1
/* SPDX-License-Identifier: GPL-2.0 */
2
/*
3
 * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
4
 */
5

6
#ifndef _IPE_EVAL_H
7
#define _IPE_EVAL_H
8

9
#include <linux/file.h>
10
#include <linux/types.h>
11

12
#include "policy.h"
13
#include "hooks.h"
14

15
#define IPE_EVAL_CTX_INIT ((struct ipe_eval_ctx){ 0 })
16

17
extern struct ipe_policy __rcu *ipe_active_policy;
18
extern bool success_audit;
19
extern bool enforce;
20

21
struct ipe_superblock {
22
	bool initramfs;
23
};
24

25
#ifdef CONFIG_IPE_PROP_DM_VERITY
26
struct ipe_bdev {
27
#ifdef CONFIG_IPE_PROP_DM_VERITY_SIGNATURE
28
	bool dm_verity_signed;
29
#endif /* CONFIG_IPE_PROP_DM_VERITY_SIGNATURE */
30
	struct digest_info *root_hash;
31
};
32
#endif /* CONFIG_IPE_PROP_DM_VERITY */
33

34
#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
35
struct ipe_inode {
36
	bool fs_verity_signed;
37
};
38
#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
39

40
struct ipe_eval_ctx {
41
	enum ipe_op_type op;
42
	enum ipe_hook_type hook;
43

44
	const struct file *file;
45
	bool initramfs;
46
#ifdef CONFIG_IPE_PROP_DM_VERITY
47
	const struct ipe_bdev *ipe_bdev;
48
#endif /* CONFIG_IPE_PROP_DM_VERITY */
49
#ifdef CONFIG_IPE_PROP_FS_VERITY
50
	const struct inode *ino;
51
#endif /* CONFIG_IPE_PROP_FS_VERITY */
52
#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
53
	const struct ipe_inode *ipe_inode;
54
#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
55
};
56

57
enum ipe_match {
58
	IPE_MATCH_RULE = 0,
59
	IPE_MATCH_TABLE,
60
	IPE_MATCH_GLOBAL,
61
	__IPE_MATCH_MAX
62
};
63

64
void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
65
			const struct file *file,
66
			enum ipe_op_type op,
67
			enum ipe_hook_type hook);
68
int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx);
69

70
#endif /* _IPE_EVAL_H */
71

72