1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * evm.h 4 * 5 * Copyright (c) 2009 IBM Corporation 6 * Author: Mimi Zohar <zohar@us.ibm.com> 7 */ 8 9 #ifndef _LINUX_EVM_H 10 #define _LINUX_EVM_H 11 12 #include <linux/integrity.h> 13 #include <linux/xattr.h> 14 15 struct integrity_iint_cache; 16 17 #ifdef CONFIG_EVM 18 extern int evm_set_key(void *key, size_t keylen); 19 extern enum integrity_status evm_verifyxattr(struct dentry *dentry, 20 const char *xattr_name, 21 void *xattr_value, 22 size_t xattr_value_len, 23 struct integrity_iint_cache *iint); 24 extern int evm_inode_setattr(struct mnt_idmap *idmap, 25 struct dentry *dentry, struct iattr *attr); 26 extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); 27 extern int evm_inode_setxattr(struct mnt_idmap *idmap, 28 struct dentry *dentry, const char *name, 29 const void *value, size_t size); 30 extern void evm_inode_post_setxattr(struct dentry *dentry, 31 const char *xattr_name, 32 const void *xattr_value, 33 size_t xattr_value_len); 34 extern int evm_inode_removexattr(struct mnt_idmap *idmap, 35 struct dentry *dentry, const char *xattr_name); 36 extern void evm_inode_post_removexattr(struct dentry *dentry, 37 const char *xattr_name); 38 static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap, 39 struct dentry *dentry, 40 const char *acl_name) 41 { 42 evm_inode_post_removexattr(dentry, acl_name); 43 } 44 extern int evm_inode_set_acl(struct mnt_idmap *idmap, 45 struct dentry *dentry, const char *acl_name, 46 struct posix_acl *kacl); 47 static inline int evm_inode_remove_acl(struct mnt_idmap *idmap, 48 struct dentry *dentry, 49 const char *acl_name) 50 { 51 return evm_inode_set_acl(idmap, dentry, acl_name, NULL); 52 } 53 static inline void evm_inode_post_set_acl(struct dentry *dentry, 54 const char *acl_name, 55 struct posix_acl *kacl) 56 { 57 return evm_inode_post_setxattr(dentry, acl_name, NULL, 0); 58 } 59 60 int evm_inode_init_security(struct inode *inode, struct inode *dir, 61 const struct qstr *qstr, struct xattr *xattrs, 62 int *xattr_count); 63 extern bool evm_revalidate_status(const char *xattr_name); 64 extern int evm_protected_xattr_if_enabled(const char *req_xattr_name); 65 extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer, 66 int buffer_size, char type, 67 bool canonical_fmt); 68 #ifdef CONFIG_FS_POSIX_ACL 69 extern int posix_xattr_acl(const char *xattrname); 70 #else 71 static inline int posix_xattr_acl(const char *xattrname) 72 { 73 return 0; 74 } 75 #endif 76 #else 77 78 static inline int evm_set_key(void *key, size_t keylen) 79 { 80 return -EOPNOTSUPP; 81 } 82 83 #ifdef CONFIG_INTEGRITY 84 static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, 85 const char *xattr_name, 86 void *xattr_value, 87 size_t xattr_value_len, 88 struct integrity_iint_cache *iint) 89 { 90 return INTEGRITY_UNKNOWN; 91 } 92 #endif 93 94 static inline int evm_inode_setattr(struct mnt_idmap *idmap, 95 struct dentry *dentry, struct iattr *attr) 96 { 97 return 0; 98 } 99 100 static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) 101 { 102 return; 103 } 104 105 static inline int evm_inode_setxattr(struct mnt_idmap *idmap, 106 struct dentry *dentry, const char *name, 107 const void *value, size_t size) 108 { 109 return 0; 110 } 111 112 static inline void evm_inode_post_setxattr(struct dentry *dentry, 113 const char *xattr_name, 114 const void *xattr_value, 115 size_t xattr_value_len) 116 { 117 return; 118 } 119 120 static inline int evm_inode_removexattr(struct mnt_idmap *idmap, 121 struct dentry *dentry, 122 const char *xattr_name) 123 { 124 return 0; 125 } 126 127 static inline void evm_inode_post_removexattr(struct dentry *dentry, 128 const char *xattr_name) 129 { 130 return; 131 } 132 133 static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap, 134 struct dentry *dentry, 135 const char *acl_name) 136 { 137 return; 138 } 139 140 static inline int evm_inode_set_acl(struct mnt_idmap *idmap, 141 struct dentry *dentry, const char *acl_name, 142 struct posix_acl *kacl) 143 { 144 return 0; 145 } 146 147 static inline int evm_inode_remove_acl(struct mnt_idmap *idmap, 148 struct dentry *dentry, 149 const char *acl_name) 150 { 151 return 0; 152 } 153 154 static inline void evm_inode_post_set_acl(struct dentry *dentry, 155 const char *acl_name, 156 struct posix_acl *kacl) 157 { 158 return; 159 } 160 161 static inline int evm_inode_init_security(struct inode *inode, struct inode *dir, 162 const struct qstr *qstr, 163 struct xattr *xattrs, 164 int *xattr_count) 165 { 166 return 0; 167 } 168 169 static inline bool evm_revalidate_status(const char *xattr_name) 170 { 171 return false; 172 } 173 174 static inline int evm_protected_xattr_if_enabled(const char *req_xattr_name) 175 { 176 return false; 177 } 178 179 static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer, 180 int buffer_size, char type, 181 bool canonical_fmt) 182 { 183 return -EOPNOTSUPP; 184 } 185 186 #endif /* CONFIG_EVM */ 187 #endif /* LINUX_EVM_H */ 188