security/ipe/fs.c
Source file repositories/reference/linux-study-clean/security/ipe/fs.c
File Facts
- System
- Linux kernel
- Corpus path
security/ipe/fs.c- Extension
.c- Size
- 5693 bytes
- Lines
- 247
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: operation-table or driver-model contract
- Status
- pattern implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Defines an operation table; this is where Linux turns generic core objects into subsystem-specific behavior.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/dcache.hlinux/security.hipe.hfs.heval.hpolicy.haudit.h
Detected Declarations
function setauditfunction getauditfunction setenforcefunction getenforcefunction new_policyfunction ipe_init_securityfs
Annotated Snippet
static const struct file_operations np_fops = {
.write = new_policy,
};
static const struct file_operations audit_fops = {
.write = setaudit,
.read = getaudit,
};
static const struct file_operations enforce_fops = {
.write = setenforce,
.read = getenforce,
};
/**
* ipe_init_securityfs() - Initialize IPE's securityfs tree at fsinit.
*
* Return: %0 on success. If an error occurs, the function will return
* the -errno.
*/
int __init ipe_init_securityfs(void)
{
int rc = 0;
struct ipe_policy *ap;
struct dentry *dentry;
if (!ipe_enabled)
return -EOPNOTSUPP;
root = securityfs_create_dir("ipe", NULL);
if (IS_ERR(root))
return PTR_ERR(root);
dentry = securityfs_create_file("success_audit", 0600, root,
NULL, &audit_fops);
if (IS_ERR(dentry)) {
rc = PTR_ERR(dentry);
goto err;
}
dentry = securityfs_create_file("enforce", 0600, root, NULL,
&enforce_fops);
if (IS_ERR(dentry)) {
rc = PTR_ERR(dentry);
goto err;
}
policy_root = securityfs_create_dir("policies", root);
if (IS_ERR(policy_root)) {
rc = PTR_ERR(policy_root);
goto err;
}
ap = rcu_access_pointer(ipe_active_policy);
if (ap) {
rc = ipe_new_policyfs_node(ap);
if (rc)
goto err;
}
dentry = securityfs_create_file("new_policy", 0200, root, NULL, &np_fops);
if (IS_ERR(dentry)) {
rc = PTR_ERR(dentry);
goto err;
}
return 0;
err:
securityfs_remove(root);
return rc;
}
Annotation
- Immediate include surface: `linux/dcache.h`, `linux/security.h`, `ipe.h`, `fs.h`, `eval.h`, `policy.h`, `audit.h`.
- Detected declarations: `function setaudit`, `function getaudit`, `function setenforce`, `function getenforce`, `function new_policy`, `function ipe_init_securityfs`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: pattern implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.