Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\integrity\ima\ima_main.c Create Date:2022-07-28 19:58:17
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:ma_load_data - appraise decision based on policy*@id: kernel load data caller identifier* Callers of this LSM hook can not measure, appraise, or audit the* data provided by userspace. Enforce policy rules requring a file* signature (eg

Proto:int ima_load_data(enum kernel_load_data_id id)

Type:int

Parameter:

TypeParameterName
enum kernel_load_data_idid
592  ima_enforce = (ima_appraise & Appraise integrity measurements ) == Appraise integrity measurements
596  Case id == LOADING_KEXEC_IMAGE
597  If IS_ENABLED(CONFIG_FOO) evaluates to 1 if CONFIG_FOO is set to 'y' or 'm',* 0 otherwise.(CONFIG_KEXEC_SIG) && arch_ima_get_secureboot() Then
599  pr_err("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load syscall.\n")
600  Return -EACCES
603  If ima_enforce && ima_appraise & IMA_APPRAISE_KEXEC Then
604  pr_err("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load syscall.\n")
605  Return -EACCES
607  Break
608  Case id == LOADING_FIRMWARE
609  If ima_enforce && ima_appraise & IMA_APPRAISE_FIRMWARE Then
610  pr_err("Prevent firmware sysfs fallback loading.\n")
611  Return -EACCES
613  Break
614  Case id == LOADING_MODULE
615  sig_enforce = Export sig_enforce kernel cmdline parameter to allow other subsystems rely* on that instead of directly to CONFIG_MODULE_SIG_FORCE config.
617  If ima_enforce && Not sig_enforce && ima_appraise & IMA_APPRAISE_MODULES Then
619  pr_err("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter might help\n")
620  Return -EACCES
622  Default
623  Break
625  Return 0