1  /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2  /*
3   * Linux Security Modules (LSM) - User space API
4   *
5   * Copyright (C) 2022 Casey Schaufler <casey@schaufler-ca.com>
6   * Copyright (C) 2022 Intel Corporation
7   */
8  
9  #ifndef _UAPI_LINUX_LSM_H
10  #define _UAPI_LINUX_LSM_H
11  
12  #include <linux/stddef.h>
13  #include <linux/types.h>
14  #include <linux/unistd.h>
15  
16  /**
17   * struct lsm_ctx - LSM context information
18   * @id: the LSM id number, see LSM_ID_XXX
19   * @flags: LSM specific flags
20   * @len: length of the lsm_ctx struct, @ctx and any other data or padding
21   * @ctx_len: the size of @ctx
22   * @ctx: the LSM context value
23   *
24   * The @len field MUST be equal to the size of the lsm_ctx struct
25   * plus any additional padding and/or data placed after @ctx.
26   *
27   * In all cases @ctx_len MUST be equal to the length of @ctx.
28   * If @ctx is a string value it should be nul terminated with
29   * @ctx_len equal to `strlen(@ctx) + 1`.  Binary values are
30   * supported.
31   *
32   * The @flags and @ctx fields SHOULD only be interpreted by the
33   * LSM specified by @id; they MUST be set to zero/0 when not used.
34   */
35  struct lsm_ctx {
36  	__u64 id;
37  	__u64 flags;
38  	__u64 len;
39  	__u64 ctx_len;
40  	__u8 ctx[] __counted_by(ctx_len);
41  };
42  
43  /*
44   * ID tokens to identify Linux Security Modules (LSMs)
45   *
46   * These token values are used to uniquely identify specific LSMs
47   * in the kernel as well as in the kernel's LSM userspace API.
48   *
49   * A value of zero/0 is considered undefined and should not be used
50   * outside the kernel. Values 1-99 are reserved for potential
51   * future use.
52   */
53  #define LSM_ID_UNDEF		0
54  #define LSM_ID_CAPABILITY	100
55  #define LSM_ID_SELINUX		101
56  #define LSM_ID_SMACK		102
57  #define LSM_ID_TOMOYO		103
58  #define LSM_ID_APPARMOR		104
59  #define LSM_ID_YAMA		105
60  #define LSM_ID_LOADPIN		106
61  #define LSM_ID_SAFESETID	107
62  #define LSM_ID_LOCKDOWN		108
63  #define LSM_ID_BPF		109
64  #define LSM_ID_LANDLOCK		110
65  #define LSM_ID_IMA		111
66  #define LSM_ID_EVM		112
67  #define LSM_ID_IPE		113
68  
69  /*
70   * LSM_ATTR_XXX definitions identify different LSM attributes
71   * which are used in the kernel's LSM userspace API. Support
72   * for these attributes vary across the different LSMs. None
73   * are required.
74   *
75   * A value of zero/0 is considered undefined and should not be used
76   * outside the kernel. Values 1-99 are reserved for potential
77   * future use.
78   */
79  #define LSM_ATTR_UNDEF		0
80  #define LSM_ATTR_CURRENT	100
81  #define LSM_ATTR_EXEC		101
82  #define LSM_ATTR_FSCREATE	102
83  #define LSM_ATTR_KEYCREATE	103
84  #define LSM_ATTR_PREV		104
85  #define LSM_ATTR_SOCKCREATE	105
86  
87  /*
88   * LSM_FLAG_XXX definitions identify special handling instructions
89   * for the API.
90   */
91  #define LSM_FLAG_SINGLE	0x0001
92  
93  #endif /* _UAPI_LINUX_LSM_H */
94