1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved. 4 */ 5 #include <uapi/linux/lsm.h> 6 7 #include "ipe.h" 8 #include "eval.h" 9 #include "hooks.h" 10 11 bool ipe_enabled; 12 13 static struct lsm_blob_sizes ipe_blobs __ro_after_init = { 14 .lbs_superblock = sizeof(struct ipe_superblock), 15 }; 16 17 static const struct lsm_id ipe_lsmid = { 18 .name = "ipe", 19 .id = LSM_ID_IPE, 20 }; 21 22 struct ipe_superblock *ipe_sb(const struct super_block *sb) 23 { 24 return sb->s_security + ipe_blobs.lbs_superblock; 25 } 26 27 static struct security_hook_list ipe_hooks[] __ro_after_init = { 28 LSM_HOOK_INIT(bprm_check_security, ipe_bprm_check_security), 29 LSM_HOOK_INIT(mmap_file, ipe_mmap_file), 30 LSM_HOOK_INIT(file_mprotect, ipe_file_mprotect), 31 LSM_HOOK_INIT(kernel_read_file, ipe_kernel_read_file), 32 LSM_HOOK_INIT(kernel_load_data, ipe_kernel_load_data), 33 LSM_HOOK_INIT(initramfs_populated, ipe_unpack_initramfs), 34 }; 35 36 /** 37 * ipe_init() - Entry point of IPE. 38 * 39 * This is called at LSM init, which happens occurs early during kernel 40 * start up. During this phase, IPE registers its hooks and loads the 41 * builtin boot policy. 42 * 43 * Return: 44 * * %0 - OK 45 * * %-ENOMEM - Out of memory (OOM) 46 */ 47 static int __init ipe_init(void) 48 { 49 security_add_hooks(ipe_hooks, ARRAY_SIZE(ipe_hooks), &ipe_lsmid); 50 ipe_enabled = true; 51 52 return 0; 53 } 54 55 DEFINE_LSM(ipe) = { 56 .name = "ipe", 57 .init = ipe_init, 58 .blobs = &ipe_blobs, 59 }; 60