ima.h source code [linux/include/linux/ima.h]

1	/ SPDX-License-Identifier: GPL-2.0-only /
2	/*
3	* Copyright (C) 2008 IBM Corporation
4	* Author: Mimi Zohar <zohar@us.ibm.com>
5	*/
6
7	#ifndef _LINUX_IMA_H
8	#define _LINUX_IMA_H
9
10	#include <linux/kernel_read_file.h>
11	#include <linux/fs.h>
12	#include <linux/security.h>
13	#include <linux/kexec.h>
14	#include <crypto/hash_info.h>
15	struct linux_binprm;
16
17	#ifdef CONFIG_IMA
18	extern enum hash_algo ima_get_current_hash_algo(void);
19	extern int ima_file_hash(struct file file, char* *buf, size_t buf_size);
20	extern int ima_inode_hash(struct inode inode, char* *buf, size_t buf_size);
21	extern void ima_kexec_cmdline(int kernel_fd, const void buf, int* size);
22	extern int ima_measure_critical_data(const char *event_label,
23	const char *event_name,
24	const void *buf, size_t buf_len,
25	bool hash, u8 *digest, size_t digest_len);
26
27	#ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
28	extern void ima_appraise_parse_cmdline(void);
29	#else
30	static inline void ima_appraise_parse_cmdline(void) {}
31	#endif
32
33	#ifdef CONFIG_IMA_KEXEC
34	extern void ima_add_kexec_buffer(struct kimage *image);
35	extern void ima_kexec_post_load(struct kimage *image);
36	#else
37	static inline void ima_kexec_post_load(struct kimage *image) {}
38	#endif
39
40	#else
41	static inline enum hash_algo ima_get_current_hash_algo(void)
42	{
43	return HASH_ALGO__LAST;
44	}
45
46	static inline int ima_file_hash(struct file file, char* *buf, size_t buf_size)
47	{
48	return -EOPNOTSUPP;
49	}
50
51	static inline int ima_inode_hash(struct inode inode, char* *buf, size_t buf_size)
52	{
53	return -EOPNOTSUPP;
54	}
55
56	static inline void ima_kexec_cmdline(int kernel_fd, const void buf, int* size) {}
57
58	static inline int ima_measure_critical_data(const char *event_label,
59	const char *event_name,
60	const void *buf, size_t buf_len,
61	bool hash, u8 *digest,
62	size_t digest_len)
63	{
64	return -ENOENT;
65	}
66
67	#endif /* CONFIG_IMA */
68
69	#ifdef CONFIG_HAVE_IMA_KEXEC
70	int __init ima_free_kexec_buffer(void);
71	int __init ima_get_kexec_buffer(void *addr, size_t size);
72	#endif
73
74	#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
75	extern bool arch_ima_get_secureboot(void);
76	extern const char * const arch_get_ima_policy(void*);
77	#else
78	static inline bool arch_ima_get_secureboot(void)
79	{
80	return false;
81	}
82
83	static inline const char * const arch_get_ima_policy(void*)
84	{
85	return NULL;
86	}
87	#endif
88
89	#ifndef CONFIG_IMA_KEXEC
90	struct kimage;
91
92	static inline void ima_add_kexec_buffer(struct kimage *image)
93	{}
94	#endif
95
96	#ifdef CONFIG_IMA_APPRAISE
97	extern bool is_ima_appraise_enabled(void);
98	#else
99	static inline bool is_ima_appraise_enabled(void)
100	{
101	return `0`;
102	}
103	#endif /* CONFIG_IMA_APPRAISE */
104
105	#if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
106	extern bool ima_appraise_signature(enum kernel_read_file_id func);
107	#else
108	static inline bool ima_appraise_signature(enum kernel_read_file_id func)
109	{
110	return false;
111	}
112	#endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */
113	#endif /* _LINUX_IMA_H */
114

source code of linux/include/linux/ima.h