xref: /linux/include/linux/evm.h (revision dd093fb0) 
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * evm.h
4  *
5  * Copyright (c) 2009 IBM Corporation
6  * Author: Mimi Zohar <zohar@us.ibm.com>
7  */
8 
9 #ifndef _LINUX_EVM_H
10 #define _LINUX_EVM_H
11 
12 #include <linux/integrity.h>
13 #include <linux/xattr.h>
14 
15 struct integrity_iint_cache;
16 
17 #ifdef CONFIG_EVM
18 extern int evm_set_key(void *key, size_t keylen);
19 extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
20 					     const char *xattr_name,
21 					     void *xattr_value,
22 					     size_t xattr_value_len,
23 					     struct integrity_iint_cache *iint);
24 extern int evm_inode_setattr(struct mnt_idmap *idmap,
25 			     struct dentry *dentry, struct iattr *attr);
26 extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid);
27 extern int evm_inode_setxattr(struct mnt_idmap *idmap,
28 			      struct dentry *dentry, const char *name,
29 			      const void *value, size_t size);
30 extern void evm_inode_post_setxattr(struct dentry *dentry,
31 				    const char *xattr_name,
32 				    const void *xattr_value,
33 				    size_t xattr_value_len);
34 extern int evm_inode_removexattr(struct mnt_idmap *idmap,
35 				 struct dentry *dentry, const char *xattr_name);
36 extern void evm_inode_post_removexattr(struct dentry *dentry,
37 				       const char *xattr_name);
38 static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap,
39 					     struct dentry *dentry,
40 					     const char *acl_name)
41 {
42 	evm_inode_post_removexattr(dentry, acl_name);
43 }
44 extern int evm_inode_set_acl(struct mnt_idmap *idmap,
45 			     struct dentry *dentry, const char *acl_name,
46 			     struct posix_acl *kacl);
47 static inline int evm_inode_remove_acl(struct mnt_idmap *idmap,
48 				       struct dentry *dentry,
49 				       const char *acl_name)
50 {
51 	return evm_inode_set_acl(idmap, dentry, acl_name, NULL);
52 }
53 static inline void evm_inode_post_set_acl(struct dentry *dentry,
54 					  const char *acl_name,
55 					  struct posix_acl *kacl)
56 {
57 	return evm_inode_post_setxattr(dentry, acl_name, NULL, 0);
58 }
59 extern int evm_inode_init_security(struct inode *inode,
60 				   const struct xattr *xattr_array,
61 				   struct xattr *evm);
62 extern bool evm_revalidate_status(const char *xattr_name);
63 extern int evm_protected_xattr_if_enabled(const char *req_xattr_name);
64 extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
65 				     int buffer_size, char type,
66 				     bool canonical_fmt);
67 #ifdef CONFIG_FS_POSIX_ACL
68 extern int posix_xattr_acl(const char *xattrname);
69 #else
70 static inline int posix_xattr_acl(const char *xattrname)
71 {
72 	return 0;
73 }
74 #endif
75 #else
76 
77 static inline int evm_set_key(void *key, size_t keylen)
78 {
79 	return -EOPNOTSUPP;
80 }
81 
82 #ifdef CONFIG_INTEGRITY
83 static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
84 						    const char *xattr_name,
85 						    void *xattr_value,
86 						    size_t xattr_value_len,
87 					struct integrity_iint_cache *iint)
88 {
89 	return INTEGRITY_UNKNOWN;
90 }
91 #endif
92 
93 static inline int evm_inode_setattr(struct mnt_idmap *idmap,
94 				    struct dentry *dentry, struct iattr *attr)
95 {
96 	return 0;
97 }
98 
99 static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
100 {
101 	return;
102 }
103 
104 static inline int evm_inode_setxattr(struct mnt_idmap *idmap,
105 				     struct dentry *dentry, const char *name,
106 				     const void *value, size_t size)
107 {
108 	return 0;
109 }
110 
111 static inline void evm_inode_post_setxattr(struct dentry *dentry,
112 					   const char *xattr_name,
113 					   const void *xattr_value,
114 					   size_t xattr_value_len)
115 {
116 	return;
117 }
118 
119 static inline int evm_inode_removexattr(struct mnt_idmap *idmap,
120 					struct dentry *dentry,
121 					const char *xattr_name)
122 {
123 	return 0;
124 }
125 
126 static inline void evm_inode_post_removexattr(struct dentry *dentry,
127 					      const char *xattr_name)
128 {
129 	return;
130 }
131 
132 static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap,
133 					     struct dentry *dentry,
134 					     const char *acl_name)
135 {
136 	return;
137 }
138 
139 static inline int evm_inode_set_acl(struct mnt_idmap *idmap,
140 				    struct dentry *dentry, const char *acl_name,
141 				    struct posix_acl *kacl)
142 {
143 	return 0;
144 }
145 
146 static inline int evm_inode_remove_acl(struct mnt_idmap *idmap,
147 				       struct dentry *dentry,
148 				       const char *acl_name)
149 {
150 	return 0;
151 }
152 
153 static inline void evm_inode_post_set_acl(struct dentry *dentry,
154 					  const char *acl_name,
155 					  struct posix_acl *kacl)
156 {
157 	return;
158 }
159 
160 static inline int evm_inode_init_security(struct inode *inode,
161 					  const struct xattr *xattr_array,
162 					  struct xattr *evm)
163 {
164 	return 0;
165 }
166 
167 static inline bool evm_revalidate_status(const char *xattr_name)
168 {
169 	return false;
170 }
171 
172 static inline int evm_protected_xattr_if_enabled(const char *req_xattr_name)
173 {
174 	return false;
175 }
176 
177 static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
178 					    int buffer_size, char type,
179 					    bool canonical_fmt)
180 {
181 	return -EOPNOTSUPP;
182 }
183 
184 #endif /* CONFIG_EVM */
185 #endif /* LINUX_EVM_H */
186