security/ipe/hooks.h

   1 /* SPDX-License-Identifier: GPL-2.0 */
   2 /*
   3  * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
   4  */
   5 #ifndef _IPE_HOOKS_H
   6 #define _IPE_HOOKS_H
   7
   8 #include <linux/fs.h>
   9 #include <linux/binfmts.h>
  10 #include <linux/security.h>
  11 #include <linux/blk_types.h>
  12 #include <linux/fsverity.h>
  13
  14 enum ipe_hook_type {
  15         IPE_HOOK_BPRM_CHECK = 0,
  16         IPE_HOOK_MMAP,
  17         IPE_HOOK_MPROTECT,
  18         IPE_HOOK_KERNEL_READ,
  19         IPE_HOOK_KERNEL_LOAD,
  20         __IPE_HOOK_MAX
  21 };
  22
  23 #define IPE_HOOK_INVALID __IPE_HOOK_MAX
  24
  25 int ipe_bprm_check_security(struct linux_binprm *bprm);
  26
  27 int ipe_mmap_file(struct file *f, unsigned long reqprot, unsigned long prot,
  28                   unsigned long flags);
  29
  30 int ipe_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
  31                       unsigned long prot);
  32
  33 int ipe_kernel_read_file(struct file *file, enum kernel_read_file_id id,
  34                          bool contents);
  35
  36 int ipe_kernel_load_data(enum kernel_load_data_id id, bool contents);
  37
  38 void ipe_unpack_initramfs(void);
  39
  40 #ifdef CONFIG_IPE_PROP_DM_VERITY
  41 void ipe_bdev_free_security(struct block_device *bdev);
  42
  43 int ipe_bdev_setintegrity(struct block_device *bdev, enum lsm_integrity_type type,
  44                           const void *value, size_t len);
  45 #endif /* CONFIG_IPE_PROP_DM_VERITY */
  46
  47 #ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
  48 int ipe_inode_setintegrity(const struct inode *inode, enum lsm_integrity_type type,
  49                            const void *value, size_t size);
  50 #endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
  51
  52 #endif /* _IPE_HOOKS_H */