Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\integrity\ima\ima_appraise.c Create Date:2022-07-28 19:59:24
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:xattr_verify - verify xattr digest or signature* Verify whether the hash or signature matches the file contents.* Return 0 on success, error code otherwise.

Proto:static int xattr_verify(enum ima_hooks func, struct integrity_iint_cache *iint, struct evm_ima_xattr_data *xattr_value, int xattr_len, enum integrity_status *status, const char **cause)

Type:int

Parameter:

TypeParameterName
enum ima_hooksfunc
struct integrity_iint_cache *iint
struct evm_ima_xattr_data *xattr_value
intxattr_len
enum integrity_status *status
const char **cause
214  rc = -EINVAL , hash_start = 0
217  Case type == IMA_XATTR_DIGEST_NG
219  hash_start = 1
221  Case type == IMA_XATTR_DIGEST
222  If flags & IMA_DIGSIG_REQUIRED Then
223  cause = "IMA-signature-required"
224  status = INTEGRITY_FAIL
225  Break
227  lear_bit - Clears a bit in memory*@nr: Bit to clear*@addr: Address to start counting from* This is a relaxed atomic operation (no implied memory barriers).
228  If xattr_len - size of type - hash_start >= length Then rc = memcmp( & data[hash_start], digest, length)
237  Else rc = -EINVAL
239  If rc Then
240  cause = "invalid-hash"
241  status = INTEGRITY_FAIL
242  Break
244  status = INTEGRITY_PASS
245  Break
246  Case type == EVM_IMA_XATTR_DIGSIG
247  Atomically set a bit in memory
248  rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA, (constchar * )xattr_value, xattr_len, digest, length)
253  If rc == -EOPNOTSUPP Then
254  status = INTEGRITY_UNKNOWN
255  Break
257  If IS_ENABLED(CONFIG_FOO) evaluates to 1 if CONFIG_FOO is set to 'y' or 'm',* 0 otherwise.(CONFIG_INTEGRITY_PLATFORM_KEYRING) && rc && func == KEXEC_KERNEL_CHECK Then rc = integrity_digsig_verify(INTEGRITY_KEYRING_PLATFORM, (constchar * )xattr_value, xattr_len, digest, length)
264  If rc Then
265  cause = "invalid-signature"
266  status = INTEGRITY_FAIL
267  Else
268  status = INTEGRITY_PASS
270  Break
271  Default
272  status = INTEGRITY_UNKNOWN
273  cause = "unknown-ima-data"
274  Break
277  Return rc
Caller
NameDescribe
ima_appraise_measurementma_appraise_measurement - appraise file measurement* Call evm_verifyxattr() to verify the integrity of 'security.ima'.* Assuming success, compare the xattr hash with the collected measurement.* Return 0 on success, error code otherwise