1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0 */ 2*4882a593Smuzhiyun 3*4882a593Smuzhiyun /* 4*4882a593Smuzhiyun * Copyright (C) 2020 Google LLC. 5*4882a593Smuzhiyun */ 6*4882a593Smuzhiyun 7*4882a593Smuzhiyun #ifndef _LINUX_BPF_LSM_H 8*4882a593Smuzhiyun #define _LINUX_BPF_LSM_H 9*4882a593Smuzhiyun 10*4882a593Smuzhiyun #include <linux/bpf.h> 11*4882a593Smuzhiyun #include <linux/lsm_hooks.h> 12*4882a593Smuzhiyun 13*4882a593Smuzhiyun #ifdef CONFIG_BPF_LSM 14*4882a593Smuzhiyun 15*4882a593Smuzhiyun #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ 16*4882a593Smuzhiyun RET bpf_lsm_##NAME(__VA_ARGS__); 17*4882a593Smuzhiyun #include <linux/lsm_hook_defs.h> 18*4882a593Smuzhiyun #undef LSM_HOOK 19*4882a593Smuzhiyun 20*4882a593Smuzhiyun struct bpf_storage_blob { 21*4882a593Smuzhiyun struct bpf_local_storage __rcu *storage; 22*4882a593Smuzhiyun }; 23*4882a593Smuzhiyun 24*4882a593Smuzhiyun extern struct lsm_blob_sizes bpf_lsm_blob_sizes; 25*4882a593Smuzhiyun 26*4882a593Smuzhiyun int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog, 27*4882a593Smuzhiyun const struct bpf_prog *prog); 28*4882a593Smuzhiyun bpf_inode(const struct inode * inode)29*4882a593Smuzhiyunstatic inline struct bpf_storage_blob *bpf_inode( 30*4882a593Smuzhiyun const struct inode *inode) 31*4882a593Smuzhiyun { 32*4882a593Smuzhiyun if (unlikely(!inode->i_security)) 33*4882a593Smuzhiyun return NULL; 34*4882a593Smuzhiyun 35*4882a593Smuzhiyun return inode->i_security + bpf_lsm_blob_sizes.lbs_inode; 36*4882a593Smuzhiyun } 37*4882a593Smuzhiyun 38*4882a593Smuzhiyun extern const struct bpf_func_proto bpf_inode_storage_get_proto; 39*4882a593Smuzhiyun extern const struct bpf_func_proto bpf_inode_storage_delete_proto; 40*4882a593Smuzhiyun void bpf_inode_storage_free(struct inode *inode); 41*4882a593Smuzhiyun 42*4882a593Smuzhiyun #else /* !CONFIG_BPF_LSM */ 43*4882a593Smuzhiyun bpf_lsm_verify_prog(struct bpf_verifier_log * vlog,const struct bpf_prog * prog)44*4882a593Smuzhiyunstatic inline int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog, 45*4882a593Smuzhiyun const struct bpf_prog *prog) 46*4882a593Smuzhiyun { 47*4882a593Smuzhiyun return -EOPNOTSUPP; 48*4882a593Smuzhiyun } 49*4882a593Smuzhiyun bpf_inode(const struct inode * inode)50*4882a593Smuzhiyunstatic inline struct bpf_storage_blob *bpf_inode( 51*4882a593Smuzhiyun const struct inode *inode) 52*4882a593Smuzhiyun { 53*4882a593Smuzhiyun return NULL; 54*4882a593Smuzhiyun } 55*4882a593Smuzhiyun bpf_inode_storage_free(struct inode * inode)56*4882a593Smuzhiyunstatic inline void bpf_inode_storage_free(struct inode *inode) 57*4882a593Smuzhiyun { 58*4882a593Smuzhiyun } 59*4882a593Smuzhiyun 60*4882a593Smuzhiyun #endif /* CONFIG_BPF_LSM */ 61*4882a593Smuzhiyun 62*4882a593Smuzhiyun #endif /* _LINUX_BPF_LSM_H */ 63