summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2020-12-16 22:06:07 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2020-12-16 22:06:07 +0300
commite20a9b92ddbfe662807622dbb28e1fbb6e0011aa (patch)
treedf1a16ed9cdd8ed83aacfa01f0f3498bf156c12d /include
parentca5b877b6ccc7b989614f3f541e9a1fe2ff7f75a (diff)
parent207cdd565dfc95a0a5185263a567817b7ebf5467 (diff)
downloadlinux-e20a9b92ddbfe662807622dbb28e1fbb6e0011aa.tar.xz
Merge tag 'integrity-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull integrity subsystem updates from Mimi Zohar: "Just three patches here. Other integrity changes are being upstreamed via EFI (defines a common EFI secure and trusted boot IMA policy) and BPF LSM (exporting the IMA file cache hash info based on inode). The three patches included here: - bug fix: fail calculating the file hash, when a file not opened for read and the attempt to re-open it for read fails. - defer processing the "ima_appraise" boot command line option to avoid enabling different modes (e.g. fix, log) to when the secure boot flag is available on arm. - defines "ima-buf" as the default IMA buffer measurement template in preparation for the builtin integrity "critical data" policy" * tag 'integrity-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: ima: Don't modify file descriptor mode on the fly ima: select ima-buf template for buffer measurement ima: defer arch_ima_get_secureboot() call to IMA init time
Diffstat (limited to 'include')
-rw-r--r--include/linux/ima.h6
1 files changed, 6 insertions, 0 deletions
diff --git a/include/linux/ima.h b/include/linux/ima.h
index 7233a2751754..7db9cca1af34 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -32,6 +32,12 @@ extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size);
extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
+#ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
+extern void ima_appraise_parse_cmdline(void);
+#else
+static inline void ima_appraise_parse_cmdline(void) {}
+#endif
+
#ifdef CONFIG_IMA_KEXEC
extern void ima_add_kexec_buffer(struct kimage *image);
#endif