1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Copyright (C) 2008 IBM Corporation 4 * Author: Mimi Zohar <zohar@us.ibm.com> 5 */ 6 7 #ifndef _LINUX_IMA_H 8 #define _LINUX_IMA_H 9 10 #include <linux/fs.h> 11 #include <linux/security.h> 12 #include <linux/kexec.h> 13 struct linux_binprm; 14 15 #ifdef CONFIG_IMA 16 extern int ima_bprm_check(struct linux_binprm *bprm); 17 extern int ima_file_check(struct file *file, int mask); 18 extern void ima_post_create_tmpfile(struct inode *inode); 19 extern void ima_file_free(struct file *file); 20 extern int ima_file_mmap(struct file *file, unsigned long reqprot, 21 unsigned long prot, unsigned long flags); 22 extern int ima_load_data(enum kernel_load_data_id id); 23 extern int ima_read_file(struct file *file, enum kernel_read_file_id id); 24 extern int ima_post_read_file(struct file *file, void *buf, loff_t size, 25 enum kernel_read_file_id id); 26 extern void ima_post_path_mknod(struct dentry *dentry); 27 extern void ima_kexec_cmdline(const void *buf, int size); 28 29 #ifdef CONFIG_IMA_KEXEC 30 extern void ima_add_kexec_buffer(struct kimage *image); 31 #endif 32 33 #if (defined(CONFIG_X86) && defined(CONFIG_EFI)) || defined(CONFIG_S390) 34 extern bool arch_ima_get_secureboot(void); 35 extern const char * const *arch_get_ima_policy(void); 36 #else arch_ima_get_secureboot(void)37 static inline bool arch_ima_get_secureboot(void) 38 { 39 return false; 40 } 41 arch_get_ima_policy(void)42 static inline const char * const *arch_get_ima_policy(void) 43 { 44 return NULL; 45 } 46 #endif 47 48 #else ima_bprm_check(struct linux_binprm * bprm)49 static inline int ima_bprm_check(struct linux_binprm *bprm) 50 { 51 return 0; 52 } 53 ima_file_check(struct file * file,int mask)54 static inline int ima_file_check(struct file *file, int mask) 55 { 56 return 0; 57 } 58 ima_post_create_tmpfile(struct inode * inode)59 static inline void ima_post_create_tmpfile(struct inode *inode) 60 { 61 } 62 ima_file_free(struct file * file)63 static inline void ima_file_free(struct file *file) 64 { 65 return; 66 } 67 ima_file_mmap(struct file * file,unsigned long reqprot,unsigned long prot,unsigned long flags)68 static inline int ima_file_mmap(struct file *file, unsigned long reqprot, 69 unsigned long prot, unsigned long flags) 70 { 71 return 0; 72 } 73 ima_load_data(enum kernel_load_data_id id)74 static inline int ima_load_data(enum kernel_load_data_id id) 75 { 76 return 0; 77 } 78 ima_read_file(struct file * file,enum kernel_read_file_id id)79 static inline int ima_read_file(struct file *file, enum kernel_read_file_id id) 80 { 81 return 0; 82 } 83 ima_post_read_file(struct file * file,void * buf,loff_t size,enum kernel_read_file_id id)84 static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, 85 enum kernel_read_file_id id) 86 { 87 return 0; 88 } 89 ima_post_path_mknod(struct dentry * dentry)90 static inline void ima_post_path_mknod(struct dentry *dentry) 91 { 92 return; 93 } 94 ima_kexec_cmdline(const void * buf,int size)95 static inline void ima_kexec_cmdline(const void *buf, int size) {} 96 #endif /* CONFIG_IMA */ 97 98 #ifndef CONFIG_IMA_KEXEC 99 struct kimage; 100 ima_add_kexec_buffer(struct kimage * image)101 static inline void ima_add_kexec_buffer(struct kimage *image) 102 {} 103 #endif 104 105 #ifdef CONFIG_IMA_APPRAISE 106 extern bool is_ima_appraise_enabled(void); 107 extern void ima_inode_post_setattr(struct dentry *dentry); 108 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 109 const void *xattr_value, size_t xattr_value_len); 110 extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); 111 #else is_ima_appraise_enabled(void)112 static inline bool is_ima_appraise_enabled(void) 113 { 114 return 0; 115 } 116 ima_inode_post_setattr(struct dentry * dentry)117 static inline void ima_inode_post_setattr(struct dentry *dentry) 118 { 119 return; 120 } 121 ima_inode_setxattr(struct dentry * dentry,const char * xattr_name,const void * xattr_value,size_t xattr_value_len)122 static inline int ima_inode_setxattr(struct dentry *dentry, 123 const char *xattr_name, 124 const void *xattr_value, 125 size_t xattr_value_len) 126 { 127 return 0; 128 } 129 ima_inode_removexattr(struct dentry * dentry,const char * xattr_name)130 static inline int ima_inode_removexattr(struct dentry *dentry, 131 const char *xattr_name) 132 { 133 return 0; 134 } 135 #endif /* CONFIG_IMA_APPRAISE */ 136 137 #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING) 138 extern bool ima_appraise_signature(enum kernel_read_file_id func); 139 #else ima_appraise_signature(enum kernel_read_file_id func)140 static inline bool ima_appraise_signature(enum kernel_read_file_id func) 141 { 142 return false; 143 } 144 #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */ 145 #endif /* _LINUX_IMA_H */ 146