函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\integrity\ima\ima_api.c Create Date:2022-07-27 22:01:49
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:ma_add_violation - add violation to measurement list.* Violations are flagged in the measurement list with zero hash values.* By extending the PCR with 0xFF's instead of with zeroes, the PCR* value is invalidated.

函数原型:void ima_add_violation(struct file *file, const unsigned char *filename, struct integrity_iint_cache *iint, const char *op, const char *cause)

返回类型:void

参数:

类型参数名称
struct file *file
const unsigned char *filename
struct integrity_iint_cache *iint
const char *op
const char *cause
137  inode等于file_inode(file)
138  struct ima_event_data event_data = {iint = iint, file = file, filename = filename, violation = cause}
142  violation等于1
146  atomic_long_inc( & violations)
148  result等于ma_alloc_init_template - create and initialize a new template entry
149  如果result小于0则
150  result等于负ENOMEM
151  转到:err_out
153  result等于ma_store_template - store ima template measurements* Calculate the hash of a template entry, add the template entry* to an ordered list of measurement entries maintained inside the kernel,* and also update the aggregate integrity value (maintained inside
155  如果result小于0则ma_free_template_entry - free an existing template entry
157  err_out :
158  integrity_audit_msg(PCR invalidation msgs , inode, filename, op, cause, result, 0)
调用者
名称描述
ima_rdwr_violation_checkma_rdwr_violation_check* Only invalidate the PCR for measured files:* - Opening a file for write when already open for read,* results in a time of measure, time of use (ToMToU) error.* - Opening a file for read when already open for write,