mirror of
https://github.com/lkl/linux.git
synced 2025-12-19 16:13:19 +09:00
cf22221786
This patch defines a new IMA hook ima_post_read_file() for measuring and appraising files read by the kernel. The caller loads the file into memory before calling this function, which calculates the hash followed by the normal IMA policy based processing. Changelog v5: - fail ima_post_read_file() if either file or buf is NULL v3: - rename ima_hash_and_process_file() to ima_post_read_file() v1: - split patch Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
91 lines
2.2 KiB
C
91 lines
2.2 KiB
C
/*
|
|
* Copyright (C) 2008 IBM Corporation
|
|
* Author: Mimi Zohar <zohar@us.ibm.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, version 2 of the License.
|
|
*/
|
|
|
|
#ifndef _LINUX_IMA_H
|
|
#define _LINUX_IMA_H
|
|
|
|
#include <linux/fs.h>
|
|
struct linux_binprm;
|
|
|
|
#ifdef CONFIG_IMA
|
|
extern int ima_bprm_check(struct linux_binprm *bprm);
|
|
extern int ima_file_check(struct file *file, int mask, int opened);
|
|
extern void ima_file_free(struct file *file);
|
|
extern int ima_file_mmap(struct file *file, unsigned long prot);
|
|
extern int ima_module_check(struct file *file);
|
|
extern int ima_fw_from_file(struct file *file, char *buf, size_t size);
|
|
extern int ima_post_read_file(struct file *file, void *buf, loff_t size,
|
|
enum kernel_read_file_id id);
|
|
|
|
#else
|
|
static inline int ima_bprm_check(struct linux_binprm *bprm)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline int ima_file_check(struct file *file, int mask, int opened)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline void ima_file_free(struct file *file)
|
|
{
|
|
return;
|
|
}
|
|
|
|
static inline int ima_file_mmap(struct file *file, unsigned long prot)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline int ima_module_check(struct file *file)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline int ima_fw_from_file(struct file *file, char *buf, size_t size)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline int ima_post_read_file(struct file *file, void *buf, loff_t size,
|
|
enum kernel_read_file_id id)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
#endif /* CONFIG_IMA */
|
|
|
|
#ifdef CONFIG_IMA_APPRAISE
|
|
extern void ima_inode_post_setattr(struct dentry *dentry);
|
|
extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
|
|
const void *xattr_value, size_t xattr_value_len);
|
|
extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name);
|
|
#else
|
|
static inline void ima_inode_post_setattr(struct dentry *dentry)
|
|
{
|
|
return;
|
|
}
|
|
|
|
static inline int ima_inode_setxattr(struct dentry *dentry,
|
|
const char *xattr_name,
|
|
const void *xattr_value,
|
|
size_t xattr_value_len)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline int ima_inode_removexattr(struct dentry *dentry,
|
|
const char *xattr_name)
|
|
{
|
|
return 0;
|
|
}
|
|
#endif /* CONFIG_IMA_APPRAISE */
|
|
#endif /* _LINUX_IMA_H */
|