatthew Garrett enum ima_hooks func, int mask, int flags, int *pcr, 285e9085e0aSLakshmi Ramasubramanian struct ima_template_desc **template_desc, 286e9085e0aSLakshmi Ramasubramanian const char *keyring); 2873323eec9SMimi Zohar void ima_init_policy(void); 2883323eec9SMimi Zohar void ima_update_policy(void); 289a756024eSRoberto Sassu void ima_update_policy_flag(void); 2906ccd0456SEric Paris ssize_t ima_parse_add_rule(char *); 2914af4662fSMimi Zohar void ima_delete_rules(void); 2920112721dSSasha Levin int ima_check_policy(void); 29380eae209SPetko Manolov void *ima_policy_start(struct seq_file *m, loff_t *pos); 29480eae209SPetko Manolov void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos); 29580eae209SPetko Manolov void ima_policy_stop(struct seq_file *m, void *v); 29680eae209SPetko Manolov int ima_policy_show(struct seq_file *m, void *v); 2974af4662fSMimi Zohar 2982fe5d6deSMimi Zohar /* Appraise integrity measurements */ 2992fe5d6deSMimi Zohar #define IMA_APPRAISE_ENFORCE 0x01 3002fe5d6deSMimi Zohar #define IMA_APPRAISE_FIX 0x02 3012faa6ef3SDmitry Kasatkin #define IMA_APPRAISE_LOG 0x04 3022faa6ef3SDmitry Kasatkin #define IMA_APPRAISE_MODULES 0x08 3032faa6ef3SDmitry Kasatkin #define IMA_APPRAISE_FIRMWARE 0x10 30419f8a847SMimi Zohar #define IMA_APPRAISE_POLICY 0x20 30516c267aaSMimi Zohar #define IMA_APPRAISE_KEXEC 0x40 3062fe5d6deSMimi Zohar 3072fe5d6deSMimi Zohar #ifdef CONFIG_IMA_APPRAISE 308273df864SNayna Jain int ima_check_blacklist(struct integrity_iint_cache *iint, 309273df864SNayna Jain const struct modsig *modsig, int pcr); 3104ad87a3dSMimi Zohar int ima_appraise_measurement(enum ima_hooks func, 3114ad87a3dSMimi Zohar struct integrity_iint_cache *iint, 312d3634d0fSDmitry Kasatkin struct file *file, const unsigned char *filename, 313d3634d0fSDmitry Kasatkin struct evm_ima_xattr_data *xattr_value, 31439b07096SThiago Jung Bauermann int xattr_len, const struct modsig *modsig); 315d26e1936SDmitry Kasatkin int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func); 3162fe5d6deSMimi Zohar void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file); 317d79d72e0SMimi Zohar enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint, 3184ad87a3dSMimi Zohar enum ima_hooks func); 3191525b06dSDmitry Kasatkin enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, 3201525b06dSDmitry Kasatkin int xattr_len); 321d3634d0fSDmitry Kasatkin int ima_read_xattr(struct dentry *dentry, 322d3634d0fSDmitry Kasatkin struct evm_ima_xattr_data **xattr_value); 3232fe5d6deSMimi Zohar 3242fe5d6deSMimi Zohar #else 325273df864SNayna Jain static inline int ima_check_blacklist(struct integrity_iint_cache *iint, 326273df864SNayna Jain const struct modsig *modsig, int pcr) 327273df864SNayna Jain { 328273df864SNayna Jain return 0; 329273df864SNayna Jain } 330273df864SNayna Jain 3314ad87a3dSMimi Zohar static inline int ima_appraise_measurement(enum ima_hooks func, 332d79d72e0SMimi Zohar struct integrity_iint_cache *iint, 3332fe5d6deSMimi Zohar struct file *file, 334d3634d0fSDmitry Kasatkin const unsigned char *filename, 335d3634d0fSDmitry Kasatkin struct evm_ima_xattr_data *xattr_value, 33639b07096SThiago Jung Bauermann int xattr_len, 33739b07096SThiago Jung Bauermann const struct modsig *modsig) 3382fe5d6deSMimi Zohar { 3392fe5d6deSMimi Zohar return INTEGRITY_UNKNOWN; 3402fe5d6deSMimi Zohar } 3412fe5d6deSMimi Zohar 342d26e1936SDmitry Kasatkin static inline int ima_must_appraise(struct inode *inode, int mask, 343d26e1936SDmitry Kasatkin enum ima_hooks func) 3442fe5d6deSMimi Zohar { 3452fe5d6deSMimi Zohar return 0; 3462fe5d6deSMimi Zohar } 3472fe5d6deSMimi Zohar 3482fe5d6deSMimi Zohar static inline void ima_update_xattr(struct integrity_iint_cache *iint, 3492fe5d6deSMimi Zohar struct file *file) 3502fe5d6deSMimi Zohar { 3512fe5d6deSMimi Zohar } 352d79d72e0SMimi Zohar 353d79d72e0SMimi Zohar static inline enum integrity_status ima_get_cache_status(struct integrity_iint_cache 3544ad87a3dSMimi Zohar *iint, 3554ad87a3dSMimi Zohar enum ima_hooks func) 356d79d72e0SMimi Zohar { 357d79d72e0SMimi Zohar return INTEGRITY_UNKNOWN; 358d79d72e0SMimi Zohar } 359d3634d0fSDmitry Kasatkin 3601525b06dSDmitry Kasatkin static inline enum hash_algo 3611525b06dSDmitry Kasatkin ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len) 362d3634d0fSDmitry Kasatkin { 3631525b06dSDmitry Kasatkin return ima_hash_algo; 364d3634d0fSDmitry Kasatkin } 365d3634d0fSDmitry Kasatkin 366d3634d0fSDmitry Kasatkin static inline int ima_read_xattr(struct dentry *dentry, 367d3634d0fSDmitry Kasatkin struct evm_ima_xattr_data **xattr_value) 368d3634d0fSDmitry Kasatkin { 369d3634d0fSDmitry Kasatkin return 0; 370d3634d0fSDmitry Kasatkin } 371d3634d0fSDmitry Kasatkin 372bb543e39SThiago Jung Bauermann #endif /* CONFIG_IMA_APPRAISE */ 3732fe5d6deSMimi Zohar 3749044d627SThiago Jung Bauermann #ifdef CONFIG_IMA_APPRAISE_MODSIG 37539b07096SThiago Jung Bauermann int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len, 37639b07096SThiago Jung Bauermann struct modsig **modsig); 37715588227SThiago Jung Bauermann void ima_collect_modsig(struct modsig *modsig, const void *buf, loff_t size); 3783878d505SThiago Jung Bauermann int ima_get_modsig_digest(const struct modsig *modsig, enum hash_algo *algo, 3793878d505SThiago Jung Bauermann const u8 **digest, u32 *digest_size); 3803878d505SThiago Jung Bauermann int ima_get_raw_modsig(const struct modsig *modsig, const void **data, 3813878d505SThiago Jung Bauermann u32 *data_len); 38239b07096SThiago Jung Bauermann void ima_free_modsig(struct modsig *modsig); 3839044d627SThiago Jung Bauermann #else 38439b07096SThiago Jung Bauermann static inline int ima_read_modsig(enum ima_hooks func, const void *buf, 38539b07096SThiago Jung Bauermann loff_t buf_len, struct modsig **modsig) 38639b07096SThiago Jung Bauermann { 38739b07096SThiago Jung Bauermann return -EOPNOTSUPP; 38839b07096SThiago Jung Bauermann } 38939b07096SThiago Jung Bauermann 39015588227SThiago Jung Bauermann static inline void ima_collect_modsig(struct modsig *modsig, const void *buf, 39115588227SThiago Jung Bauermann loff_t size) 39215588227SThiago Jung Bauermann { 39315588227SThiago Jung Bauermann } 39415588227SThiago Jung Bauermann 3953878d505SThiago Jung Bauermann static inline int ima_get_modsig_digest(const struct modsig *modsig, 3963878d505SThiago Jung Bauermann enum hash_algo *algo, const u8 **digest, 3973878d505SThiago Jung Bauermann u32 *digest_size) 3983878d505SThiago Jung Bauermann { 3993878d505SThiago Jung Bauermann return -EOPNOTSUPP; 4003878d505SThiago Jung Bauermann } 4013878d505SThiago Jung Bauermann 4023878d505SThiago Jung Bauermann static inline int ima_get_raw_modsig(const struct modsig *modsig, 4033878d505SThiago Jung Bauermann const void **data, u32 *data_len) 4043878d505SThiago Jung Bauermann { 4053878d505SThiago Jung Bauermann return -EOPNOTSUPP; 4063878d505SThiago Jung Bauermann } 4073878d505SThiago Jung Bauermann 40839b07096SThiago Jung Bauermann static inline void ima_free_modsig(struct modsig *modsig) 40939b07096SThiago Jung Bauermann { 41039b07096SThiago Jung Bauermann } 4119044d627SThiago Jung Bauermann #endif /* CONFIG_IMA_APPRAISE_MODSIG */ 4129044d627SThiago Jung Bauermann 4134af4662fSMimi Zohar /* LSM based policy rules require audit */ 4144af4662fSMimi Zohar #ifdef CONFIG_IMA_LSM_RULES 4154af4662fSMimi Zohar 416b8867eedSTyler Hicks #define ima_filter_rule_init security_audit_rule_init 417b8867eedSTyler Hicks #define ima_filter_rule_free security_audit_rule_free 418b8867eedSTyler Hicks #define ima_filter_rule_match security_audit_rule_match 4194af4662fSMimi Zohar 4204af4662fSMimi Zohar #else 4214af4662fSMimi Zohar 422b8867eedSTyler Hicks static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, 4234af4662fSMimi Zohar void **lsmrule) 4244af4662fSMimi Zohar { 4254af4662fSMimi Zohar return -EINVAL; 4264af4662fSMimi Zohar } 4274af4662fSMimi Zohar 428b8867eedSTyler Hicks static inline void ima_filter_rule_free(void *lsmrule) 4299ff8a616STyler Hicks { 4309ff8a616STyler Hicks } 4319ff8a616STyler Hicks 432b8867eedSTyler Hicks static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, 43390462a5bSRichard Guy Briggs void *lsmrule) 4344af4662fSMimi Zohar { 4354af4662fSMimi Zohar return -EINVAL; 4364af4662fSMimi Zohar } 4375d659f28STycho Andersen #endif /* CONFIG_IMA_LSM_RULES */ 43880eae209SPetko Manolov 43980eae209SPetko Manolov #ifdef CONFIG_IMA_READ_POLICY 44080eae209SPetko Manolov #define POLICY_FILE_FLAGS (S_IWUSR | S_IRUSR) 44180eae209SPetko Manolov #else 44280eae209SPetko Manolov #define POLICY_FILE_FLAGS S_IWUSR 4435d659f28STycho Andersen #endif /* CONFIG_IMA_READ_POLICY */ 44480eae209SPetko Manolov 44580eae209SPetko Manolov #endif /* __LINUX_IMA_H */ 446