evm.h (3500B)
1/* SPDX-License-Identifier: GPL-2.0 */ 2/* 3 * evm.h 4 * 5 * Copyright (c) 2009 IBM Corporation 6 * Author: Mimi Zohar <zohar@us.ibm.com> 7 */ 8 9#ifndef _LINUX_EVM_H 10#define _LINUX_EVM_H 11 12#include <linux/integrity.h> 13#include <linux/xattr.h> 14 15struct integrity_iint_cache; 16 17#ifdef CONFIG_EVM 18extern int evm_set_key(void *key, size_t keylen); 19extern enum integrity_status evm_verifyxattr(struct dentry *dentry, 20 const char *xattr_name, 21 void *xattr_value, 22 size_t xattr_value_len, 23 struct integrity_iint_cache *iint); 24extern int evm_inode_setattr(struct dentry *dentry, struct iattr *attr); 25extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); 26extern int evm_inode_setxattr(struct user_namespace *mnt_userns, 27 struct dentry *dentry, const char *name, 28 const void *value, size_t size); 29extern void evm_inode_post_setxattr(struct dentry *dentry, 30 const char *xattr_name, 31 const void *xattr_value, 32 size_t xattr_value_len); 33extern int evm_inode_removexattr(struct user_namespace *mnt_userns, 34 struct dentry *dentry, const char *xattr_name); 35extern void evm_inode_post_removexattr(struct dentry *dentry, 36 const char *xattr_name); 37extern int evm_inode_init_security(struct inode *inode, 38 const struct xattr *xattr_array, 39 struct xattr *evm); 40extern bool evm_revalidate_status(const char *xattr_name); 41extern int evm_protected_xattr_if_enabled(const char *req_xattr_name); 42extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer, 43 int buffer_size, char type, 44 bool canonical_fmt); 45#ifdef CONFIG_FS_POSIX_ACL 46extern int posix_xattr_acl(const char *xattrname); 47#else 48static inline int posix_xattr_acl(const char *xattrname) 49{ 50 return 0; 51} 52#endif 53#else 54 55static inline int evm_set_key(void *key, size_t keylen) 56{ 57 return -EOPNOTSUPP; 58} 59 60#ifdef CONFIG_INTEGRITY 61static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, 62 const char *xattr_name, 63 void *xattr_value, 64 size_t xattr_value_len, 65 struct integrity_iint_cache *iint) 66{ 67 return INTEGRITY_UNKNOWN; 68} 69#endif 70 71static inline int evm_inode_setattr(struct dentry *dentry, struct iattr *attr) 72{ 73 return 0; 74} 75 76static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) 77{ 78 return; 79} 80 81static inline int evm_inode_setxattr(struct user_namespace *mnt_userns, 82 struct dentry *dentry, const char *name, 83 const void *value, size_t size) 84{ 85 return 0; 86} 87 88static inline void evm_inode_post_setxattr(struct dentry *dentry, 89 const char *xattr_name, 90 const void *xattr_value, 91 size_t xattr_value_len) 92{ 93 return; 94} 95 96static inline int evm_inode_removexattr(struct user_namespace *mnt_userns, 97 struct dentry *dentry, 98 const char *xattr_name) 99{ 100 return 0; 101} 102 103static inline void evm_inode_post_removexattr(struct dentry *dentry, 104 const char *xattr_name) 105{ 106 return; 107} 108 109static inline int evm_inode_init_security(struct inode *inode, 110 const struct xattr *xattr_array, 111 struct xattr *evm) 112{ 113 return 0; 114} 115 116static inline bool evm_revalidate_status(const char *xattr_name) 117{ 118 return false; 119} 120 121static inline int evm_protected_xattr_if_enabled(const char *req_xattr_name) 122{ 123 return false; 124} 125 126static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer, 127 int buffer_size, char type, 128 bool canonical_fmt) 129{ 130 return -EOPNOTSUPP; 131} 132 133#endif /* CONFIG_EVM */ 134#endif /* LINUX_EVM_H */