linux/security/ipe/fs.c

// SPDX-License-Identifier: GPL-2.0
/*
 * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
 */

#include <linux/dcache.h>
#include <linux/security.h>

#include "ipe.h"
#include "fs.h"
#include "eval.h"
#include "policy.h"
#include "audit.h"

static struct dentry *np __ro_after_init;
static struct dentry *root __ro_after_init;
struct dentry *policy_root __ro_after_init;
static struct dentry *audit_node __ro_after_init;
static struct dentry *enforce_node __ro_after_init;

/**
 * setaudit() - Write handler for the securityfs node, "ipe/success_audit"
 * @f: Supplies a file structure representing the securityfs node.
 * @data: Supplies a buffer passed to the write syscall.
 * @len: Supplies the length of @data.
 * @offset: unused.
 *
 * Return:
 * * Length of buffer written	- Success
 * * %-EPERM			- Insufficient permission
 */
static ssize_t setaudit(struct file *f, const char __user *data,
			size_t len, loff_t *offset)
{}

/**
 * getaudit() - Read handler for the securityfs node, "ipe/success_audit"
 * @f: Supplies a file structure representing the securityfs node.
 * @data: Supplies a buffer passed to the read syscall.
 * @len: Supplies the length of @data.
 * @offset: unused.
 *
 * Return: Length of buffer written
 */
static ssize_t getaudit(struct file *f, char __user *data,
			size_t len, loff_t *offset)
{}

/**
 * setenforce() - Write handler for the securityfs node, "ipe/enforce"
 * @f: Supplies a file structure representing the securityfs node.
 * @data: Supplies a buffer passed to the write syscall.
 * @len: Supplies the length of @data.
 * @offset: unused.
 *
 * Return:
 * * Length of buffer written	- Success
 * * %-EPERM			- Insufficient permission
 */
static ssize_t setenforce(struct file *f, const char __user *data,
			  size_t len, loff_t *offset)
{}

/**
 * getenforce() - Read handler for the securityfs node, "ipe/enforce"
 * @f: Supplies a file structure representing the securityfs node.
 * @data: Supplies a buffer passed to the read syscall.
 * @len: Supplies the length of @data.
 * @offset: unused.
 *
 * Return: Length of buffer written
 */
static ssize_t getenforce(struct file *f, char __user *data,
			  size_t len, loff_t *offset)
{}

/**
 * new_policy() - Write handler for the securityfs node, "ipe/new_policy".
 * @f: Supplies a file structure representing the securityfs node.
 * @data: Supplies a buffer passed to the write syscall.
 * @len: Supplies the length of @data.
 * @offset: unused.
 *
 * Return:
 * * Length of buffer written	- Success
 * * %-EPERM			- Insufficient permission
 * * %-ENOMEM			- Out of memory (OOM)
 * * %-EBADMSG			- Policy is invalid
 * * %-ERANGE			- Policy version number overflow
 * * %-EINVAL			- Policy version parsing error
 * * %-EEXIST			- Same name policy already deployed
 */
static ssize_t new_policy(struct file *f, const char __user *data,
			  size_t len, loff_t *offset)
{}

static const struct file_operations np_fops =;

static const struct file_operations audit_fops =;

static const struct file_operations enforce_fops =;

/**
 * ipe_init_securityfs() - Initialize IPE's securityfs tree at fsinit.
 *
 * Return: %0 on success. If an error occurs, the function will return
 * the -errno.
 */
static int __init ipe_init_securityfs(void)
{}

fs_initcall(ipe_init_securityfs);