Eric Lee / smarc-fsl-linux-kernel

Blame view

security/integrity/ima/ima.h 9.38 KB

3323eec92 Mimi Zohar integrity: IMA as...	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21	/* * Copyright (C) 2005,2006,2007,2008 IBM Corporation * * Authors: * Reiner Sailer <sailer@watson.ibm.com> * Mimi Zohar <zohar@us.ibm.com> * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation, version 2 of the * License. * * File: ima.h * internal Integrity Measurement Architecture (IMA) definitions */ #ifndef __LINUX_IMA_H #define __LINUX_IMA_H #include <linux/types.h> #include <linux/crypto.h>
cf2222178 Mimi Zohar ima: define a new...	22	#include <linux/fs.h>
3323eec92 Mimi Zohar integrity: IMA as...	23 24 25 26	#include <linux/security.h> #include <linux/hash.h> #include <linux/tpm.h> #include <linux/audit.h>
1525b06d9 Dmitry Kasatkin ima: separate 'se...	27	#include <crypto/hash_info.h>
3323eec92 Mimi Zohar integrity: IMA as...	28
f381c2722 Mimi Zohar integrity: move i...	29	#include "../integrity.h"
94c3aac56 Mimi Zohar ima: on soft rebo...	30 31 32	#ifdef CONFIG_HAVE_IMA_KEXEC #include <asm/ima.h> #endif
3e8e5503a Roberto Sassu ima: do not send ...	33	enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_BINARY_NO_FIELD_LEN,
c019e307a Roberto Sassu ima: restore the ...	34	IMA_SHOW_BINARY_OLD_STRING_FMT, IMA_SHOW_ASCII };
3323eec92 Mimi Zohar integrity: IMA as...	35 36 37	enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 }; /* digest size for IMA, fits SHA1 or MD5 */
f381c2722 Mimi Zohar integrity: move i...	38	#define IMA_DIGEST_SIZE SHA1_DIGEST_SIZE
3323eec92 Mimi Zohar integrity: IMA as...	39 40 41 42	#define IMA_EVENT_NAME_LEN_MAX 255 #define IMA_HASH_BITS 9 #define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS)
adf53a778 Roberto Sassu ima: new template...	43 44	#define IMA_TEMPLATE_FIELD_ID_MAX_LEN 16 #define IMA_TEMPLATE_NUM_FIELDS_MAX 15
3ce1217d6 Roberto Sassu ima: define templ...	45 46	#define IMA_TEMPLATE_IMA_NAME "ima" #define IMA_TEMPLATE_IMA_FMT "d\|n"
a756024ef Roberto Sassu ima: added ima_po...	47 48	/* current content of the policy */ extern int ima_policy_flag;
3323eec92 Mimi Zohar integrity: IMA as...	49 50 51	/* set during initialization */ extern int ima_initialized; extern int ima_used_chip;
c7c8bb237 Dmitry Kasatkin ima: provide supp...	52	extern int ima_hash_algo;
2fe5d6def Mimi Zohar ima: integrity ap...	53	extern int ima_appraise;
3323eec92 Mimi Zohar integrity: IMA as...	54
23b574193 Roberto Sassu ima: wrap event r...	55 56 57 58 59 60 61	/* IMA event related data / struct ima_event_data { struct integrity_iint_cache iint; struct file file; const unsigned char filename; struct evm_ima_xattr_data *xattr_value; int xattr_len;
8d94eb9b5 Roberto Sassu ima: pass iint to...	62	const char *violation;
23b574193 Roberto Sassu ima: wrap event r...	63	};
adf53a778 Roberto Sassu ima: new template...	64 65 66 67 68 69 70 71 72	/* IMA template field data definition / struct ima_field_data { u8 data; u32 len; }; /* IMA template field definition */ struct ima_template_field { const char field_id[IMA_TEMPLATE_FIELD_ID_MAX_LEN];
23b574193 Roberto Sassu ima: wrap event r...	73 74 75 76	int (field_init)(struct ima_event_data event_data, struct ima_field_data field_data); void (field_show)(struct seq_file m, enum ima_show_type show, struct ima_field_data field_data);
adf53a778 Roberto Sassu ima: new template...	77 78 79 80	}; /* IMA template descriptor definition */ struct ima_template_desc {
3f23d624d Mimi Zohar ima: store the bu...	81	struct list_head list;
adf53a778 Roberto Sassu ima: new template...	82 83 84 85 86	char name; char fmt; int num_fields; struct ima_template_field **fields; };
3323eec92 Mimi Zohar integrity: IMA as...	87	struct ima_template_entry {
14b1da85b Eric Richter ima: include pcr ...	88	int pcr;
140d80224 Mimi Zohar ima: differentiat...	89	u8 digest[TPM_DIGEST_SIZE]; /* sha1 or md5 measurement hash */
a71dc65d3 Roberto Sassu ima: switch to ne...	90 91 92	struct ima_template_desc template_desc; / template descriptor / u32 template_data_len; struct ima_field_data template_data[0]; / template related data */
3323eec92 Mimi Zohar integrity: IMA as...	93 94 95 96 97 98 99 100	}; struct ima_queue_entry { struct hlist_node hnext; /* place in hash collision list / struct list_head later; / place in ima_measurements list / struct ima_template_entry entry; }; extern struct list_head ima_measurements; /* list of all measurements */
94c3aac56 Mimi Zohar ima: on soft rebo...	101 102 103 104 105 106 107 108 109 110 111 112 113 114	/* Some details preceding the binary serialized measurement list / struct ima_kexec_hdr { u16 version; u16 _reserved0; u32 _reserved1; u64 buffer_size; u64 count; }; #ifdef CONFIG_HAVE_IMA_KEXEC void ima_load_kexec_buffer(void); #else static inline void ima_load_kexec_buffer(void) {} #endif / CONFIG_HAVE_IMA_KEXEC */
d68a6fe9f Mimi Zohar ima: define a can...	115 116 117 118 119	/* * The default binary_runtime_measurements list format is defined as the * platform native format. The canonical format is defined as little-endian. */ extern bool ima_canonical_fmt;
3323eec92 Mimi Zohar integrity: IMA as...	120	/* Internal IMA function definitions */
3323eec92 Mimi Zohar integrity: IMA as...	121	int ima_init(void);
bab739378 Mimi Zohar integrity: IMA di...	122	int ima_fs_init(void);
3323eec92 Mimi Zohar integrity: IMA as...	123	int ima_add_template_entry(struct ima_template_entry *entry, int violation,
9803d413f Roberto Sassu ima: pass the fil...	124 125	const char op, struct inode inode, const unsigned char *filename);
c7c8bb237 Dmitry Kasatkin ima: provide supp...	126	int ima_calc_file_hash(struct file file, struct ima_digest_data hash);
11d7646df Dmitry Kasatkin ima: provide buff...	127 128	int ima_calc_buffer_hash(const void buf, loff_t len, struct ima_digest_data hash);
b6f8f16f4 Roberto Sassu ima: do not inclu...	129 130	int ima_calc_field_array_hash(struct ima_field_data field_data, struct ima_template_desc desc, int num_fields,
a71dc65d3 Roberto Sassu ima: switch to ne...	131	struct ima_digest_data *hash);
09ef54359 Dmitry Kasatkin ima: ima_calc_boo...	132	int __init ima_calc_boot_aggregate(struct ima_digest_data *hash);
7d802a227 Roberto Sassu ima: pass the fil...	133	void ima_add_violation(struct file file, const unsigned char filename,
8d94eb9b5 Roberto Sassu ima: pass iint to...	134	struct integrity_iint_cache *iint,
3323eec92 Mimi Zohar integrity: IMA as...	135	const char op, const char cause);
76bb28f61 Dmitry Kasatkin ima: use new cryp...	136	int ima_init_crypto(void);
3ce1217d6 Roberto Sassu ima: define templ...	137	void ima_putc(struct seq_file m, void data, int datalen);
45b26133b Mimi Zohar ima: fix ima_show...	138	void ima_print_digest(struct seq_file m, u8 digest, u32 size);
a71dc65d3 Roberto Sassu ima: switch to ne...	139	struct ima_template_desc *ima_template_desc_current(void);
94c3aac56 Mimi Zohar ima: on soft rebo...	140 141	int ima_restore_measurement_entry(struct ima_template_entry entry); int ima_restore_measurement_list(loff_t bufsize, void buf);
7b8589cc2 Mimi Zohar ima: on soft rebo...	142	int ima_measurements_show(struct seq_file m, void v);
d158847ae Mimi Zohar ima: maintain mem...	143	unsigned long ima_get_binary_runtime_size(void);
a71dc65d3 Roberto Sassu ima: switch to ne...	144	int ima_init_template(void);
3f23d624d Mimi Zohar ima: store the bu...	145	void ima_init_template_list(void);
3323eec92 Mimi Zohar integrity: IMA as...	146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162	/* * used to protect h_table and sha_table / extern spinlock_t ima_queue_lock; struct ima_h_table { atomic_long_t len; / number of stored measurements in the list / atomic_long_t violations; struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE]; }; extern struct ima_h_table ima_htable; static inline unsigned long ima_hash_key(u8 digest) { return hash_long(*digest, IMA_HASH_BITS); }
2663218ba Thiago Jung Bauermann ima: Simplify pol...	163 164 165 166 167 168 169 170 171 172 173 174 175	#define __ima_hooks(hook) \ hook(NONE) \ hook(FILE_CHECK) \ hook(MMAP_CHECK) \ hook(BPRM_CHECK) \ hook(POST_SETATTR) \ hook(MODULE_CHECK) \ hook(FIRMWARE_CHECK) \ hook(KEXEC_KERNEL_CHECK) \ hook(KEXEC_INITRAMFS_CHECK) \ hook(POLICY_CHECK) \ hook(MAX_CHECK) #define __ima_hook_enumify(ENUM) ENUM,
4ad87a3d7 Mimi Zohar ima: use "ima_hoo...	176	enum ima_hooks {
2663218ba Thiago Jung Bauermann ima: Simplify pol...	177	__ima_hooks(__ima_hook_enumify)
4ad87a3d7 Mimi Zohar ima: use "ima_hoo...	178	};
3323eec92 Mimi Zohar integrity: IMA as...	179	/* LIM API function definitions */
725de7fab Eric Richter ima: extend ima_g...	180 181	int ima_get_action(struct inode inode, int mask, enum ima_hooks func, int pcr);
4ad87a3d7 Mimi Zohar ima: use "ima_hoo...	182	int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func);
f381c2722 Mimi Zohar integrity: move i...	183	int ima_collect_measurement(struct integrity_iint_cache *iint,
cf2222178 Mimi Zohar ima: define a new...	184 185	struct file file, void buf, loff_t size, enum hash_algo algo);
f381c2722 Mimi Zohar integrity: move i...	186	void ima_store_measurement(struct integrity_iint_cache iint, struct file file,
bcbc9b0cf Mimi Zohar ima: extend the m...	187 188	const unsigned char filename, struct evm_ima_xattr_data xattr_value,
14b1da85b Eric Richter ima: include pcr ...	189	int xattr_len, int pcr);
e7c568e0f Peter Moody ima: audit log ha...	190 191	void ima_audit_measurement(struct integrity_iint_cache iint, const unsigned char filename);
23b574193 Roberto Sassu ima: wrap event r...	192 193	int ima_alloc_init_template(struct ima_event_data event_data, struct ima_template_entry *entry);
3323eec92 Mimi Zohar integrity: IMA as...	194	int ima_store_template(struct ima_template_entry *entry, int violation,
14b1da85b Eric Richter ima: include pcr ...	195 196	struct inode inode, const unsigned char filename, int pcr);
a7ed7c60e Roberto Sassu ima: properly fre...	197	void ima_free_template_entry(struct ima_template_entry *entry);
bc15ed663 Mimi Zohar ima: fix ima_d_pa...	198	const char ima_d_path(const struct path path, char *pathbuf, char filename);
3323eec92 Mimi Zohar integrity: IMA as...	199
3323eec92 Mimi Zohar integrity: IMA as...	200	/* IMA policy related functions */
2fe5d6def Mimi Zohar ima: integrity ap...	201	int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
725de7fab Eric Richter ima: extend ima_g...	202	int flags, int *pcr);
3323eec92 Mimi Zohar integrity: IMA as...	203 204	void ima_init_policy(void); void ima_update_policy(void);
a756024ef Roberto Sassu ima: added ima_po...	205	void ima_update_policy_flag(void);
6ccd04563 Eric Paris ima: handle multi...	206	ssize_t ima_parse_add_rule(char *);
4af4662fa Mimi Zohar integrity: IMA po...	207	void ima_delete_rules(void);
0112721df Sasha Levin IMA: policy can b...	208	int ima_check_policy(void);
80eae209d Petko Manolov IMA: allow readin...	209 210 211 212	void ima_policy_start(struct seq_file m, loff_t pos); void ima_policy_next(struct seq_file m, void v, loff_t pos); void ima_policy_stop(struct seq_file m, void v); int ima_policy_show(struct seq_file m, void *v);
4af4662fa Mimi Zohar integrity: IMA po...	213
2fe5d6def Mimi Zohar ima: integrity ap...	214 215 216	/* Appraise integrity measurements */ #define IMA_APPRAISE_ENFORCE 0x01 #define IMA_APPRAISE_FIX 0x02
2faa6ef3b Dmitry Kasatkin ima: provide 'ima...	217 218 219	#define IMA_APPRAISE_LOG 0x04 #define IMA_APPRAISE_MODULES 0x08 #define IMA_APPRAISE_FIRMWARE 0x10
19f8a8471 Mimi Zohar ima: measure and ...	220	#define IMA_APPRAISE_POLICY 0x20
2fe5d6def Mimi Zohar ima: integrity ap...	221 222	#ifdef CONFIG_IMA_APPRAISE
4ad87a3d7 Mimi Zohar ima: use "ima_hoo...	223 224	int ima_appraise_measurement(enum ima_hooks func, struct integrity_iint_cache *iint,
d3634d0f4 Dmitry Kasatkin ima: read and use...	225 226	struct file file, const unsigned char filename, struct evm_ima_xattr_data *xattr_value,
3034a1468 Dmitry Kasatkin ima: pass 'opened...	227	int xattr_len, int opened);
d26e19362 Dmitry Kasatkin ima: fix bug in a...	228	int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func);
2fe5d6def Mimi Zohar ima: integrity ap...	229	void ima_update_xattr(struct integrity_iint_cache iint, struct file file);
d79d72e02 Mimi Zohar ima: per hook cac...	230	enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
4ad87a3d7 Mimi Zohar ima: use "ima_hoo...	231	enum ima_hooks func);
1525b06d9 Dmitry Kasatkin ima: separate 'se...	232 233	enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len);
d3634d0f4 Dmitry Kasatkin ima: read and use...	234 235	int ima_read_xattr(struct dentry dentry, struct evm_ima_xattr_data *xattr_value);
2fe5d6def Mimi Zohar ima: integrity ap...	236 237	#else
4ad87a3d7 Mimi Zohar ima: use "ima_hoo...	238	static inline int ima_appraise_measurement(enum ima_hooks func,
d79d72e02 Mimi Zohar ima: per hook cac...	239	struct integrity_iint_cache *iint,
2fe5d6def Mimi Zohar ima: integrity ap...	240	struct file *file,
d3634d0f4 Dmitry Kasatkin ima: read and use...	241 242	const unsigned char filename, struct evm_ima_xattr_data xattr_value,
3034a1468 Dmitry Kasatkin ima: pass 'opened...	243	int xattr_len, int opened)
2fe5d6def Mimi Zohar ima: integrity ap...	244 245 246	{ return INTEGRITY_UNKNOWN; }
d26e19362 Dmitry Kasatkin ima: fix bug in a...	247 248	static inline int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func)
2fe5d6def Mimi Zohar ima: integrity ap...	249 250 251 252 253 254 255 256	{ return 0; } static inline void ima_update_xattr(struct integrity_iint_cache iint, struct file file) { }
d79d72e02 Mimi Zohar ima: per hook cac...	257 258	static inline enum integrity_status ima_get_cache_status(struct integrity_iint_cache
4ad87a3d7 Mimi Zohar ima: use "ima_hoo...	259 260	*iint, enum ima_hooks func)
d79d72e02 Mimi Zohar ima: per hook cac...	261 262 263	{ return INTEGRITY_UNKNOWN; }
d3634d0f4 Dmitry Kasatkin ima: read and use...	264
1525b06d9 Dmitry Kasatkin ima: separate 'se...	265 266	static inline enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len)
d3634d0f4 Dmitry Kasatkin ima: read and use...	267	{
1525b06d9 Dmitry Kasatkin ima: separate 'se...	268	return ima_hash_algo;
d3634d0f4 Dmitry Kasatkin ima: read and use...	269 270 271 272 273 274 275	} static inline int ima_read_xattr(struct dentry dentry, struct evm_ima_xattr_data *xattr_value) { return 0; }
bb543e395 Thiago Jung Bauermann integrity: Small ...	276	#endif /* CONFIG_IMA_APPRAISE */
2fe5d6def Mimi Zohar ima: integrity ap...	277
4af4662fa Mimi Zohar integrity: IMA po...	278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297	/* LSM based policy rules require audit / #ifdef CONFIG_IMA_LSM_RULES #define security_filter_rule_init security_audit_rule_init #define security_filter_rule_match security_audit_rule_match #else static inline int security_filter_rule_init(u32 field, u32 op, char rulestr, void *lsmrule) { return -EINVAL; } static inline int security_filter_rule_match(u32 secid, u32 field, u32 op, void lsmrule, struct audit_context *actx) { return -EINVAL; }
5d659f286 Tycho Andersen ima: fix up #endi...	298	#endif /* CONFIG_IMA_LSM_RULES */
80eae209d Petko Manolov IMA: allow readin...	299 300 301 302 303	#ifdef CONFIG_IMA_READ_POLICY #define POLICY_FILE_FLAGS (S_IWUSR \| S_IRUSR) #else #define POLICY_FILE_FLAGS S_IWUSR
5d659f286 Tycho Andersen ima: fix up #endi...	304	#endif /* CONFIG_IMA_READ_POLICY */
80eae209d Petko Manolov IMA: allow readin...	305 306	#endif /* __LINUX_IMA_H */