函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\integrity\ima\ima_main.c Create Date:2022-07-27 21:59:51
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:ma_load_data - appraise decision based on policy*@id: kernel load data caller identifier* Callers of this LSM hook can not measure, appraise, or audit the* data provided by userspace. Enforce policy rules requring a file* signature (eg

函数原型:int ima_load_data(enum kernel_load_data_id id)

返回类型:int

参数:

类型参数名称
enum kernel_load_data_idid
592  ima_enforce等于ima_appraise按位与Appraise integrity measurements 的值恒等于Appraise integrity measurements
596  :id恒等于LOADING_KEXEC_IMAGE
597  如果IS_ENABLED(CONFIG_FOO) evaluates to 1 if CONFIG_FOO is set to 'y' or 'm',* 0 otherwise.(CONFIG_KEXEC_SIG)且arch_ima_get_secureboot()则
599  打印错误信息("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load syscall.\n")
600  返回:负EACCES
603  如果ima_enforceima_appraise按位与IMA_APPRAISE_KEXEC
604  打印错误信息("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load syscall.\n")
605  返回:负EACCES
607  退出
608  :id恒等于LOADING_FIRMWARE
609  如果ima_enforceima_appraise按位与IMA_APPRAISE_FIRMWARE
610  打印错误信息("Prevent firmware sysfs fallback loading.\n")
611  返回:负EACCES
613  退出
614  :id恒等于LOADING_MODULE
615  sig_enforce等于Export sig_enforce kernel cmdline parameter to allow other subsystems rely* on that instead of directly to CONFIG_MODULE_SIG_FORCE config.
617  如果ima_enforce且非sig_enforceima_appraise按位与IMA_APPRAISE_MODULES
619  打印错误信息("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter might help\n")
620  返回:负EACCES
622  默认
623  退出
625  返回:0