security/ipe/policy_fs.c

Source file repositories/reference/linux-study-clean/security/ipe/policy_fs.c

File Facts

System
Linux kernel
Corpus path
security/ipe/policy_fs.c
Extension
.c
Size
11463 bytes
Lines
491
Domain
Core OS
Bucket
Security And Isolation
Inferred role
Core OS: operation-table or driver-model contract
Status
pattern implementation candidate

Why This File Exists

Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.

Dependency Surface

Detected Declarations

Annotated Snippet

const struct file_operations *fops;
};

/**
 * read_pkcs7() - Read handler for "ipe/policies/$name/pkcs7".
 * @f: Supplies a file structure representing the securityfs node.
 * @data: Supplies a buffer passed to the write syscall.
 * @len: Supplies the length of @data.
 * @offset: unused.
 *
 * @data will be populated with the pkcs7 blob representing the policy
 * on success. If the policy is unsigned (like the boot policy), this
 * will return -ENOENT.
 *
 * Return:
 * * Length of buffer written	- Success
 * * %-ENOENT			- Policy initializing/deleted or is unsigned
 */
static ssize_t read_pkcs7(struct file *f, char __user *data,
			  size_t len, loff_t *offset)
{
	const struct ipe_policy *p = NULL;
	struct inode *root = NULL;
	int rc = 0;

	root = d_inode(f->f_path.dentry->d_parent);

	inode_lock_shared(root);
	p = (struct ipe_policy *)root->i_private;
	if (!p) {
		rc = -ENOENT;
		goto out;
	}

	if (!p->pkcs7) {
		rc = -ENOENT;
		goto out;
	}

	rc = simple_read_from_buffer(data, len, offset, p->pkcs7, p->pkcs7len);

out:
	inode_unlock_shared(root);

	return rc;
}

/**
 * read_policy() - Read handler for "ipe/policies/$name/policy".
 * @f: Supplies a file structure representing the securityfs node.
 * @data: Supplies a buffer passed to the write syscall.
 * @len: Supplies the length of @data.
 * @offset: unused.
 *
 * @data will be populated with the plain-text version of the policy
 * on success.
 *
 * Return:
 * * Length of buffer written	- Success
 * * %-ENOENT			- Policy initializing/deleted
 */
static ssize_t read_policy(struct file *f, char __user *data,
			   size_t len, loff_t *offset)
{
	const struct ipe_policy *p = NULL;
	struct inode *root = NULL;
	int rc = 0;

	root = d_inode(f->f_path.dentry->d_parent);

	inode_lock_shared(root);
	p = (struct ipe_policy *)root->i_private;
	if (!p) {
		rc = -ENOENT;
		goto out;
	}

	rc = simple_read_from_buffer(data, len, offset, p->text, p->textlen);

out:
	inode_unlock_shared(root);

	return rc;
}

/**
 * read_name() - Read handler for "ipe/policies/$name/name".
 * @f: Supplies a file structure representing the securityfs node.
 * @data: Supplies a buffer passed to the write syscall.
 * @len: Supplies the length of @data.

Annotation

Implementation Notes