ima_appraise_measurement

Name:ma_appraise_measurement - appraise file measurement* Call evm_verifyxattr() to verify the integrity of 'security.ima'.* Assuming success, compare the xattr hash with the collected measurement.* Return 0 on success, error code otherwise

Proto:int ima_appraise_measurement(enum ima_hooks func, struct integrity_iint_cache *iint, struct file *file, const unsigned char *filename, struct evm_ima_xattr_data *xattr_value, int xattr_len, const struct modsig *modsig)

Type:int

Parameter:

Type	Parameter	Name
enum ima_hooks	func
struct integrity_iint_cache *	iint
struct file *	file
const unsigned char *	filename
struct evm_ima_xattr_data *	xattr_value
int	xattr_len
const struct modsig *	modsig

353

op[] = "appraise_data"

354

cause = "unknown"

355

dentry = file_dentry(file)

356

inode = d_backing_inode - Get upper or lower inode we should be using*@upper: The upper layer* This is the helper that should be used to get at the inode that will be used* if this dentry were to be opened as a file. The inode may be on the upper

357

status = INTEGRITY_UNKNOWN

358

359

try_modsig = flags & IMA_MODSIG_ALLOWED && modsig

362

If Not (i_opflags & IOP_XATTR) && Not try_modsig Then Return INTEGRITY_UNKNOWN

366

If rc <= 0 && Not try_modsig Then

367

If rc && rc != -ENODATA Then Go to out

370

cause = If flags & IMA_DIGSIG_REQUIRED Then "IMA-signature-required" Else "missing-hash"

372

status = INTEGRITY_NOLABEL

373

If f_mode & FMODE_CREATED Then flags |= IMA_NEW_FILE

375

If flags & IMA_NEW_FILE && ( Not (flags & IMA_DIGSIG_REQUIRED) || i_size == 0 ) Then status = INTEGRITY_PASS

379

Go to out

382

status = vm_verifyxattr - verify the integrity of the requested xattr*@dentry: object of the verify xattr*@xattr_name: requested xattr*@xattr_value: requested xattr value*@xattr_value_len: requested xattr value length* Calculate the HMAC for the given dentry and

384

Case status == INTEGRITY_PASS

385

Case status == INTEGRITY_PASS_IMMUTABLE

386

Case status == INTEGRITY_UNKNOWN

387

Break

388

Case status == INTEGRITY_NOXATTRS

390

If try_modsig Then Break

393

Case status == INTEGRITY_NOLABEL

394

cause = "missing-HMAC"

395

Go to out

396

Case status == INTEGRITY_FAIL

397

cause = "invalid-HMAC"

398

Go to out

399

Default

400

WARN_ONCE(true, "Unexpected integrity status %d\n", status)

403

If xattr_value Then rc = xattr_verify - verify xattr digest or signature* Verify whether the hash or signature matches the file contents.* Return 0 on success, error code otherwise.

411

If try_modsig && ( Not xattr_value || type == IMA_XATTR_DIGEST_NG || rc == -ENOKEY ) Then rc = modsig_verify - verify modsig signature* Verify whether the signature matches the file contents.* Return 0 on success, error code otherwise.

416

out :

423

If s_iflags & SB_I_IMA_UNVERIFIABLE_SIGNATURE && ( s_iflags & SB_I_UNTRUSTED_MOUNTER || flags & IMA_FAIL_UNVERIFIABLE_SIGS ) Then

426

status = INTEGRITY_FAIL

427

cause = "unverifiable-signature"

428

integrity_audit_msg(Data integrity verification , inode, filename, op, cause, rc, 0)

430

Else if status != INTEGRITY_PASS Then

432

If ima_appraise & IMA_APPRAISE_FIX && Not try_modsig && ( Not xattr_value || type != EVM_IMA_XATTR_DIGSIG ) Then

435

If Not ima_fix_xattr(dentry, iint) Then status = INTEGRITY_PASS

440

If i_size == 0 && flags & IMA_NEW_FILE && xattr_value && type == EVM_IMA_XATTR_DIGSIG Then

442

status = INTEGRITY_PASS

445

integrity_audit_msg(Data integrity verification , inode, filename, op, cause, rc, 0)

447

Else

448

ima_cache_flags(iint, func)

451

ima_set_cache_status(iint, func, status)

452

Return status

**Caller**
Name	Describe
process_measurement

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion