ima_add_violation

Name:ma_add_violation - add violation to measurement list.* Violations are flagged in the measurement list with zero hash values.* By extending the PCR with 0xFF's instead of with zeroes, the PCR* value is invalidated.

Proto:void ima_add_violation(struct file *file, const unsigned char *filename, struct integrity_iint_cache *iint, const char *op, const char *cause)

Type:void

Parameter:

Type	Parameter	Name
struct file *	file
const unsigned char *	filename
struct integrity_iint_cache *	iint
const char *	op
const char *	cause

137

inode = file_inode(file)

138

struct ima_event_data event_data = {iint = iint, file = file, filename = filename, violation = cause}

142

violation = 1

146

atomic_long_inc( & violations)

148

result = ma_alloc_init_template - create and initialize a new template entry

149

If result < 0 Then

150

result = -ENOMEM

151

Go to err_out

153

result = ma_store_template - store ima template measurements* Calculate the hash of a template entry, add the template entry* to an ordered list of measurement entries maintained inside the kernel,* and also update the aggregate integrity value (maintained inside

155

If result < 0 Then ma_free_template_entry - free an existing template entry

157

err_out :

158

integrity_audit_msg(PCR invalidation msgs , inode, filename, op, cause, result, 0)

**Caller**
Name	Describe
ima_rdwr_violation_check	ma_rdwr_violation_check* Only invalidate the PCR for measured files:* - Opening a file for write when already open for read,* results in a time of measure, time of use (ToMToU) error.* - Opening a file for read when already open for write,

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion

Function report