ima_parse_rule

函数名称：ima_parse_rule

函数原型：static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)

返回类型：int

参数：

类型	参数	名称
char *	rule
struct ima_rule_entry *	entry

899

result等于0

901

ab等于integrity_audit_log_start(audit_context(), GFP_KERNEL, IMA policy rules )

904

uid等于INVALID_UID

905

fowner等于INVALID_UID

906

uid_op等于uid_eq

907

fowner_op等于uid_eq

908

action等于UNKNOWN

909

当((p = 分割字符串) != NULL)循环

914

如果result小于0则退出

916

如果p恒等于'\0'或p恒等于' '或p恒等于'\t'则继续下一循环

918

token等于match_token(p, policy_tokens, args)

920

当:token恒等于Opt_measure

921

ima_log_string(ab, "action", "measure")

923

如果action不等于UNKNOWN则result等于负EINVAL

926

action等于same as IMA_MEASURE

927

928

当:token恒等于Opt_dont_measure

929

ima_log_string(ab, "action", "dont_measure")

931

如果action不等于UNKNOWN则result等于负EINVAL

934

action等于DONT_MEASURE

935

936

当:token恒等于Opt_appraise

937

ima_log_string(ab, "action", "appraise")

939

如果action不等于UNKNOWN则result等于负EINVAL

942

action等于same as IMA_APPRAISE

943

944

当:token恒等于Opt_dont_appraise

945

ima_log_string(ab, "action", "dont_appraise")

947

如果action不等于UNKNOWN则result等于负EINVAL

950

action等于DONT_APPRAISE

951

952

当:token恒等于Opt_audit

953

ima_log_string(ab, "action", "audit")

955

如果action不等于UNKNOWN则result等于负EINVAL

958

action等于AUDIT

959

960

当:token恒等于Opt_hash

961

ima_log_string(ab, "action", "hash")

963

如果action不等于UNKNOWN则result等于负EINVAL

966

action等于HASH

967

968

当:token恒等于Opt_dont_hash

969

ima_log_string(ab, "action", "dont_hash")

971

如果action不等于UNKNOWN则result等于负EINVAL

974

action等于DONT_HASH

975

976

当:token恒等于Opt_func

977

ima_log_string(ab, "func", from)

979

如果func则result等于负EINVAL

982

如果字符串比较恒等于0则func等于FILE_CHECK

985

否则如果字符串比较恒等于0则func等于FILE_CHECK

987

否则如果字符串比较恒等于0则func等于MODULE_CHECK

989

否则如果字符串比较恒等于0则func等于FIRMWARE_CHECK

991

否则如果字符串比较恒等于0或字符串比较恒等于0则func等于MMAP_CHECK

994

否则如果字符串比较恒等于0则func等于BPRM_CHECK

996

否则如果字符串比较恒等于0则func等于CREDS_CHECK

998

否则如果字符串比较恒等于0则func等于KEXEC_KERNEL_CHECK

1001

否则如果字符串比较恒等于0则func等于KEXEC_INITRAMFS_CHECK

1004

否则如果字符串比较恒等于0则func等于POLICY_CHECK

1006

否则如果字符串比较恒等于0则func等于KEXEC_CMDLINE

1008

否则result等于负EINVAL

1010

如果非result则flags或等于lags definitions

1012

1013

当:token恒等于Opt_mask

1014

ima_log_string(ab, "mask", from)

1016

如果mask则result等于负EINVAL

1019

from等于from

1020

如果from恒等于'^'则from自加

1023

如果字符串比较恒等于0则mask等于MAY_EXEC

1025

否则如果字符串比较恒等于0则mask等于MAY_WRITE

1027

否则如果字符串比较恒等于0则mask等于MAY_READ

1029

否则如果字符串比较恒等于0则mask等于MAY_APPEND

1031

否则result等于负EINVAL

1033

如果非result则flags或等于如果from恒等于'^'则IMA_INMASK否则IMA_MASK

1036

1037

当:token恒等于Opt_fsmagic

1038

ima_log_string(ab, "fsmagic", from)

1040

如果fsmagic则

1041

result等于负EINVAL

1042

1045

result等于kstrtoul - convert a string to an unsigned long*@s: The start of the string. The string must be null-terminated, and may also* include a single newline before its terminating null. The first character* may also be a plus sign, but not a minus sign.

1046

如果非result则flags或等于IMA_FSMAGIC

1048

1049

当:token恒等于Opt_fsname

1050

ima_log_string(ab, "fsname", from)

1052

fsname等于kstrdup - allocate space for and copy an existing string*@s: the string to duplicate*@gfp: the GFP mask used in the kmalloc() call when allocating memory* Return: newly allocated copy of @s or %NULL in case of error

1053

如果非fsname则

1054

result等于负ENOMEM

1055

1057

result等于0

1058

flags或等于IMA_FSNAME

1059

1060

当:token恒等于Opt_fsuuid

1061

ima_log_string(ab, "fsuuid", from)

1063

如果非uuid_is_null( & fsuuid)则

1064

result等于负EINVAL

1065

1068

result等于uuid_parse(from, & fsuuid)

1069

如果非result则flags或等于IMA_FSUUID

1071

1072

当:token恒等于Opt_uid_gt

1073

当:token恒等于Opt_euid_gt

1074

uid_op等于uid_gt

1076

当:token恒等于Opt_uid_lt

1077

当:token恒等于Opt_euid_lt

1078

如果token恒等于Opt_uid_lt或token恒等于Opt_euid_lt则uid_op等于uid_lt

1081

当:token恒等于Opt_uid_eq

1082

当:token恒等于Opt_euid_eq

1083

uid_token等于token恒等于Opt_uid_eq或token恒等于Opt_uid_gt或token恒等于Opt_uid_lt

1087

ima_log_string_op(ab, uid_token ? "uid" : "euid", from, uid_op)

1090

如果uid_valid(uid)则

1091

result等于负EINVAL

1092

1095

result等于kstrtoul - convert a string to an unsigned long*@s: The start of the string. The string must be null-terminated, and may also* include a single newline before its terminating null. The first character* may also be a plus sign, but not a minus sign.

1096

如果非result则

1097

uid等于make_kuid - Map a user-namespace uid pair into a kuid

1099

如果非uid_valid(uid)或lnum不等于lnum则result等于负EINVAL

1102

否则flags或等于如果uid_token则IMA_UID否则IMA_EUID

1106

1107

当:token恒等于Opt_fowner_gt

1108

fowner_op等于uid_gt

1110

当:token恒等于Opt_fowner_lt

1111

如果token恒等于Opt_fowner_lt则fowner_op等于uid_lt

1114

当:token恒等于Opt_fowner_eq

1115

ima_log_string_op(ab, "fowner", from, fowner_op)

1118

如果uid_valid(fowner)则

1119

result等于负EINVAL

1120

1123

result等于kstrtoul - convert a string to an unsigned long*@s: The start of the string. The string must be null-terminated, and may also* include a single newline before its terminating null. The first character* may also be a plus sign, but not a minus sign.

1124

如果非result则

1125

fowner等于make_kuid - Map a user-namespace uid pair into a kuid

1126

如果非uid_valid(fowner)或lnum不等于lnum则result等于负EINVAL

1128

否则flags或等于IMA_FOWNER

1131

1132

当:token恒等于Opt_obj_user

1133

ima_log_string(ab, "obj_user", from)

1134

result等于ima_lsm_rule_init(entry, args, LSM_OBJ_USER, AUDIT_OBJ_USER)

1137

1138

当:token恒等于Opt_obj_role

1139

ima_log_string(ab, "obj_role", from)

1140

result等于ima_lsm_rule_init(entry, args, LSM_OBJ_ROLE, AUDIT_OBJ_ROLE)

1143

1144

当:token恒等于Opt_obj_type

1145

ima_log_string(ab, "obj_type", from)

1146

result等于ima_lsm_rule_init(entry, args, LSM_OBJ_TYPE, AUDIT_OBJ_TYPE)

1149

1150

当:token恒等于Opt_subj_user

1151

ima_log_string(ab, "subj_user", from)

1152

result等于ima_lsm_rule_init(entry, args, LSM_SUBJ_USER, security label user )

1155

1156

当:token恒等于Opt_subj_role

1157

ima_log_string(ab, "subj_role", from)

1158

result等于ima_lsm_rule_init(entry, args, LSM_SUBJ_ROLE, security label role )

1161

1162

当:token恒等于Opt_subj_type

1163

ima_log_string(ab, "subj_type", from)

1164

result等于ima_lsm_rule_init(entry, args, LSM_SUBJ_TYPE, security label type )

1167

1168

当:token恒等于Opt_appraise_type

1169

如果action不等于same as IMA_APPRAISE 则

1170

result等于负EINVAL

1171

1174

ima_log_string(ab, "appraise_type", from)

1175

如果字符串比较恒等于0则flags或等于IMA_DIGSIG_REQUIRED

1177

否则如果ima_hook_supports_modsig(func)且字符串比较恒等于0则flags或等于IMA_DIGSIG_REQUIRED按位或IMA_MODSIG_ALLOWED

1181

否则result等于负EINVAL

1183

1184

当:token恒等于Opt_appraise_flag

1185

ima_log_string(ab, "appraise_flag", from)

1186

如果strstr - Find the first substring in a %NUL terminated string*@s1: The string to be searched*@s2: The string to search for则flags或等于IMA_CHECK_BLACKLIST

1188

1189

当:token恒等于Opt_permit_directio

1190

flags或等于IMA_PERMIT_DIRECTIO

1191

1192

当:token恒等于Opt_pcr

1193

如果action不等于same as IMA_MEASURE 则

1194

result等于负EINVAL

1195

1197

ima_log_string(ab, "pcr", from)

1199

result等于kstrtoint - convert a string to an int*@s: The start of the string. The string must be null-terminated, and may also* include a single newline before its terminating null. The first character* may also be a plus sign or a minus sign.

1200

如果result或INVALID_PCR( uid_eq(), uid_gt(), uid_lt() )则result等于负EINVAL

1202

否则flags或等于IMA_PCR

1205

1206

当:token恒等于Opt_template

1207

ima_log_string(ab, "template", from)

1208

如果action不等于same as IMA_MEASURE 则

1209

result等于负EINVAL

1210

1212

template_desc等于lookup_template_desc(from)

1213

如果非template_desc或template则

1214

result等于负EINVAL

1215

1223

template_desc_init_fields(fmt, & (fields), & (num_fields))

1226

template等于template_desc

1227

1228

当:token恒等于Opt_err

1229

ima_log_string(ab, "UNKNOWN", p)

1230

result等于负EINVAL

1231

1234

如果非result且action恒等于UNKNOWN则result等于负EINVAL

1236

否则如果action恒等于same as IMA_APPRAISE 则temp_ima_appraise或等于ima_appraise_flag(func)

1239

如果非result且flags按位与IMA_MODSIG_ALLOWED则

1240

template_desc等于如果template则template否则ima_template_desc_current()

1242

Validating the appended signature included in the measurement list requires* the file hash calculated without the appended signature (i.e., the 'd-modsig'* field). Therefore, notify the user if they have the 'modsig' field but not

1245

写入审计信息

1246

发送审计信息，并释放缓冲区

1247

返回:result

**调用者**
名称	描述
ima_init_arch_policy
ima_parse_add_rule	ma_parse_add_rule - add a rule to ima_policy_rules@rule - ima measurement policy rule Avoid locking by allowing just one writer at a time in ima_write_policy()* Returns the length of the rule parsed, an error code on failure

源代码转换工具开放的插件接口	X
支持：c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现：逻辑报告代码生成和批量转换代码