1  /* SPDX-License-Identifier: GPL-2.0 */
2  /*
3   * evm.h
4   *
5   * Copyright (c) 2009 IBM Corporation
6   * Author: Mimi Zohar <zohar@us.ibm.com>
7   */
8  
9  #ifndef _LINUX_EVM_H
10  #define _LINUX_EVM_H
11  
12  #include <linux/integrity.h>
13  #include <linux/xattr.h>
14  
15  struct integrity_iint_cache;
16  
17  #ifdef CONFIG_EVM
18  extern int evm_set_key(void *key, size_t keylen);
19  extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
20  					     const char *xattr_name,
21  					     void *xattr_value,
22  					     size_t xattr_value_len,
23  					     struct integrity_iint_cache *iint);
24  extern int evm_inode_setattr(struct mnt_idmap *idmap,
25  			     struct dentry *dentry, struct iattr *attr);
26  extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid);
27  extern int evm_inode_setxattr(struct mnt_idmap *idmap,
28  			      struct dentry *dentry, const char *name,
29  			      const void *value, size_t size);
30  extern void evm_inode_post_setxattr(struct dentry *dentry,
31  				    const char *xattr_name,
32  				    const void *xattr_value,
33  				    size_t xattr_value_len);
34  extern int evm_inode_removexattr(struct mnt_idmap *idmap,
35  				 struct dentry *dentry, const char *xattr_name);
36  extern void evm_inode_post_removexattr(struct dentry *dentry,
37  				       const char *xattr_name);
evm_inode_post_remove_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name)38  static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap,
39  					     struct dentry *dentry,
40  					     const char *acl_name)
41  {
42  	evm_inode_post_removexattr(dentry, acl_name);
43  }
44  extern int evm_inode_set_acl(struct mnt_idmap *idmap,
45  			     struct dentry *dentry, const char *acl_name,
46  			     struct posix_acl *kacl);
evm_inode_remove_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name)47  static inline int evm_inode_remove_acl(struct mnt_idmap *idmap,
48  				       struct dentry *dentry,
49  				       const char *acl_name)
50  {
51  	return evm_inode_set_acl(idmap, dentry, acl_name, NULL);
52  }
evm_inode_post_set_acl(struct dentry * dentry,const char * acl_name,struct posix_acl * kacl)53  static inline void evm_inode_post_set_acl(struct dentry *dentry,
54  					  const char *acl_name,
55  					  struct posix_acl *kacl)
56  {
57  	return evm_inode_post_setxattr(dentry, acl_name, NULL, 0);
58  }
59  extern int evm_inode_init_security(struct inode *inode,
60  				   const struct xattr *xattr_array,
61  				   struct xattr *evm);
62  extern bool evm_revalidate_status(const char *xattr_name);
63  extern int evm_protected_xattr_if_enabled(const char *req_xattr_name);
64  extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
65  				     int buffer_size, char type,
66  				     bool canonical_fmt);
67  #ifdef CONFIG_FS_POSIX_ACL
68  extern int posix_xattr_acl(const char *xattrname);
69  #else
posix_xattr_acl(const char * xattrname)70  static inline int posix_xattr_acl(const char *xattrname)
71  {
72  	return 0;
73  }
74  #endif
75  #else
76  
evm_set_key(void * key,size_t keylen)77  static inline int evm_set_key(void *key, size_t keylen)
78  {
79  	return -EOPNOTSUPP;
80  }
81  
82  #ifdef CONFIG_INTEGRITY
evm_verifyxattr(struct dentry * dentry,const char * xattr_name,void * xattr_value,size_t xattr_value_len,struct integrity_iint_cache * iint)83  static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
84  						    const char *xattr_name,
85  						    void *xattr_value,
86  						    size_t xattr_value_len,
87  					struct integrity_iint_cache *iint)
88  {
89  	return INTEGRITY_UNKNOWN;
90  }
91  #endif
92  
evm_inode_setattr(struct mnt_idmap * idmap,struct dentry * dentry,struct iattr * attr)93  static inline int evm_inode_setattr(struct mnt_idmap *idmap,
94  				    struct dentry *dentry, struct iattr *attr)
95  {
96  	return 0;
97  }
98  
evm_inode_post_setattr(struct dentry * dentry,int ia_valid)99  static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
100  {
101  	return;
102  }
103  
evm_inode_setxattr(struct mnt_idmap * idmap,struct dentry * dentry,const char * name,const void * value,size_t size)104  static inline int evm_inode_setxattr(struct mnt_idmap *idmap,
105  				     struct dentry *dentry, const char *name,
106  				     const void *value, size_t size)
107  {
108  	return 0;
109  }
110  
evm_inode_post_setxattr(struct dentry * dentry,const char * xattr_name,const void * xattr_value,size_t xattr_value_len)111  static inline void evm_inode_post_setxattr(struct dentry *dentry,
112  					   const char *xattr_name,
113  					   const void *xattr_value,
114  					   size_t xattr_value_len)
115  {
116  	return;
117  }
118  
evm_inode_removexattr(struct mnt_idmap * idmap,struct dentry * dentry,const char * xattr_name)119  static inline int evm_inode_removexattr(struct mnt_idmap *idmap,
120  					struct dentry *dentry,
121  					const char *xattr_name)
122  {
123  	return 0;
124  }
125  
evm_inode_post_removexattr(struct dentry * dentry,const char * xattr_name)126  static inline void evm_inode_post_removexattr(struct dentry *dentry,
127  					      const char *xattr_name)
128  {
129  	return;
130  }
131  
evm_inode_post_remove_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name)132  static inline void evm_inode_post_remove_acl(struct mnt_idmap *idmap,
133  					     struct dentry *dentry,
134  					     const char *acl_name)
135  {
136  	return;
137  }
138  
evm_inode_set_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name,struct posix_acl * kacl)139  static inline int evm_inode_set_acl(struct mnt_idmap *idmap,
140  				    struct dentry *dentry, const char *acl_name,
141  				    struct posix_acl *kacl)
142  {
143  	return 0;
144  }
145  
evm_inode_remove_acl(struct mnt_idmap * idmap,struct dentry * dentry,const char * acl_name)146  static inline int evm_inode_remove_acl(struct mnt_idmap *idmap,
147  				       struct dentry *dentry,
148  				       const char *acl_name)
149  {
150  	return 0;
151  }
152  
evm_inode_post_set_acl(struct dentry * dentry,const char * acl_name,struct posix_acl * kacl)153  static inline void evm_inode_post_set_acl(struct dentry *dentry,
154  					  const char *acl_name,
155  					  struct posix_acl *kacl)
156  {
157  	return;
158  }
159  
evm_inode_init_security(struct inode * inode,const struct xattr * xattr_array,struct xattr * evm)160  static inline int evm_inode_init_security(struct inode *inode,
161  					  const struct xattr *xattr_array,
162  					  struct xattr *evm)
163  {
164  	return 0;
165  }
166  
evm_revalidate_status(const char * xattr_name)167  static inline bool evm_revalidate_status(const char *xattr_name)
168  {
169  	return false;
170  }
171  
evm_protected_xattr_if_enabled(const char * req_xattr_name)172  static inline int evm_protected_xattr_if_enabled(const char *req_xattr_name)
173  {
174  	return false;
175  }
176  
evm_read_protected_xattrs(struct dentry * dentry,u8 * buffer,int buffer_size,char type,bool canonical_fmt)177  static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
178  					    int buffer_size, char type,
179  					    bool canonical_fmt)
180  {
181  	return -EOPNOTSUPP;
182  }
183  
184  #endif /* CONFIG_EVM */
185  #endif /* LINUX_EVM_H */
186