1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2 | /* |
3 | * evm.h |
4 | * |
5 | * Copyright (c) 2009 IBM Corporation |
6 | * Author: Mimi Zohar <zohar@us.ibm.com> |
7 | */ |
8 | |
9 | #ifndef _LINUX_EVM_H |
10 | #define _LINUX_EVM_H |
11 | |
12 | #include <linux/integrity.h> |
13 | #include <linux/xattr.h> |
14 | |
15 | struct integrity_iint_cache; |
16 | |
17 | #ifdef CONFIG_EVM |
18 | extern int evm_set_key(void *key, size_t keylen); |
19 | extern enum integrity_status evm_verifyxattr(struct dentry *dentry, |
20 | const char *xattr_name, |
21 | void *xattr_value, |
22 | size_t xattr_value_len, |
23 | struct integrity_iint_cache *iint); |
24 | extern int evm_inode_setattr(struct mnt_idmap *idmap, |
25 | struct dentry *dentry, struct iattr *attr); |
26 | extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); |
27 | extern int evm_inode_setxattr(struct mnt_idmap *idmap, |
28 | struct dentry *dentry, const char *name, |
29 | const void *value, size_t size); |
30 | extern void evm_inode_post_setxattr(struct dentry *dentry, |
31 | const char *xattr_name, |
32 | const void *xattr_value, |
33 | size_t xattr_value_len); |
34 | extern int evm_inode_removexattr(struct mnt_idmap *idmap, |
35 | struct dentry *dentry, const char *xattr_name); |
36 | extern void evm_inode_post_removexattr(struct dentry *dentry, |
37 | const char *xattr_name); |
38 | static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap, |
39 | struct dentry *dentry, |
40 | const char *acl_name) |
41 | { |
42 | evm_inode_post_removexattr(dentry, xattr_name: acl_name); |
43 | } |
44 | extern int evm_inode_set_acl(struct mnt_idmap *idmap, |
45 | struct dentry *dentry, const char *acl_name, |
46 | struct posix_acl *kacl); |
47 | static inline int evm_inode_remove_acl(struct mnt_idmap *idmap, |
48 | struct dentry *dentry, |
49 | const char *acl_name) |
50 | { |
51 | return evm_inode_set_acl(idmap, dentry, acl_name, NULL); |
52 | } |
53 | static inline void evm_inode_post_set_acl(struct dentry *dentry, |
54 | const char *acl_name, |
55 | struct posix_acl *kacl) |
56 | { |
57 | return evm_inode_post_setxattr(dentry, xattr_name: acl_name, NULL, xattr_value_len: 0); |
58 | } |
59 | |
60 | int evm_inode_init_security(struct inode *inode, struct inode *dir, |
61 | const struct qstr *qstr, struct xattr *xattrs, |
62 | int *xattr_count); |
63 | extern bool evm_revalidate_status(const char *xattr_name); |
64 | extern int evm_protected_xattr_if_enabled(const char *req_xattr_name); |
65 | extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer, |
66 | int buffer_size, char type, |
67 | bool canonical_fmt); |
68 | #ifdef CONFIG_FS_POSIX_ACL |
69 | extern int posix_xattr_acl(const char *xattrname); |
70 | #else |
71 | static inline int posix_xattr_acl(const char *xattrname) |
72 | { |
73 | return 0; |
74 | } |
75 | #endif |
76 | #else |
77 | |
78 | static inline int evm_set_key(void *key, size_t keylen) |
79 | { |
80 | return -EOPNOTSUPP; |
81 | } |
82 | |
83 | #ifdef CONFIG_INTEGRITY |
84 | static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, |
85 | const char *xattr_name, |
86 | void *xattr_value, |
87 | size_t xattr_value_len, |
88 | struct integrity_iint_cache *iint) |
89 | { |
90 | return INTEGRITY_UNKNOWN; |
91 | } |
92 | #endif |
93 | |
94 | static inline int evm_inode_setattr(struct mnt_idmap *idmap, |
95 | struct dentry *dentry, struct iattr *attr) |
96 | { |
97 | return 0; |
98 | } |
99 | |
100 | static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) |
101 | { |
102 | return; |
103 | } |
104 | |
105 | static inline int evm_inode_setxattr(struct mnt_idmap *idmap, |
106 | struct dentry *dentry, const char *name, |
107 | const void *value, size_t size) |
108 | { |
109 | return 0; |
110 | } |
111 | |
112 | static inline void evm_inode_post_setxattr(struct dentry *dentry, |
113 | const char *xattr_name, |
114 | const void *xattr_value, |
115 | size_t xattr_value_len) |
116 | { |
117 | return; |
118 | } |
119 | |
120 | static inline int evm_inode_removexattr(struct mnt_idmap *idmap, |
121 | struct dentry *dentry, |
122 | const char *xattr_name) |
123 | { |
124 | return 0; |
125 | } |
126 | |
127 | static inline void evm_inode_post_removexattr(struct dentry *dentry, |
128 | const char *xattr_name) |
129 | { |
130 | return; |
131 | } |
132 | |
133 | static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap, |
134 | struct dentry *dentry, |
135 | const char *acl_name) |
136 | { |
137 | return; |
138 | } |
139 | |
140 | static inline int evm_inode_set_acl(struct mnt_idmap *idmap, |
141 | struct dentry *dentry, const char *acl_name, |
142 | struct posix_acl *kacl) |
143 | { |
144 | return 0; |
145 | } |
146 | |
147 | static inline int evm_inode_remove_acl(struct mnt_idmap *idmap, |
148 | struct dentry *dentry, |
149 | const char *acl_name) |
150 | { |
151 | return 0; |
152 | } |
153 | |
154 | static inline void evm_inode_post_set_acl(struct dentry *dentry, |
155 | const char *acl_name, |
156 | struct posix_acl *kacl) |
157 | { |
158 | return; |
159 | } |
160 | |
161 | static inline int evm_inode_init_security(struct inode *inode, struct inode *dir, |
162 | const struct qstr *qstr, |
163 | struct xattr *xattrs, |
164 | int *xattr_count) |
165 | { |
166 | return 0; |
167 | } |
168 | |
169 | static inline bool evm_revalidate_status(const char *xattr_name) |
170 | { |
171 | return false; |
172 | } |
173 | |
174 | static inline int evm_protected_xattr_if_enabled(const char *req_xattr_name) |
175 | { |
176 | return false; |
177 | } |
178 | |
179 | static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer, |
180 | int buffer_size, char type, |
181 | bool canonical_fmt) |
182 | { |
183 | return -EOPNOTSUPP; |
184 | } |
185 | |
186 | #endif /* CONFIG_EVM */ |
187 | #endif /* LINUX_EVM_H */ |
188 | |