aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity/ima/ima.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/integrity/ima/ima.h')
-rw-r--r--security/integrity/ima/ima.h29
1 files changed, 9 insertions, 20 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 08408bd71462..29d97af5e9a4 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -24,11 +24,13 @@
24#include <linux/tpm.h> 24#include <linux/tpm.h>
25#include <linux/audit.h> 25#include <linux/audit.h>
26 26
27#include "../integrity.h"
28
27enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_ASCII }; 29enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_ASCII };
28enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 }; 30enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 };
29 31
30/* digest size for IMA, fits SHA1 or MD5 */ 32/* digest size for IMA, fits SHA1 or MD5 */
31#define IMA_DIGEST_SIZE 20 33#define IMA_DIGEST_SIZE SHA1_DIGEST_SIZE
32#define IMA_EVENT_NAME_LEN_MAX 255 34#define IMA_EVENT_NAME_LEN_MAX 255
33 35
34#define IMA_HASH_BITS 9 36#define IMA_HASH_BITS 9
@@ -96,34 +98,21 @@ static inline unsigned long ima_hash_key(u8 *digest)
96 return hash_long(*digest, IMA_HASH_BITS); 98 return hash_long(*digest, IMA_HASH_BITS);
97} 99}
98 100
99/* iint cache flags */
100#define IMA_MEASURED 0x01
101
102/* integrity data associated with an inode */
103struct ima_iint_cache {
104 struct rb_node rb_node; /* rooted in ima_iint_tree */
105 struct inode *inode; /* back pointer to inode in question */
106 u64 version; /* track inode changes */
107 unsigned char flags;
108 u8 digest[IMA_DIGEST_SIZE];
109 struct mutex mutex; /* protects: version, flags, digest */
110};
111
112/* LIM API function definitions */ 101/* LIM API function definitions */
113int ima_must_measure(struct inode *inode, int mask, int function); 102int ima_must_measure(struct inode *inode, int mask, int function);
114int ima_collect_measurement(struct ima_iint_cache *iint, struct file *file); 103int ima_collect_measurement(struct integrity_iint_cache *iint,
115void ima_store_measurement(struct ima_iint_cache *iint, struct file *file, 104 struct file *file);
105void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
116 const unsigned char *filename); 106 const unsigned char *filename);
117int ima_store_template(struct ima_template_entry *entry, int violation, 107int ima_store_template(struct ima_template_entry *entry, int violation,
118 struct inode *inode); 108 struct inode *inode);
119void ima_template_show(struct seq_file *m, void *e, 109void ima_template_show(struct seq_file *m, void *e, enum ima_show_type show);
120 enum ima_show_type show);
121 110
122/* rbtree tree calls to lookup, insert, delete 111/* rbtree tree calls to lookup, insert, delete
123 * integrity data associated with an inode. 112 * integrity data associated with an inode.
124 */ 113 */
125struct ima_iint_cache *ima_iint_insert(struct inode *inode); 114struct integrity_iint_cache *integrity_iint_insert(struct inode *inode);
126struct ima_iint_cache *ima_iint_find(struct inode *inode); 115struct integrity_iint_cache *integrity_iint_find(struct inode *inode);
127 116
128/* IMA policy related functions */ 117/* IMA policy related functions */
129enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK }; 118enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK };
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-20 05:19:42 -0500