1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Copyright (C) 2008 IBM Corporation 4 * Author: Mimi Zohar <zohar@us.ibm.com> 5 */ 6 7 #ifndef _LINUX_IMA_H 8 #define _LINUX_IMA_H 9 10 #include <linux/fs.h> 11 #include <linux/security.h> 12 #include <linux/kexec.h> 13 struct linux_binprm; 14 15 #ifdef CONFIG_IMA 16 extern int ima_bprm_check(struct linux_binprm *bprm); 17 extern int ima_file_check(struct file *file, int mask); 18 extern void ima_post_create_tmpfile(struct inode *inode); 19 extern void ima_file_free(struct file *file); 20 extern int ima_file_mmap(struct file *file, unsigned long prot); 21 extern int ima_load_data(enum kernel_load_data_id id); 22 extern int ima_read_file(struct file *file, enum kernel_read_file_id id); 23 extern int ima_post_read_file(struct file *file, void *buf, loff_t size, 24 enum kernel_read_file_id id); 25 extern void ima_post_path_mknod(struct dentry *dentry); 26 extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); 27 extern void ima_kexec_cmdline(const void *buf, int size); 28 29 #ifdef CONFIG_IMA_KEXEC 30 extern void ima_add_kexec_buffer(struct kimage *image); 31 #endif 32 33 #if (defined(CONFIG_X86) && defined(CONFIG_EFI)) || defined(CONFIG_S390) \ 34 || defined(CONFIG_PPC_SECURE_BOOT) 35 extern bool arch_ima_get_secureboot(void); 36 extern const char * const *arch_get_ima_policy(void); 37 #else 38 static inline bool arch_ima_get_secureboot(void) 39 { 40 return false; 41 } 42 43 static inline const char * const *arch_get_ima_policy(void) 44 { 45 return NULL; 46 } 47 #endif 48 49 #else 50 static inline int ima_bprm_check(struct linux_binprm *bprm) 51 { 52 return 0; 53 } 54 55 static inline int ima_file_check(struct file *file, int mask) 56 { 57 return 0; 58 } 59 60 static inline void ima_post_create_tmpfile(struct inode *inode) 61 { 62 } 63 64 static inline void ima_file_free(struct file *file) 65 { 66 return; 67 } 68 69 static inline int ima_file_mmap(struct file *file, unsigned long prot) 70 { 71 return 0; 72 } 73 74 static inline int ima_load_data(enum kernel_load_data_id id) 75 { 76 return 0; 77 } 78 79 static inline int ima_read_file(struct file *file, enum kernel_read_file_id id) 80 { 81 return 0; 82 } 83 84 static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, 85 enum kernel_read_file_id id) 86 { 87 return 0; 88 } 89 90 static inline void ima_post_path_mknod(struct dentry *dentry) 91 { 92 return; 93 } 94 95 static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size) 96 { 97 return -EOPNOTSUPP; 98 } 99 100 static inline void ima_kexec_cmdline(const void *buf, int size) {} 101 #endif /* CONFIG_IMA */ 102 103 #ifndef CONFIG_IMA_KEXEC 104 struct kimage; 105 106 static inline void ima_add_kexec_buffer(struct kimage *image) 107 {} 108 #endif 109 110 #ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS 111 extern void ima_post_key_create_or_update(struct key *keyring, 112 struct key *key, 113 const void *payload, size_t plen, 114 unsigned long flags, bool create); 115 #else 116 static inline void ima_post_key_create_or_update(struct key *keyring, 117 struct key *key, 118 const void *payload, 119 size_t plen, 120 unsigned long flags, 121 bool create) {} 122 #endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ 123 124 #ifdef CONFIG_IMA_APPRAISE 125 extern bool is_ima_appraise_enabled(void); 126 extern void ima_inode_post_setattr(struct dentry *dentry); 127 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 128 const void *xattr_value, size_t xattr_value_len); 129 extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); 130 #else 131 static inline bool is_ima_appraise_enabled(void) 132 { 133 return 0; 134 } 135 136 static inline void ima_inode_post_setattr(struct dentry *dentry) 137 { 138 return; 139 } 140 141 static inline int ima_inode_setxattr(struct dentry *dentry, 142 const char *xattr_name, 143 const void *xattr_value, 144 size_t xattr_value_len) 145 { 146 return 0; 147 } 148 149 static inline int ima_inode_removexattr(struct dentry *dentry, 150 const char *xattr_name) 151 { 152 return 0; 153 } 154 #endif /* CONFIG_IMA_APPRAISE */ 155 156 #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) 157 extern bool ima_appraise_signature(enum kernel_read_file_id func); 158 #else 159 static inline bool ima_appraise_signature(enum kernel_read_file_id func) 160 { 161 return false; 162 } 163 #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ 164 #endif /* _LINUX_IMA_H */ 165