1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved. 4 */ 5 #ifndef _IPE_POLICY_H 6 #define _IPE_POLICY_H 7 8 #include <linux/list.h> 9 #include <linux/types.h> 10 #include <linux/fs.h> 11 12 enum ipe_op_type { 13 IPE_OP_EXEC = 0, 14 IPE_OP_FIRMWARE, 15 IPE_OP_KERNEL_MODULE, 16 IPE_OP_KEXEC_IMAGE, 17 IPE_OP_KEXEC_INITRAMFS, 18 IPE_OP_POLICY, 19 IPE_OP_X509, 20 __IPE_OP_MAX, 21 }; 22 23 #define IPE_OP_INVALID __IPE_OP_MAX 24 25 enum ipe_action_type { 26 IPE_ACTION_ALLOW = 0, 27 IPE_ACTION_DENY, 28 __IPE_ACTION_MAX 29 }; 30 31 #define IPE_ACTION_INVALID __IPE_ACTION_MAX 32 33 enum ipe_prop_type { 34 IPE_PROP_BOOT_VERIFIED_FALSE, 35 IPE_PROP_BOOT_VERIFIED_TRUE, 36 IPE_PROP_DMV_ROOTHASH, 37 IPE_PROP_DMV_SIG_FALSE, 38 IPE_PROP_DMV_SIG_TRUE, 39 IPE_PROP_FSV_DIGEST, 40 IPE_PROP_FSV_SIG_FALSE, 41 IPE_PROP_FSV_SIG_TRUE, 42 __IPE_PROP_MAX 43 }; 44 45 #define IPE_PROP_INVALID __IPE_PROP_MAX 46 47 struct ipe_prop { 48 struct list_head next; 49 enum ipe_prop_type type; 50 void *value; 51 }; 52 53 struct ipe_rule { 54 enum ipe_op_type op; 55 enum ipe_action_type action; 56 struct list_head props; 57 struct list_head next; 58 }; 59 60 struct ipe_op_table { 61 struct list_head rules; 62 enum ipe_action_type default_action; 63 }; 64 65 struct ipe_parsed_policy { 66 const char *name; 67 struct { 68 u16 major; 69 u16 minor; 70 u16 rev; 71 } version; 72 73 enum ipe_action_type global_default_action; 74 75 struct ipe_op_table rules[__IPE_OP_MAX]; 76 }; 77 78 struct ipe_policy { 79 const char *pkcs7; 80 size_t pkcs7len; 81 82 const char *text; 83 size_t textlen; 84 85 struct ipe_parsed_policy *parsed; 86 87 struct dentry *policyfs; 88 }; 89 90 struct ipe_policy *ipe_new_policy(const char *text, size_t textlen, 91 const char *pkcs7, size_t pkcs7len); 92 void ipe_free_policy(struct ipe_policy *pol); 93 int ipe_update_policy(struct inode *root, const char *text, size_t textlen, 94 const char *pkcs7, size_t pkcs7len); 95 int ipe_set_active_pol(const struct ipe_policy *p); 96 extern struct mutex ipe_policy_lock; 97 98 #endif /* _IPE_POLICY_H */ 99