Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
4 */
5
6#ifndef _IPE_EVAL_H
7#define _IPE_EVAL_H
8
9#include <linux/file.h>
10#include <linux/types.h>
11
12#include "policy.h"
13#include "hooks.h"
14
15#define IPE_EVAL_CTX_INIT ((struct ipe_eval_ctx){ 0 })
16
17extern struct ipe_policy __rcu *ipe_active_policy;
18extern bool success_audit;
19extern bool enforce;
20
21struct ipe_superblock {
22 bool initramfs;
23};
24
25#ifdef CONFIG_IPE_PROP_DM_VERITY
26struct ipe_bdev {
27#ifdef CONFIG_IPE_PROP_DM_VERITY_SIGNATURE
28 bool dm_verity_signed;
29#endif /* CONFIG_IPE_PROP_DM_VERITY_SIGNATURE */
30 struct digest_info *root_hash;
31};
32#endif /* CONFIG_IPE_PROP_DM_VERITY */
33
34#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
35struct ipe_inode {
36 bool fs_verity_signed;
37};
38#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
39
40struct ipe_eval_ctx {
41 enum ipe_op_type op;
42 enum ipe_hook_type hook;
43
44 const struct file *file;
45 bool initramfs;
46#ifdef CONFIG_IPE_PROP_DM_VERITY
47 const struct ipe_bdev *ipe_bdev;
48#endif /* CONFIG_IPE_PROP_DM_VERITY */
49#ifdef CONFIG_IPE_PROP_FS_VERITY
50 const struct inode *ino;
51#endif /* CONFIG_IPE_PROP_FS_VERITY */
52#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
53 const struct ipe_inode *ipe_inode;
54#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
55};
56
57enum ipe_match {
58 IPE_MATCH_RULE = 0,
59 IPE_MATCH_TABLE,
60 IPE_MATCH_GLOBAL,
61 __IPE_MATCH_MAX
62};
63
64void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
65 const struct file *file,
66 enum ipe_op_type op,
67 enum ipe_hook_type hook);
68int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx);
69
70#endif /* _IPE_EVAL_H */