Linux/security/ipe/policy.h

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

1 /* SPDX-License-Identifier: GPL-2.0 */ 1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 2 /* 3 * Copyright (C) 2020-2024 Microsoft Corporati 3 * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved. 4 */ 4 */ 5 #ifndef _IPE_POLICY_H 5 #ifndef _IPE_POLICY_H 6 #define _IPE_POLICY_H 6 #define _IPE_POLICY_H 7 7 8 #include <linux/list.h> 8 #include <linux/list.h> 9 #include <linux/types.h> 9 #include <linux/types.h> 10 #include <linux/fs.h> 10 #include <linux/fs.h> 11 11 12 enum ipe_op_type { 12 enum ipe_op_type { 13 IPE_OP_EXEC = 0, 13 IPE_OP_EXEC = 0, 14 IPE_OP_FIRMWARE, 14 IPE_OP_FIRMWARE, 15 IPE_OP_KERNEL_MODULE, 15 IPE_OP_KERNEL_MODULE, 16 IPE_OP_KEXEC_IMAGE, 16 IPE_OP_KEXEC_IMAGE, 17 IPE_OP_KEXEC_INITRAMFS, 17 IPE_OP_KEXEC_INITRAMFS, 18 IPE_OP_POLICY, 18 IPE_OP_POLICY, 19 IPE_OP_X509, 19 IPE_OP_X509, 20 __IPE_OP_MAX, 20 __IPE_OP_MAX, 21 }; 21 }; 22 22 23 #define IPE_OP_INVALID __IPE_OP_MAX 23 #define IPE_OP_INVALID __IPE_OP_MAX 24 24 25 enum ipe_action_type { 25 enum ipe_action_type { 26 IPE_ACTION_ALLOW = 0, 26 IPE_ACTION_ALLOW = 0, 27 IPE_ACTION_DENY, 27 IPE_ACTION_DENY, 28 __IPE_ACTION_MAX 28 __IPE_ACTION_MAX 29 }; 29 }; 30 30 31 #define IPE_ACTION_INVALID __IPE_ACTION_MAX 31 #define IPE_ACTION_INVALID __IPE_ACTION_MAX 32 32 33 enum ipe_prop_type { 33 enum ipe_prop_type { 34 IPE_PROP_BOOT_VERIFIED_FALSE, 34 IPE_PROP_BOOT_VERIFIED_FALSE, 35 IPE_PROP_BOOT_VERIFIED_TRUE, 35 IPE_PROP_BOOT_VERIFIED_TRUE, 36 IPE_PROP_DMV_ROOTHASH, 36 IPE_PROP_DMV_ROOTHASH, 37 IPE_PROP_DMV_SIG_FALSE, 37 IPE_PROP_DMV_SIG_FALSE, 38 IPE_PROP_DMV_SIG_TRUE, 38 IPE_PROP_DMV_SIG_TRUE, 39 IPE_PROP_FSV_DIGEST, 39 IPE_PROP_FSV_DIGEST, 40 IPE_PROP_FSV_SIG_FALSE, 40 IPE_PROP_FSV_SIG_FALSE, 41 IPE_PROP_FSV_SIG_TRUE, 41 IPE_PROP_FSV_SIG_TRUE, 42 __IPE_PROP_MAX 42 __IPE_PROP_MAX 43 }; 43 }; 44 44 45 #define IPE_PROP_INVALID __IPE_PROP_MAX 45 #define IPE_PROP_INVALID __IPE_PROP_MAX 46 46 47 struct ipe_prop { 47 struct ipe_prop { 48 struct list_head next; 48 struct list_head next; 49 enum ipe_prop_type type; 49 enum ipe_prop_type type; 50 void *value; 50 void *value; 51 }; 51 }; 52 52 53 struct ipe_rule { 53 struct ipe_rule { 54 enum ipe_op_type op; 54 enum ipe_op_type op; 55 enum ipe_action_type action; 55 enum ipe_action_type action; 56 struct list_head props; 56 struct list_head props; 57 struct list_head next; 57 struct list_head next; 58 }; 58 }; 59 59 60 struct ipe_op_table { 60 struct ipe_op_table { 61 struct list_head rules; 61 struct list_head rules; 62 enum ipe_action_type default_action; 62 enum ipe_action_type default_action; 63 }; 63 }; 64 64 65 struct ipe_parsed_policy { 65 struct ipe_parsed_policy { 66 const char *name; 66 const char *name; 67 struct { 67 struct { 68 u16 major; 68 u16 major; 69 u16 minor; 69 u16 minor; 70 u16 rev; 70 u16 rev; 71 } version; 71 } version; 72 72 73 enum ipe_action_type global_default_ac 73 enum ipe_action_type global_default_action; 74 74 75 struct ipe_op_table rules[__IPE_OP_MAX 75 struct ipe_op_table rules[__IPE_OP_MAX]; 76 }; 76 }; 77 77 78 struct ipe_policy { 78 struct ipe_policy { 79 const char *pkcs7; 79 const char *pkcs7; 80 size_t pkcs7len; 80 size_t pkcs7len; 81 81 82 const char *text; 82 const char *text; 83 size_t textlen; 83 size_t textlen; 84 84 85 struct ipe_parsed_policy *parsed; 85 struct ipe_parsed_policy *parsed; 86 86 87 struct dentry *policyfs; 87 struct dentry *policyfs; 88 }; 88 }; 89 89 90 struct ipe_policy *ipe_new_policy(const char * 90 struct ipe_policy *ipe_new_policy(const char *text, size_t textlen, 91 const char * 91 const char *pkcs7, size_t pkcs7len); 92 void ipe_free_policy(struct ipe_policy *pol); 92 void ipe_free_policy(struct ipe_policy *pol); 93 int ipe_update_policy(struct inode *root, cons 93 int ipe_update_policy(struct inode *root, const char *text, size_t textlen, 94 const char *pkcs7, size_ 94 const char *pkcs7, size_t pkcs7len); 95 int ipe_set_active_pol(const struct ipe_policy 95 int ipe_set_active_pol(const struct ipe_policy *p); 96 extern struct mutex ipe_policy_lock; 96 extern struct mutex ipe_policy_lock; 97 97 98 #endif /* _IPE_POLICY_H */ 98 #endif /* _IPE_POLICY_H */ 99 99

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference
Linux/security/ipe/policy.h

Diff markup

Differences between /security/ipe/policy.h (Architecture sparc) and /security/ipe/policy.h (Architecture i386)

TOMOYO Linux Cross Reference Linux/security/ipe/policy.h

Diff markup

Differences between /security/ipe/policy.h (Architecture sparc) and /security/ipe/policy.h (Architecture i386)

TOMOYO Linux Cross Reference
Linux/security/ipe/policy.h