eval.h 1.6 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970
  1. /* SPDX-License-Identifier: GPL-2.0 */
  2. /*
  3. * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
  4. */
  5. #ifndef _IPE_EVAL_H
  6. #define _IPE_EVAL_H
  7. #include <linux/file.h>
  8. #include <linux/types.h>
  9. #include "policy.h"
  10. #include "hooks.h"
  11. #define IPE_EVAL_CTX_INIT ((struct ipe_eval_ctx){ 0 })
  12. extern struct ipe_policy __rcu *ipe_active_policy;
  13. extern bool success_audit;
  14. extern bool enforce;
  15. struct ipe_superblock {
  16. bool initramfs;
  17. };
  18. #ifdef CONFIG_IPE_PROP_DM_VERITY
  19. struct ipe_bdev {
  20. #ifdef CONFIG_IPE_PROP_DM_VERITY_SIGNATURE
  21. bool dm_verity_signed;
  22. #endif /* CONFIG_IPE_PROP_DM_VERITY_SIGNATURE */
  23. struct digest_info *root_hash;
  24. };
  25. #endif /* CONFIG_IPE_PROP_DM_VERITY */
  26. #ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
  27. struct ipe_inode {
  28. bool fs_verity_signed;
  29. };
  30. #endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
  31. struct ipe_eval_ctx {
  32. enum ipe_op_type op;
  33. enum ipe_hook_type hook;
  34. const struct file *file;
  35. bool initramfs;
  36. #ifdef CONFIG_IPE_PROP_DM_VERITY
  37. const struct ipe_bdev *ipe_bdev;
  38. #endif /* CONFIG_IPE_PROP_DM_VERITY */
  39. #ifdef CONFIG_IPE_PROP_FS_VERITY
  40. const struct inode *ino;
  41. #endif /* CONFIG_IPE_PROP_FS_VERITY */
  42. #ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
  43. const struct ipe_inode *ipe_inode;
  44. #endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
  45. };
  46. enum ipe_match {
  47. IPE_MATCH_RULE = 0,
  48. IPE_MATCH_TABLE,
  49. IPE_MATCH_GLOBAL,
  50. __IPE_MATCH_MAX
  51. };
  52. void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
  53. const struct file *file,
  54. enum ipe_op_type op,
  55. enum ipe_hook_type hook);
  56. int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx);
  57. #endif /* _IPE_EVAL_H */