函数逻辑报告 |
Source Code:security\integrity\ima\ima_policy.c |
Create Date:2022-07-27 22:04:16 |
Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
首页 | 函数Tree |
注解内核,赢得工具 | 下载SCCT | English |
函数名称:ima_parse_rule
函数原型:static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
返回类型:int
参数:
类型 | 参数 | 名称 |
---|---|---|
char * | rule | |
struct ima_rule_entry * | entry |
899 | result等于0 |
904 | uid等于INVALID_UID |
905 | fowner等于INVALID_UID |
918 | token等于match_token(p, policy_tokens, args) |
920 | 当:token恒等于Opt_measure |
921 | ima_log_string(ab, "action", "measure") |
927 | 退出 |
928 | 当:token恒等于Opt_dont_measure |
936 | 当:token恒等于Opt_appraise |
937 | ima_log_string(ab, "action", "appraise") |
943 | 退出 |
944 | 当:token恒等于Opt_dont_appraise |
953 | ima_log_string(ab, "action", "audit") |
959 | 退出 |
961 | ima_log_string(ab, "action", "hash") |
967 | 退出 |
968 | 当:token恒等于Opt_dont_hash |
969 | ima_log_string(ab, "action", "dont_hash") |
975 | 退出 |
977 | ima_log_string(ab, "func", from) |
982 | 如果字符串比较恒等于0则func等于FILE_CHECK |
985 | 否则如果字符串比较恒等于0则func等于FILE_CHECK |
987 | 否则如果字符串比较恒等于0则func等于MODULE_CHECK |
989 | 否则如果字符串比较恒等于0则func等于FIRMWARE_CHECK |
991 | 否则如果字符串比较恒等于0或字符串比较恒等于0则func等于MMAP_CHECK |
994 | 否则如果字符串比较恒等于0则func等于BPRM_CHECK |
996 | 否则如果字符串比较恒等于0则func等于CREDS_CHECK |
998 | 否则如果字符串比较恒等于0则func等于KEXEC_KERNEL_CHECK |
1001 | 否则如果字符串比较恒等于0则func等于KEXEC_INITRAMFS_CHECK |
1004 | 否则如果字符串比较恒等于0则func等于POLICY_CHECK |
1006 | 否则如果字符串比较恒等于0则func等于KEXEC_CMDLINE |
1010 | 如果非result则flags或等于lags definitions |
1012 | 退出 |
1014 | ima_log_string(ab, "mask", from) |
1029 | 否则如果字符串比较恒等于0则mask等于MAY_APPEND |
1033 | 如果非result则flags或等于如果from恒等于'^'则IMA_INMASK否则IMA_MASK |
1036 | 退出 |
1037 | 当:token恒等于Opt_fsmagic |
1038 | ima_log_string(ab, "fsmagic", from) |
1040 | 如果fsmagic则 |
1046 | 如果非result则flags或等于IMA_FSMAGIC |
1048 | 退出 |
1049 | 当:token恒等于Opt_fsname |
1050 | ima_log_string(ab, "fsname", from) |
1053 | 如果非fsname则 |
1057 | result等于0 |
1058 | flags或等于IMA_FSNAME |
1059 | 退出 |
1060 | 当:token恒等于Opt_fsuuid |
1061 | ima_log_string(ab, "fsuuid", from) |
1063 | 如果非uuid_is_null( & fsuuid)则 |
1068 | result等于uuid_parse(from, & fsuuid) |
1069 | 如果非result则flags或等于IMA_FSUUID |
1071 | 退出 |
1072 | 当:token恒等于Opt_uid_gt |
1073 | 当:token恒等于Opt_euid_gt |
1076 | 当:token恒等于Opt_uid_lt |
1077 | 当:token恒等于Opt_euid_lt |
1078 | 如果token恒等于Opt_uid_lt或token恒等于Opt_euid_lt则uid_op等于uid_lt |
1081 | 当:token恒等于Opt_uid_eq |
1082 | 当:token恒等于Opt_euid_eq |
1083 | uid_token等于token恒等于Opt_uid_eq或token恒等于Opt_uid_gt或token恒等于Opt_uid_lt |
1087 | ima_log_string_op(ab, uid_token ? "uid" : "euid", from, uid_op) |
1096 | 如果非result则 |
1106 | 退出 |
1107 | 当:token恒等于Opt_fowner_gt |
1110 | 当:token恒等于Opt_fowner_lt |
1111 | 如果token恒等于Opt_fowner_lt则fowner_op等于uid_lt |
1114 | 当:token恒等于Opt_fowner_eq |
1115 | ima_log_string_op(ab, "fowner", from, fowner_op) |
1124 | 如果非result则 |
1128 | 否则flags或等于IMA_FOWNER |
1131 | 退出 |
1132 | 当:token恒等于Opt_obj_user |
1133 | ima_log_string(ab, "obj_user", from) |
1134 | result等于ima_lsm_rule_init(entry, args, LSM_OBJ_USER, AUDIT_OBJ_USER) |
1137 | 退出 |
1138 | 当:token恒等于Opt_obj_role |
1139 | ima_log_string(ab, "obj_role", from) |
1140 | result等于ima_lsm_rule_init(entry, args, LSM_OBJ_ROLE, AUDIT_OBJ_ROLE) |
1143 | 退出 |
1144 | 当:token恒等于Opt_obj_type |
1145 | ima_log_string(ab, "obj_type", from) |
1146 | result等于ima_lsm_rule_init(entry, args, LSM_OBJ_TYPE, AUDIT_OBJ_TYPE) |
1149 | 退出 |
1150 | 当:token恒等于Opt_subj_user |
1151 | ima_log_string(ab, "subj_user", from) |
1152 | result等于ima_lsm_rule_init(entry, args, LSM_SUBJ_USER, security label user ) |
1155 | 退出 |
1156 | 当:token恒等于Opt_subj_role |
1157 | ima_log_string(ab, "subj_role", from) |
1158 | result等于ima_lsm_rule_init(entry, args, LSM_SUBJ_ROLE, security label role ) |
1161 | 退出 |
1162 | 当:token恒等于Opt_subj_type |
1163 | ima_log_string(ab, "subj_type", from) |
1164 | result等于ima_lsm_rule_init(entry, args, LSM_SUBJ_TYPE, security label type ) |
1167 | 退出 |
1168 | 当:token恒等于Opt_appraise_type |
1169 | 如果action不等于same as IMA_APPRAISE 则 |
1174 | ima_log_string(ab, "appraise_type", from) |
1175 | 如果字符串比较恒等于0则flags或等于IMA_DIGSIG_REQUIRED |
1177 | 否则如果ima_hook_supports_modsig(func)且字符串比较恒等于0则flags或等于IMA_DIGSIG_REQUIRED按位或IMA_MODSIG_ALLOWED |
1183 | 退出 |
1184 | 当:token恒等于Opt_appraise_flag |
1185 | ima_log_string(ab, "appraise_flag", from) |
1186 | 如果strstr - Find the first substring in a %NUL terminated string*@s1: The string to be searched*@s2: The string to search for则flags或等于IMA_CHECK_BLACKLIST |
1188 | 退出 |
1189 | 当:token恒等于Opt_permit_directio |
1190 | flags或等于IMA_PERMIT_DIRECTIO |
1191 | 退出 |
1193 | 如果action不等于same as IMA_MEASURE 则 |
1197 | ima_log_string(ab, "pcr", from) |
1200 | 如果result或INVALID_PCR( uid_eq(), uid_gt(), uid_lt() )则result等于负EINVAL |
1205 | 退出 |
1206 | 当:token恒等于Opt_template |
1207 | ima_log_string(ab, "template", from) |
1208 | 如果action不等于same as IMA_MEASURE 则 |
1213 | 如果非template_desc或template则 |
1223 | template_desc_init_fields(fmt, & (fields), & (num_fields)) |
1226 | template等于template_desc |
1227 | 退出 |
1236 | 否则如果action恒等于same as IMA_APPRAISE 则temp_ima_appraise或等于ima_appraise_flag(func) |
1239 | 如果非result且flags按位与IMA_MODSIG_ALLOWED则 |
1240 | template_desc等于如果template则template否则ima_template_desc_current() |
1245 | 写入审计信息 |
1246 | 发送审计信息,并释放缓冲区 |
1247 | 返回:result |
名称 | 描述 |
---|---|
ima_init_arch_policy | |
ima_parse_add_rule | ma_parse_add_rule - add a rule to ima_policy_rules*@rule - ima measurement policy rule* Avoid locking by allowing just one writer at a time in ima_write_policy()* Returns the length of the rule parsed, an error code on failure |
源代码转换工具 开放的插件接口 | X |
---|---|
支持:c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现:逻辑报告 代码生成和批量转换代码 |