Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\integrity\ima\ima_policy.c Create Date:2022-07-28 19:58:58
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:ma_init_policy - initialize the default measure rules.* ima_rules points to either the ima_default_rules or the* the new ima_policy_rules.

Proto:void __init ima_init_policy(void)

Type:void

Parameter:Nothing

655  If ima_policy Then add_rules(The minimum rule set to allow for full TCB coverage. Measures all files* opened or mmap for exec and everything read by root. Dangerous because* normal users can easily run the machine out of memory simply building* and running executables., ARRAY_SIZE - get the number of elements in array @arr*@arr: array to be sized(The minimum rule set to allow for full TCB coverage. Measures all files* opened or mmap for exec and everything read by root. Dangerous because* normal users can easily run the machine out of memory simply building* and running executables.), IMA_DEFAULT_POLICY)
660  Case ima_policy == ORIGINAL_TCB
661  add_rules(original_measurement_rules, ARRAY_SIZE - get the number of elements in array @arr*@arr: array to be sized(original_measurement_rules), IMA_DEFAULT_POLICY)
664  Break
665  Case ima_policy == DEFAULT_TCB
666  add_rules(default_measurement_rules, ARRAY_SIZE - get the number of elements in array @arr*@arr: array to be sized(default_measurement_rules), IMA_DEFAULT_POLICY)
669  Default
670  Break
679  arch_entries = ima_init_arch_policy()
680  If Not arch_entries Then pr_info("No architecture policies found\n")
682  Else add_rules(An array of architecture specific rules , arch_entries, IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY)
690  If ima_use_secure_boot Then add_rules(secure_boot_rules, ARRAY_SIZE - get the number of elements in array @arr*@arr: array to be sized(secure_boot_rules), IMA_DEFAULT_POLICY)
700  build_appraise_entries = ARRAY_SIZE - get the number of elements in array @arr*@arr: array to be sized(build_appraise_rules)
701  If build_appraise_entries Then
702  If ima_use_secure_boot Then add_rules(build_appraise_rules, build_appraise_entries, IMA_CUSTOM_POLICY)
705  Else add_rules(build_appraise_rules, build_appraise_entries, IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY)
710  If ima_use_appraise_tcb Then add_rules(default_appraise_rules, ARRAY_SIZE - get the number of elements in array @arr*@arr: array to be sized(default_appraise_rules), IMA_DEFAULT_POLICY)
715  ima_rules = ima_default_rules
716  Initialize the ima_policy_flag variable based on the currently* loaded policy. Based on this flag, the decision to short circuit* out of a function or not call the function in the first place* can be made earlier.