c05564c4d8
Android 13
117 lines
2.9 KiB
C
Executable file
117 lines
2.9 KiB
C
Executable file
/*
|
|
* This code is based on IMA's code
|
|
*
|
|
* Copyright (C) 2016 Samsung Electronics, Inc.
|
|
*
|
|
* Egor Uleyskiy, <e.uleyskiy@samsung.com>
|
|
* Viacheslav Vovchenko <v.vovchenko@samsung.com>
|
|
* Yevgen Kopylov <y.kopylov@samsung.com>
|
|
*
|
|
* This software is licensed under the terms of the GNU General Public
|
|
* License version 2, as published by the Free Software Foundation, and
|
|
* may be copied, distributed, and modified under those terms.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*/
|
|
|
|
#ifndef __LINUX_FIVE_H
|
|
#define __LINUX_FIVE_H
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/crypto.h>
|
|
#include <linux/security.h>
|
|
#include <linux/hash.h>
|
|
#include <linux/audit.h>
|
|
#include <linux/workqueue.h>
|
|
#include <linux/xattr.h>
|
|
|
|
#include "five_cert.h"
|
|
#include "five_crypto.h"
|
|
|
|
#define XATTR_FIVE_SUFFIX "five"
|
|
#define XATTR_NAME_FIVE (XATTR_SECURITY_PREFIX XATTR_FIVE_SUFFIX)
|
|
|
|
#define XATTR_PA_SUFFIX "pa"
|
|
#define XATTR_NAME_PA (XATTR_USER_PREFIX XATTR_PA_SUFFIX)
|
|
|
|
/* set during initialization */
|
|
extern int five_hash_algo;
|
|
struct worker_context {
|
|
struct work_struct data_work;
|
|
struct task_integrity *tint;
|
|
};
|
|
|
|
struct f_signature_task {
|
|
struct task_integrity *tint;
|
|
struct file *file;
|
|
};
|
|
|
|
struct f_signature_context {
|
|
struct work_struct data_work;
|
|
struct f_signature_task payload;
|
|
};
|
|
|
|
struct five_stat {
|
|
u64 inode_iversion;
|
|
u64 cache_iversion;
|
|
u32 cache_status;
|
|
u32 is_dm_verity;
|
|
};
|
|
|
|
/* Internal FIVE function definitions */
|
|
int five_init(void);
|
|
|
|
/* FIVE policy related functions */
|
|
enum five_hooks {
|
|
FILE_CHECK = 1,
|
|
MMAP_CHECK,
|
|
BPRM_CHECK,
|
|
POST_SETATTR
|
|
};
|
|
|
|
struct file_verification_result {
|
|
struct task_struct *task;
|
|
struct file *file;
|
|
struct integrity_iint_cache *iint;
|
|
enum five_hooks fn;
|
|
int five_result;
|
|
void *xattr;
|
|
size_t xattr_len;
|
|
};
|
|
|
|
static inline void file_verification_result_init(
|
|
struct file_verification_result *result)
|
|
{
|
|
memset(result, 0, sizeof(*result));
|
|
}
|
|
|
|
static inline void file_verification_result_deinit(
|
|
struct file_verification_result *result)
|
|
{
|
|
kfree(result->xattr);
|
|
memset(result, 0, sizeof(*result));
|
|
}
|
|
|
|
int five_appraise_measurement(struct task_struct *task, int func,
|
|
struct integrity_iint_cache *iint,
|
|
struct file *file,
|
|
struct five_cert *cert);
|
|
|
|
int five_read_xattr(struct dentry *dentry, char **xattr_value);
|
|
int five_check_params(struct task_struct *task, struct file *file);
|
|
const char *five_d_path(const struct path *path, char **pathbuf,
|
|
char *namebuf);
|
|
|
|
int five_digsig_verify(struct five_cert *cert,
|
|
const char *digest, int digestlen);
|
|
int five_reboot_notifier(struct notifier_block *nb,
|
|
unsigned long action, void *unused);
|
|
int __init five_load_built_x509(void);
|
|
int __init five_keyring_init(void);
|
|
|
|
const char *five_get_string_fn(enum five_hooks fn);
|
|
#endif
|