www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Deven Bowers <deven.desai@linux.microsoft.com>
	Sat, 3 Aug 2024 06:08:15 +0000 (23:08 -0700)
committer	Paul Moore <paul@paul-moore.com>
	Tue, 20 Aug 2024 02:36:26 +0000 (22:36 -0400)
commit	0311507792b54069ac72e0a6c6b35c5d40aadad8
tree	6d74be50e686df975fdec73c65ce920826f2ae32	tree
parent	9ee6881454345c4bb518e9478415b32731da9858	commit \| diff

lsm: add IPE lsm

Integrity Policy Enforcement (IPE) is an LSM that provides an
complimentary approach to Mandatory Access Control than existing LSMs
today.

Existing LSMs have centered around the concept of access to a resource
should be controlled by the current user's credentials. IPE's approach,
is that access to a resource should be controlled by the system's trust
of a current resource.

The basis of this approach is defining a global policy to specify which
resource can be trusted.

Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>

include/uapi/linux/lsm.h		diff \| blob \| history
security/Kconfig		diff \| blob \| history
security/Makefile		diff \| blob \| history
security/ipe/Kconfig	[new file with mode: 0644]	blob
security/ipe/Makefile	[new file with mode: 0644]	blob
security/ipe/ipe.c	[new file with mode: 0644]	blob
security/ipe/ipe.h	[new file with mode: 0644]	blob
security/security.c		diff \| blob \| history
tools/testing/selftests/lsm/lsm_list_modules_test.c		diff \| blob \| history