函数逻辑报告 |
Source Code:security\integrity\ima\ima_policy.c |
Create Date:2022-07-27 22:03:05 |
Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
首页 | 函数Tree |
注解内核,赢得工具 | 下载SCCT | English |
函数名称:ma_match_rules - determine whether an inode matches the policy rule
函数原型:static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, const struct cred *cred, unsigned int secid, enum ima_hooks func, int mask)
返回类型:bool
参数:
类型 | 参数 | 名称 |
---|---|---|
struct ima_rule_entry * | rule | |
struct inode * | inode | |
const struct cred * | cred | |
unsigned int | secid | |
enum ima_hooks | func | |
int | mask |
375 | 如果func恒等于KEXEC_CMDLINE则 |
376 | 如果flags按位与lags definitions 且func恒等于func则返回:true |
378 | 返回:false |
380 | 如果flags按位与lags definitions 且func不等于func且func不等于POST_SETATTR则返回:false |
386 | 如果flags按位与IMA_INMASK且非mask按位与mask的值且func不等于POST_SETATTR则返回:false |
389 | 如果flags按位与IMA_FSMAGIC且fsmagic不等于s_magic则返回:false |
392 | 如果flags按位与IMA_FSNAME且字符串比较则返回:false |
395 | 如果flags按位与IMA_FSUUID且非uuid_equal( & fsuuid, & s_uuid)则返回:false |
410 | 如果flags按位与IMA_FOWNER且非fowner_op(i_uid, fowner)则返回:false |
413 | 以i小于MAX_LSM_RULES循环 |
414 | rc等于0 |
417 | 如果非 LSM file metadata specific 则 |
418 | 如果非 audit value 则继续下一循环 |
420 | 否则返回:false |
424 | 当:i恒等于LSM_OBJ_USER |
425 | 当:i恒等于LSM_OBJ_ROLE |
426 | 当:i恒等于LSM_OBJ_TYPE |
427 | security_inode_getsecid(inode, & osid) |
432 | 退出 |
433 | 当:i恒等于LSM_SUBJ_USER |
434 | 当:i恒等于LSM_SUBJ_ROLE |
435 | 当:i恒等于LSM_SUBJ_TYPE |
440 | 默认 |
441 | 退出 |
443 | 如果非rc则返回:false |
446 | 返回:true |
名称 | 描述 |
---|---|
ima_match_policy | ma_match_policy - decision based on LSM and other conditions*@inode: pointer to an inode for which the policy decision is being made*@cred: pointer to a credentials structure for which the policy decision is* being made*@secid: LSM secid of the task to be |
源代码转换工具 开放的插件接口 | X |
---|---|
支持:c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现:逻辑报告 代码生成和批量转换代码 |