xref: /linux-6.15/include/linux/evm.h (revision 784111d0) 
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * evm.h
4  *
5  * Copyright (c) 2009 IBM Corporation
6  * Author: Mimi Zohar <[email protected]>
7  */
8 
9 #ifndef _LINUX_EVM_H
10 #define _LINUX_EVM_H
11 
12 #include <linux/integrity.h>
13 #include <linux/xattr.h>
14 
15 struct integrity_iint_cache;
16 
17 #ifdef CONFIG_EVM
18 extern int evm_set_key(void *key, size_t keylen);
19 extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
20 					     const char *xattr_name,
21 					     void *xattr_value,
22 					     size_t xattr_value_len,
23 					     struct integrity_iint_cache *iint);
24 extern int evm_inode_setattr(struct mnt_idmap *idmap,
25 			     struct dentry *dentry, struct iattr *attr);
26 extern void evm_inode_post_setattr(struct mnt_idmap *idmap,
27 				   struct dentry *dentry, int ia_valid);
28 extern int evm_inode_setxattr(struct mnt_idmap *idmap,
29 			      struct dentry *dentry, const char *name,
30 			      const void *value, size_t size);
31 extern void evm_inode_post_setxattr(struct dentry *dentry,
32 				    const char *xattr_name,
33 				    const void *xattr_value,
34 				    size_t xattr_value_len);
35 extern int evm_inode_copy_up_xattr(const char *name);
36 extern int evm_inode_removexattr(struct mnt_idmap *idmap,
37 				 struct dentry *dentry, const char *xattr_name);
38 extern void evm_inode_post_removexattr(struct dentry *dentry,
39 				       const char *xattr_name);
40 static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap,
41 					     struct dentry *dentry,
42 					     const char *acl_name)
43 {
44 	evm_inode_post_removexattr(dentry, acl_name);
45 }
46 extern int evm_inode_set_acl(struct mnt_idmap *idmap,
47 			     struct dentry *dentry, const char *acl_name,
48 			     struct posix_acl *kacl);
49 static inline int evm_inode_remove_acl(struct mnt_idmap *idmap,
50 				       struct dentry *dentry,
51 				       const char *acl_name)
52 {
53 	return evm_inode_set_acl(idmap, dentry, acl_name, NULL);
54 }
55 static inline void evm_inode_post_set_acl(struct dentry *dentry,
56 					  const char *acl_name,
57 					  struct posix_acl *kacl)
58 {
59 	return evm_inode_post_setxattr(dentry, acl_name, NULL, 0);
60 }
61 
62 int evm_inode_init_security(struct inode *inode, struct inode *dir,
63 			    const struct qstr *qstr, struct xattr *xattrs,
64 			    int *xattr_count);
65 extern bool evm_revalidate_status(const char *xattr_name);
66 extern int evm_protected_xattr_if_enabled(const char *req_xattr_name);
67 extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
68 				     int buffer_size, char type,
69 				     bool canonical_fmt);
70 #ifdef CONFIG_FS_POSIX_ACL
71 extern int posix_xattr_acl(const char *xattrname);
72 #else
73 static inline int posix_xattr_acl(const char *xattrname)
74 {
75 	return 0;
76 }
77 #endif
78 #else
79 
80 static inline int evm_set_key(void *key, size_t keylen)
81 {
82 	return -EOPNOTSUPP;
83 }
84 
85 #ifdef CONFIG_INTEGRITY
86 static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
87 						    const char *xattr_name,
88 						    void *xattr_value,
89 						    size_t xattr_value_len,
90 					struct integrity_iint_cache *iint)
91 {
92 	return INTEGRITY_UNKNOWN;
93 }
94 #endif
95 
96 static inline int evm_inode_setattr(struct mnt_idmap *idmap,
97 				    struct dentry *dentry, struct iattr *attr)
98 {
99 	return 0;
100 }
101 
102 static inline void evm_inode_post_setattr(struct mnt_idmap *idmap,
103 					  struct dentry *dentry, int ia_valid)
104 {
105 	return;
106 }
107 
108 static inline int evm_inode_setxattr(struct mnt_idmap *idmap,
109 				     struct dentry *dentry, const char *name,
110 				     const void *value, size_t size)
111 {
112 	return 0;
113 }
114 
115 static inline void evm_inode_post_setxattr(struct dentry *dentry,
116 					   const char *xattr_name,
117 					   const void *xattr_value,
118 					   size_t xattr_value_len)
119 {
120 	return;
121 }
122 
123 static inline int  evm_inode_copy_up_xattr(const char *name)
124 {
125 	return 0;
126 }
127 
128 static inline int evm_inode_removexattr(struct mnt_idmap *idmap,
129 					struct dentry *dentry,
130 					const char *xattr_name)
131 {
132 	return 0;
133 }
134 
135 static inline void evm_inode_post_removexattr(struct dentry *dentry,
136 					      const char *xattr_name)
137 {
138 	return;
139 }
140 
141 static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap,
142 					     struct dentry *dentry,
143 					     const char *acl_name)
144 {
145 	return;
146 }
147 
148 static inline int evm_inode_set_acl(struct mnt_idmap *idmap,
149 				    struct dentry *dentry, const char *acl_name,
150 				    struct posix_acl *kacl)
151 {
152 	return 0;
153 }
154 
155 static inline int evm_inode_remove_acl(struct mnt_idmap *idmap,
156 				       struct dentry *dentry,
157 				       const char *acl_name)
158 {
159 	return 0;
160 }
161 
162 static inline void evm_inode_post_set_acl(struct dentry *dentry,
163 					  const char *acl_name,
164 					  struct posix_acl *kacl)
165 {
166 	return;
167 }
168 
169 static inline int evm_inode_init_security(struct inode *inode, struct inode *dir,
170 					  const struct qstr *qstr,
171 					  struct xattr *xattrs,
172 					  int *xattr_count)
173 {
174 	return 0;
175 }
176 
177 static inline bool evm_revalidate_status(const char *xattr_name)
178 {
179 	return false;
180 }
181 
182 static inline int evm_protected_xattr_if_enabled(const char *req_xattr_name)
183 {
184 	return false;
185 }
186 
187 static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
188 					    int buffer_size, char type,
189 					    bool canonical_fmt)
190 {
191 	return -EOPNOTSUPP;
192 }
193 
194 #endif /* CONFIG_EVM */
195 #endif /* LINUX_EVM_H */
196