github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/xattr.txt (about) 1 # Copyright 2017 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 include <linux/xattr.h> 5 include <linux/uuid.h> 6 include <uapi/linux/posix_acl_xattr.h> 7 include <uapi/linux/posix_acl.h> 8 include <uapi/linux/capability.h> 9 include <security/integrity/integrity.h> 10 include <fs/overlayfs/overlayfs.h> 11 include <uapi/linux/hash_info.h> 12 13 setxattr(path ptr[in, filename], name ptr[in, xattr_name], val ptr[in, string], size len[val], flags flags[setxattr_flags]) 14 lsetxattr(path ptr[in, filename], name ptr[in, xattr_name], val ptr[in, string], size len[val], flags flags[setxattr_flags]) 15 fsetxattr(fd fd, name ptr[in, xattr_name], val ptr[in, string], size len[val], flags flags[setxattr_flags]) 16 getxattr(path ptr[in, filename], name ptr[in, xattr_name], val buffer[out], size len[val]) 17 lgetxattr(path ptr[in, filename], name ptr[in, xattr_name], val buffer[out], size len[val]) 18 fgetxattr(fd fd, name ptr[in, xattr_name], val buffer[out], size len[val]) 19 listxattr(path ptr[in, filename], list buffer[out], size len[list]) 20 llistxattr(path ptr[in, filename], list buffer[out], size len[list]) 21 flistxattr(fd fd, list buffer[out], size len[list]) 22 removexattr(path ptr[in, filename], name ptr[in, xattr_name]) 23 lremovexattr(path ptr[in, filename], name ptr[in, xattr_name]) 24 fremovexattr(fd fd, name ptr[in, xattr_name]) 25 26 xattr_name [ 27 known string[xattr_names] 28 random xattr_name_random 29 ] [varlen] 30 31 xattr_name_random { 32 prefix stringnoz[xattr_prefix] 33 name string 34 } [packed] 35 36 setxattr_flags = XATTR_CREATE, XATTR_REPLACE 37 38 xattr_prefix = "system.", "trusted.", "security.", "user.", "btrfs.", "osx.", "os2." 39 40 xattr_names = "system.posix_acl_access", "system.posix_acl_default", "system.advise", "system.sockprotoname", "com.apple.FinderInfo", "com.apple.system.Security", "user.syz", "trusted.syz", "security.apparmor", "trusted.overlay.opaque", "trusted.overlay.redirect", "trusted.overlay.origin", "trusted.overlay.impure", "trusted.overlay.nlink", "trusted.overlay.upper", "trusted.overlay.metacopy", "security.selinux", "user.incfs.id", "user.incfs.size", "user.incfs.metadata" 41 42 setxattr$system_posix_acl(path ptr[in, filename], name ptr[in, string[xattr_posix_acl_names]], val ptr[in, xattr_system_posix_acl_access], size len[val], flags flags[setxattr_flags]) 43 lsetxattr$system_posix_acl(path ptr[in, filename], name ptr[in, string[xattr_posix_acl_names]], val ptr[in, xattr_system_posix_acl_access], size len[val], flags flags[setxattr_flags]) 44 fsetxattr$system_posix_acl(fd fd, name ptr[in, string[xattr_posix_acl_names]], val ptr[in, xattr_system_posix_acl_access], size len[val], flags flags[setxattr_flags]) 45 46 xattr_posix_acl_names = "system.posix_acl_access", "system.posix_acl_default" 47 48 xattr_system_posix_acl_access { 49 header posix_acl_xattr_header 50 user_obj posix_acl_xattr_entry[ACL_USER_OBJ, const[0, int32]] 51 users array[posix_acl_xattr_entry[ACL_USER, uid]] 52 group_obj posix_acl_xattr_entry[ACL_GROUP_OBJ, const[0, int32]] 53 groups array[posix_acl_xattr_entry[ACL_GROUP, gid]] 54 mask posix_acl_xattr_entry[ACL_MASK, const[0, int32]] 55 other posix_acl_xattr_entry[ACL_OTHER, const[0, int32]] 56 } [packed] 57 58 posix_acl_xattr_header { 59 a_version const[POSIX_ACL_XATTR_VERSION, int32] 60 } 61 62 type posix_acl_xattr_entry[TAG, ID] { 63 e_tag const[TAG, int16] 64 e_perm flags[posix_acl_perm, int16] 65 e_id ID 66 } 67 68 posix_acl_perm = ACL_READ, ACL_WRITE, ACL_EXECUTE 69 70 setxattr$security_capability(path ptr[in, filename], name ptr[in, string["security.capability"]], val ptr[in, vfs_cap_data_u], size len[val], flags flags[setxattr_flags]) 71 lsetxattr$security_capability(path ptr[in, filename], name ptr[in, string["security.capability"]], val ptr[in, vfs_cap_data_u], size len[val], flags flags[setxattr_flags]) 72 fsetxattr$security_capability(fd fd, name ptr[in, string["security.capability"]], val ptr[in, vfs_cap_data_u], size len[val], flags flags[setxattr_flags]) 73 74 vfs_cap_data_u [ 75 v1 vfs_cap_data_v1 76 v2 vfs_cap_data 77 v3 vfs_ns_cap_data 78 ] [varlen] 79 80 vfs_cap_data_v1 { 81 magic_etc const[VFS_CAP_REVISION_1, int32] 82 data array[vfs_cap_elem, VFS_CAP_U32_1] 83 } 84 85 vfs_cap_data { 86 magic_etc const[VFS_CAP_REVISION_2, int32] 87 data array[vfs_cap_elem, VFS_CAP_U32_2] 88 } 89 90 vfs_ns_cap_data { 91 magic_etc const[VFS_CAP_REVISION_3, int32] 92 data array[vfs_cap_elem, VFS_CAP_U32_3] 93 rootid uid 94 } 95 96 vfs_cap_elem { 97 permitted int32 98 inheritable int32 99 } 100 101 setxattr$security_evm(path ptr[in, filename], name ptr[in, string["security.evm"]], val ptr[in, evm_ima_xattr], size len[val], flags flags[setxattr_flags]) 102 lsetxattr$security_evm(path ptr[in, filename], name ptr[in, string["security.evm"]], val ptr[in, evm_ima_xattr], size len[val], flags flags[setxattr_flags]) 103 fsetxattr$security_evm(fd fd, name ptr[in, string["security.evm"]], val ptr[in, evm_ima_xattr], size len[val], flags flags[setxattr_flags]) 104 105 setxattr$security_ima(path ptr[in, filename], name ptr[in, string["security.ima"]], val ptr[in, evm_ima_xattr], size len[val], flags flags[setxattr_flags]) 106 lsetxattr$security_ima(path ptr[in, filename], name ptr[in, string["security.ima"]], val ptr[in, evm_ima_xattr], size len[val], flags flags[setxattr_flags]) 107 fsetxattr$security_ima(fd fd, name ptr[in, string["security.ima"]], val ptr[in, evm_ima_xattr], size len[val], flags flags[setxattr_flags]) 108 109 evm_ima_xattr [ 110 v1 evm_ima_xattr_data 111 v2 signature_v2_hdr 112 md5 evm_ima_xattr_digest_md5 113 sha1 evm_ima_xattr_digest_sha1 114 ng evm_ima_xattr_digest_ng 115 ] [varlen] 116 117 evm_ima_xattr_data { 118 type const[EVM_XATTR_HMAC, int8] 119 digest array[int8, 0:SHA1_DIGEST_SIZE] 120 } 121 122 signature_v2_hdr { 123 type flags[evm_xattr_type, int8] 124 version int8[0:3] 125 hash_algo int8[0:HASH_ALGO__LAST] 126 keyid int32be 127 sig_size bytesize[sig, int16be] 128 sig array[int8] 129 } [packed] 130 131 evm_xattr_type = EVM_IMA_XATTR_DIGSIG, EVM_XATTR_PORTABLE_DIGSIG 132 133 evm_ima_xattr_digest_md5 { 134 type const[IMA_XATTR_DIGEST, int8] 135 digest array[int8, 16] 136 } 137 138 evm_ima_xattr_digest_sha1 { 139 type const[IMA_XATTR_DIGEST, int8] 140 digest array[int8, 20] 141 } 142 143 evm_ima_xattr_digest_ng { 144 type const[IMA_XATTR_DIGEST_NG, int8] 145 algo int8[0:HASH_ALGO__LAST] 146 digest array[int8, 0:SHA1_DIGEST_SIZE] 147 } 148 149 setxattr$trusted_overlay_origin(path ptr[in, filename], name ptr[in, string["trusted.overlay.origin"]], val ptr[in, string["y"]], size len[val], flags flags[setxattr_flags]) 150 lsetxattr$trusted_overlay_origin(path ptr[in, filename], name ptr[in, string["trusted.overlay.origin"]], val ptr[in, string["y"]], size len[val], flags flags[setxattr_flags]) 151 fsetxattr$trusted_overlay_origin(fd fd, name ptr[in, string["trusted.overlay.origin"]], val ptr[in, string["y"]], size len[val], flags flags[setxattr_flags]) 152 153 setxattr$trusted_overlay_opaque(path ptr[in, filename], name ptr[in, string["trusted.overlay.opaque"]], val ptr[in, string["y"]], size len[val], flags flags[setxattr_flags]) 154 lsetxattr$trusted_overlay_opaque(path ptr[in, filename], name ptr[in, string["trusted.overlay.opaque"]], val ptr[in, string["y"]], size len[val], flags flags[setxattr_flags]) 155 fsetxattr$trusted_overlay_opaque(fd fd, name ptr[in, string["trusted.overlay.opaque"]], val ptr[in, string["y"]], size len[val], flags flags[setxattr_flags]) 156 157 setxattr$trusted_overlay_redirect(path ptr[in, filename], name ptr[in, string["trusted.overlay.redirect"]], val ptr[in, filename], size len[val], flags flags[setxattr_flags]) 158 lsetxattr$trusted_overlay_redirect(path ptr[in, filename], name ptr[in, string["trusted.overlay.redirect"]], val ptr[in, filename], size len[val], flags flags[setxattr_flags]) 159 fsetxattr$trusted_overlay_redirect(fd fd, name ptr[in, string["trusted.overlay.redirect"]], val ptr[in, filename], size len[val], flags flags[setxattr_flags]) 160 161 setxattr$trusted_overlay_nlink(path ptr[in, filename], name ptr[in, string["trusted.overlay.nlink"]], val ptr[in, xattr_overlay_nlink], size len[val], flags flags[setxattr_flags]) 162 lsetxattr$trusted_overlay_nlink(path ptr[in, filename], name ptr[in, string["trusted.overlay.nlink"]], val ptr[in, xattr_overlay_nlink], size len[val], flags flags[setxattr_flags]) 163 fsetxattr$trusted_overlay_nlink(fd fd, name ptr[in, string["trusted.overlay.nlink"]], val ptr[in, xattr_overlay_nlink], size len[val], flags flags[setxattr_flags]) 164 165 setxattr$trusted_overlay_upper(path ptr[in, filename], name ptr[in, string["trusted.overlay.upper"]], val ptr[in, ovl_fb], size len[val], flags flags[setxattr_flags]) 166 lsetxattr$trusted_overlay_upper(path ptr[in, filename], name ptr[in, string["trusted.overlay.upper"]], val ptr[in, ovl_fb], size len[val], flags flags[setxattr_flags]) 167 fsetxattr$trusted_overlay_upper(fd fd, name ptr[in, string["trusted.overlay.upper"]], val ptr[in, ovl_fb], size len[val], flags flags[setxattr_flags]) 168 169 xattr_overlay_nlink { 170 prefix stringnoz[xattr_overlay_nlink_prefix] 171 num fmt[dec, int64] 172 } 173 174 xattr_overlay_nlink_prefix = "U+", "U-", "L+", "L-" 175 176 # TODO: do these attrs accept ovl_fb or ovl_fh?.. 177 ovl_fb { 178 version const[0, int8] 179 magic const[OVL_FH_MAGIC, int8] 180 len bytesize[parent, int8] 181 flags flags[ovl_fb_flags, int8] 182 type int8 183 uuid uuid_t 184 fid array[int8] 185 } [packed] 186 187 ovl_fh { 188 padding array[const[0, int8], 3] 189 fb ovl_fb 190 } [packed] 191 192 type uuid_t array[int8, UUID_SIZE] 193 194 ovl_fb_flags = OVL_FH_FLAG_BIG_ENDIAN, OVL_FH_FLAG_ANY_ENDIAN, OVL_FH_FLAG_PATH_UPPER