1
linux/security/ipe/policy_parser.h
Deven Bowers 54a88cd259 ipe: add policy parser
IPE's interpretation of the what the user trusts is accomplished through
its policy. IPE's design is to not provide support for a single trust
provider, but to support multiple providers to enable the end-user to
choose the best one to seek their needs.

This requires the policy to be rather flexible and modular so that
integrity providers, like fs-verity, dm-verity, or some other system,
can plug into the policy with minimal code changes.

Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
[PM: added NULL check in parse_rule() as discussed]
Signed-off-by: Paul Moore <paul@paul-moore.com>
2024-08-20 14:01:00 -04:00

12 lines
313 B
C

/* SPDX-License-Identifier: GPL-2.0 */
/*
* Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
*/
#ifndef _IPE_POLICY_PARSER_H
#define _IPE_POLICY_PARSER_H
int ipe_parse_policy(struct ipe_policy *p);
void ipe_free_parsed_policy(struct ipe_parsed_policy *p);
#endif /* _IPE_POLICY_PARSER_H */