Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
1/* SPDX-License-Identifier: GPL-2.0-only */
2/*
3 * Copyright (C) 2009 IBM Corporation
4 * Author: Mimi Zohar <zohar@us.ibm.com>
5 */
6
7#ifndef _LINUX_INTEGRITY_H
8#define _LINUX_INTEGRITY_H
9
10#include <linux/fs.h>
11#include <linux/iversion.h>
12
13enum integrity_status {
14 INTEGRITY_PASS = 0,
15 INTEGRITY_PASS_IMMUTABLE,
16 INTEGRITY_FAIL,
17 INTEGRITY_FAIL_IMMUTABLE,
18 INTEGRITY_NOLABEL,
19 INTEGRITY_NOXATTRS,
20 INTEGRITY_UNKNOWN,
21};
22
23#ifdef CONFIG_INTEGRITY
24extern void __init integrity_load_keys(void);
25
26#else
27static inline void integrity_load_keys(void)
28{
29}
30#endif /* CONFIG_INTEGRITY */
31
32/* An inode's attributes for detection of changes */
33struct integrity_inode_attributes {
34 u64 version; /* track inode changes */
35 unsigned long ino;
36 dev_t dev;
37};
38
39/*
40 * On stacked filesystems the i_version alone is not enough to detect file data
41 * or metadata change. Additional metadata is required.
42 */
43static inline void
44integrity_inode_attrs_store(struct integrity_inode_attributes *attrs,
45 u64 i_version, const struct inode *inode)
46{
47 attrs->version = i_version;
48 attrs->dev = inode->i_sb->s_dev;
49 attrs->ino = inode->i_ino;
50}
51
52/*
53 * On stacked filesystems detect whether the inode or its content has changed.
54 */
55static inline bool
56integrity_inode_attrs_changed(const struct integrity_inode_attributes *attrs,
57 const struct inode *inode)
58{
59 return (inode->i_sb->s_dev != attrs->dev ||
60 inode->i_ino != attrs->ino ||
61 !inode_eq_iversion(inode, attrs->version));
62}
63
64
65#endif /* _LINUX_INTEGRITY_H */