1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * IMA support for appraising module-style appended signatures. 4 * 5 * Copyright (C) 2019 IBM Corporation 6 * 7 * Author: 8 * Thiago Jung Bauermann <bauerman@linux.ibm.com> 9 */ 10 11 #include "ima.h" 12 13 /** 14 * ima_hook_supports_modsig - can the policy allow modsig for this hook? 15 * 16 * modsig is only supported by hooks using ima_post_read_file(), because only 17 * they preload the contents of the file in a buffer. FILE_CHECK does that in 18 * some cases, but not when reached from vfs_open(). POLICY_CHECK can support 19 * it, but it's not useful in practice because it's a text file so deny. 20 */ 21 bool ima_hook_supports_modsig(enum ima_hooks func) 22 { 23 switch (func) { 24 case KEXEC_KERNEL_CHECK: 25 case KEXEC_INITRAMFS_CHECK: 26 case MODULE_CHECK: 27 return true; 28 default: 29 return false; 30 } 31 } 32