tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

kernel / security / integrity / evm / evm.h
at v5.3-rc2 67 lines 1.7 kB view raw
1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * Copyright (C) 2005-2010 IBM Corporation 4 * 5 * Authors: 6 * Mimi Zohar <zohar@us.ibm.com> 7 * Kylene Hall <kjhall@us.ibm.com> 8 * 9 * File: evm.h 10 */ 11 12#ifndef __INTEGRITY_EVM_H 13#define __INTEGRITY_EVM_H 14 15#include <linux/xattr.h> 16#include <linux/security.h> 17 18#include "../integrity.h" 19 20#define EVM_INIT_HMAC 0x0001 21#define EVM_INIT_X509 0x0002 22#define EVM_ALLOW_METADATA_WRITES 0x0004 23#define EVM_SETUP_COMPLETE 0x80000000 /* userland has signaled key load */ 24 25#define EVM_KEY_MASK (EVM_INIT_HMAC | EVM_INIT_X509) 26#define EVM_INIT_MASK (EVM_INIT_HMAC | EVM_INIT_X509 | EVM_SETUP_COMPLETE | \ 27 EVM_ALLOW_METADATA_WRITES) 28 29struct xattr_list { 30 struct list_head list; 31 char *name; 32}; 33 34extern int evm_initialized; 35 36#define EVM_ATTR_FSUUID 0x0001 37 38extern int evm_hmac_attrs; 39 40extern struct crypto_shash *hmac_tfm; 41extern struct crypto_shash *hash_tfm; 42 43/* List of EVM protected security xattrs */ 44extern struct list_head evm_config_xattrnames; 45 46struct evm_digest { 47 struct ima_digest_data hdr; 48 char digest[IMA_MAX_DIGEST_SIZE]; 49} __packed; 50 51int evm_init_key(void); 52int evm_update_evmxattr(struct dentry *dentry, 53 const char *req_xattr_name, 54 const char *req_xattr_value, 55 size_t req_xattr_value_len); 56int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name, 57 const char *req_xattr_value, 58 size_t req_xattr_value_len, struct evm_digest *data); 59int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name, 60 const char *req_xattr_value, 61 size_t req_xattr_value_len, char type, 62 struct evm_digest *data); 63int evm_init_hmac(struct inode *inode, const struct xattr *xattr, 64 char *hmac_val); 65int evm_init_secfs(void); 66 67#endif