Function report |
Source Code:security\integrity\evm\evm_main.c |
Create Date:2022-07-28 19:59:57 |
Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
home page | Tree |
Annotation kernel can get tool activity | Download SCCT | Chinese |
Name:vm_protect_xattr - protect the EVM extended attribute* Prevent security.evm from being modified or removed without the* necessary permissions or when the existing value is invalid.* The posix xattr acls are 'system' prefixed, which normally would not
Proto:static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name, const void *xattr_value, size_t xattr_value_len)
Type:int
Parameter:
Type | Parameter | Name |
---|---|---|
struct dentry * | dentry | |
const char * | xattr_name | |
const void * | xattr_value | |
size_t | xattr_value_len |
317 | If strcmp(xattr_name, XATTR_NAME_EVM) == 0 Then |
318 | If Not Check operation authority Then Return -EPERM |
320 | Else if Not evm_protected_xattr(xattr_name) Then |
321 | If Not posix_xattr_acl(xattr_name) Then Return 0 |
324 | If evm_status == INTEGRITY_PASS || evm_status == INTEGRITY_NOXATTRS Then Return 0 |
327 | Go to out |
331 | If evm_status == INTEGRITY_NOXATTRS Then |
335 | If iint && flags & IMA_NEW_FILE Then Return 0 |
339 | If s_magic == TMPFS_MAGIC || s_magic == SYSFS_MAGIC Then Return 0 |
343 | integrity_audit_msg(Metadata integrity verification , Where the name belongs to - NULL is * negative , name, "update_metadata", integrity_status_msg[evm_status], - EPERM, 0) |
349 | out : |
355 | Return If evm_status == INTEGRITY_PASS Then 0 Else -EPERM |
Name | Describe |
---|---|
evm_inode_setxattr | vm_inode_setxattr - protect the EVM extended attribute*@dentry: pointer to the affected dentry*@xattr_name: pointer to the affected extended attribute name*@xattr_value: pointer to the new extended attribute value*@xattr_value_len: pointer to the new |
evm_inode_removexattr | vm_inode_removexattr - protect the EVM extended attribute*@dentry: pointer to the affected dentry*@xattr_name: pointer to the affected extended attribute name* Removing 'security.evm' requires CAP_SYS_ADMIN privileges and that* the current value is valid. |
Source code conversion tool public plug-in interface | X |
---|---|
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |