[linux.git] / include / uapi / linux / lsm.h

/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
 * Linux Security Modules (LSM) - User space API
 *
 * Copyright (C) 2022 Casey Schaufler <[email protected]>
 * Copyright (C) 2022 Intel Corporation
 */

#ifndef _UAPI_LINUX_LSM_H
#define _UAPI_LINUX_LSM_H

#include <linux/stddef.h>
#include <linux/types.h>
#include <linux/unistd.h>

/**
 * struct lsm_ctx - LSM context information
 * @id: the LSM id number, see LSM_ID_XXX
 * @flags: LSM specific flags
 * @len: length of the lsm_ctx struct, @ctx and any other data or padding
 * @ctx_len: the size of @ctx
 * @ctx: the LSM context value
 *
 * The @len field MUST be equal to the size of the lsm_ctx struct
 * plus any additional padding and/or data placed after @ctx.
 *
 * In all cases @ctx_len MUST be equal to the length of @ctx.
 * If @ctx is a string value it should be nul terminated with
 * @ctx_len equal to `strlen(@ctx) + 1`.  Binary values are
 * supported.
 *
 * The @flags and @ctx fields SHOULD only be interpreted by the
 * LSM specified by @id; they MUST be set to zero/0 when not used.
 */
struct lsm_ctx {
	__u64 id;
	__u64 flags;
	__u64 len;
	__u64 ctx_len;
	__u8 ctx[] __counted_by(ctx_len);
};

/*
 * ID tokens to identify Linux Security Modules (LSMs)
 *
 * These token values are used to uniquely identify specific LSMs
 * in the kernel as well as in the kernel's LSM userspace API.
 *
 * A value of zero/0 is considered undefined and should not be used
 * outside the kernel. Values 1-99 are reserved for potential
 * future use.
 */
#define LSM_ID_UNDEF		0
#define LSM_ID_CAPABILITY	100
#define LSM_ID_SELINUX		101
#define LSM_ID_SMACK		102
#define LSM_ID_TOMOYO		103
#define LSM_ID_APPARMOR		104
#define LSM_ID_YAMA		105
#define LSM_ID_LOADPIN		106
#define LSM_ID_SAFESETID	107
#define LSM_ID_LOCKDOWN		108
#define LSM_ID_BPF		109
#define LSM_ID_LANDLOCK		110
#define LSM_ID_IMA		111
#define LSM_ID_EVM		112
#define LSM_ID_IPE		113

/*
 * LSM_ATTR_XXX definitions identify different LSM attributes
 * which are used in the kernel's LSM userspace API. Support
 * for these attributes vary across the different LSMs. None
 * are required.
 *
 * A value of zero/0 is considered undefined and should not be used
 * outside the kernel. Values 1-99 are reserved for potential
 * future use.
 */
#define LSM_ATTR_UNDEF		0
#define LSM_ATTR_CURRENT	100
#define LSM_ATTR_EXEC		101
#define LSM_ATTR_FSCREATE	102
#define LSM_ATTR_KEYCREATE	103
#define LSM_ATTR_PREV		104
#define LSM_ATTR_SOCKCREATE	105

/*
 * LSM_FLAG_XXX definitions identify special handling instructions
 * for the API.
 */
#define LSM_FLAG_SINGLE	0x0001

#endif /* _UAPI_LINUX_LSM_H */
Commit	Line	Data
f3b8788c CS	1	/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
	2	/*
	3	* Linux Security Modules (LSM) - User space API
	4	*
	5	* Copyright (C) 2022 Casey Schaufler <[email protected]>
	6	* Copyright (C) 2022 Intel Corporation
	7	*/
	8
	9	#ifndef _UAPI_LINUX_LSM_H
	10	#define _UAPI_LINUX_LSM_H
	11
ea67677d	12	#include <linux/stddef.h>
a04a1198 CS	13	#include <linux/types.h>
	14	#include <linux/unistd.h>
	15
	16	/**
	17	* struct lsm_ctx - LSM context information
	18	* @id: the LSM id number, see LSM_ID_XXX
	19	* @flags: LSM specific flags
	20	* @len: length of the lsm_ctx struct, @ctx and any other data or padding
	21	* @ctx_len: the size of @ctx
	22	* @ctx: the LSM context value
	23	*
	24	* The @len field MUST be equal to the size of the lsm_ctx struct
	25	* plus any additional padding and/or data placed after @ctx.
	26	*
	27	* In all cases @ctx_len MUST be equal to the length of @ctx.
	28	* If @ctx is a string value it should be nul terminated with
	29	* @ctx_len equal to `strlen(@ctx) + 1`. Binary values are
	30	* supported.
	31	*
	32	* The @flags and @ctx fields SHOULD only be interpreted by the
	33	* LSM specified by @id; they MUST be set to zero/0 when not used.
	34	*/
	35	struct lsm_ctx {
	36	__u64 id;
	37	__u64 flags;
	38	__u64 len;
	39	__u64 ctx_len;
ea67677d	40	__u8 ctx[] __counted_by(ctx_len);
a04a1198 CS	41	};
a04a1198 CS	42
f3b8788c CS	43	/*
	44	* ID tokens to identify Linux Security Modules (LSMs)
	45	*
	46	* These token values are used to uniquely identify specific LSMs
	47	* in the kernel as well as in the kernel's LSM userspace API.
	48	*
	49	* A value of zero/0 is considered undefined and should not be used
	50	* outside the kernel. Values 1-99 are reserved for potential
	51	* future use.
	52	*/
	53	#define LSM_ID_UNDEF 0
	54	#define LSM_ID_CAPABILITY 100
	55	#define LSM_ID_SELINUX 101
	56	#define LSM_ID_SMACK 102
	57	#define LSM_ID_TOMOYO 103
edd71f8e PM	58	#define LSM_ID_APPARMOR 104
	59	#define LSM_ID_YAMA 105
	60	#define LSM_ID_LOADPIN 106
	61	#define LSM_ID_SAFESETID 107
	62	#define LSM_ID_LOCKDOWN 108
	63	#define LSM_ID_BPF 109
	64	#define LSM_ID_LANDLOCK 110
cd3cec0a	65	#define LSM_ID_IMA 111
92383111	66	#define LSM_ID_EVM 112
03115077	67	#define LSM_ID_IPE 113
f3b8788c CS	68
	69	/*
	70	* LSM_ATTR_XXX definitions identify different LSM attributes
	71	* which are used in the kernel's LSM userspace API. Support
	72	* for these attributes vary across the different LSMs. None
	73	* are required.
	74	*
	75	* A value of zero/0 is considered undefined and should not be used
	76	* outside the kernel. Values 1-99 are reserved for potential
	77	* future use.
	78	*/
	79	#define LSM_ATTR_UNDEF 0
	80	#define LSM_ATTR_CURRENT 100
	81	#define LSM_ATTR_EXEC 101
	82	#define LSM_ATTR_FSCREATE 102
	83	#define LSM_ATTR_KEYCREATE 103
	84	#define LSM_ATTR_PREV 104
	85	#define LSM_ATTR_SOCKCREATE 105
	86
a04a1198 CS	87	/*
	88	* LSM_FLAG_XXX definitions identify special handling instructions
	89	* for the API.
	90	*/
	91	#define LSM_FLAG_SINGLE 0x0001
	92
f3b8788c	93	#endif /* _UAPI_LINUX_LSM_H */