]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 54a88cd) | patch
ipe: add evaluation loop
authorDeven Bowers <deven.desai@linux.microsoft.com>
Sat, 3 Aug 2024 06:08:17 +0000 (23:08 -0700)
committerPaul Moore <paul@paul-moore.com>
Tue, 20 Aug 2024 18:01:13 +0000 (14:01 -0400)
commit05a351630b7463ce58668095f5683669c1295f65
tree92482f2c77171b1564954f3ceafed3f7233a6e28tree
parent54a88cd259204f80672393602501567c74d64106commit | diff
ipe: add evaluation loop

Introduce a core evaluation function in IPE that will be triggered by
various security hooks (e.g., mmap, bprm_check, kexec). This function
systematically assesses actions against the defined IPE policy, by
iterating over rules specific to the action being taken. This critical
addition enables IPE to enforce its security policies effectively,
ensuring that actions intercepted by these hooks are scrutinized for policy
compliance before they are allowed to proceed.

Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
security/ipe/Makefile diff | blob | history
security/ipe/eval.c [new file with mode: 0644] blob
security/ipe/eval.h [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.