52443cb60c
IPE's initial goal is to control both execution and the loading of kernel modules based on the system's definition of trust. It accomplishes this by plugging into the security hooks for bprm_check_security, file_mprotect, mmap_file, kernel_load_data, and kernel_read_data. Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com> Signed-off-by: Fan Wu <wufan@linux.microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
---|---|---|
.. | ||
eval.c | ||
eval.h | ||
hooks.c | ||
hooks.h | ||
ipe.c | ||
ipe.h | ||
Kconfig | ||
Makefile | ||
policy_parser.c | ||
policy_parser.h | ||
policy.c | ||
policy.h |