函数逻辑报告 |
Source Code:security\integrity\ima\ima_api.c |
Create Date:2022-07-27 22:01:49 |
Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
首页 | 函数Tree |
注解内核,赢得工具 | 下载SCCT | English |
函数名称:ma_add_violation - add violation to measurement list.* Violations are flagged in the measurement list with zero hash values.* By extending the PCR with 0xFF's instead of with zeroes, the PCR* value is invalidated.
函数原型:void ima_add_violation(struct file *file, const unsigned char *filename, struct integrity_iint_cache *iint, const char *op, const char *cause)
返回类型:void
参数:
类型 | 参数 | 名称 |
---|---|---|
struct file * | file | |
const unsigned char * | filename | |
struct integrity_iint_cache * | iint | |
const char * | op | |
const char * | cause |
137 | inode等于file_inode(file) |
138 | struct ima_event_data event_data = {iint = iint, file = file, filename = filename, violation = cause} |
142 | violation等于1 |
146 | atomic_long_inc( & violations) |
149 | 如果result小于0则 |
157 | err_out : |
158 | integrity_audit_msg(PCR invalidation msgs , inode, filename, op, cause, result, 0) |
名称 | 描述 |
---|---|
ima_rdwr_violation_check | ma_rdwr_violation_check* Only invalidate the PCR for measured files:* - Opening a file for write when already open for read,* results in a time of measure, time of use (ToMToU) error.* - Opening a file for read when already open for write, |
源代码转换工具 开放的插件接口 | X |
---|---|
支持:c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现:逻辑报告 代码生成和批量转换代码 |