xref: /linux-6.15/include/linux/evm.h (revision a652aa59) 
1b2441318SGreg Kroah-Hartman /* SPDX-License-Identifier: GPL-2.0 */
23e1be52dSMimi Zohar /*
33e1be52dSMimi Zohar  * evm.h
43e1be52dSMimi Zohar  *
53e1be52dSMimi Zohar  * Copyright (c) 2009 IBM Corporation
63e1be52dSMimi Zohar  * Author: Mimi Zohar <[email protected]>
73e1be52dSMimi Zohar  */
83e1be52dSMimi Zohar 
93e1be52dSMimi Zohar #ifndef _LINUX_EVM_H
103e1be52dSMimi Zohar #define _LINUX_EVM_H
113e1be52dSMimi Zohar 
123e1be52dSMimi Zohar #include <linux/integrity.h>
13cb723180SMimi Zohar #include <linux/xattr.h>
143e1be52dSMimi Zohar 
153e1be52dSMimi Zohar #ifdef CONFIG_EVM
1676266763SDmitry Kasatkin extern int evm_set_key(void *key, size_t keylen);
173e1be52dSMimi Zohar extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
183e1be52dSMimi Zohar 					     const char *xattr_name,
193e1be52dSMimi Zohar 					     void *xattr_value,
2075a323e6SRoberto Sassu 					     size_t xattr_value_len);
216db7d1deSRoberto Sassu int evm_inode_init_security(struct inode *inode, struct inode *dir,
226db7d1deSRoberto Sassu 			    const struct qstr *qstr, struct xattr *xattrs,
236db7d1deSRoberto Sassu 			    int *xattr_count);
24e3ccfe1aSRoberto Sassu extern bool evm_revalidate_status(const char *xattr_name);
258c7a703eSRoberto Sassu extern int evm_protected_xattr_if_enabled(const char *req_xattr_name);
268314b673SRoberto Sassu extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
278314b673SRoberto Sassu 				     int buffer_size, char type,
288314b673SRoberto Sassu 				     bool canonical_fmt);
29*a652aa59SStefan Berger extern bool evm_metadata_changed(struct inode *inode,
30*a652aa59SStefan Berger 				 struct inode *metadata_inode);
31bf6d0f5dSMimi Zohar #ifdef CONFIG_FS_POSIX_ACL
32bf6d0f5dSMimi Zohar extern int posix_xattr_acl(const char *xattrname);
33bf6d0f5dSMimi Zohar #else
posix_xattr_acl(const char * xattrname)34bf6d0f5dSMimi Zohar static inline int posix_xattr_acl(const char *xattrname)
35bf6d0f5dSMimi Zohar {
36bf6d0f5dSMimi Zohar 	return 0;
37bf6d0f5dSMimi Zohar }
38bf6d0f5dSMimi Zohar #endif
393e1be52dSMimi Zohar #else
4076266763SDmitry Kasatkin 
evm_set_key(void * key,size_t keylen)4176266763SDmitry Kasatkin static inline int evm_set_key(void *key, size_t keylen)
4276266763SDmitry Kasatkin {
4376266763SDmitry Kasatkin 	return -EOPNOTSUPP;
4476266763SDmitry Kasatkin }
4576266763SDmitry Kasatkin 
463e1be52dSMimi Zohar #ifdef CONFIG_INTEGRITY
evm_verifyxattr(struct dentry * dentry,const char * xattr_name,void * xattr_value,size_t xattr_value_len)473e1be52dSMimi Zohar static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
483e1be52dSMimi Zohar 						    const char *xattr_name,
493e1be52dSMimi Zohar 						    void *xattr_value,
5075a323e6SRoberto Sassu 						    size_t xattr_value_len)
513e1be52dSMimi Zohar {
523e1be52dSMimi Zohar 	return INTEGRITY_UNKNOWN;
533e1be52dSMimi Zohar }
543e1be52dSMimi Zohar #endif
553e1be52dSMimi Zohar 
evm_inode_init_security(struct inode * inode,struct inode * dir,const struct qstr * qstr,struct xattr * xattrs,int * xattr_count)566db7d1deSRoberto Sassu static inline int evm_inode_init_security(struct inode *inode, struct inode *dir,
576db7d1deSRoberto Sassu 					  const struct qstr *qstr,
586db7d1deSRoberto Sassu 					  struct xattr *xattrs,
596db7d1deSRoberto Sassu 					  int *xattr_count)
60cb723180SMimi Zohar {
615a4730baSMimi Zohar 	return 0;
62cb723180SMimi Zohar }
63cb723180SMimi Zohar 
evm_revalidate_status(const char * xattr_name)64e3ccfe1aSRoberto Sassu static inline bool evm_revalidate_status(const char *xattr_name)
65e3ccfe1aSRoberto Sassu {
66e3ccfe1aSRoberto Sassu 	return false;
67e3ccfe1aSRoberto Sassu }
68e3ccfe1aSRoberto Sassu 
evm_protected_xattr_if_enabled(const char * req_xattr_name)698c7a703eSRoberto Sassu static inline int evm_protected_xattr_if_enabled(const char *req_xattr_name)
708c7a703eSRoberto Sassu {
718c7a703eSRoberto Sassu 	return false;
728c7a703eSRoberto Sassu }
738c7a703eSRoberto Sassu 
evm_read_protected_xattrs(struct dentry * dentry,u8 * buffer,int buffer_size,char type,bool canonical_fmt)748314b673SRoberto Sassu static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
758314b673SRoberto Sassu 					    int buffer_size, char type,
768314b673SRoberto Sassu 					    bool canonical_fmt)
778314b673SRoberto Sassu {
788314b673SRoberto Sassu 	return -EOPNOTSUPP;
798314b673SRoberto Sassu }
808314b673SRoberto Sassu 
evm_metadata_changed(struct inode * inode,struct inode * metadata_inode)81*a652aa59SStefan Berger static inline bool evm_metadata_changed(struct inode *inode,
82*a652aa59SStefan Berger 					struct inode *metadata_inode)
83*a652aa59SStefan Berger {
84*a652aa59SStefan Berger 	return false;
85*a652aa59SStefan Berger }
86*a652aa59SStefan Berger 
87e05a4f4fSPaul Bolle #endif /* CONFIG_EVM */
883e1be52dSMimi Zohar #endif /* LINUX_EVM_H */
89