Commit | Line | Data |
---|---|---|
b886d83c | 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
66dbc325 MZ |
2 | /* |
3 | * Copyright (C) 2005-2010 IBM Corporation | |
4 | * | |
5 | * Authors: | |
6 | * Mimi Zohar <zohar@us.ibm.com> | |
7 | * Kylene Hall <kjhall@us.ibm.com> | |
8 | * | |
66dbc325 | 9 | * File: evm.h |
66dbc325 | 10 | */ |
15647eb3 DK |
11 | |
12 | #ifndef __INTEGRITY_EVM_H | |
13 | #define __INTEGRITY_EVM_H | |
14 | ||
cb723180 | 15 | #include <linux/xattr.h> |
66dbc325 | 16 | #include <linux/security.h> |
15647eb3 | 17 | |
66dbc325 MZ |
18 | #include "../integrity.h" |
19 | ||
26ddabfe DK |
20 | #define EVM_INIT_HMAC 0x0001 |
21 | #define EVM_INIT_X509 0x0002 | |
ae1ba167 MG |
22 | #define EVM_ALLOW_METADATA_WRITES 0x0004 |
23 | #define EVM_SETUP_COMPLETE 0x80000000 /* userland has signaled key load */ | |
f00d7975 | 24 | |
ae1ba167 MG |
25 | #define EVM_KEY_MASK (EVM_INIT_HMAC | EVM_INIT_X509) |
26 | #define EVM_INIT_MASK (EVM_INIT_HMAC | EVM_INIT_X509 | EVM_SETUP_COMPLETE | \ | |
27 | EVM_ALLOW_METADATA_WRITES) | |
26ddabfe | 28 | |
21af7663 MG |
29 | struct xattr_list { |
30 | struct list_head list; | |
31 | char *name; | |
8c7a703e | 32 | bool enabled; |
21af7663 MG |
33 | }; |
34 | ||
75a323e6 RS |
35 | #define EVM_NEW_FILE 0x00000001 |
36 | #define EVM_IMMUTABLE_DIGSIG 0x00000002 | |
37 | ||
38 | /* EVM integrity metadata associated with an inode */ | |
39 | struct evm_iint_cache { | |
40 | unsigned long flags; | |
41 | enum integrity_status evm_status:4; | |
42 | }; | |
43 | ||
44 | extern struct lsm_blob_sizes evm_blob_sizes; | |
45 | ||
46 | static inline struct evm_iint_cache *evm_iint_inode(const struct inode *inode) | |
47 | { | |
48 | if (unlikely(!inode->i_security)) | |
49 | return NULL; | |
50 | ||
51 | return inode->i_security + evm_blob_sizes.lbs_inode; | |
52 | } | |
53 | ||
66dbc325 | 54 | extern int evm_initialized; |
d3b33679 DK |
55 | |
56 | #define EVM_ATTR_FSUUID 0x0001 | |
57 | ||
58 | extern int evm_hmac_attrs; | |
66dbc325 MZ |
59 | |
60 | /* List of EVM protected security xattrs */ | |
21af7663 | 61 | extern struct list_head evm_config_xattrnames; |
66dbc325 | 62 | |
5feeb611 MG |
63 | struct evm_digest { |
64 | struct ima_digest_data hdr; | |
65 | char digest[IMA_MAX_DIGEST_SIZE]; | |
66 | } __packed; | |
67 | ||
c31288e5 RS |
68 | int evm_protected_xattr(const char *req_xattr_name); |
69 | ||
2bb930ab DK |
70 | int evm_init_key(void); |
71 | int evm_update_evmxattr(struct dentry *dentry, | |
72 | const char *req_xattr_name, | |
73 | const char *req_xattr_value, | |
74 | size_t req_xattr_value_len); | |
75 | int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name, | |
76 | const char *req_xattr_value, | |
5feeb611 | 77 | size_t req_xattr_value_len, struct evm_digest *data); |
2bb930ab DK |
78 | int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name, |
79 | const char *req_xattr_value, | |
5feeb611 MG |
80 | size_t req_xattr_value_len, char type, |
81 | struct evm_digest *data); | |
c31288e5 | 82 | int evm_init_hmac(struct inode *inode, const struct xattr *xattrs, |
2bb930ab DK |
83 | char *hmac_val); |
84 | int evm_init_secfs(void); | |
15647eb3 DK |
85 | |
86 | #endif |