1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved. 4 */ 5 6 #ifndef _IPE_EVAL_H 7 #define _IPE_EVAL_H 8 9 #include <linux/file.h> 10 #include <linux/types.h> 11 12 #include "policy.h" 13 #include "hooks.h" 14 15 #define IPE_EVAL_CTX_INIT ((struct ipe_eval_ctx){ 0 }) 16 17 extern struct ipe_policy __rcu *ipe_active_policy; 18 extern bool success_audit; 19 extern bool enforce; 20 21 struct ipe_superblock { 22 bool initramfs; 23 }; 24 25 #ifdef CONFIG_IPE_PROP_DM_VERITY 26 struct ipe_bdev { 27 #ifdef CONFIG_IPE_PROP_DM_VERITY_SIGNATURE 28 bool dm_verity_signed; 29 #endif /* CONFIG_IPE_PROP_DM_VERITY_SIGNATURE */ 30 struct digest_info *root_hash; 31 }; 32 #endif /* CONFIG_IPE_PROP_DM_VERITY */ 33 34 #ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG 35 struct ipe_inode { 36 bool fs_verity_signed; 37 }; 38 #endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */ 39 40 struct ipe_eval_ctx { 41 enum ipe_op_type op; 42 enum ipe_hook_type hook; 43 44 const struct file *file; 45 bool initramfs; 46 #ifdef CONFIG_IPE_PROP_DM_VERITY 47 const struct ipe_bdev *ipe_bdev; 48 #endif /* CONFIG_IPE_PROP_DM_VERITY */ 49 #ifdef CONFIG_IPE_PROP_FS_VERITY 50 const struct inode *ino; 51 #endif /* CONFIG_IPE_PROP_FS_VERITY */ 52 #ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG 53 const struct ipe_inode *ipe_inode; 54 #endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */ 55 }; 56 57 enum ipe_match { 58 IPE_MATCH_RULE = 0, 59 IPE_MATCH_TABLE, 60 IPE_MATCH_GLOBAL, 61 __IPE_MATCH_MAX 62 }; 63 64 void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx, 65 const struct file *file, 66 enum ipe_op_type op, 67 enum ipe_hook_type hook); 68 int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx); 69 70 #endif /* _IPE_EVAL_H */ 71