security/ipe/policy.c

Source file repositories/reference/linux-study-clean/security/ipe/policy.c

File Facts

System
Linux kernel
Corpus path
security/ipe/policy.c
Extension
.c
Size
5879 bytes
Lines
245
Domain
Core OS
Bucket
Security And Isolation
Inferred role
Core OS: implementation source
Status
source implementation candidate

Why This File Exists

Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.

Dependency Surface

Detected Declarations

Annotated Snippet

if (!new->pkcs7) {
			rc = -ENOMEM;
			goto err;
		}

		rc = verify_pkcs7_signature(NULL, 0, new->pkcs7, pkcs7len,
#ifdef CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING
					    VERIFY_USE_SECONDARY_KEYRING,
#else
					    NULL,
#endif
					    VERIFYING_UNSPECIFIED_SIGNATURE,
					    set_pkcs7_data, new);
#ifdef CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING
		if (rc == -ENOKEY || rc == -EKEYREJECTED)
			rc = verify_pkcs7_signature(NULL, 0, new->pkcs7, pkcs7len,
						    VERIFY_USE_PLATFORM_KEYRING,
						    VERIFYING_UNSPECIFIED_SIGNATURE,
						    set_pkcs7_data, new);
#endif
		if (rc)
			goto err;
	} else {
		new->textlen = textlen;
		new->text = kstrdup(text, GFP_KERNEL);
		if (!new->text) {
			rc = -ENOMEM;
			goto err;
		}
	}

	rc = ipe_parse_policy(new);
	if (rc)
		goto err;

	return new;
err:
	ipe_free_policy(new);
	return ERR_PTR(rc);
}

/**
 * ipe_set_active_pol() - Make @p the active policy.
 * @p: Supplies a pointer to the policy to make active.
 *
 * Context: Requires root->i_rwsem, which i_private has the policy, to be held.
 * Return:
 * * %0	- Success
 * * %-EINVAL	- New active policy version is invalid
 */
int ipe_set_active_pol(const struct ipe_policy *p)
{
	struct ipe_policy *ap = NULL;

	mutex_lock(&ipe_policy_lock);

	ap = rcu_dereference_protected(ipe_active_policy,
				       lockdep_is_held(&ipe_policy_lock));
	if (ap == p) {
		mutex_unlock(&ipe_policy_lock);
		return 0;
	}
	if (ap && ver_to_u64(ap) > ver_to_u64(p)) {
		mutex_unlock(&ipe_policy_lock);
		return -EINVAL;
	}

	rcu_assign_pointer(ipe_active_policy, p);
	ipe_audit_policy_activation(ap, p);
	mutex_unlock(&ipe_policy_lock);

	return 0;
}

Annotation

Implementation Notes