Lines Matching +full:bool +full:- +full:property
1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
22 bool success_audit;
23 bool enforce = true;
24 #define INO_BLOCK_DEV(ino) ((ino)->i_sb->s_bdev)
26 #define FILE_SUPERBLOCK(f) ((f)->f_path.mnt->mnt_sb)
29 * build_ipe_sb_ctx() - Build initramfs field of an ipe evaluation context.
35 ctx->initramfs = ipe_sb(FILE_SUPERBLOCK(file))->initramfs; in build_ipe_sb_ctx()
40 * build_ipe_bdev_ctx() - Build ipe_bdev field of an evaluation context.
47 ctx->ipe_bdev = ipe_bdev(INO_BLOCK_DEV(ino)); in build_ipe_bdev_ctx()
60 ctx->ipe_inode = ipe_inode(ctx->ino); in build_ipe_inode_blob_ctx()
70 * build_ipe_inode_ctx() - Build inode fields of an evaluation context.
76 ctx->ino = ino; in build_ipe_inode_ctx()
86 * ipe_build_eval_ctx() - Build an ipe evaluation context.
99 ctx->file = file; in ipe_build_eval_ctx()
100 ctx->op = op; in ipe_build_eval_ctx()
101 ctx->hook = hook; in ipe_build_eval_ctx()
105 ino = d_real_inode(file->f_path.dentry); in ipe_build_eval_ctx()
112 * evaluate_boot_verified() - Evaluate @ctx for the boot verified property.
116 * * %true - The current @ctx match the @p
117 * * %false - The current @ctx doesn't match the @p
119 static bool evaluate_boot_verified(const struct ipe_eval_ctx *const ctx) in evaluate_boot_verified()
121 return ctx->initramfs; in evaluate_boot_verified()
126 * evaluate_dmv_roothash() - Evaluate @ctx against a dmv roothash property.
128 * @p: Supplies a pointer to the property being evaluated.
131 * * %true - The current @ctx match the @p
132 * * %false - The current @ctx doesn't match the @p
134 static bool evaluate_dmv_roothash(const struct ipe_eval_ctx *const ctx, in evaluate_dmv_roothash()
137 return !!ctx->ipe_bdev && in evaluate_dmv_roothash()
138 !!ctx->ipe_bdev->root_hash && in evaluate_dmv_roothash()
139 ipe_digest_eval(p->value, in evaluate_dmv_roothash()
140 ctx->ipe_bdev->root_hash); in evaluate_dmv_roothash()
143 static bool evaluate_dmv_roothash(const struct ipe_eval_ctx *const ctx, in evaluate_dmv_roothash()
152 * evaluate_dmv_sig_false() - Evaluate @ctx against a dmv sig false property.
156 * * %true - The current @ctx match the property
157 * * %false - The current @ctx doesn't match the property
159 static bool evaluate_dmv_sig_false(const struct ipe_eval_ctx *const ctx) in evaluate_dmv_sig_false()
161 return !ctx->ipe_bdev || (!ctx->ipe_bdev->dm_verity_signed); in evaluate_dmv_sig_false()
165 * evaluate_dmv_sig_true() - Evaluate @ctx against a dmv sig true property.
169 * * %true - The current @ctx match the property
170 * * %false - The current @ctx doesn't match the property
172 static bool evaluate_dmv_sig_true(const struct ipe_eval_ctx *const ctx) in evaluate_dmv_sig_true()
177 static bool evaluate_dmv_sig_false(const struct ipe_eval_ctx *const ctx) in evaluate_dmv_sig_false()
182 static bool evaluate_dmv_sig_true(const struct ipe_eval_ctx *const ctx) in evaluate_dmv_sig_true()
190 * evaluate_fsv_digest() - Evaluate @ctx against a fsv digest property.
192 * @p: Supplies a pointer to the property being evaluated.
195 * * %true - The current @ctx match the @p
196 * * %false - The current @ctx doesn't match the @p
198 static bool evaluate_fsv_digest(const struct ipe_eval_ctx *const ctx, in evaluate_fsv_digest()
205 if (!ctx->ino) in evaluate_fsv_digest()
207 if (!fsverity_get_digest((struct inode *)ctx->ino, in evaluate_fsv_digest()
217 return ipe_digest_eval(p->value, &info); in evaluate_fsv_digest()
220 static bool evaluate_fsv_digest(const struct ipe_eval_ctx *const ctx, in evaluate_fsv_digest()
229 * evaluate_fsv_sig_false() - Evaluate @ctx against a fsv sig false property.
233 * * %true - The current @ctx match the property
234 * * %false - The current @ctx doesn't match the property
236 static bool evaluate_fsv_sig_false(const struct ipe_eval_ctx *const ctx) in evaluate_fsv_sig_false()
238 return !ctx->ino || in evaluate_fsv_sig_false()
239 !IS_VERITY(ctx->ino) || in evaluate_fsv_sig_false()
240 !ctx->ipe_inode || in evaluate_fsv_sig_false()
241 !ctx->ipe_inode->fs_verity_signed; in evaluate_fsv_sig_false()
245 * evaluate_fsv_sig_true() - Evaluate @ctx against a fsv sig true property.
249 * * %true - The current @ctx match the property
250 * * %false - The current @ctx doesn't match the property
252 static bool evaluate_fsv_sig_true(const struct ipe_eval_ctx *const ctx) in evaluate_fsv_sig_true()
257 static bool evaluate_fsv_sig_false(const struct ipe_eval_ctx *const ctx) in evaluate_fsv_sig_false()
262 static bool evaluate_fsv_sig_true(const struct ipe_eval_ctx *const ctx) in evaluate_fsv_sig_true()
269 * evaluate_property() - Analyze @ctx against a rule property.
271 * @p: Supplies a pointer to the property to be evaluated.
274 * matches the conditions defined by a rule property @p.
277 * * %true - The current @ctx match the @p
278 * * %false - The current @ctx doesn't match the @p
280 static bool evaluate_property(const struct ipe_eval_ctx *const ctx, in evaluate_property()
283 switch (p->type) { in evaluate_property()
306 * ipe_evaluate_event() - Analyze @ctx against the current active policy.
312 * * %0 - Success
313 * * %-EACCES - @ctx did not pass evaluation
323 bool match = false; in ipe_evaluate_event()
334 if (ctx->op == IPE_OP_INVALID) { in ipe_evaluate_event()
335 if (pol->parsed->global_default_action == IPE_ACTION_INVALID) { in ipe_evaluate_event()
339 action = pol->parsed->global_default_action; in ipe_evaluate_event()
345 rules = &pol->parsed->rules[ctx->op]; in ipe_evaluate_event()
347 list_for_each_entry(rule, &rules->rules, next) { in ipe_evaluate_event()
350 list_for_each_entry(prop, &rule->props, next) { in ipe_evaluate_event()
361 action = rule->action; in ipe_evaluate_event()
363 } else if (rules->default_action != IPE_ACTION_INVALID) { in ipe_evaluate_event()
364 action = rules->default_action; in ipe_evaluate_event()
367 action = pol->parsed->global_default_action; in ipe_evaluate_event()
376 rc = -EACCES; in ipe_evaluate_event()
390 module_param(success_audit, bool, 0400);
392 module_param(enforce, bool, 0400);