diff options
| author | Deven Bowers <deven.desai@linux.microsoft.com> | 2024-08-02 23:08:18 -0700 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2024-08-20 14:01:33 -0400 |
| commit | 52443cb60c356707df494910fa134bbb0a8b1a66 (patch) | |
| tree | b53fe558511f276f891ecce8da6aa34b0d5e3ae1 /security/ipe/eval.c | |
| parent | 05a351630b7463ce58668095f5683669c1295f65 (diff) | |
ipe: add LSM hooks on execution and kernel read
IPE's initial goal is to control both execution and the loading of
kernel modules based on the system's definition of trust. It
accomplishes this by plugging into the security hooks for
bprm_check_security, file_mprotect, mmap_file, kernel_load_data,
and kernel_read_data.
Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/ipe/eval.c')
| -rw-r--r-- | security/ipe/eval.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/security/ipe/eval.c b/security/ipe/eval.c index f6a681ca49f6..1739327f082b 100644 --- a/security/ipe/eval.c +++ b/security/ipe/eval.c @@ -17,6 +17,20 @@ struct ipe_policy __rcu *ipe_active_policy; /** + * ipe_build_eval_ctx() - Build an ipe evaluation context. + * @ctx: Supplies a pointer to the context to be populated. + * @file: Supplies a pointer to the file to associated with the evaluation. + * @op: Supplies the IPE policy operation associated with the evaluation. + */ +void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx, + const struct file *file, + enum ipe_op_type op) +{ + ctx->file = file; + ctx->op = op; +} + +/** * evaluate_property() - Analyze @ctx against a rule property. * @ctx: Supplies a pointer to the context to be evaluated. * @p: Supplies a pointer to the property to be evaluated. |