[linux-block.git] / include / linux / bpf_lsm.h

/* SPDX-License-Identifier: GPL-2.0 */

/*
 * Copyright (C) 2020 Google LLC.
 */

#ifndef _LINUX_BPF_LSM_H
#define _LINUX_BPF_LSM_H

#include <linux/sched.h>
#include <linux/bpf.h>
#include <linux/bpf_verifier.h>
#include <linux/lsm_hooks.h>

#ifdef CONFIG_BPF_LSM

#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
	RET bpf_lsm_##NAME(__VA_ARGS__);
#include <linux/lsm_hook_defs.h>
#undef LSM_HOOK

struct bpf_storage_blob {
	struct bpf_local_storage __rcu *storage;
};

extern struct lsm_blob_sizes bpf_lsm_blob_sizes;

int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
			const struct bpf_prog *prog);

bool bpf_lsm_is_sleepable_hook(u32 btf_id);
bool bpf_lsm_is_trusted(const struct bpf_prog *prog);

static inline struct bpf_storage_blob *bpf_inode(
	const struct inode *inode)
{
	if (unlikely(!inode->i_security))
		return NULL;

	return inode->i_security + bpf_lsm_blob_sizes.lbs_inode;
}

extern const struct bpf_func_proto bpf_inode_storage_get_proto;
extern const struct bpf_func_proto bpf_inode_storage_delete_proto;
void bpf_inode_storage_free(struct inode *inode);

void bpf_lsm_find_cgroup_shim(const struct bpf_prog *prog, bpf_func_t *bpf_func);

int bpf_lsm_get_retval_range(const struct bpf_prog *prog,
			     struct bpf_retval_range *range);
int bpf_set_dentry_xattr_locked(struct dentry *dentry, const char *name__str,
				const struct bpf_dynptr *value_p, int flags);
int bpf_remove_dentry_xattr_locked(struct dentry *dentry, const char *name__str);
bool bpf_lsm_has_d_inode_locked(const struct bpf_prog *prog);

#else /* !CONFIG_BPF_LSM */

static inline bool bpf_lsm_is_sleepable_hook(u32 btf_id)
{
	return false;
}

static inline bool bpf_lsm_is_trusted(const struct bpf_prog *prog)
{
	return false;
}

static inline int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
				      const struct bpf_prog *prog)
{
	return -EOPNOTSUPP;
}

static inline struct bpf_storage_blob *bpf_inode(
	const struct inode *inode)
{
	return NULL;
}

static inline void bpf_inode_storage_free(struct inode *inode)
{
}

static inline void bpf_lsm_find_cgroup_shim(const struct bpf_prog *prog,
					   bpf_func_t *bpf_func)
{
}

static inline int bpf_lsm_get_retval_range(const struct bpf_prog *prog,
					   struct bpf_retval_range *range)
{
	return -EOPNOTSUPP;
}
static inline int bpf_set_dentry_xattr_locked(struct dentry *dentry, const char *name__str,
					      const struct bpf_dynptr *value_p, int flags)
{
	return -EOPNOTSUPP;
}
static inline int bpf_remove_dentry_xattr_locked(struct dentry *dentry, const char *name__str)
{
	return -EOPNOTSUPP;
}
static inline bool bpf_lsm_has_d_inode_locked(const struct bpf_prog *prog)
{
	return false;
}
#endif /* CONFIG_BPF_LSM */

#endif /* _LINUX_BPF_LSM_H */
Commit	Line	Data
9d3fdea7 KS	1	/* SPDX-License-Identifier: GPL-2.0 */
	2
	3	/*
	4	* Copyright (C) 2020 Google LLC.
	5	*/
	6
	7	#ifndef _LINUX_BPF_LSM_H
	8	#define _LINUX_BPF_LSM_H
	9
4cf1bc1f	10	#include <linux/sched.h>
9d3fdea7	11	#include <linux/bpf.h>
5d99e198	12	#include <linux/bpf_verifier.h>
9d3fdea7 KS	13	#include <linux/lsm_hooks.h>
	14
	15	#ifdef CONFIG_BPF_LSM
	16
	17	#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
	18	RET bpf_lsm_##NAME(__VA_ARGS__);
	19	#include <linux/lsm_hook_defs.h>
	20	#undef LSM_HOOK
	21
8ea63684 KS	22	struct bpf_storage_blob {
	23	struct bpf_local_storage __rcu *storage;
	24	};
	25
	26	extern struct lsm_blob_sizes bpf_lsm_blob_sizes;
	27
9e4e01df KS	28	int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
	29	const struct bpf_prog *prog);
	30
423f1610	31	bool bpf_lsm_is_sleepable_hook(u32 btf_id);
c0c852dd	32	bool bpf_lsm_is_trusted(const struct bpf_prog *prog);
423f1610	33
8ea63684 KS	34	static inline struct bpf_storage_blob *bpf_inode(
	35	const struct inode *inode)
	36	{
	37	if (unlikely(!inode->i_security))
	38	return NULL;
	39
	40	return inode->i_security + bpf_lsm_blob_sizes.lbs_inode;
	41	}
	42
	43	extern const struct bpf_func_proto bpf_inode_storage_get_proto;
	44	extern const struct bpf_func_proto bpf_inode_storage_delete_proto;
	45	void bpf_inode_storage_free(struct inode *inode);
	46
69fd337a SF	47	void bpf_lsm_find_cgroup_shim(const struct bpf_prog prog, bpf_func_t bpf_func);
69fd337a SF	48
5d99e198 XK	49	int bpf_lsm_get_retval_range(const struct bpf_prog *prog,
5d99e198 XK	50	struct bpf_retval_range *range);
56467292 SL	51	int bpf_set_dentry_xattr_locked(struct dentry dentry, const char name__str,
	52	const struct bpf_dynptr *value_p, int flags);
	53	int bpf_remove_dentry_xattr_locked(struct dentry dentry, const char name__str);
	54	bool bpf_lsm_has_d_inode_locked(const struct bpf_prog *prog);
	55
9e4e01df KS	56	#else /* !CONFIG_BPF_LSM */
9e4e01df KS	57
423f1610 KS	58	static inline bool bpf_lsm_is_sleepable_hook(u32 btf_id)
	59	{
	60	return false;
	61	}
	62
c0c852dd YS	63	static inline bool bpf_lsm_is_trusted(const struct bpf_prog *prog)
	64	{
	65	return false;
	66	}
	67
9e4e01df KS	68	static inline int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
	69	const struct bpf_prog *prog)
	70	{
	71	return -EOPNOTSUPP;
	72	}
	73
8ea63684 KS	74	static inline struct bpf_storage_blob *bpf_inode(
	75	const struct inode *inode)
	76	{
	77	return NULL;
	78	}
	79
	80	static inline void bpf_inode_storage_free(struct inode *inode)
	81	{
	82	}
	83
69fd337a SF	84	static inline void bpf_lsm_find_cgroup_shim(const struct bpf_prog *prog,
	85	bpf_func_t *bpf_func)
	86	{
	87	}
	88
5d99e198 XK	89	static inline int bpf_lsm_get_retval_range(const struct bpf_prog *prog,
	90	struct bpf_retval_range *range)
	91	{
	92	return -EOPNOTSUPP;
	93	}
56467292 SL	94	static inline int bpf_set_dentry_xattr_locked(struct dentry dentry, const char name__str,
	95	const struct bpf_dynptr *value_p, int flags)
	96	{
	97	return -EOPNOTSUPP;
	98	}
	99	static inline int bpf_remove_dentry_xattr_locked(struct dentry dentry, const char name__str)
	100	{
	101	return -EOPNOTSUPP;
	102	}
	103	static inline bool bpf_lsm_has_d_inode_locked(const struct bpf_prog *prog)
	104	{
	105	return false;
	106	}
9d3fdea7 KS	107	#endif /* CONFIG_BPF_LSM */
	108
	109	#endif /* _LINUX_BPF_LSM_H */