xref: /linux/include/linux/ima.h (revision 7af6e3febb919e8520a5946649993f7edb0495c7) 
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3  * Copyright (C) 2008 IBM Corporation
4  * Author: Mimi Zohar <zohar@us.ibm.com>
5  */
6 
7 #ifndef _LINUX_IMA_H
8 #define _LINUX_IMA_H
9 
10 #include <linux/kernel_read_file.h>
11 #include <linux/fs.h>
12 #include <linux/security.h>
13 #include <linux/kexec.h>
14 #include <crypto/hash_info.h>
15 struct linux_binprm;
16 
17 #ifdef CONFIG_IMA
18 extern enum hash_algo ima_get_current_hash_algo(void);
19 extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
20 extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size);
21 extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
22 extern int ima_measure_critical_data(const char *event_label,
23 				     const char *event_name,
24 				     const void *buf, size_t buf_len,
25 				     bool hash, u8 *digest, size_t digest_len);
26 
27 #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
28 extern void ima_appraise_parse_cmdline(void);
29 #else
30 static inline void ima_appraise_parse_cmdline(void) {}
31 #endif
32 
33 #ifdef CONFIG_IMA_KEXEC
34 extern void ima_add_kexec_buffer(struct kimage *image);
35 extern void ima_kexec_post_load(struct kimage *image);
36 #else
37 static inline void ima_kexec_post_load(struct kimage *image) {}
38 #endif
39 
40 #else
41 static inline enum hash_algo ima_get_current_hash_algo(void)
42 {
43 	return HASH_ALGO__LAST;
44 }
45 
46 static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size)
47 {
48 	return -EOPNOTSUPP;
49 }
50 
51 static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size)
52 {
53 	return -EOPNOTSUPP;
54 }
55 
56 static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {}
57 
58 static inline int ima_measure_critical_data(const char *event_label,
59 					     const char *event_name,
60 					     const void *buf, size_t buf_len,
61 					     bool hash, u8 *digest,
62 					     size_t digest_len)
63 {
64 	return -ENOENT;
65 }
66 
67 #endif /* CONFIG_IMA */
68 
69 #ifdef CONFIG_HAVE_IMA_KEXEC
70 int __init ima_free_kexec_buffer(void);
71 int __init ima_get_kexec_buffer(void **addr, size_t *size);
72 #endif
73 
74 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
75 extern bool arch_ima_get_secureboot(void);
76 extern const char * const *arch_get_ima_policy(void);
77 #else
78 static inline bool arch_ima_get_secureboot(void)
79 {
80 	return false;
81 }
82 
83 static inline const char * const *arch_get_ima_policy(void)
84 {
85 	return NULL;
86 }
87 #endif
88 
89 #ifndef CONFIG_IMA_KEXEC
90 struct kimage;
91 
92 static inline void ima_add_kexec_buffer(struct kimage *image)
93 {}
94 #endif
95 
96 #ifdef CONFIG_IMA_APPRAISE
97 extern bool is_ima_appraise_enabled(void);
98 #else
99 static inline bool is_ima_appraise_enabled(void)
100 {
101 	return 0;
102 }
103 #endif /* CONFIG_IMA_APPRAISE */
104 
105 #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
106 extern bool ima_appraise_signature(enum kernel_read_file_id func);
107 #else
108 static inline bool ima_appraise_signature(enum kernel_read_file_id func)
109 {
110 	return false;
111 }
112 #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */
113 #endif /* _LINUX_IMA_H */
114