xref: /linux-6.15/include/linux/evm.h (revision 6501ac11) 
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * evm.h
4  *
5  * Copyright (c) 2009 IBM Corporation
6  * Author: Mimi Zohar <[email protected]>
7  */
8 
9 #ifndef _LINUX_EVM_H
10 #define _LINUX_EVM_H
11 
12 #include <linux/integrity.h>
13 #include <linux/xattr.h>
14 
15 struct integrity_iint_cache;
16 
17 #ifdef CONFIG_EVM
18 extern int evm_set_key(void *key, size_t keylen);
19 extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
20 					     const char *xattr_name,
21 					     void *xattr_value,
22 					     size_t xattr_value_len,
23 					     struct integrity_iint_cache *iint);
24 extern int evm_inode_setattr(struct mnt_idmap *idmap,
25 			     struct dentry *dentry, struct iattr *attr);
26 extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid);
27 extern int evm_inode_setxattr(struct mnt_idmap *idmap,
28 			      struct dentry *dentry, const char *name,
29 			      const void *value, size_t size);
30 extern void evm_inode_post_setxattr(struct dentry *dentry,
31 				    const char *xattr_name,
32 				    const void *xattr_value,
33 				    size_t xattr_value_len);
34 extern int evm_inode_copy_up_xattr(const char *name);
35 extern int evm_inode_removexattr(struct mnt_idmap *idmap,
36 				 struct dentry *dentry, const char *xattr_name);
37 extern void evm_inode_post_removexattr(struct dentry *dentry,
38 				       const char *xattr_name);
39 static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap,
40 					     struct dentry *dentry,
41 					     const char *acl_name)
42 {
43 	evm_inode_post_removexattr(dentry, acl_name);
44 }
45 extern int evm_inode_set_acl(struct mnt_idmap *idmap,
46 			     struct dentry *dentry, const char *acl_name,
47 			     struct posix_acl *kacl);
48 static inline int evm_inode_remove_acl(struct mnt_idmap *idmap,
49 				       struct dentry *dentry,
50 				       const char *acl_name)
51 {
52 	return evm_inode_set_acl(idmap, dentry, acl_name, NULL);
53 }
54 static inline void evm_inode_post_set_acl(struct dentry *dentry,
55 					  const char *acl_name,
56 					  struct posix_acl *kacl)
57 {
58 	return evm_inode_post_setxattr(dentry, acl_name, NULL, 0);
59 }
60 
61 int evm_inode_init_security(struct inode *inode, struct inode *dir,
62 			    const struct qstr *qstr, struct xattr *xattrs,
63 			    int *xattr_count);
64 extern bool evm_revalidate_status(const char *xattr_name);
65 extern int evm_protected_xattr_if_enabled(const char *req_xattr_name);
66 extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
67 				     int buffer_size, char type,
68 				     bool canonical_fmt);
69 #ifdef CONFIG_FS_POSIX_ACL
70 extern int posix_xattr_acl(const char *xattrname);
71 #else
72 static inline int posix_xattr_acl(const char *xattrname)
73 {
74 	return 0;
75 }
76 #endif
77 #else
78 
79 static inline int evm_set_key(void *key, size_t keylen)
80 {
81 	return -EOPNOTSUPP;
82 }
83 
84 #ifdef CONFIG_INTEGRITY
85 static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
86 						    const char *xattr_name,
87 						    void *xattr_value,
88 						    size_t xattr_value_len,
89 					struct integrity_iint_cache *iint)
90 {
91 	return INTEGRITY_UNKNOWN;
92 }
93 #endif
94 
95 static inline int evm_inode_setattr(struct mnt_idmap *idmap,
96 				    struct dentry *dentry, struct iattr *attr)
97 {
98 	return 0;
99 }
100 
101 static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
102 {
103 	return;
104 }
105 
106 static inline int evm_inode_setxattr(struct mnt_idmap *idmap,
107 				     struct dentry *dentry, const char *name,
108 				     const void *value, size_t size)
109 {
110 	return 0;
111 }
112 
113 static inline void evm_inode_post_setxattr(struct dentry *dentry,
114 					   const char *xattr_name,
115 					   const void *xattr_value,
116 					   size_t xattr_value_len)
117 {
118 	return;
119 }
120 
121 static inline int  evm_inode_copy_up_xattr(const char *name)
122 {
123 	return 0;
124 }
125 
126 static inline int evm_inode_removexattr(struct mnt_idmap *idmap,
127 					struct dentry *dentry,
128 					const char *xattr_name)
129 {
130 	return 0;
131 }
132 
133 static inline void evm_inode_post_removexattr(struct dentry *dentry,
134 					      const char *xattr_name)
135 {
136 	return;
137 }
138 
139 static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap,
140 					     struct dentry *dentry,
141 					     const char *acl_name)
142 {
143 	return;
144 }
145 
146 static inline int evm_inode_set_acl(struct mnt_idmap *idmap,
147 				    struct dentry *dentry, const char *acl_name,
148 				    struct posix_acl *kacl)
149 {
150 	return 0;
151 }
152 
153 static inline int evm_inode_remove_acl(struct mnt_idmap *idmap,
154 				       struct dentry *dentry,
155 				       const char *acl_name)
156 {
157 	return 0;
158 }
159 
160 static inline void evm_inode_post_set_acl(struct dentry *dentry,
161 					  const char *acl_name,
162 					  struct posix_acl *kacl)
163 {
164 	return;
165 }
166 
167 static inline int evm_inode_init_security(struct inode *inode, struct inode *dir,
168 					  const struct qstr *qstr,
169 					  struct xattr *xattrs,
170 					  int *xattr_count)
171 {
172 	return 0;
173 }
174 
175 static inline bool evm_revalidate_status(const char *xattr_name)
176 {
177 	return false;
178 }
179 
180 static inline int evm_protected_xattr_if_enabled(const char *req_xattr_name)
181 {
182 	return false;
183 }
184 
185 static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
186 					    int buffer_size, char type,
187 					    bool canonical_fmt)
188 {
189 	return -EOPNOTSUPP;
190 }
191 
192 #endif /* CONFIG_EVM */
193 #endif /* LINUX_EVM_H */
194