mirror of
git://git.yoctoproject.org/linux-yocto.git
synced 2025-10-22 23:13:01 +02:00
52443cb60c
IPE's initial goal is to control both execution and the loading of kernel modules based on the system's definition of trust. It accomplishes this by plugging into the security hooks for bprm_check_security, file_mprotect, mmap_file, kernel_load_data, and kernel_read_data. Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com> Signed-off-by: Fan Wu <wufan@linux.microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
26 lines
693 B
C
26 lines
693 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
|
|
*/
|
|
#ifndef _IPE_HOOKS_H
|
|
#define _IPE_HOOKS_H
|
|
|
|
#include <linux/fs.h>
|
|
#include <linux/binfmts.h>
|
|
#include <linux/security.h>
|
|
|
|
int ipe_bprm_check_security(struct linux_binprm *bprm);
|
|
|
|
int ipe_mmap_file(struct file *f, unsigned long reqprot, unsigned long prot,
|
|
unsigned long flags);
|
|
|
|
int ipe_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
|
|
unsigned long prot);
|
|
|
|
int ipe_kernel_read_file(struct file *file, enum kernel_read_file_id id,
|
|
bool contents);
|
|
|
|
int ipe_kernel_load_data(enum kernel_load_data_id id, bool contents);
|
|
|
|
#endif /* _IPE_HOOKS_H */
|