ima.h - OpenGrok cross reference for /linux/security/integrity/ima/ima.h

Deleted Added

sdiffudifftextold (6288cf1e..)new (f381c272..)

ima.h (6288cf1e768ae73db5ddaaae54d85245cc1c2b56)	ima.h (f381c272224f5f158f5cff64f8f3481fa0eee8b3)
1/* 2 * Copyright (C) 2005,2006,2007,2008 IBM Corporation 3 * 4 * Authors: 5 * Reiner Sailer <sailer@watson.ibm.com> 6 * Mimi Zohar <zohar@us.ibm.com> 7 * 8 * This program is free software; you can redistribute it and/or --- 10 unchanged lines hidden (view full) --- 19 20#include <linux/types.h> 21#include <linux/crypto.h> 22#include <linux/security.h> 23#include <linux/hash.h> 24#include <linux/tpm.h> 25#include <linux/audit.h> 26	1/* 2 * Copyright (C) 2005,2006,2007,2008 IBM Corporation 3 * 4 * Authors: 5 * Reiner Sailer <sailer@watson.ibm.com> 6 * Mimi Zohar <zohar@us.ibm.com> 7 * 8 * This program is free software; you can redistribute it and/or --- 10 unchanged lines hidden (view full) --- 19 20#include <linux/types.h> 21#include <linux/crypto.h> 22#include <linux/security.h> 23#include <linux/hash.h> 24#include <linux/tpm.h> 25#include <linux/audit.h> 26
	27#include "../integrity.h" 28
27enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_ASCII }; 28enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 }; 29 30/* digest size for IMA, fits SHA1 or MD5 */	29enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_ASCII }; 30enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 }; 31 32/* digest size for IMA, fits SHA1 or MD5 */
31#define IMA_DIGEST_SIZE 20	33#define IMA_DIGEST_SIZE SHA1_DIGEST_SIZE
32#define IMA_EVENT_NAME_LEN_MAX 255 33 34#define IMA_HASH_BITS 9 35#define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS) 36 37/* set during initialization / 38extern int iint_initialized; 39extern int ima_initialized; --- 51 unchanged lines hidden* (view full) --- 91}; 92extern struct ima_h_table ima_htable; 93 94static inline unsigned long ima_hash_key(u8 digest) 95{ 96 return hash_long(digest, IMA_HASH_BITS); 97} 98	34#define IMA_EVENT_NAME_LEN_MAX 255 35 36#define IMA_HASH_BITS 9 37#define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS) 38 39/* set during initialization / 40extern int iint_initialized; 41extern int ima_initialized; --- 51 unchanged lines hidden* (view full) --- 93}; 94extern struct ima_h_table ima_htable; 95 96static inline unsigned long ima_hash_key(u8 digest) 97{ 98 return hash_long(digest, IMA_HASH_BITS); 99} 100
99/* iint cache flags / 100#define IMA_MEASURED 0x01 101 102/ integrity data associated with an inode / 103struct ima_iint_cache { 104 struct rb_node rb_node; / rooted in ima_iint_tree / 105 struct inode inode; /* back pointer to inode in question / 106 u64 version; / track inode changes / 107 unsigned char flags; 108 u8 digest[IMA_DIGEST_SIZE]; 109 struct mutex mutex; / protects: version, flags, digest */ 110}; 111
112/* LIM API function definitions / 113int ima_must_measure(struct inode inode, int mask, int function);	101/* LIM API function definitions / 102int ima_must_measure(struct inode inode, int mask, int function);
114int ima_collect_measurement(struct ima_iint_cache iint, struct file file); 115void ima_store_measurement(struct ima_iint_cache iint, struct file file,	103int ima_collect_measurement(struct integrity_iint_cache iint, 104 struct file file); 105void ima_store_measurement(struct integrity_iint_cache iint, struct file file,
116 const unsigned char filename); 117int ima_store_template(struct ima_template_entry entry, int violation, 118 struct inode *inode);	106 const unsigned char filename); 107int ima_store_template(struct ima_template_entry entry, int violation, 108 struct inode *inode);
119void ima_template_show(struct seq_file m, void e, 120 enum ima_show_type show);	109void ima_template_show(struct seq_file m, void e, enum ima_show_type show);
121 122/* rbtree tree calls to lookup, insert, delete 123 * integrity data associated with an inode. 124 */	110 111/* rbtree tree calls to lookup, insert, delete 112 * integrity data associated with an inode. 113 */
125struct ima_iint_cache ima_iint_insert(struct inode inode); 126struct ima_iint_cache ima_iint_find(struct inode inode);	114struct integrity_iint_cache integrity_iint_insert(struct inode inode); 115struct integrity_iint_cache integrity_iint_find(struct inode inode);
127 128/* IMA policy related functions / 129enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK }; 130 131int ima_match_policy(struct inode inode, enum ima_hooks func, int mask); 132void ima_init_policy(void); 133void ima_update_policy(void); 134ssize_t ima_parse_add_rule(char ); --- 24 unchanged lines hidden* ---	116 117/* IMA policy related functions / 118enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK }; 119 120int ima_match_policy(struct inode inode, enum ima_hooks func, int mask); 121void ima_init_policy(void); 122void ima_update_policy(void); 123ssize_t ima_parse_add_rule(char ); --- 24 unchanged lines hidden* ---

ima.h (6288cf1e768ae73db5ddaaae54d85245cc1c2b56)	ima.h (f381c272224f5f158f5cff64f8f3481fa0eee8b3)
1/* 2 * Copyright (C) 2005,2006,2007,2008 IBM Corporation 3 * 4 * Authors: 5 * Reiner Sailer <sailer@watson.ibm.com> 6 * Mimi Zohar <zohar@us.ibm.com> 7 * 8 * This program is free software; you can redistribute it and/or --- 10 unchanged lines hidden (view full) --- 19 20#include <linux/types.h> 21#include <linux/crypto.h> 22#include <linux/security.h> 23#include <linux/hash.h> 24#include <linux/tpm.h> 25#include <linux/audit.h> 26	1/* 2 * Copyright (C) 2005,2006,2007,2008 IBM Corporation 3 * 4 * Authors: 5 * Reiner Sailer <sailer@watson.ibm.com> 6 * Mimi Zohar <zohar@us.ibm.com> 7 * 8 * This program is free software; you can redistribute it and/or --- 10 unchanged lines hidden (view full) --- 19 20#include <linux/types.h> 21#include <linux/crypto.h> 22#include <linux/security.h> 23#include <linux/hash.h> 24#include <linux/tpm.h> 25#include <linux/audit.h> 26
	27#include "../integrity.h" 28
27enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_ASCII }; 28enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 }; 29 30/* digest size for IMA, fits SHA1 or MD5 */	29enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_ASCII }; 30enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 }; 31 32/* digest size for IMA, fits SHA1 or MD5 */
31#define IMA_DIGEST_SIZE 20	33#define IMA_DIGEST_SIZE SHA1_DIGEST_SIZE
32#define IMA_EVENT_NAME_LEN_MAX 255 33 34#define IMA_HASH_BITS 9 35#define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS) 36 37/* set during initialization / 38extern int iint_initialized; 39extern int ima_initialized; --- 51 unchanged lines hidden* (view full) --- 91}; 92extern struct ima_h_table ima_htable; 93 94static inline unsigned long ima_hash_key(u8 digest) 95{ 96 return hash_long(digest, IMA_HASH_BITS); 97} 98	34#define IMA_EVENT_NAME_LEN_MAX 255 35 36#define IMA_HASH_BITS 9 37#define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS) 38 39/* set during initialization / 40extern int iint_initialized; 41extern int ima_initialized; --- 51 unchanged lines hidden* (view full) --- 93}; 94extern struct ima_h_table ima_htable; 95 96static inline unsigned long ima_hash_key(u8 digest) 97{ 98 return hash_long(digest, IMA_HASH_BITS); 99} 100
99/* iint cache flags / 100#define IMA_MEASURED 0x01 101 102/ integrity data associated with an inode / 103struct ima_iint_cache { 104 struct rb_node rb_node; / rooted in ima_iint_tree / 105 struct inode inode; /* back pointer to inode in question / 106 u64 version; / track inode changes / 107 unsigned char flags; 108 u8 digest[IMA_DIGEST_SIZE]; 109 struct mutex mutex; / protects: version, flags, digest */ 110}; 111
112/* LIM API function definitions / 113int ima_must_measure(struct inode inode, int mask, int function);	101/* LIM API function definitions / 102int ima_must_measure(struct inode inode, int mask, int function);
114int ima_collect_measurement(struct ima_iint_cache iint, struct file file); 115void ima_store_measurement(struct ima_iint_cache iint, struct file file,	103int ima_collect_measurement(struct integrity_iint_cache iint, 104 struct file file); 105void ima_store_measurement(struct integrity_iint_cache iint, struct file file,
116 const unsigned char filename); 117int ima_store_template(struct ima_template_entry entry, int violation, 118 struct inode *inode);	106 const unsigned char filename); 107int ima_store_template(struct ima_template_entry entry, int violation, 108 struct inode *inode);
119void ima_template_show(struct seq_file m, void e, 120 enum ima_show_type show);	109void ima_template_show(struct seq_file m, void e, enum ima_show_type show);
121 122/* rbtree tree calls to lookup, insert, delete 123 * integrity data associated with an inode. 124 */	110 111/* rbtree tree calls to lookup, insert, delete 112 * integrity data associated with an inode. 113 */
125struct ima_iint_cache ima_iint_insert(struct inode inode); 126struct ima_iint_cache ima_iint_find(struct inode inode);	114struct integrity_iint_cache integrity_iint_insert(struct inode inode); 115struct integrity_iint_cache integrity_iint_find(struct inode inode);
127 128/* IMA policy related functions / 129enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK }; 130 131int ima_match_policy(struct inode inode, enum ima_hooks func, int mask); 132void ima_init_policy(void); 133void ima_update_policy(void); 134ssize_t ima_parse_add_rule(char ); --- 24 unchanged lines hidden* ---	116 117/* IMA policy related functions / 118enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK }; 119 120int ima_match_policy(struct inode inode, enum ima_hooks func, int mask); 121void ima_init_policy(void); 122void ima_update_policy(void); 123ssize_t ima_parse_add_rule(char ); --- 24 unchanged lines hidden* ---