CoCalc -- evm.h

GitHub Repository: torvalds/linux
Path: blob/master/security/integrity/evm/evm.h
²⁶⁴²⁴ views
1
/* SPDX-License-Identifier: GPL-2.0-only */
2
/*
3
 * Copyright (C) 2005-2010 IBM Corporation
4
 *
5
 * Authors:
6
 * Mimi Zohar <[email protected]>
7
 * Kylene Hall <[email protected]>
8
 *
9
 * File: evm.h
10
 */
11

12
#ifndef __INTEGRITY_EVM_H
13
#define __INTEGRITY_EVM_H
14

15
#include <linux/xattr.h>
16
#include <linux/security.h>
17

18
#include "../integrity.h"
19

20
#define EVM_INIT_HMAC	0x0001
21
#define EVM_INIT_X509	0x0002
22
#define EVM_ALLOW_METADATA_WRITES	0x0004
23
#define EVM_SETUP_COMPLETE 0x80000000 /* userland has signaled key load */
24

25
#define EVM_KEY_MASK (EVM_INIT_HMAC | EVM_INIT_X509)
26
#define EVM_INIT_MASK (EVM_INIT_HMAC | EVM_INIT_X509 | EVM_SETUP_COMPLETE | \
27
		       EVM_ALLOW_METADATA_WRITES)
28

29
struct xattr_list {
30
	struct list_head list;
31
	char *name;
32
	bool enabled;
33
};
34

35
#define EVM_NEW_FILE			0x00000001
36
#define EVM_IMMUTABLE_DIGSIG		0x00000002
37

38
/* EVM integrity metadata associated with an inode */
39
struct evm_iint_cache {
40
	unsigned long flags;
41
	enum integrity_status evm_status:4;
42
	struct integrity_inode_attributes metadata_inode;
43
};
44

45
extern struct lsm_blob_sizes evm_blob_sizes;
46

47
static inline struct evm_iint_cache *evm_iint_inode(const struct inode *inode)
48
{
49
	if (unlikely(!inode->i_security))
50
		return NULL;
51

52
	return inode->i_security + evm_blob_sizes.lbs_inode;
53
}
54

55
extern int evm_initialized;
56

57
#define EVM_ATTR_FSUUID		0x0001
58

59
extern int evm_hmac_attrs;
60

61
/* List of EVM protected security xattrs */
62
extern struct list_head evm_config_xattrnames;
63

64
struct evm_digest {
65
	struct ima_digest_data_hdr hdr;
66
	char digest[IMA_MAX_DIGEST_SIZE];
67
} __packed;
68

69
int evm_protected_xattr(const char *req_xattr_name);
70

71
int evm_init_key(void);
72
int evm_update_evmxattr(struct dentry *dentry,
73
			const char *req_xattr_name,
74
			const char *req_xattr_value,
75
			size_t req_xattr_value_len);
76
int evm_calc_hmac(struct dentry *dentry, const char *req_xattr_name,
77
		  const char *req_xattr_value,
78
		  size_t req_xattr_value_len, struct evm_digest *data,
79
		  struct evm_iint_cache *iint);
80
int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name,
81
		  const char *req_xattr_value,
82
		  size_t req_xattr_value_len, char type,
83
		  struct evm_digest *data, struct evm_iint_cache *iint);
84
int evm_init_hmac(struct inode *inode, const struct xattr *xattrs,
85
		  char *hmac_val);
86
int evm_init_secfs(void);
87

88
#endif
89

90
Product

Resources

Company
