1 | /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ |
2 | /* |
3 | * Linux Security Modules (LSM) - User space API |
4 | * |
5 | * Copyright (C) 2022 Casey Schaufler <casey@schaufler-ca.com> |
6 | * Copyright (C) 2022 Intel Corporation |
7 | */ |
8 | |
9 | #ifndef _UAPI_LINUX_LSM_H |
10 | #define _UAPI_LINUX_LSM_H |
11 | |
12 | #include <linux/stddef.h> |
13 | #include <linux/types.h> |
14 | #include <linux/unistd.h> |
15 | |
16 | /** |
17 | * struct lsm_ctx - LSM context information |
18 | * @id: the LSM id number, see LSM_ID_XXX |
19 | * @flags: LSM specific flags |
20 | * @len: length of the lsm_ctx struct, @ctx and any other data or padding |
21 | * @ctx_len: the size of @ctx |
22 | * @ctx: the LSM context value |
23 | * |
24 | * The @len field MUST be equal to the size of the lsm_ctx struct |
25 | * plus any additional padding and/or data placed after @ctx. |
26 | * |
27 | * In all cases @ctx_len MUST be equal to the length of @ctx. |
28 | * If @ctx is a string value it should be nul terminated with |
29 | * @ctx_len equal to `strlen(@ctx) + 1`. Binary values are |
30 | * supported. |
31 | * |
32 | * The @flags and @ctx fields SHOULD only be interpreted by the |
33 | * LSM specified by @id; they MUST be set to zero/0 when not used. |
34 | */ |
35 | struct lsm_ctx { |
36 | __u64 id; |
37 | __u64 flags; |
38 | __u64 len; |
39 | __u64 ctx_len; |
40 | __u8 ctx[] __counted_by(ctx_len); |
41 | }; |
42 | |
43 | /* |
44 | * ID tokens to identify Linux Security Modules (LSMs) |
45 | * |
46 | * These token values are used to uniquely identify specific LSMs |
47 | * in the kernel as well as in the kernel's LSM userspace API. |
48 | * |
49 | * A value of zero/0 is considered undefined and should not be used |
50 | * outside the kernel. Values 1-99 are reserved for potential |
51 | * future use. |
52 | */ |
53 | #define LSM_ID_UNDEF 0 |
54 | #define LSM_ID_CAPABILITY 100 |
55 | #define LSM_ID_SELINUX 101 |
56 | #define LSM_ID_SMACK 102 |
57 | #define LSM_ID_TOMOYO 103 |
58 | #define LSM_ID_APPARMOR 104 |
59 | #define LSM_ID_YAMA 105 |
60 | #define LSM_ID_LOADPIN 106 |
61 | #define LSM_ID_SAFESETID 107 |
62 | #define LSM_ID_LOCKDOWN 108 |
63 | #define LSM_ID_BPF 109 |
64 | #define LSM_ID_LANDLOCK 110 |
65 | #define LSM_ID_IMA 111 |
66 | #define LSM_ID_EVM 112 |
67 | |
68 | /* |
69 | * LSM_ATTR_XXX definitions identify different LSM attributes |
70 | * which are used in the kernel's LSM userspace API. Support |
71 | * for these attributes vary across the different LSMs. None |
72 | * are required. |
73 | * |
74 | * A value of zero/0 is considered undefined and should not be used |
75 | * outside the kernel. Values 1-99 are reserved for potential |
76 | * future use. |
77 | */ |
78 | #define LSM_ATTR_UNDEF 0 |
79 | #define LSM_ATTR_CURRENT 100 |
80 | #define LSM_ATTR_EXEC 101 |
81 | #define LSM_ATTR_FSCREATE 102 |
82 | #define LSM_ATTR_KEYCREATE 103 |
83 | #define LSM_ATTR_PREV 104 |
84 | #define LSM_ATTR_SOCKCREATE 105 |
85 | |
86 | /* |
87 | * LSM_FLAG_XXX definitions identify special handling instructions |
88 | * for the API. |
89 | */ |
90 | #define LSM_FLAG_SINGLE 0x0001 |
91 | |
92 | #endif /* _UAPI_LINUX_LSM_H */ |
93 | |