tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / linux / evm.h
at v6.6 4.9 kB view raw
1/* SPDX-License-Identifier: GPL-2.0 */ 2/* 3 * evm.h 4 * 5 * Copyright (c) 2009 IBM Corporation 6 * Author: Mimi Zohar <zohar@us.ibm.com> 7 */ 8 9#ifndef _LINUX_EVM_H 10#define _LINUX_EVM_H 11 12#include <linux/integrity.h> 13#include <linux/xattr.h> 14 15struct integrity_iint_cache; 16 17#ifdef CONFIG_EVM 18extern int evm_set_key(void *key, size_t keylen); 19extern enum integrity_status evm_verifyxattr(struct dentry *dentry, 20 const char *xattr_name, 21 void *xattr_value, 22 size_t xattr_value_len, 23 struct integrity_iint_cache *iint); 24extern int evm_inode_setattr(struct mnt_idmap *idmap, 25 struct dentry *dentry, struct iattr *attr); 26extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); 27extern int evm_inode_setxattr(struct mnt_idmap *idmap, 28 struct dentry *dentry, const char *name, 29 const void *value, size_t size); 30extern void evm_inode_post_setxattr(struct dentry *dentry, 31 const char *xattr_name, 32 const void *xattr_value, 33 size_t xattr_value_len); 34extern int evm_inode_removexattr(struct mnt_idmap *idmap, 35 struct dentry *dentry, const char *xattr_name); 36extern void evm_inode_post_removexattr(struct dentry *dentry, 37 const char *xattr_name); 38static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap, 39 struct dentry *dentry, 40 const char *acl_name) 41{ 42 evm_inode_post_removexattr(dentry, acl_name); 43} 44extern int evm_inode_set_acl(struct mnt_idmap *idmap, 45 struct dentry *dentry, const char *acl_name, 46 struct posix_acl *kacl); 47static inline int evm_inode_remove_acl(struct mnt_idmap *idmap, 48 struct dentry *dentry, 49 const char *acl_name) 50{ 51 return evm_inode_set_acl(idmap, dentry, acl_name, NULL); 52} 53static inline void evm_inode_post_set_acl(struct dentry *dentry, 54 const char *acl_name, 55 struct posix_acl *kacl) 56{ 57 return evm_inode_post_setxattr(dentry, acl_name, NULL, 0); 58} 59 60int evm_inode_init_security(struct inode *inode, struct inode *dir, 61 const struct qstr *qstr, struct xattr *xattrs, 62 int *xattr_count); 63extern bool evm_revalidate_status(const char *xattr_name); 64extern int evm_protected_xattr_if_enabled(const char *req_xattr_name); 65extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer, 66 int buffer_size, char type, 67 bool canonical_fmt); 68#ifdef CONFIG_FS_POSIX_ACL 69extern int posix_xattr_acl(const char *xattrname); 70#else 71static inline int posix_xattr_acl(const char *xattrname) 72{ 73 return 0; 74} 75#endif 76#else 77 78static inline int evm_set_key(void *key, size_t keylen) 79{ 80 return -EOPNOTSUPP; 81} 82 83#ifdef CONFIG_INTEGRITY 84static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, 85 const char *xattr_name, 86 void *xattr_value, 87 size_t xattr_value_len, 88 struct integrity_iint_cache *iint) 89{ 90 return INTEGRITY_UNKNOWN; 91} 92#endif 93 94static inline int evm_inode_setattr(struct mnt_idmap *idmap, 95 struct dentry *dentry, struct iattr *attr) 96{ 97 return 0; 98} 99 100static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) 101{ 102 return; 103} 104 105static inline int evm_inode_setxattr(struct mnt_idmap *idmap, 106 struct dentry *dentry, const char *name, 107 const void *value, size_t size) 108{ 109 return 0; 110} 111 112static inline void evm_inode_post_setxattr(struct dentry *dentry, 113 const char *xattr_name, 114 const void *xattr_value, 115 size_t xattr_value_len) 116{ 117 return; 118} 119 120static inline int evm_inode_removexattr(struct mnt_idmap *idmap, 121 struct dentry *dentry, 122 const char *xattr_name) 123{ 124 return 0; 125} 126 127static inline void evm_inode_post_removexattr(struct dentry *dentry, 128 const char *xattr_name) 129{ 130 return; 131} 132 133static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap, 134 struct dentry *dentry, 135 const char *acl_name) 136{ 137 return; 138} 139 140static inline int evm_inode_set_acl(struct mnt_idmap *idmap, 141 struct dentry *dentry, const char *acl_name, 142 struct posix_acl *kacl) 143{ 144 return 0; 145} 146 147static inline int evm_inode_remove_acl(struct mnt_idmap *idmap, 148 struct dentry *dentry, 149 const char *acl_name) 150{ 151 return 0; 152} 153 154static inline void evm_inode_post_set_acl(struct dentry *dentry, 155 const char *acl_name, 156 struct posix_acl *kacl) 157{ 158 return; 159} 160 161static inline int evm_inode_init_security(struct inode *inode, struct inode *dir, 162 const struct qstr *qstr, 163 struct xattr *xattrs, 164 int *xattr_count) 165{ 166 return 0; 167} 168 169static inline bool evm_revalidate_status(const char *xattr_name) 170{ 171 return false; 172} 173 174static inline int evm_protected_xattr_if_enabled(const char *req_xattr_name) 175{ 176 return false; 177} 178 179static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer, 180 int buffer_size, char type, 181 bool canonical_fmt) 182{ 183 return -EOPNOTSUPP; 184} 185 186#endif /* CONFIG_EVM */ 187#endif /* LINUX_EVM_H */