Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/integrity/ima/ima.h 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) /* SPDX-License-Identifier: GPL-2.0-only */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * Copyright (C) 2005,2006,2007,2008 IBM Corporation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Authors:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  * Reiner Sailer <sailer@watson.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  * Mimi Zohar <zohar@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9)  * File: ima.h
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10)  *	internal Integrity Measurement Architecture (IMA) definitions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #ifndef __LINUX_IMA_H
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #define __LINUX_IMA_H
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <linux/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <linux/crypto.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) #include <linux/fs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) #include <linux/security.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) #include <linux/hash.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) #include <linux/tpm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) #include <linux/audit.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) #include <crypto/hash_info.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) #include "../integrity.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) #ifdef CONFIG_HAVE_IMA_KEXEC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) #include <asm/ima.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_BINARY_NO_FIELD_LEN,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 		     IMA_SHOW_BINARY_OLD_STRING_FMT, IMA_SHOW_ASCII };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8, TPM_PCR10 = 10 };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) /* digest size for IMA, fits SHA1 or MD5 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) #define IMA_DIGEST_SIZE		SHA1_DIGEST_SIZE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) #define IMA_EVENT_NAME_LEN_MAX	255
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) #define IMA_HASH_BITS 10
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) #define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) #define IMA_TEMPLATE_FIELD_ID_MAX_LEN	16
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) #define IMA_TEMPLATE_NUM_FIELDS_MAX	15
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) #define IMA_TEMPLATE_IMA_NAME "ima"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) #define IMA_TEMPLATE_IMA_FMT "d|n"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) #define NR_BANKS(chip) ((chip != NULL) ? chip->nr_allocated_banks : 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) /* current content of the policy */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) extern int ima_policy_flag;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) /* set during initialization */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) extern int ima_hash_algo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) extern int ima_sha1_idx __ro_after_init;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) extern int ima_hash_algo_idx __ro_after_init;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) extern int ima_extra_slots __ro_after_init;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) extern int ima_appraise;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) extern struct tpm_chip *ima_tpm_chip;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) extern const char boot_aggregate_name[];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) /* IMA event related data */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) struct ima_event_data {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 	struct integrity_iint_cache *iint;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 	struct file *file;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 	const unsigned char *filename;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 	struct evm_ima_xattr_data *xattr_value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 	int xattr_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 	const struct modsig *modsig;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 	const char *violation;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 	const void *buf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 	int buf_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) /* IMA template field data definition */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) struct ima_field_data {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 	u8 *data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 	u32 len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) /* IMA template field definition */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) struct ima_template_field {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 	const char field_id[IMA_TEMPLATE_FIELD_ID_MAX_LEN];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 	int (*field_init)(struct ima_event_data *event_data,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 			  struct ima_field_data *field_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 	void (*field_show)(struct seq_file *m, enum ima_show_type show,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 			   struct ima_field_data *field_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) /* IMA template descriptor definition */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) struct ima_template_desc {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 	struct list_head list;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 	char *name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 	char *fmt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 	int num_fields;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 	const struct ima_template_field **fields;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) struct ima_template_entry {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 	int pcr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 	struct tpm_digest *digests;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 	struct ima_template_desc *template_desc; /* template descriptor */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 	u32 template_data_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	struct ima_field_data template_data[];	/* template related data */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) struct ima_queue_entry {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 	struct hlist_node hnext;	/* place in hash collision list */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 	struct list_head later;		/* place in ima_measurements list */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 	struct ima_template_entry *entry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) extern struct list_head ima_measurements;	/* list of all measurements */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) /* Some details preceding the binary serialized measurement list */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) struct ima_kexec_hdr {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 	u16 version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 	u16 _reserved0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 	u32 _reserved1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 	u64 buffer_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 	u64 count;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) extern const int read_idmap[];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) #ifdef CONFIG_HAVE_IMA_KEXEC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) void ima_load_kexec_buffer(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) static inline void ima_load_kexec_buffer(void) {}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) #endif /* CONFIG_HAVE_IMA_KEXEC */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132)  * The default binary_runtime_measurements list format is defined as the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133)  * platform native format.  The canonical format is defined as little-endian.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) extern bool ima_canonical_fmt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) /* Internal IMA function definitions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) int ima_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) int ima_fs_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) int ima_add_template_entry(struct ima_template_entry *entry, int violation,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 			   const char *op, struct inode *inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 			   const unsigned char *filename);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) int ima_calc_buffer_hash(const void *buf, loff_t len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 			 struct ima_digest_data *hash);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) int ima_calc_field_array_hash(struct ima_field_data *field_data,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 			      struct ima_template_entry *entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) int ima_calc_boot_aggregate(struct ima_digest_data *hash);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) void ima_add_violation(struct file *file, const unsigned char *filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 		       struct integrity_iint_cache *iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 		       const char *op, const char *cause);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) int ima_init_crypto(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) void ima_putc(struct seq_file *m, void *data, int datalen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) void ima_print_digest(struct seq_file *m, u8 *digest, u32 size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) int template_desc_init_fields(const char *template_fmt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 			      const struct ima_template_field ***fields,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 			      int *num_fields);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) struct ima_template_desc *ima_template_desc_current(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) struct ima_template_desc *lookup_template_desc(const char *name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) bool ima_template_has_modsig(const struct ima_template_desc *ima_template);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) int ima_restore_measurement_entry(struct ima_template_entry *entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) int ima_restore_measurement_list(loff_t bufsize, void *buf);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) int ima_measurements_show(struct seq_file *m, void *v);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) unsigned long ima_get_binary_runtime_size(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) int ima_init_template(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) void ima_init_template_list(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) int __init ima_init_digests(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 			  void *lsm_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172)  * used to protect h_table and sha_table
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) extern spinlock_t ima_queue_lock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) struct ima_h_table {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 	atomic_long_t len;	/* number of stored measurements in the list */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 	atomic_long_t violations;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 	struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) extern struct ima_h_table ima_htable;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) static inline unsigned int ima_hash_key(u8 *digest)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 	/* there is no point in taking a hash of part of a digest */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 	return (digest[0] | digest[1] << 8) % IMA_MEASURE_HTABLE_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) #define __ima_hooks(hook)				\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 	hook(NONE, none)				\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 	hook(FILE_CHECK, file)				\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 	hook(MMAP_CHECK, mmap)				\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 	hook(BPRM_CHECK, bprm)				\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 	hook(CREDS_CHECK, creds)			\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 	hook(POST_SETATTR, post_setattr)		\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 	hook(MODULE_CHECK, module)			\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 	hook(FIRMWARE_CHECK, firmware)			\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 	hook(KEXEC_KERNEL_CHECK, kexec_kernel)		\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 	hook(KEXEC_INITRAMFS_CHECK, kexec_initramfs)	\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 	hook(POLICY_CHECK, policy)			\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 	hook(KEXEC_CMDLINE, kexec_cmdline)		\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 	hook(KEY_CHECK, key)				\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 	hook(MAX_CHECK, none)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) #define __ima_hook_enumify(ENUM, str)	ENUM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) #define __ima_stringify(arg) (#arg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) #define __ima_hook_measuring_stringify(ENUM, str) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 		(__ima_stringify(measuring_ ##str)),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) enum ima_hooks {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 	__ima_hooks(__ima_hook_enumify)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) static const char * const ima_hooks_measure_str[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 	__ima_hooks(__ima_hook_measuring_stringify)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) static inline const char *func_measure_str(enum ima_hooks func)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 	if (func >= MAX_CHECK)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 		return ima_hooks_measure_str[NONE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 	return ima_hooks_measure_str[func];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) extern const char *const func_tokens[];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) struct modsig;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) #ifdef CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232)  * To track keys that need to be measured.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) struct ima_key_entry {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 	struct list_head list;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 	void *payload;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 	size_t payload_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 	char *keyring_name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) void ima_init_key_queue(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) bool ima_should_queue_key(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) bool ima_queue_key(struct key *keyring, const void *payload,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 		   size_t payload_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) void ima_process_queued_keys(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) static inline void ima_init_key_queue(void) {}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) static inline bool ima_should_queue_key(void) { return false; }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) static inline bool ima_queue_key(struct key *keyring,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 				 const void *payload,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 				 size_t payload_len) { return false; }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) static inline void ima_process_queued_keys(void) {}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) #endif /* CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) /* LIM API function definitions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) 		   int mask, enum ima_hooks func, int *pcr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 		   struct ima_template_desc **template_desc,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) 		   const char *keyring);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) int ima_collect_measurement(struct integrity_iint_cache *iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) 			    struct file *file, void *buf, loff_t size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) 			    enum hash_algo algo, struct modsig *modsig);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) 			   const unsigned char *filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) 			   struct evm_ima_xattr_data *xattr_value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) 			   int xattr_len, const struct modsig *modsig, int pcr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) 			   struct ima_template_desc *template_desc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) void process_buffer_measurement(struct inode *inode, const void *buf, int size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) 				const char *eventname, enum ima_hooks func,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) 				int pcr, const char *keyring);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) void ima_audit_measurement(struct integrity_iint_cache *iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) 			   const unsigned char *filename);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) int ima_alloc_init_template(struct ima_event_data *event_data,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) 			    struct ima_template_entry **entry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) 			    struct ima_template_desc *template_desc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) int ima_store_template(struct ima_template_entry *entry, int violation,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) 		       struct inode *inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) 		       const unsigned char *filename, int pcr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) void ima_free_template_entry(struct ima_template_entry *entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) const char *ima_d_path(const struct path *path, char **pathbuf, char *filename);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) /* IMA policy related functions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) 		     enum ima_hooks func, int mask, int flags, int *pcr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) 		     struct ima_template_desc **template_desc,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) 		     const char *keyring);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) void ima_init_policy(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) void ima_update_policy(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) void ima_update_policy_flag(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) ssize_t ima_parse_add_rule(char *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) void ima_delete_rules(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) int ima_check_policy(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) void *ima_policy_start(struct seq_file *m, loff_t *pos);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) void ima_policy_stop(struct seq_file *m, void *v);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) int ima_policy_show(struct seq_file *m, void *v);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) /* Appraise integrity measurements */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) #define IMA_APPRAISE_ENFORCE	0x01
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) #define IMA_APPRAISE_FIX	0x02
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) #define IMA_APPRAISE_LOG	0x04
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) #define IMA_APPRAISE_MODULES	0x08
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) #define IMA_APPRAISE_FIRMWARE	0x10
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) #define IMA_APPRAISE_POLICY	0x20
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) #define IMA_APPRAISE_KEXEC	0x40
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) #ifdef CONFIG_IMA_APPRAISE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) int ima_check_blacklist(struct integrity_iint_cache *iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) 			const struct modsig *modsig, int pcr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) int ima_appraise_measurement(enum ima_hooks func,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) 			     struct integrity_iint_cache *iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) 			     struct file *file, const unsigned char *filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) 			     struct evm_ima_xattr_data *xattr_value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) 			     int xattr_len, const struct modsig *modsig);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) 					   enum ima_hooks func);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) 				 int xattr_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) int ima_read_xattr(struct dentry *dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) 		   struct evm_ima_xattr_data **xattr_value);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) static inline int ima_check_blacklist(struct integrity_iint_cache *iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) 				      const struct modsig *modsig, int pcr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) static inline int ima_appraise_measurement(enum ima_hooks func,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) 					   struct integrity_iint_cache *iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) 					   struct file *file,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) 					   const unsigned char *filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) 					   struct evm_ima_xattr_data *xattr_value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) 					   int xattr_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) 					   const struct modsig *modsig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) 	return INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) static inline int ima_must_appraise(struct inode *inode, int mask,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) 				    enum ima_hooks func)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) static inline void ima_update_xattr(struct integrity_iint_cache *iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) 				    struct file *file)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) static inline enum integrity_status ima_get_cache_status(struct integrity_iint_cache
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) 							 *iint,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) 							 enum ima_hooks func)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) 	return INTEGRITY_UNKNOWN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) static inline enum hash_algo
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) 	return ima_hash_algo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) static inline int ima_read_xattr(struct dentry *dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) 				 struct evm_ima_xattr_data **xattr_value)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) #endif /* CONFIG_IMA_APPRAISE */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) #ifdef CONFIG_IMA_APPRAISE_MODSIG
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) 		    struct modsig **modsig);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) void ima_collect_modsig(struct modsig *modsig, const void *buf, loff_t size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) int ima_get_modsig_digest(const struct modsig *modsig, enum hash_algo *algo,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) 			  const u8 **digest, u32 *digest_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) int ima_get_raw_modsig(const struct modsig *modsig, const void **data,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) 		       u32 *data_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) void ima_free_modsig(struct modsig *modsig);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) static inline int ima_read_modsig(enum ima_hooks func, const void *buf,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) 				  loff_t buf_len, struct modsig **modsig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) 	return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) static inline void ima_collect_modsig(struct modsig *modsig, const void *buf,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) 				      loff_t size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) static inline int ima_get_modsig_digest(const struct modsig *modsig,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) 					enum hash_algo *algo, const u8 **digest,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) 					u32 *digest_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) 	return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) static inline int ima_get_raw_modsig(const struct modsig *modsig,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) 				     const void **data, u32 *data_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) 	return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) static inline void ima_free_modsig(struct modsig *modsig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) #endif /* CONFIG_IMA_APPRAISE_MODSIG */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) /* LSM based policy rules require audit */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) #ifdef CONFIG_IMA_LSM_RULES
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) #define ima_filter_rule_init security_audit_rule_init
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) #define ima_filter_rule_free security_audit_rule_free
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) #define ima_filter_rule_match security_audit_rule_match
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) 				       void **lsmrule)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) 	return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) static inline void ima_filter_rule_free(void *lsmrule)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) 					void *lsmrule)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) 	return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) #endif /* CONFIG_IMA_LSM_RULES */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) #ifdef	CONFIG_IMA_READ_POLICY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) #define	POLICY_FILE_FLAGS	(S_IWUSR | S_IRUSR)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) #define	POLICY_FILE_FLAGS	S_IWUSR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) #endif /* CONFIG_IMA_READ_POLICY */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) #endif /* __LINUX_IMA_H */
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.