xref: /linux/security/ipe/eval.h (revision c7546e2c3cb739a3c1a2f5acaf9bb629d401afe5)
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
4  */
5 
6 #ifndef _IPE_EVAL_H
7 #define _IPE_EVAL_H
8 
9 #include <linux/file.h>
10 #include <linux/types.h>
11 
12 #include "policy.h"
13 #include "hooks.h"
14 
15 #define IPE_EVAL_CTX_INIT ((struct ipe_eval_ctx){ 0 })
16 
17 extern struct ipe_policy __rcu *ipe_active_policy;
18 extern bool success_audit;
19 extern bool enforce;
20 
21 struct ipe_superblock {
22 	bool initramfs;
23 };
24 
25 #ifdef CONFIG_IPE_PROP_DM_VERITY
26 struct ipe_bdev {
27 #ifdef CONFIG_IPE_PROP_DM_VERITY_SIGNATURE
28 	bool dm_verity_signed;
29 #endif /* CONFIG_IPE_PROP_DM_VERITY_SIGNATURE */
30 	struct digest_info *root_hash;
31 };
32 #endif /* CONFIG_IPE_PROP_DM_VERITY */
33 
34 #ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
35 struct ipe_inode {
36 	bool fs_verity_signed;
37 };
38 #endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
39 
40 struct ipe_eval_ctx {
41 	enum ipe_op_type op;
42 	enum ipe_hook_type hook;
43 
44 	const struct file *file;
45 	bool initramfs;
46 #ifdef CONFIG_IPE_PROP_DM_VERITY
47 	const struct ipe_bdev *ipe_bdev;
48 #endif /* CONFIG_IPE_PROP_DM_VERITY */
49 #ifdef CONFIG_IPE_PROP_FS_VERITY
50 	const struct inode *ino;
51 #endif /* CONFIG_IPE_PROP_FS_VERITY */
52 #ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
53 	const struct ipe_inode *ipe_inode;
54 #endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
55 };
56 
57 enum ipe_match {
58 	IPE_MATCH_RULE = 0,
59 	IPE_MATCH_TABLE,
60 	IPE_MATCH_GLOBAL,
61 	__IPE_MATCH_MAX
62 };
63 
64 void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
65 			const struct file *file,
66 			enum ipe_op_type op,
67 			enum ipe_hook_type hook);
68 int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx);
69 
70 #endif /* _IPE_EVAL_H */
71