Home
last modified time | relevance | path

Searched full:ipe (Results 1 – 25 of 44) sorted by relevance

12

/linux/Documentation/admin-guide/LSM/
H A Dipe.rst3 Integrity Policy Enforcement (IPE)
9 attempting to use IPE. If you're looking for more developer-focused
10 documentation about IPE please see :doc:`the design docs </security/ipe>`.
15 Integrity Policy Enforcement (IPE) is a Linux Security Module that takes a
17 mechanisms that rely on labels and paths for decision-making, IPE focuses
23 To elaborate, in the context of IPE, system components primarily refer to
28 unchangeable over time. For example, IPE policies can be crafted to trust
31 initramfs" becomes an immutable property under IPE's consideration.
35 integrity and trust. For example, IPE allows the definition of policies
39 checks, allowing IPE to enforce policies that trust files protected by
[all …]
/linux/Documentation/security/
H A Dipe.rst3 Integrity Policy Enforcement (IPE) - Kernel Documentation
9 If you're looking for documentation on the usage of IPE, please see
10 :doc:`IPE admin guide </admin-guide/LSM/ipe>`.
15 The original issue that prompted IPE's implementation was the creation
30 over IMA+EVM as the *integrity mechanism* in the original use case of IPE
109 IPE, as its name implies, is fundamentally an integrity policy enforcement
110 solution; IPE does not mandate how integrity is provided, but instead
114 level of security guarantees; and IPE allows sysadmins to express policy for
117 IPE does not have an inherent mechanism to ensure integrity on its own.
122 Therefore, IPE was designed around:
[all …]
H A Dindex.rst22 ipe
/linux/security/ipe/
H A Dhooks.c13 #include "ipe.h"
19 * ipe_bprm_check_security() - ipe security hook function for bprm check.
28 * * %-EACCES - Did not pass IPE policy
39 * ipe_bprm_creds_for_exec() - ipe security hook function for bprm creds check.
45 * The hook triggers IPE policy evaluation on the script file and returns
51 * * %-EACCES - Did not pass IPE policy
66 * ipe_mmap_file() - ipe security hook function for mmap check.
78 * * %-EACCES - Did not pass IPE policy
94 * ipe_file_mprotect() - ipe security hook function for mprotect check.
105 * * %-EACCES - Did not pass IPE policy
[all …]
H A DMakefile5 # Makefile for building the IPE module as part of the kernel tree.
9 cmd_polgen = scripts/ipe/polgen/polgen security/ipe/boot_policy.c $(2)
13 $(obj)/boot_policy.c: scripts/ipe/polgen/polgen $(CONFIG_IPE_BOOT_POLICY) FORCE
22 ipe.o \
H A Ddigest.c10 * ipe_digest_parse() - parse a digest in IPE's policy.
13 * Digests in IPE are defined in a standard way:
17 * consistently. The parsed digest will be saved in @value in IPE's
76 * ipe_digest_eval() - evaluate an IPE digest against another digest.
93 * ipe_digest_free() - free an IPE digest.
107 * ipe_digest_audit() - audit a digest that was sourced from IPE's policy.
111 * Digests in IPE are audited in this format:
H A Deval.c15 #include "ipe.h"
29 * build_ipe_sb_ctx() - Build initramfs field of an ipe evaluation context.
31 * @file: Supplies the file struct of the file triggered IPE event.
42 * @ino: Supplies the inode struct of the file triggered IPE event.
72 * @ino: Supplies the inode struct of the file triggered IPE event.
86 * ipe_build_eval_ctx() - Build an ipe evaluation context.
89 * @op: Supplies the IPE policy operation associated with the evaluation.
309 * This is the loop where all policy evaluations happen against the IPE policy.
387 #define KBUILD_MODNAME "ipe"
391 MODULE_PARM_DESC(success_audit, "Start IPE with success auditing enabled");
[all …]
H A Dfs.c9 #include "ipe.h"
19 * setaudit() - Write handler for the securityfs node, "ipe/success_audit"
48 * getaudit() - Read handler for the securityfs node, "ipe/success_audit"
67 * setenforce() - Write handler for the securityfs node, "ipe/enforce"
100 * getenforce() - Read handler for the securityfs node, "ipe/enforce"
119 * new_policy() - Write handler for the securityfs node, "ipe/new_policy".
191 * ipe_init_securityfs() - Initialize IPE's securityfs tree at fsinit.
205 root = securityfs_create_dir("ipe", NULL); in ipe_init_securityfs()
H A Dipe.c7 #include "ipe.h"
25 .name = "ipe",
66 * ipe_init() - Entry point of IPE.
69 * start up. During this phase, IPE registers its hooks and loads the
95 DEFINE_LSM(ipe) = {
H A Daudit.c11 #include "ipe.h"
90 * audit_rule() - audit an IPE policy rule.
125 * @act: Supplies the IPE's evaluation decision, deny or allow.
223 audit_log_format(ab, " auid=%u ses=%u lsm=ipe res=1", in ipe_audit_policy_activation()
251 audit_log_format(ab, " auid=%u ses=%u lsm=ipe res=%d errno=%d", in ipe_audit_policy_load()
259 * ipe_audit_enforce() - Audit a change in IPE's enforcement state.
273 " enabled=1 old-enabled=1 lsm=ipe res=1", in ipe_audit_enforce()
H A Dpolicy_fs.c11 #include "ipe.h"
33 * read_pkcs7() - Read handler for "ipe/policies/$name/pkcs7".
77 * read_policy() - Read handler for "ipe/policies/$name/policy".
115 * read_name() - Read handler for "ipe/policies/$name/name".
153 * read_version() - Read handler for "ipe/policies/$name/version".
196 * setactive() - Write handler for "ipe/policies/$name/active".
243 * getactive() - Read handler for "ipe/policies/$name/active".
281 * update_policy() - Write handler for "ipe/policies/$name/update".
333 * delete_policy() - write handler for "ipe/policies/$name/delete".
H A Dpolicy.c9 #include "ipe.h"
16 /* lock for synchronizing writers across ipe policy */
42 * ipe_free_policy() - Deallocate a given IPE policy.
145 * @pkcs7: Supplies a pointer to a pkcs7-signed IPE policy.
H A Dipe.h12 #define pr_fmt(fmt) "ipe: " fmt
/linux/Documentation/translations/zh_CN/security/
H A Dipe.rst9 完整性策略执行(IPE)-内核文档
15 寻找有关IPE使用的文档,请参阅 :doc:`IPE admin
16 guide </admin-guide/LSM/ipe>`。
396 此外,IPE 具有一个基于 Python 的集成
397 `测试套件 <https://github.com/microsoft/ipe/tree/test-suite>`_
H A Dindex.rst34 * ipe
/linux/security/
H A DKconfig232 source "security/ipe/Kconfig"
273 default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,ipe,bpf" if DEFAULT_SECURITY_SMACK
274 default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,ipe,bpf" if DEFAULT_SECURITY_APPARMOR
275 default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,ipe,bpf" if DEFAULT_SECURITY_TOMOYO
276 default "landlock,lockdown,yama,loadpin,safesetid,ipe,bpf" if DEFAULT_SECURITY_DAC
277 default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,ipe,bpf"
H A DMakefile28 obj-$(CONFIG_SECURITY_IPE) += ipe/
/linux/drivers/clk/mediatek/
H A DMakefile20 obj-$(CONFIG_COMMON_CLK_MT6779_IPESYS) += clk-mt6779-ipe.o
105 obj-$(CONFIG_COMMON_CLK_MT8186_IPESYS) += clk-mt8186-ipe.o
119 obj-$(CONFIG_COMMON_CLK_MT8188_IPESYS) += clk-mt8188-ipe.o
131 obj-$(CONFIG_COMMON_CLK_MT8192_IPESYS) += clk-mt8192-ipe.o
145 obj-$(CONFIG_COMMON_CLK_MT8195_IPESYS) += clk-mt8195-ipe.o
H A Dclk-mt8195-ipe.c49 .name = "clk-mt8195-ipe",
H A Dclk-mt8186-ipe.c52 .name = "clk-mt8186-ipe",
H A Dclk-mt6779-ipe.c54 .name = "clk-mt6779-ipe",
H A Dclk-mt8192-ipe.c54 .name = "clk-mt8192-ipe",
/linux/arch/s390/kernel/
H A Djump_label.c37 unsigned char *ipe = (unsigned char *)expected; in jump_label_bug() local
42 pr_emerg("Expected: %6ph\n", ipe); in jump_label_bug()
/linux/include/dt-bindings/memory/
H A Dmt8186-memory-port.h203 /* LARB 19 -- IPE */
209 /* LARB 20 -- IPE */
/linux/include/net/libeth/
H A Drx.h210 * @ipe: IP checksum error
223 u32 ipe:1; member

12