0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012 #ifndef __INTEGRITY_EVM_H
0013 #define __INTEGRITY_EVM_H
0014
0015 #include <linux/xattr.h>
0016 #include <linux/security.h>
0017
0018 #include "../integrity.h"
0019
0020 #define EVM_INIT_HMAC 0x0001
0021 #define EVM_INIT_X509 0x0002
0022 #define EVM_ALLOW_METADATA_WRITES 0x0004
0023 #define EVM_SETUP_COMPLETE 0x80000000
0024
0025 #define EVM_KEY_MASK (EVM_INIT_HMAC | EVM_INIT_X509)
0026 #define EVM_INIT_MASK (EVM_INIT_HMAC | EVM_INIT_X509 | EVM_SETUP_COMPLETE | \
0027 EVM_ALLOW_METADATA_WRITES)
0028
0029 struct xattr_list {
0030 struct list_head list;
0031 char *name;
0032 bool enabled;
0033 };
0034
0035 extern int evm_initialized;
0036
0037 #define EVM_ATTR_FSUUID 0x0001
0038
0039 extern int evm_hmac_attrs;
0040
0041
0042 extern struct list_head evm_config_xattrnames;
0043
0044 struct evm_digest {
0045 struct ima_digest_data hdr;
0046 char digest[IMA_MAX_DIGEST_SIZE];
0047 } __packed;
0048
0049 int evm_init_key(void);
0050 int evm_update_evmxattr(struct dentry *dentry,
0051 const char *req_xattr_name,
0052 const char *req_xattr_value,
0053 size_t req_xattr_value_len);
0054 int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name,
0055 const char *req_xattr_value,
0056 size_t req_xattr_value_len, struct evm_digest *data);
0057 int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name,
0058 const char *req_xattr_value,
0059 size_t req_xattr_value_len, char type,
0060 struct evm_digest *data);
0061 int evm_init_hmac(struct inode *inode, const struct xattr *xattr,
0062 char *hmac_val);
0063 int evm_init_secfs(void);
0064
0065 #endif
