diff options
author | Roberto Sassu <roberto.sassu@huawei.com> | 2022-03-02 14:13:58 +0300 |
---|---|---|
committer | Alexei Starovoitov <ast@kernel.org> | 2022-03-11 05:57:54 +0300 |
commit | 174b16946e39ebd369097e0f773536c91a8c1a4c (patch) | |
tree | af73026e68606f8644001ae28e60509cedc642c7 /include/uapi/linux/bpf.h | |
parent | 280fe8367b0dc45b6ac5e04fad03e16e99540c0c (diff) | |
download | linux-174b16946e39ebd369097e0f773536c91a8c1a4c.tar.xz |
bpf-lsm: Introduce new helper bpf_ima_file_hash()
ima_file_hash() has been modified to calculate the measurement of a file on
demand, if it has not been already performed by IMA or the measurement is
not fresh. For compatibility reasons, ima_inode_hash() remains unchanged.
Keep the same approach in eBPF and introduce the new helper
bpf_ima_file_hash() to take advantage of the modified behavior of
ima_file_hash().
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20220302111404.193900-4-roberto.sassu@huawei.com
Diffstat (limited to 'include/uapi/linux/bpf.h')
-rw-r--r-- | include/uapi/linux/bpf.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index e9978a916c3e..99fab54ae9c0 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -5119,6 +5119,16 @@ union bpf_attr { * 0 on success. * **-EINVAL** for invalid input * **-EOPNOTSUPP** for unsupported protocol + * + * long bpf_ima_file_hash(struct file *file, void *dst, u32 size) + * Description + * Returns a calculated IMA hash of the *file*. + * If the hash is larger than *size*, then only *size* + * bytes will be copied to *dst* + * Return + * The **hash_algo** is returned on success, + * **-EOPNOTSUP** if the hash calculation failed or **-EINVAL** if + * invalid arguments are passed. */ #define __BPF_FUNC_MAPPER(FN) \ FN(unspec), \ @@ -5314,6 +5324,7 @@ union bpf_attr { FN(xdp_store_bytes), \ FN(copy_from_user_task), \ FN(skb_set_tstamp), \ + FN(ima_file_hash), \ /* */ /* integer value in 'imm' field of BPF_CALL instruction selects which helper |