www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Deven Bowers <deven.desai@linux.microsoft.com>
	Sat, 3 Aug 2024 06:08:16 +0000 (23:08 -0700)
committer	Paul Moore <paul@paul-moore.com>
	Tue, 20 Aug 2024 18:01:00 +0000 (14:01 -0400)
commit	54a88cd259204f80672393602501567c74d64106
tree	66ffa61d94a4ed99203947607b027351a90e5b72	tree
parent	0311507792b54069ac72e0a6c6b35c5d40aadad8	commit \| diff

ipe: add policy parser

IPE's interpretation of the what the user trusts is accomplished through
its policy. IPE's design is to not provide support for a single trust
provider, but to support multiple providers to enable the end-user to
choose the best one to seek their needs.

This requires the policy to be rather flexible and modular so that
integrity providers, like fs-verity, dm-verity, or some other system,
can plug into the policy with minimal code changes.

Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
[PM: added NULL check in parse_rule() as discussed]
Signed-off-by: Paul Moore <paul@paul-moore.com>

security/ipe/Makefile		diff \| blob \| history
security/ipe/policy.c	[new file with mode: 0644]	blob
security/ipe/policy.h	[new file with mode: 0644]	blob
security/ipe/policy_parser.c	[new file with mode: 0644]	blob
security/ipe/policy_parser.h	[new file with mode: 0644]	blob