xref: /linux/include/linux/ima.h (revision f86fd32d) 
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3  * Copyright (C) 2008 IBM Corporation
4  * Author: Mimi Zohar <zohar@us.ibm.com>
5  */
6 
7 #ifndef _LINUX_IMA_H
8 #define _LINUX_IMA_H
9 
10 #include <linux/fs.h>
11 #include <linux/security.h>
12 #include <linux/kexec.h>
13 struct linux_binprm;
14 
15 #ifdef CONFIG_IMA
16 extern int ima_bprm_check(struct linux_binprm *bprm);
17 extern int ima_file_check(struct file *file, int mask);
18 extern void ima_post_create_tmpfile(struct inode *inode);
19 extern void ima_file_free(struct file *file);
20 extern int ima_file_mmap(struct file *file, unsigned long prot);
21 extern int ima_load_data(enum kernel_load_data_id id);
22 extern int ima_read_file(struct file *file, enum kernel_read_file_id id);
23 extern int ima_post_read_file(struct file *file, void *buf, loff_t size,
24 			      enum kernel_read_file_id id);
25 extern void ima_post_path_mknod(struct dentry *dentry);
26 extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
27 extern void ima_kexec_cmdline(const void *buf, int size);
28 
29 #ifdef CONFIG_IMA_KEXEC
30 extern void ima_add_kexec_buffer(struct kimage *image);
31 #endif
32 
33 #if (defined(CONFIG_X86) && defined(CONFIG_EFI)) || defined(CONFIG_S390) \
34 	|| defined(CONFIG_PPC_SECURE_BOOT)
35 extern bool arch_ima_get_secureboot(void);
36 extern const char * const *arch_get_ima_policy(void);
37 #else
38 static inline bool arch_ima_get_secureboot(void)
39 {
40 	return false;
41 }
42 
43 static inline const char * const *arch_get_ima_policy(void)
44 {
45 	return NULL;
46 }
47 #endif
48 
49 #else
50 static inline int ima_bprm_check(struct linux_binprm *bprm)
51 {
52 	return 0;
53 }
54 
55 static inline int ima_file_check(struct file *file, int mask)
56 {
57 	return 0;
58 }
59 
60 static inline void ima_post_create_tmpfile(struct inode *inode)
61 {
62 }
63 
64 static inline void ima_file_free(struct file *file)
65 {
66 	return;
67 }
68 
69 static inline int ima_file_mmap(struct file *file, unsigned long prot)
70 {
71 	return 0;
72 }
73 
74 static inline int ima_load_data(enum kernel_load_data_id id)
75 {
76 	return 0;
77 }
78 
79 static inline int ima_read_file(struct file *file, enum kernel_read_file_id id)
80 {
81 	return 0;
82 }
83 
84 static inline int ima_post_read_file(struct file *file, void *buf, loff_t size,
85 				     enum kernel_read_file_id id)
86 {
87 	return 0;
88 }
89 
90 static inline void ima_post_path_mknod(struct dentry *dentry)
91 {
92 	return;
93 }
94 
95 static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size)
96 {
97 	return -EOPNOTSUPP;
98 }
99 
100 static inline void ima_kexec_cmdline(const void *buf, int size) {}
101 #endif /* CONFIG_IMA */
102 
103 #ifndef CONFIG_IMA_KEXEC
104 struct kimage;
105 
106 static inline void ima_add_kexec_buffer(struct kimage *image)
107 {}
108 #endif
109 
110 #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
111 extern void ima_post_key_create_or_update(struct key *keyring,
112 					  struct key *key,
113 					  const void *payload, size_t plen,
114 					  unsigned long flags, bool create);
115 #else
116 static inline void ima_post_key_create_or_update(struct key *keyring,
117 						 struct key *key,
118 						 const void *payload,
119 						 size_t plen,
120 						 unsigned long flags,
121 						 bool create) {}
122 #endif  /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */
123 
124 #ifdef CONFIG_IMA_APPRAISE
125 extern bool is_ima_appraise_enabled(void);
126 extern void ima_inode_post_setattr(struct dentry *dentry);
127 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
128 		       const void *xattr_value, size_t xattr_value_len);
129 extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name);
130 #else
131 static inline bool is_ima_appraise_enabled(void)
132 {
133 	return 0;
134 }
135 
136 static inline void ima_inode_post_setattr(struct dentry *dentry)
137 {
138 	return;
139 }
140 
141 static inline int ima_inode_setxattr(struct dentry *dentry,
142 				     const char *xattr_name,
143 				     const void *xattr_value,
144 				     size_t xattr_value_len)
145 {
146 	return 0;
147 }
148 
149 static inline int ima_inode_removexattr(struct dentry *dentry,
150 					const char *xattr_name)
151 {
152 	return 0;
153 }
154 #endif /* CONFIG_IMA_APPRAISE */
155 
156 #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
157 extern bool ima_appraise_signature(enum kernel_read_file_id func);
158 #else
159 static inline bool ima_appraise_signature(enum kernel_read_file_id func)
160 {
161 	return false;
162 }
163 #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */
164 #endif /* _LINUX_IMA_H */
165