1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * evm.h 4 * 5 * Copyright (c) 2009 IBM Corporation 6 * Author: Mimi Zohar <zohar@us.ibm.com> 7 */ 8 9 #ifndef _LINUX_EVM_H 10 #define _LINUX_EVM_H 11 12 #include <linux/integrity.h> 13 #include <linux/xattr.h> 14 15 struct integrity_iint_cache; 16 17 #ifdef CONFIG_EVM 18 extern int evm_set_key(void *key, size_t keylen); 19 extern enum integrity_status evm_verifyxattr(struct dentry *dentry, 20 const char *xattr_name, 21 void *xattr_value, 22 size_t xattr_value_len, 23 struct integrity_iint_cache *iint); 24 extern int evm_inode_setattr(struct user_namespace *mnt_userns, 25 struct dentry *dentry, struct iattr *attr); 26 extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid); 27 extern int evm_inode_setxattr(struct user_namespace *mnt_userns, 28 struct dentry *dentry, const char *name, 29 const void *value, size_t size); 30 extern void evm_inode_post_setxattr(struct dentry *dentry, 31 const char *xattr_name, 32 const void *xattr_value, 33 size_t xattr_value_len); 34 extern int evm_inode_removexattr(struct user_namespace *mnt_userns, 35 struct dentry *dentry, const char *xattr_name); 36 extern void evm_inode_post_removexattr(struct dentry *dentry, 37 const char *xattr_name); 38 extern int evm_inode_init_security(struct inode *inode, 39 const struct xattr *xattr_array, 40 struct xattr *evm); 41 extern bool evm_revalidate_status(const char *xattr_name); 42 extern int evm_protected_xattr_if_enabled(const char *req_xattr_name); 43 extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer, 44 int buffer_size, char type, 45 bool canonical_fmt); 46 #ifdef CONFIG_FS_POSIX_ACL 47 extern int posix_xattr_acl(const char *xattrname); 48 #else 49 static inline int posix_xattr_acl(const char *xattrname) 50 { 51 return 0; 52 } 53 #endif 54 #else 55 56 static inline int evm_set_key(void *key, size_t keylen) 57 { 58 return -EOPNOTSUPP; 59 } 60 61 #ifdef CONFIG_INTEGRITY 62 static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, 63 const char *xattr_name, 64 void *xattr_value, 65 size_t xattr_value_len, 66 struct integrity_iint_cache *iint) 67 { 68 return INTEGRITY_UNKNOWN; 69 } 70 #endif 71 72 static inline int evm_inode_setattr(struct user_namespace *mnt_userns, 73 struct dentry *dentry, struct iattr *attr) 74 { 75 return 0; 76 } 77 78 static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) 79 { 80 return; 81 } 82 83 static inline int evm_inode_setxattr(struct user_namespace *mnt_userns, 84 struct dentry *dentry, const char *name, 85 const void *value, size_t size) 86 { 87 return 0; 88 } 89 90 static inline void evm_inode_post_setxattr(struct dentry *dentry, 91 const char *xattr_name, 92 const void *xattr_value, 93 size_t xattr_value_len) 94 { 95 return; 96 } 97 98 static inline int evm_inode_removexattr(struct user_namespace *mnt_userns, 99 struct dentry *dentry, 100 const char *xattr_name) 101 { 102 return 0; 103 } 104 105 static inline void evm_inode_post_removexattr(struct dentry *dentry, 106 const char *xattr_name) 107 { 108 return; 109 } 110 111 static inline int evm_inode_init_security(struct inode *inode, 112 const struct xattr *xattr_array, 113 struct xattr *evm) 114 { 115 return 0; 116 } 117 118 static inline bool evm_revalidate_status(const char *xattr_name) 119 { 120 return false; 121 } 122 123 static inline int evm_protected_xattr_if_enabled(const char *req_xattr_name) 124 { 125 return false; 126 } 127 128 static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer, 129 int buffer_size, char type, 130 bool canonical_fmt) 131 { 132 return -EOPNOTSUPP; 133 } 134 135 #endif /* CONFIG_EVM */ 136 #endif /* LINUX_EVM_H */ 137