include/linux/ima.h
Source file repositories/reference/linux-study-clean/include/linux/ima.h
File Facts
- System
- Linux kernel
- Corpus path
include/linux/ima.h- Extension
.h- Size
- 2875 bytes
- Lines
- 110
- Domain
- Core OS
- Bucket
- Core Kernel Interface
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/kernel_read_file.hlinux/fs.hlinux/security.hlinux/kexec.hlinux/secure_boot.hcrypto/hash_info.h
Detected Declarations
struct linux_binprmstruct kimagefunction ima_appraise_parse_cmdlinefunction ima_kexec_post_loadfunction ima_file_hashfunction ima_inode_hashfunction ima_kexec_cmdlinefunction ima_add_kexec_bufferfunction is_ima_appraise_enabledfunction ima_appraise_signature
Annotated Snippet
static inline void ima_appraise_parse_cmdline(void) {}
#endif
#ifdef CONFIG_IMA_KEXEC
extern void ima_add_kexec_buffer(struct kimage *image);
extern void ima_kexec_post_load(struct kimage *image);
#else
static inline void ima_kexec_post_load(struct kimage *image) {}
#endif
#else
static inline enum hash_algo ima_get_current_hash_algo(void)
{
return HASH_ALGO__LAST;
}
static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size)
{
return -EOPNOTSUPP;
}
static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size)
{
return -EOPNOTSUPP;
}
static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {}
static inline int ima_measure_critical_data(const char *event_label,
const char *event_name,
const void *buf, size_t buf_len,
bool hash, u8 *digest,
size_t digest_len)
{
return -ENOENT;
}
#endif /* CONFIG_IMA */
#ifdef CONFIG_HAVE_IMA_KEXEC
int __init ima_free_kexec_buffer(void);
int __init ima_get_kexec_buffer(void **addr, size_t *size);
int ima_validate_range(phys_addr_t phys, size_t size);
#endif
#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
extern const char * const *arch_get_ima_policy(void);
#else
static inline const char * const *arch_get_ima_policy(void)
{
return NULL;
}
#endif
#ifndef CONFIG_IMA_KEXEC
struct kimage;
static inline void ima_add_kexec_buffer(struct kimage *image)
{}
#endif
#ifdef CONFIG_IMA_APPRAISE
extern bool is_ima_appraise_enabled(void);
#else
static inline bool is_ima_appraise_enabled(void)
{
return 0;
}
#endif /* CONFIG_IMA_APPRAISE */
#if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
extern bool ima_appraise_signature(enum kernel_read_file_id func);
#else
static inline bool ima_appraise_signature(enum kernel_read_file_id func)
{
return false;
}
#endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */
#endif /* _LINUX_IMA_H */
Annotation
- Immediate include surface: `linux/kernel_read_file.h`, `linux/fs.h`, `linux/security.h`, `linux/kexec.h`, `linux/secure_boot.h`, `crypto/hash_info.h`.
- Detected declarations: `struct linux_binprm`, `struct kimage`, `function ima_appraise_parse_cmdline`, `function ima_kexec_post_load`, `function ima_file_hash`, `function ima_inode_hash`, `function ima_kexec_cmdline`, `function ima_add_kexec_buffer`, `function is_ima_appraise_enabled`, `function ima_appraise_signature`.
- Atlas domain: Core OS / Core Kernel Interface.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.