// SPDX-License-Identifier: GPL-2.0 /* * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved. */ #include <linux/errno.h> #include <linux/verification.h> #include "ipe.h" #include "eval.h" #include "fs.h" #include "policy.h" #include "policy_parser.h" #include "audit.h" /* lock for synchronizing writers across ipe policy */ DEFINE_MUTEX(…) …; /** * ver_to_u64() - Convert an internal ipe_policy_version to a u64. * @p: Policy to extract the version from. * * Bits (LSB is index 0): * [48,32] -> Major * [32,16] -> Minor * [16, 0] -> Revision * * Return: u64 version of the embedded version structure. */ static inline u64 ver_to_u64(const struct ipe_policy *const p) { … } /** * ipe_free_policy() - Deallocate a given IPE policy. * @p: Supplies the policy to free. * * Safe to call on IS_ERR/NULL. */ void ipe_free_policy(struct ipe_policy *p) { … } static int set_pkcs7_data(void *ctx, const void *data, size_t len, size_t asn1hdrlen __always_unused) { … } /** * ipe_update_policy() - parse a new policy and replace old with it. * @root: Supplies a pointer to the securityfs inode saved the policy. * @text: Supplies a pointer to the plain text policy. * @textlen: Supplies the length of @text. * @pkcs7: Supplies a pointer to a buffer containing a pkcs7 message. * @pkcs7len: Supplies the length of @pkcs7len. * * @text/@textlen is mutually exclusive with @pkcs7/@pkcs7len - see * ipe_new_policy. * * Context: Requires root->i_rwsem to be held. * Return: %0 on success. If an error occurs, the function will return * the -errno. */ int ipe_update_policy(struct inode *root, const char *text, size_t textlen, const char *pkcs7, size_t pkcs7len) { … } /** * ipe_new_policy() - Allocate and parse an ipe_policy structure. * * @text: Supplies a pointer to the plain-text policy to parse. * @textlen: Supplies the length of @text. * @pkcs7: Supplies a pointer to a pkcs7-signed IPE policy. * @pkcs7len: Supplies the length of @pkcs7. * * @text/@textlen Should be NULL/0 if @pkcs7/@pkcs7len is set. * * Return: * * a pointer to the ipe_policy structure - Success * * %-EBADMSG - Policy is invalid * * %-ENOMEM - Out of memory (OOM) * * %-ERANGE - Policy version number overflow * * %-EINVAL - Policy version parsing error */ struct ipe_policy *ipe_new_policy(const char *text, size_t textlen, const char *pkcs7, size_t pkcs7len) { … } /** * ipe_set_active_pol() - Make @p the active policy. * @p: Supplies a pointer to the policy to make active. * * Context: Requires root->i_rwsem, which i_private has the policy, to be held. * Return: * * %0 - Success * * %-EINVAL - New active policy version is invalid */ int ipe_set_active_pol(const struct ipe_policy *p) { … }
Codebase Browser
linux