xref: /linux-6.15/include/linux/evm.h (revision 779cb194) 
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * evm.h
4  *
5  * Copyright (c) 2009 IBM Corporation
6  * Author: Mimi Zohar <[email protected]>
7  */
8 
9 #ifndef _LINUX_EVM_H
10 #define _LINUX_EVM_H
11 
12 #include <linux/integrity.h>
13 #include <linux/xattr.h>
14 
15 struct integrity_iint_cache;
16 
17 #ifdef CONFIG_EVM
18 extern int evm_set_key(void *key, size_t keylen);
19 extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
20 					     const char *xattr_name,
21 					     void *xattr_value,
22 					     size_t xattr_value_len,
23 					     struct integrity_iint_cache *iint);
24 extern int evm_inode_setattr(struct mnt_idmap *idmap,
25 			     struct dentry *dentry, struct iattr *attr);
26 extern void evm_inode_post_setattr(struct mnt_idmap *idmap,
27 				   struct dentry *dentry, int ia_valid);
28 extern int evm_inode_setxattr(struct mnt_idmap *idmap,
29 			      struct dentry *dentry, const char *name,
30 			      const void *value, size_t size, int flags);
31 extern void evm_inode_post_setxattr(struct dentry *dentry,
32 				    const char *xattr_name,
33 				    const void *xattr_value,
34 				    size_t xattr_value_len,
35 				    int flags);
36 extern int evm_inode_copy_up_xattr(const char *name);
37 extern int evm_inode_removexattr(struct mnt_idmap *idmap,
38 				 struct dentry *dentry, const char *xattr_name);
39 extern void evm_inode_post_removexattr(struct dentry *dentry,
40 				       const char *xattr_name);
41 static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap,
42 					     struct dentry *dentry,
43 					     const char *acl_name)
44 {
45 	evm_inode_post_removexattr(dentry, acl_name);
46 }
47 extern int evm_inode_set_acl(struct mnt_idmap *idmap,
48 			     struct dentry *dentry, const char *acl_name,
49 			     struct posix_acl *kacl);
50 static inline int evm_inode_remove_acl(struct mnt_idmap *idmap,
51 				       struct dentry *dentry,
52 				       const char *acl_name)
53 {
54 	return evm_inode_set_acl(idmap, dentry, acl_name, NULL);
55 }
56 static inline void evm_inode_post_set_acl(struct dentry *dentry,
57 					  const char *acl_name,
58 					  struct posix_acl *kacl)
59 {
60 	return evm_inode_post_setxattr(dentry, acl_name, NULL, 0, 0);
61 }
62 
63 int evm_inode_init_security(struct inode *inode, struct inode *dir,
64 			    const struct qstr *qstr, struct xattr *xattrs,
65 			    int *xattr_count);
66 extern bool evm_revalidate_status(const char *xattr_name);
67 extern int evm_protected_xattr_if_enabled(const char *req_xattr_name);
68 extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
69 				     int buffer_size, char type,
70 				     bool canonical_fmt);
71 #ifdef CONFIG_FS_POSIX_ACL
72 extern int posix_xattr_acl(const char *xattrname);
73 #else
74 static inline int posix_xattr_acl(const char *xattrname)
75 {
76 	return 0;
77 }
78 #endif
79 #else
80 
81 static inline int evm_set_key(void *key, size_t keylen)
82 {
83 	return -EOPNOTSUPP;
84 }
85 
86 #ifdef CONFIG_INTEGRITY
87 static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
88 						    const char *xattr_name,
89 						    void *xattr_value,
90 						    size_t xattr_value_len,
91 					struct integrity_iint_cache *iint)
92 {
93 	return INTEGRITY_UNKNOWN;
94 }
95 #endif
96 
97 static inline int evm_inode_setattr(struct mnt_idmap *idmap,
98 				    struct dentry *dentry, struct iattr *attr)
99 {
100 	return 0;
101 }
102 
103 static inline void evm_inode_post_setattr(struct mnt_idmap *idmap,
104 					  struct dentry *dentry, int ia_valid)
105 {
106 	return;
107 }
108 
109 static inline int evm_inode_setxattr(struct mnt_idmap *idmap,
110 				     struct dentry *dentry, const char *name,
111 				     const void *value, size_t size, int flags)
112 {
113 	return 0;
114 }
115 
116 static inline void evm_inode_post_setxattr(struct dentry *dentry,
117 					   const char *xattr_name,
118 					   const void *xattr_value,
119 					   size_t xattr_value_len,
120 					   int flags)
121 {
122 	return;
123 }
124 
125 static inline int  evm_inode_copy_up_xattr(const char *name)
126 {
127 	return 0;
128 }
129 
130 static inline int evm_inode_removexattr(struct mnt_idmap *idmap,
131 					struct dentry *dentry,
132 					const char *xattr_name)
133 {
134 	return 0;
135 }
136 
137 static inline void evm_inode_post_removexattr(struct dentry *dentry,
138 					      const char *xattr_name)
139 {
140 	return;
141 }
142 
143 static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap,
144 					     struct dentry *dentry,
145 					     const char *acl_name)
146 {
147 	return;
148 }
149 
150 static inline int evm_inode_set_acl(struct mnt_idmap *idmap,
151 				    struct dentry *dentry, const char *acl_name,
152 				    struct posix_acl *kacl)
153 {
154 	return 0;
155 }
156 
157 static inline int evm_inode_remove_acl(struct mnt_idmap *idmap,
158 				       struct dentry *dentry,
159 				       const char *acl_name)
160 {
161 	return 0;
162 }
163 
164 static inline void evm_inode_post_set_acl(struct dentry *dentry,
165 					  const char *acl_name,
166 					  struct posix_acl *kacl)
167 {
168 	return;
169 }
170 
171 static inline int evm_inode_init_security(struct inode *inode, struct inode *dir,
172 					  const struct qstr *qstr,
173 					  struct xattr *xattrs,
174 					  int *xattr_count)
175 {
176 	return 0;
177 }
178 
179 static inline bool evm_revalidate_status(const char *xattr_name)
180 {
181 	return false;
182 }
183 
184 static inline int evm_protected_xattr_if_enabled(const char *req_xattr_name)
185 {
186 	return false;
187 }
188 
189 static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
190 					    int buffer_size, char type,
191 					    bool canonical_fmt)
192 {
193 	return -EOPNOTSUPP;
194 }
195 
196 #endif /* CONFIG_EVM */
197 #endif /* LINUX_EVM_H */
198