mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-10 15:58:47 +00:00
88265322c1
Pull security subsystem updates from James Morris: "Highlights: - Integrity: add local fs integrity verification to detect offline attacks - Integrity: add digital signature verification - Simple stacking of Yama with other LSMs (per LSS discussions) - IBM vTPM support on ppc64 - Add new driver for Infineon I2C TIS TPM - Smack: add rule revocation for subject labels" Fixed conflicts with the user namespace support in kernel/auditsc.c and security/integrity/ima/ima_policy.c. * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits) Documentation: Update git repository URL for Smack userland tools ima: change flags container data type Smack: setprocattr memory leak fix Smack: implement revoking all rules for a subject label Smack: remove task_wait() hook. ima: audit log hashes ima: generic IMA action flag handling ima: rename ima_must_appraise_or_measure audit: export audit_log_task_info tpm: fix tpm_acpi sparse warning on different address spaces samples/seccomp: fix 31 bit build on s390 ima: digital signature verification support ima: add support for different security.ima data types ima: add ima_inode_setxattr/removexattr function and calls ima: add inode_post_setattr call ima: replace iint spinblock with rwlock/read_lock ima: allocating iint improvements ima: add appraise action keywords and default rules ima: integrity appraisal extension vfs: move ima_file_free before releasing the file ...
153 lines
5.1 KiB
C
153 lines
5.1 KiB
C
/*
|
|
File: linux/xattr.h
|
|
|
|
Extended attributes handling.
|
|
|
|
Copyright (C) 2001 by Andreas Gruenbacher <a.gruenbacher@computer.org>
|
|
Copyright (c) 2001-2002 Silicon Graphics, Inc. All Rights Reserved.
|
|
Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
|
|
*/
|
|
#ifndef _LINUX_XATTR_H
|
|
#define _LINUX_XATTR_H
|
|
|
|
#define XATTR_CREATE 0x1 /* set value, fail if attr already exists */
|
|
#define XATTR_REPLACE 0x2 /* set value, fail if attr does not exist */
|
|
|
|
/* Namespaces */
|
|
#define XATTR_OS2_PREFIX "os2."
|
|
#define XATTR_OS2_PREFIX_LEN (sizeof (XATTR_OS2_PREFIX) - 1)
|
|
|
|
#define XATTR_SECURITY_PREFIX "security."
|
|
#define XATTR_SECURITY_PREFIX_LEN (sizeof (XATTR_SECURITY_PREFIX) - 1)
|
|
|
|
#define XATTR_SYSTEM_PREFIX "system."
|
|
#define XATTR_SYSTEM_PREFIX_LEN (sizeof (XATTR_SYSTEM_PREFIX) - 1)
|
|
|
|
#define XATTR_TRUSTED_PREFIX "trusted."
|
|
#define XATTR_TRUSTED_PREFIX_LEN (sizeof (XATTR_TRUSTED_PREFIX) - 1)
|
|
|
|
#define XATTR_USER_PREFIX "user."
|
|
#define XATTR_USER_PREFIX_LEN (sizeof (XATTR_USER_PREFIX) - 1)
|
|
|
|
/* Security namespace */
|
|
#define XATTR_EVM_SUFFIX "evm"
|
|
#define XATTR_NAME_EVM XATTR_SECURITY_PREFIX XATTR_EVM_SUFFIX
|
|
|
|
#define XATTR_IMA_SUFFIX "ima"
|
|
#define XATTR_NAME_IMA XATTR_SECURITY_PREFIX XATTR_IMA_SUFFIX
|
|
|
|
#define XATTR_SELINUX_SUFFIX "selinux"
|
|
#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
|
|
|
|
#define XATTR_SMACK_SUFFIX "SMACK64"
|
|
#define XATTR_SMACK_IPIN "SMACK64IPIN"
|
|
#define XATTR_SMACK_IPOUT "SMACK64IPOUT"
|
|
#define XATTR_SMACK_EXEC "SMACK64EXEC"
|
|
#define XATTR_SMACK_TRANSMUTE "SMACK64TRANSMUTE"
|
|
#define XATTR_SMACK_MMAP "SMACK64MMAP"
|
|
#define XATTR_NAME_SMACK XATTR_SECURITY_PREFIX XATTR_SMACK_SUFFIX
|
|
#define XATTR_NAME_SMACKIPIN XATTR_SECURITY_PREFIX XATTR_SMACK_IPIN
|
|
#define XATTR_NAME_SMACKIPOUT XATTR_SECURITY_PREFIX XATTR_SMACK_IPOUT
|
|
#define XATTR_NAME_SMACKEXEC XATTR_SECURITY_PREFIX XATTR_SMACK_EXEC
|
|
#define XATTR_NAME_SMACKTRANSMUTE XATTR_SECURITY_PREFIX XATTR_SMACK_TRANSMUTE
|
|
#define XATTR_NAME_SMACKMMAP XATTR_SECURITY_PREFIX XATTR_SMACK_MMAP
|
|
|
|
#define XATTR_CAPS_SUFFIX "capability"
|
|
#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
|
|
|
|
#define XATTR_POSIX_ACL_ACCESS "posix_acl_access"
|
|
#define XATTR_NAME_POSIX_ACL_ACCESS XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_ACCESS
|
|
#define XATTR_POSIX_ACL_DEFAULT "posix_acl_default"
|
|
#define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT
|
|
|
|
#ifdef __KERNEL__
|
|
|
|
#include <linux/slab.h>
|
|
#include <linux/types.h>
|
|
#include <linux/spinlock.h>
|
|
|
|
struct inode;
|
|
struct dentry;
|
|
|
|
struct xattr_handler {
|
|
const char *prefix;
|
|
int flags; /* fs private flags passed back to the handlers */
|
|
size_t (*list)(struct dentry *dentry, char *list, size_t list_size,
|
|
const char *name, size_t name_len, int handler_flags);
|
|
int (*get)(struct dentry *dentry, const char *name, void *buffer,
|
|
size_t size, int handler_flags);
|
|
int (*set)(struct dentry *dentry, const char *name, const void *buffer,
|
|
size_t size, int flags, int handler_flags);
|
|
};
|
|
|
|
struct xattr {
|
|
char *name;
|
|
void *value;
|
|
size_t value_len;
|
|
};
|
|
|
|
ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t);
|
|
ssize_t vfs_getxattr(struct dentry *, const char *, void *, size_t);
|
|
ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);
|
|
int __vfs_setxattr_noperm(struct dentry *, const char *, const void *, size_t, int);
|
|
int vfs_setxattr(struct dentry *, const char *, const void *, size_t, int);
|
|
int vfs_removexattr(struct dentry *, const char *);
|
|
|
|
ssize_t generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size);
|
|
ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size);
|
|
int generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags);
|
|
int generic_removexattr(struct dentry *dentry, const char *name);
|
|
ssize_t vfs_getxattr_alloc(struct dentry *dentry, const char *name,
|
|
char **xattr_value, size_t size, gfp_t flags);
|
|
int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name,
|
|
const char *value, size_t size, gfp_t flags);
|
|
|
|
struct simple_xattrs {
|
|
struct list_head head;
|
|
spinlock_t lock;
|
|
};
|
|
|
|
struct simple_xattr {
|
|
struct list_head list;
|
|
char *name;
|
|
size_t size;
|
|
char value[0];
|
|
};
|
|
|
|
/*
|
|
* initialize the simple_xattrs structure
|
|
*/
|
|
static inline void simple_xattrs_init(struct simple_xattrs *xattrs)
|
|
{
|
|
INIT_LIST_HEAD(&xattrs->head);
|
|
spin_lock_init(&xattrs->lock);
|
|
}
|
|
|
|
/*
|
|
* free all the xattrs
|
|
*/
|
|
static inline void simple_xattrs_free(struct simple_xattrs *xattrs)
|
|
{
|
|
struct simple_xattr *xattr, *node;
|
|
|
|
list_for_each_entry_safe(xattr, node, &xattrs->head, list) {
|
|
kfree(xattr->name);
|
|
kfree(xattr);
|
|
}
|
|
}
|
|
|
|
struct simple_xattr *simple_xattr_alloc(const void *value, size_t size);
|
|
int simple_xattr_get(struct simple_xattrs *xattrs, const char *name,
|
|
void *buffer, size_t size);
|
|
int simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
|
|
const void *value, size_t size, int flags);
|
|
int simple_xattr_remove(struct simple_xattrs *xattrs, const char *name);
|
|
ssize_t simple_xattr_list(struct simple_xattrs *xattrs, char *buffer,
|
|
size_t size);
|
|
void simple_xattr_list_add(struct simple_xattrs *xattrs,
|
|
struct simple_xattr *new_xattr);
|
|
|
|
#endif /* __KERNEL__ */
|
|
|
|
#endif /* _LINUX_XATTR_H */
|