evm.h 2.2 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
  1. /* SPDX-License-Identifier: GPL-2.0-only */
  2. /*
  3. * Copyright (C) 2005-2010 IBM Corporation
  4. *
  5. * Authors:
  6. * Mimi Zohar <zohar@us.ibm.com>
  7. * Kylene Hall <kjhall@us.ibm.com>
  8. *
  9. * File: evm.h
  10. */
  11. #ifndef __INTEGRITY_EVM_H
  12. #define __INTEGRITY_EVM_H
  13. #include <linux/xattr.h>
  14. #include <linux/security.h>
  15. #include "../integrity.h"
  16. #define EVM_INIT_HMAC 0x0001
  17. #define EVM_INIT_X509 0x0002
  18. #define EVM_ALLOW_METADATA_WRITES 0x0004
  19. #define EVM_SETUP_COMPLETE 0x80000000 /* userland has signaled key load */
  20. #define EVM_KEY_MASK (EVM_INIT_HMAC | EVM_INIT_X509)
  21. #define EVM_INIT_MASK (EVM_INIT_HMAC | EVM_INIT_X509 | EVM_SETUP_COMPLETE | \
  22. EVM_ALLOW_METADATA_WRITES)
  23. struct xattr_list {
  24. struct list_head list;
  25. char *name;
  26. bool enabled;
  27. };
  28. #define EVM_NEW_FILE 0x00000001
  29. #define EVM_IMMUTABLE_DIGSIG 0x00000002
  30. /* EVM integrity metadata associated with an inode */
  31. struct evm_iint_cache {
  32. unsigned long flags;
  33. enum integrity_status evm_status:4;
  34. struct integrity_inode_attributes metadata_inode;
  35. };
  36. extern struct lsm_blob_sizes evm_blob_sizes;
  37. static inline struct evm_iint_cache *evm_iint_inode(const struct inode *inode)
  38. {
  39. if (unlikely(!inode->i_security))
  40. return NULL;
  41. return inode->i_security + evm_blob_sizes.lbs_inode;
  42. }
  43. extern int evm_initialized;
  44. #define EVM_ATTR_FSUUID 0x0001
  45. extern int evm_hmac_attrs;
  46. /* List of EVM protected security xattrs */
  47. extern struct list_head evm_config_xattrnames;
  48. struct evm_digest {
  49. struct ima_digest_data_hdr hdr;
  50. char digest[IMA_MAX_DIGEST_SIZE];
  51. } __packed;
  52. int evm_protected_xattr(const char *req_xattr_name);
  53. int evm_init_key(void);
  54. int evm_update_evmxattr(struct dentry *dentry,
  55. const char *req_xattr_name,
  56. const char *req_xattr_value,
  57. size_t req_xattr_value_len);
  58. int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name,
  59. const char *req_xattr_value,
  60. size_t req_xattr_value_len, struct evm_digest *data,
  61. struct evm_iint_cache *iint);
  62. int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name,
  63. const char *req_xattr_value,
  64. size_t req_xattr_value_len, char type,
  65. struct evm_digest *data, struct evm_iint_cache *iint);
  66. int evm_init_hmac(struct inode *inode, const struct xattr *xattrs,
  67. char *hmac_val);
  68. int evm_init_secfs(void);
  69. #endif