• Deven Bowers's avatar
    ipe: add policy parser · 54a88cd2
    Deven Bowers authored
    IPE's interpretation of the what the user trusts is accomplished through
    its policy. IPE's design is to not provide support for a single trust
    provider, but to support multiple providers to enable the end-user to
    choose the best one to seek their needs.
    
    This requires the policy to be rather flexible and modular so that
    integrity providers, like fs-verity, dm-verity, or some other system,
    can plug into the policy with minimal code changes.
    Signed-off-by: default avatarDeven Bowers <deven.desai@linux.microsoft.com>
    Signed-off-by: default avatarFan Wu <wufan@linux.microsoft.com>
    [PM: added NULL check in parse_rule() as discussed]
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    54a88cd2
policy_parser.c 10.1 KB