security/ipe/eval.h

Source file repositories/reference/linux-study-clean/security/ipe/eval.h

File Facts

System
Linux kernel
Corpus path
security/ipe/eval.h
Extension
.h
Size
1604 bytes
Lines
71
Domain
Core OS
Bucket
Security And Isolation
Inferred role
Core OS: implementation source
Status
source implementation candidate

Why This File Exists

Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.

Dependency Surface

Detected Declarations

Annotated Snippet

struct ipe_superblock {
	bool initramfs;
};

#ifdef CONFIG_IPE_PROP_DM_VERITY
struct ipe_bdev {
#ifdef CONFIG_IPE_PROP_DM_VERITY_SIGNATURE
	bool dm_verity_signed;
#endif /* CONFIG_IPE_PROP_DM_VERITY_SIGNATURE */
	struct digest_info *root_hash;
};
#endif /* CONFIG_IPE_PROP_DM_VERITY */

#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
struct ipe_inode {
	bool fs_verity_signed;
};
#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */

struct ipe_eval_ctx {
	enum ipe_op_type op;
	enum ipe_hook_type hook;

	const struct file *file;
	bool initramfs;
#ifdef CONFIG_IPE_PROP_DM_VERITY
	const struct ipe_bdev *ipe_bdev;
#endif /* CONFIG_IPE_PROP_DM_VERITY */
#ifdef CONFIG_IPE_PROP_FS_VERITY
	const struct inode *ino;
#endif /* CONFIG_IPE_PROP_FS_VERITY */
#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
	const struct ipe_inode *ipe_inode;
#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
};

enum ipe_match {
	IPE_MATCH_RULE = 0,
	IPE_MATCH_TABLE,
	IPE_MATCH_GLOBAL,
	__IPE_MATCH_MAX
};

void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
			const struct file *file,
			enum ipe_op_type op,
			enum ipe_hook_type hook);
int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx);

#endif /* _IPE_EVAL_H */

Annotation

Implementation Notes