xref: /linux-6.15/include/linux/evm.h (revision f034cc13) 
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * evm.h
4  *
5  * Copyright (c) 2009 IBM Corporation
6  * Author: Mimi Zohar <[email protected]>
7  */
8 
9 #ifndef _LINUX_EVM_H
10 #define _LINUX_EVM_H
11 
12 #include <linux/integrity.h>
13 #include <linux/xattr.h>
14 
15 struct integrity_iint_cache;
16 
17 #ifdef CONFIG_EVM
18 extern int evm_set_key(void *key, size_t keylen);
19 extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
20 					     const char *xattr_name,
21 					     void *xattr_value,
22 					     size_t xattr_value_len,
23 					     struct integrity_iint_cache *iint);
24 extern int evm_inode_setattr(struct dentry *dentry, struct iattr *attr);
25 extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid);
26 extern int evm_inode_setxattr(struct user_namespace *mnt_userns,
27 			      struct dentry *dentry, const char *name,
28 			      const void *value, size_t size);
29 extern void evm_inode_post_setxattr(struct dentry *dentry,
30 				    const char *xattr_name,
31 				    const void *xattr_value,
32 				    size_t xattr_value_len);
33 extern int evm_inode_removexattr(struct user_namespace *mnt_userns,
34 				 struct dentry *dentry, const char *xattr_name);
35 extern void evm_inode_post_removexattr(struct dentry *dentry,
36 				       const char *xattr_name);
37 extern int evm_inode_init_security(struct inode *inode,
38 				   const struct xattr *xattr_array,
39 				   struct xattr *evm);
40 extern bool evm_revalidate_status(const char *xattr_name);
41 extern int evm_protected_xattr_if_enabled(const char *req_xattr_name);
42 extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
43 				     int buffer_size, char type,
44 				     bool canonical_fmt);
45 #ifdef CONFIG_FS_POSIX_ACL
46 extern int posix_xattr_acl(const char *xattrname);
47 #else
48 static inline int posix_xattr_acl(const char *xattrname)
49 {
50 	return 0;
51 }
52 #endif
53 #else
54 
55 static inline int evm_set_key(void *key, size_t keylen)
56 {
57 	return -EOPNOTSUPP;
58 }
59 
60 #ifdef CONFIG_INTEGRITY
61 static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
62 						    const char *xattr_name,
63 						    void *xattr_value,
64 						    size_t xattr_value_len,
65 					struct integrity_iint_cache *iint)
66 {
67 	return INTEGRITY_UNKNOWN;
68 }
69 #endif
70 
71 static inline int evm_inode_setattr(struct dentry *dentry, struct iattr *attr)
72 {
73 	return 0;
74 }
75 
76 static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
77 {
78 	return;
79 }
80 
81 static inline int evm_inode_setxattr(struct user_namespace *mnt_userns,
82 				     struct dentry *dentry, const char *name,
83 				     const void *value, size_t size)
84 {
85 	return 0;
86 }
87 
88 static inline void evm_inode_post_setxattr(struct dentry *dentry,
89 					   const char *xattr_name,
90 					   const void *xattr_value,
91 					   size_t xattr_value_len)
92 {
93 	return;
94 }
95 
96 static inline int evm_inode_removexattr(struct user_namespace *mnt_userns,
97 					struct dentry *dentry,
98 					const char *xattr_name)
99 {
100 	return 0;
101 }
102 
103 static inline void evm_inode_post_removexattr(struct dentry *dentry,
104 					      const char *xattr_name)
105 {
106 	return;
107 }
108 
109 static inline int evm_inode_init_security(struct inode *inode,
110 					  const struct xattr *xattr_array,
111 					  struct xattr *evm)
112 {
113 	return 0;
114 }
115 
116 static inline bool evm_revalidate_status(const char *xattr_name)
117 {
118 	return false;
119 }
120 
121 static inline int evm_protected_xattr_if_enabled(const char *req_xattr_name)
122 {
123 	return false;
124 }
125 
126 static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
127 					    int buffer_size, char type,
128 					    bool canonical_fmt)
129 {
130 	return -EOPNOTSUPP;
131 }
132 
133 #endif /* CONFIG_EVM */
134 #endif /* LINUX_EVM_H */
135