xref: /linux-6.15/include/linux/evm.h (revision a56df5d5) 
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * evm.h
4  *
5  * Copyright (c) 2009 IBM Corporation
6  * Author: Mimi Zohar <[email protected]>
7  */
8 
9 #ifndef _LINUX_EVM_H
10 #define _LINUX_EVM_H
11 
12 #include <linux/integrity.h>
13 #include <linux/xattr.h>
14 
15 struct integrity_iint_cache;
16 
17 #ifdef CONFIG_EVM
18 extern int evm_set_key(void *key, size_t keylen);
19 extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
20 					     const char *xattr_name,
21 					     void *xattr_value,
22 					     size_t xattr_value_len,
23 					     struct integrity_iint_cache *iint);
24 extern int evm_inode_setattr(struct user_namespace *mnt_userns,
25 			     struct dentry *dentry, struct iattr *attr);
26 extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid);
27 extern int evm_inode_setxattr(struct user_namespace *mnt_userns,
28 			      struct dentry *dentry, const char *name,
29 			      const void *value, size_t size);
30 extern void evm_inode_post_setxattr(struct dentry *dentry,
31 				    const char *xattr_name,
32 				    const void *xattr_value,
33 				    size_t xattr_value_len);
34 extern int evm_inode_removexattr(struct user_namespace *mnt_userns,
35 				 struct dentry *dentry, const char *xattr_name);
36 extern void evm_inode_post_removexattr(struct dentry *dentry,
37 				       const char *xattr_name);
38 extern int evm_inode_set_acl(struct user_namespace *mnt_userns,
39 			     struct dentry *dentry, const char *acl_name,
40 			     struct posix_acl *kacl);
41 static inline int evm_inode_remove_acl(struct user_namespace *mnt_userns,
42 				       struct dentry *dentry,
43 				       const char *acl_name)
44 {
45 	return evm_inode_set_acl(mnt_userns, dentry, acl_name, NULL);
46 }
47 static inline void evm_inode_post_set_acl(struct dentry *dentry,
48 					  const char *acl_name,
49 					  struct posix_acl *kacl)
50 {
51 	return evm_inode_post_setxattr(dentry, acl_name, NULL, 0);
52 }
53 extern int evm_inode_init_security(struct inode *inode,
54 				   const struct xattr *xattr_array,
55 				   struct xattr *evm);
56 extern bool evm_revalidate_status(const char *xattr_name);
57 extern int evm_protected_xattr_if_enabled(const char *req_xattr_name);
58 extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
59 				     int buffer_size, char type,
60 				     bool canonical_fmt);
61 #ifdef CONFIG_FS_POSIX_ACL
62 extern int posix_xattr_acl(const char *xattrname);
63 #else
64 static inline int posix_xattr_acl(const char *xattrname)
65 {
66 	return 0;
67 }
68 #endif
69 #else
70 
71 static inline int evm_set_key(void *key, size_t keylen)
72 {
73 	return -EOPNOTSUPP;
74 }
75 
76 #ifdef CONFIG_INTEGRITY
77 static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
78 						    const char *xattr_name,
79 						    void *xattr_value,
80 						    size_t xattr_value_len,
81 					struct integrity_iint_cache *iint)
82 {
83 	return INTEGRITY_UNKNOWN;
84 }
85 #endif
86 
87 static inline int evm_inode_setattr(struct user_namespace *mnt_userns,
88 				    struct dentry *dentry, struct iattr *attr)
89 {
90 	return 0;
91 }
92 
93 static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
94 {
95 	return;
96 }
97 
98 static inline int evm_inode_setxattr(struct user_namespace *mnt_userns,
99 				     struct dentry *dentry, const char *name,
100 				     const void *value, size_t size)
101 {
102 	return 0;
103 }
104 
105 static inline void evm_inode_post_setxattr(struct dentry *dentry,
106 					   const char *xattr_name,
107 					   const void *xattr_value,
108 					   size_t xattr_value_len)
109 {
110 	return;
111 }
112 
113 static inline int evm_inode_removexattr(struct user_namespace *mnt_userns,
114 					struct dentry *dentry,
115 					const char *xattr_name)
116 {
117 	return 0;
118 }
119 
120 static inline void evm_inode_post_removexattr(struct dentry *dentry,
121 					      const char *xattr_name)
122 {
123 	return;
124 }
125 
126 static inline int evm_inode_set_acl(struct user_namespace *mnt_userns,
127 				    struct dentry *dentry, const char *acl_name,
128 				    struct posix_acl *kacl)
129 {
130 	return 0;
131 }
132 
133 static inline int evm_inode_remove_acl(struct user_namespace *mnt_userns,
134 				       struct dentry *dentry,
135 				       const char *acl_name)
136 {
137 	return 0;
138 }
139 
140 static inline void evm_inode_post_set_acl(struct dentry *dentry,
141 					  const char *acl_name,
142 					  struct posix_acl *kacl)
143 {
144 	return;
145 }
146 
147 static inline int evm_inode_init_security(struct inode *inode,
148 					  const struct xattr *xattr_array,
149 					  struct xattr *evm)
150 {
151 	return 0;
152 }
153 
154 static inline bool evm_revalidate_status(const char *xattr_name)
155 {
156 	return false;
157 }
158 
159 static inline int evm_protected_xattr_if_enabled(const char *req_xattr_name)
160 {
161 	return false;
162 }
163 
164 static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
165 					    int buffer_size, char type,
166 					    bool canonical_fmt)
167 {
168 	return -EOPNOTSUPP;
169 }
170 
171 #endif /* CONFIG_EVM */
172 #endif /* LINUX_EVM_H */
173