security/ipe/eval.h
Source file repositories/reference/linux-study-clean/security/ipe/eval.h
File Facts
- System
- Linux kernel
- Corpus path
security/ipe/eval.h- Extension
.h- Size
- 1604 bytes
- Lines
- 71
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/file.hlinux/types.hpolicy.hhooks.h
Detected Declarations
struct ipe_superblockstruct ipe_bdevstruct ipe_inodestruct ipe_eval_ctxenum ipe_matchfunction Copyright
Annotated Snippet
struct ipe_superblock {
bool initramfs;
};
#ifdef CONFIG_IPE_PROP_DM_VERITY
struct ipe_bdev {
#ifdef CONFIG_IPE_PROP_DM_VERITY_SIGNATURE
bool dm_verity_signed;
#endif /* CONFIG_IPE_PROP_DM_VERITY_SIGNATURE */
struct digest_info *root_hash;
};
#endif /* CONFIG_IPE_PROP_DM_VERITY */
#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
struct ipe_inode {
bool fs_verity_signed;
};
#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
struct ipe_eval_ctx {
enum ipe_op_type op;
enum ipe_hook_type hook;
const struct file *file;
bool initramfs;
#ifdef CONFIG_IPE_PROP_DM_VERITY
const struct ipe_bdev *ipe_bdev;
#endif /* CONFIG_IPE_PROP_DM_VERITY */
#ifdef CONFIG_IPE_PROP_FS_VERITY
const struct inode *ino;
#endif /* CONFIG_IPE_PROP_FS_VERITY */
#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
const struct ipe_inode *ipe_inode;
#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
};
enum ipe_match {
IPE_MATCH_RULE = 0,
IPE_MATCH_TABLE,
IPE_MATCH_GLOBAL,
__IPE_MATCH_MAX
};
void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
const struct file *file,
enum ipe_op_type op,
enum ipe_hook_type hook);
int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx);
#endif /* _IPE_EVAL_H */
Annotation
- Immediate include surface: `linux/file.h`, `linux/types.h`, `policy.h`, `hooks.h`.
- Detected declarations: `struct ipe_superblock`, `struct ipe_bdev`, `struct ipe_inode`, `struct ipe_eval_ctx`, `enum ipe_match`, `function Copyright`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.