0001
0002
0003
0004
0005
0006
0007
0008
0009 #ifndef _LINUX_EVM_H
0010 #define _LINUX_EVM_H
0011
0012 #include <linux/integrity.h>
0013 #include <linux/xattr.h>
0014
0015 struct integrity_iint_cache;
0016
0017 #ifdef CONFIG_EVM
0018 extern int evm_set_key(void *key, size_t keylen);
0019 extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
0020 const char *xattr_name,
0021 void *xattr_value,
0022 size_t xattr_value_len,
0023 struct integrity_iint_cache *iint);
0024 extern int evm_inode_setattr(struct user_namespace *mnt_userns,
0025 struct dentry *dentry, struct iattr *attr);
0026 extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid);
0027 extern int evm_inode_setxattr(struct user_namespace *mnt_userns,
0028 struct dentry *dentry, const char *name,
0029 const void *value, size_t size);
0030 extern void evm_inode_post_setxattr(struct dentry *dentry,
0031 const char *xattr_name,
0032 const void *xattr_value,
0033 size_t xattr_value_len);
0034 extern int evm_inode_removexattr(struct user_namespace *mnt_userns,
0035 struct dentry *dentry, const char *xattr_name);
0036 extern void evm_inode_post_removexattr(struct dentry *dentry,
0037 const char *xattr_name);
0038 extern int evm_inode_init_security(struct inode *inode,
0039 const struct xattr *xattr_array,
0040 struct xattr *evm);
0041 extern bool evm_revalidate_status(const char *xattr_name);
0042 extern int evm_protected_xattr_if_enabled(const char *req_xattr_name);
0043 extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
0044 int buffer_size, char type,
0045 bool canonical_fmt);
0046 #ifdef CONFIG_FS_POSIX_ACL
0047 extern int posix_xattr_acl(const char *xattrname);
0048 #else
0049 static inline int posix_xattr_acl(const char *xattrname)
0050 {
0051 return 0;
0052 }
0053 #endif
0054 #else
0055
0056 static inline int evm_set_key(void *key, size_t keylen)
0057 {
0058 return -EOPNOTSUPP;
0059 }
0060
0061 #ifdef CONFIG_INTEGRITY
0062 static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,
0063 const char *xattr_name,
0064 void *xattr_value,
0065 size_t xattr_value_len,
0066 struct integrity_iint_cache *iint)
0067 {
0068 return INTEGRITY_UNKNOWN;
0069 }
0070 #endif
0071
0072 static inline int evm_inode_setattr(struct user_namespace *mnt_userns,
0073 struct dentry *dentry, struct iattr *attr)
0074 {
0075 return 0;
0076 }
0077
0078 static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
0079 {
0080 return;
0081 }
0082
0083 static inline int evm_inode_setxattr(struct user_namespace *mnt_userns,
0084 struct dentry *dentry, const char *name,
0085 const void *value, size_t size)
0086 {
0087 return 0;
0088 }
0089
0090 static inline void evm_inode_post_setxattr(struct dentry *dentry,
0091 const char *xattr_name,
0092 const void *xattr_value,
0093 size_t xattr_value_len)
0094 {
0095 return;
0096 }
0097
0098 static inline int evm_inode_removexattr(struct user_namespace *mnt_userns,
0099 struct dentry *dentry,
0100 const char *xattr_name)
0101 {
0102 return 0;
0103 }
0104
0105 static inline void evm_inode_post_removexattr(struct dentry *dentry,
0106 const char *xattr_name)
0107 {
0108 return;
0109 }
0110
0111 static inline int evm_inode_init_security(struct inode *inode,
0112 const struct xattr *xattr_array,
0113 struct xattr *evm)
0114 {
0115 return 0;
0116 }
0117
0118 static inline bool evm_revalidate_status(const char *xattr_name)
0119 {
0120 return false;
0121 }
0122
0123 static inline int evm_protected_xattr_if_enabled(const char *req_xattr_name)
0124 {
0125 return false;
0126 }
0127
0128 static inline int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
0129 int buffer_size, char type,
0130 bool canonical_fmt)
0131 {
0132 return -EOPNOTSUPP;
0133 }
0134
0135 #endif
0136 #endif
