xref: /linux-6.15/include/linux/evm.h (revision e61b135f) 
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * evm.h
4  *
5  * Copyright (c) 2009 IBM Corporation
6  * Author: Mimi Zohar <[email protected]>
7  */
8 
9 #ifndef _LINUX_EVM_H
10 #define _LINUX_EVM_H
11 
12 #include <linux/integrity.h>
13 #include <linux/xattr.h>
14 
15 struct integrity_iint_cache;
16 
17 #ifdef CONFIG_EVM
18 extern int evm_set_key(void *key, size_t keylen);
19 extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
20 					     const char *xattr_name,
21 					     void *xattr_value,
22 					     size_t xattr_value_len,
23 					     struct integrity_iint_cache *iint);
24 extern int evm_inode_setattr(struct user_namespace *mnt_userns,
25 			     struct dentry *dentry, struct iattr *attr);
26 extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid);
27 extern int evm_inode_setxattr(struct user_namespace *mnt_userns,
28 			      struct dentry *dentry, const char *name,
29 			      const void *value, size_t size);
30 extern void evm_inode_post_setxattr(struct dentry *dentry,
31 				    const char *xattr_name,
32 				    const void *xattr_value,
33 				    size_t xattr_value_len);
34 extern int evm_inode_removexattr(struct user_namespace *mnt_userns,
35 				 struct dentry *dentry, const char *xattr_name);
36 extern void evm_inode_post_removexattr(struct dentry *dentry,
37 				       const char *xattr_name);
38 extern int evm_inode_set_acl(struct user_namespace *mnt_userns,
39 			     struct dentry *dentry, const char *acl_name,
40 			     struct posix_acl *kacl);
41 static inline int evm_inode_remove_acl(struct user_namespace *mnt_userns,
42 				       struct dentry *dentry,
43 				       const char *acl_name)
44 {
45 	return evm_inode_set_acl(mnt_userns, dentry, acl_name, NULL);
46 }
47 extern int evm_inode_init_security(struct inode *inode,
48 				   const struct xattr *xattr_array,
49 				   struct xattr *evm);
50 extern bool evm_revalidate_status(const char *xattr_name);
51 extern int evm_protected_xattr_if_enabled(const char *req_xattr_name);
52 extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
53 				     int buffer_size, char type,
54 				     bool canonical_fmt);
55 #ifdef CONFIG_FS_POSIX_ACL
56 extern int posix_xattr_acl(const char *xattrname);
57 #else
58 static inline int posix_xattr_acl(const char *xattrname)
59 {
60 	return 0;
61 }
62 #endif
63 #else
64 
65 static inline int evm_set_key(void *key, size_t keylen)
66 {
67 	return -EOPNOTSUPP;
68 }
69 
70 #ifdef CONFIG_INTEGRITY
71 static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
72 						    const char *xattr_name,
73 						    void *xattr_value,
74 						    size_t xattr_value_len,
75 					struct integrity_iint_cache *iint)
76 {
77 	return INTEGRITY_UNKNOWN;
78 }
79 #endif
80 
81 static inline int evm_inode_setattr(struct user_namespace *mnt_userns,
82 				    struct dentry *dentry, struct iattr *attr)
83 {
84 	return 0;
85 }
86 
87 static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
88 {
89 	return;
90 }
91 
92 static inline int evm_inode_setxattr(struct user_namespace *mnt_userns,
93 				     struct dentry *dentry, const char *name,
94 				     const void *value, size_t size)
95 {
96 	return 0;
97 }
98 
99 static inline void evm_inode_post_setxattr(struct dentry *dentry,
100 					   const char *xattr_name,
101 					   const void *xattr_value,
102 					   size_t xattr_value_len)
103 {
104 	return;
105 }
106 
107 static inline int evm_inode_removexattr(struct user_namespace *mnt_userns,
108 					struct dentry *dentry,
109 					const char *xattr_name)
110 {
111 	return 0;
112 }
113 
114 static inline void evm_inode_post_removexattr(struct dentry *dentry,
115 					      const char *xattr_name)
116 {
117 	return;
118 }
119 
120 static inline int evm_inode_set_acl(struct user_namespace *mnt_userns,
121 				    struct dentry *dentry, const char *acl_name,
122 				    struct posix_acl *kacl)
123 {
124 	return 0;
125 }
126 
127 static inline int evm_inode_remove_acl(struct user_namespace *mnt_userns,
128 				       struct dentry *dentry,
129 				       const char *acl_name)
130 {
131 	return 0;
132 }
133 
134 static inline int evm_inode_init_security(struct inode *inode,
135 					  const struct xattr *xattr_array,
136 					  struct xattr *evm)
137 {
138 	return 0;
139 }
140 
141 static inline bool evm_revalidate_status(const char *xattr_name)
142 {
143 	return false;
144 }
145 
146 static inline int evm_protected_xattr_if_enabled(const char *req_xattr_name)
147 {
148 	return false;
149 }
150 
151 static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
152 					    int buffer_size, char type,
153 					    bool canonical_fmt)
154 {
155 	return -EOPNOTSUPP;
156 }
157 
158 #endif /* CONFIG_EVM */
159 #endif /* LINUX_EVM_H */
160