security/ipe/fs.c

Source file repositories/reference/linux-study-clean/security/ipe/fs.c

File Facts

System
Linux kernel
Corpus path
security/ipe/fs.c
Extension
.c
Size
5693 bytes
Lines
247
Domain
Core OS
Bucket
Security And Isolation
Inferred role
Core OS: operation-table or driver-model contract
Status
pattern implementation candidate

Why This File Exists

Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.

Dependency Surface

Detected Declarations

Annotated Snippet

static const struct file_operations np_fops = {
	.write = new_policy,
};

static const struct file_operations audit_fops = {
	.write = setaudit,
	.read = getaudit,
};

static const struct file_operations enforce_fops = {
	.write = setenforce,
	.read = getenforce,
};

/**
 * ipe_init_securityfs() - Initialize IPE's securityfs tree at fsinit.
 *
 * Return: %0 on success. If an error occurs, the function will return
 * the -errno.
 */
int __init ipe_init_securityfs(void)
{
	int rc = 0;
	struct ipe_policy *ap;
	struct dentry *dentry;

	if (!ipe_enabled)
		return -EOPNOTSUPP;

	root = securityfs_create_dir("ipe", NULL);
	if (IS_ERR(root))
		return PTR_ERR(root);

	dentry = securityfs_create_file("success_audit", 0600, root,
					    NULL, &audit_fops);
	if (IS_ERR(dentry)) {
		rc = PTR_ERR(dentry);
		goto err;
	}

	dentry = securityfs_create_file("enforce", 0600, root, NULL,
					      &enforce_fops);
	if (IS_ERR(dentry)) {
		rc = PTR_ERR(dentry);
		goto err;
	}

	policy_root = securityfs_create_dir("policies", root);
	if (IS_ERR(policy_root)) {
		rc = PTR_ERR(policy_root);
		goto err;
	}

	ap = rcu_access_pointer(ipe_active_policy);
	if (ap) {
		rc = ipe_new_policyfs_node(ap);
		if (rc)
			goto err;
	}

	dentry = securityfs_create_file("new_policy", 0200, root, NULL, &np_fops);
	if (IS_ERR(dentry)) {
		rc = PTR_ERR(dentry);
		goto err;
	}

	return 0;
err:
	securityfs_remove(root);
	return rc;
}

Annotation

Implementation Notes