Function report |
Source Code:security\integrity\ima\ima_appraise.c |
Create Date:2022-07-28 19:59:24 |
Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
home page | Tree |
Annotation kernel can get tool activity | Download SCCT | Chinese |
Name:ma_appraise_measurement - appraise file measurement* Call evm_verifyxattr() to verify the integrity of 'security.ima'.* Assuming success, compare the xattr hash with the collected measurement.* Return 0 on success, error code otherwise
Proto:int ima_appraise_measurement(enum ima_hooks func, struct integrity_iint_cache *iint, struct file *file, const unsigned char *filename, struct evm_ima_xattr_data *xattr_value, int xattr_len, const struct modsig *modsig)
Type:int
Parameter:
Type | Parameter | Name |
---|---|---|
enum ima_hooks | func | |
struct integrity_iint_cache * | iint | |
struct file * | file | |
const unsigned char * | filename | |
struct evm_ima_xattr_data * | xattr_value | |
int | xattr_len | |
const struct modsig * | modsig |
353 | op[] = "appraise_data" |
354 | cause = "unknown" |
355 | dentry = file_dentry(file) |
357 | status = INTEGRITY_UNKNOWN |
359 | try_modsig = flags & IMA_MODSIG_ALLOWED && modsig |
362 | If Not (i_opflags & IOP_XATTR) && Not try_modsig Then Return INTEGRITY_UNKNOWN |
366 | If rc <= 0 && Not try_modsig Then |
370 | cause = If flags & IMA_DIGSIG_REQUIRED Then "IMA-signature-required" Else "missing-hash" |
372 | status = INTEGRITY_NOLABEL |
373 | If f_mode & FMODE_CREATED Then flags |= IMA_NEW_FILE |
375 | If flags & IMA_NEW_FILE && ( Not (flags & IMA_DIGSIG_REQUIRED) || i_size == 0 ) Then status = INTEGRITY_PASS |
379 | Go to out |
384 | Case status == INTEGRITY_PASS |
385 | Case status == INTEGRITY_PASS_IMMUTABLE |
386 | Case status == INTEGRITY_UNKNOWN |
387 | Break |
388 | Case status == INTEGRITY_NOXATTRS |
390 | If try_modsig Then Break |
393 | Case status == INTEGRITY_NOLABEL |
396 | Case status == INTEGRITY_FAIL |
399 | Default |
403 | If xattr_value Then rc = xattr_verify - verify xattr digest or signature* Verify whether the hash or signature matches the file contents.* Return 0 on success, error code otherwise. |
416 | out : |
423 | If s_iflags & SB_I_IMA_UNVERIFIABLE_SIGNATURE && ( s_iflags & SB_I_UNTRUSTED_MOUNTER || flags & IMA_FAIL_UNVERIFIABLE_SIGS ) Then |
426 | status = INTEGRITY_FAIL |
427 | cause = "unverifiable-signature" |
428 | integrity_audit_msg(Data integrity verification , inode, filename, op, cause, rc, 0) |
430 | Else if status != INTEGRITY_PASS Then |
432 | If ima_appraise & IMA_APPRAISE_FIX && Not try_modsig && ( Not xattr_value || type != EVM_IMA_XATTR_DIGSIG ) Then |
435 | If Not ima_fix_xattr(dentry, iint) Then status = INTEGRITY_PASS |
440 | If i_size == 0 && flags & IMA_NEW_FILE && xattr_value && type == EVM_IMA_XATTR_DIGSIG Then |
442 | status = INTEGRITY_PASS |
445 | integrity_audit_msg(Data integrity verification , inode, filename, op, cause, rc, 0) |
447 | Else |
448 | ima_cache_flags(iint, func) |
451 | ima_set_cache_status(iint, func, status) |
452 | Return status |
Name | Describe |
---|---|
process_measurement |
Source code conversion tool public plug-in interface | X |
---|---|
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |