函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\integrity\integrity_audit.c Create Date:2022-07-27 21:53:30
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:integrity_audit_msg

函数原型:void integrity_audit_msg(int audit_msgno, struct inode *inode, const unsigned char *fname, const char *op, const char *cause, int result, int audit_info)

返回类型:void

参数:

类型参数名称
intaudit_msgno
struct inode *inode
const unsigned char *fname
const char *op
const char *cause
intresult
intaudit_info
35  如果非integrity_audit_infoaudit_info恒等于1则返回
38  ab等于申请审计缓冲区
39  写入审计信息
44  audit_log_task_context(ab)
45  写入审计信息
46  audit_log_untrustedstring - log a string that may contain random characters*@ab: audit_buffer*@string: string to be logged* Same as audit_log_n_untrustedstring(), except that strlen is used to* determine string length.
47  如果fname
48  写入审计信息
49  audit_log_untrustedstring - log a string that may contain random characters*@ab: audit_buffer*@string: string to be logged* Same as audit_log_n_untrustedstring(), except that strlen is used to* determine string length.
51  如果inode
52  写入审计信息
53  audit_log_untrustedstring - log a string that may contain random characters*@ab: audit_buffer*@string: string to be logged* Same as audit_log_n_untrustedstring(), except that strlen is used to* determine string length.
54  写入审计信息
56  写入审计信息
57  发送审计信息,并释放缓冲区
调用者
名称描述
ima_write_policy
ima_release_policyma_release_policy - start using the new measure policy rules.* Initially, ima_measure points to the default policy rules, now* point to the new policy rules, and remove the securityfs policy file,* assuming a valid policy.
ima_add_template_entryAdd template entry to the measurement list and hash table, and* extend the pcr.* On systems which support carrying the IMA measurement list across* kexec, maintain the total memory size required for serializing the* binary_runtime_measurements.
ima_add_boot_aggregateAdd the boot aggregate to the IMA measurement list and extend* the PCR register.* Calculate the boot aggregate, a SHA1 over tpm registers 0-7,* assuming a TPM chip exists, and zeroes if the TPM chip does not* exist
mmap_violation_checkPrevent mmap'ing a file execute that is already mmap'ed write
ima_store_templatema_store_template - store ima template measurements* Calculate the hash of a template entry, add the template entry* to an ordered list of measurement entries maintained inside the kernel,* and also update the aggregate integrity value (maintained inside
ima_add_violationma_add_violation - add violation to measurement list.* Violations are flagged in the measurement list with zero hash values.* By extending the PCR with 0xFF's instead of with zeroes, the PCR* value is invalidated.
ima_collect_measurementma_collect_measurement - collect file measurement* Calculate the file hash, if it doesn't already exist,* storing the measurement and i_version in the iint.* Must be called with iint->mutex held.* Return 0 on success, error code otherwise
ima_store_measurementma_store_measurement - store file measurement* Create an "ima" template and then store the template by calling* ima_store_template
ima_parse_add_rulema_parse_add_rule - add a rule to ima_policy_rules*@rule - ima measurement policy rule* Avoid locking by allowing just one writer at a time in ima_write_policy()* Returns the length of the rule parsed, an error code on failure
ima_eventdigest_initThis function writes the digest of an event (with size limit).
ima_appraise_measurementma_appraise_measurement - appraise file measurement* Call evm_verifyxattr() to verify the integrity of 'security.ima'.* Assuming success, compare the xattr hash with the collected measurement.* Return 0 on success, error code otherwise
evm_protect_xattrvm_protect_xattr - protect the EVM extended attribute* Prevent security.evm from being modified or removed without the* necessary permissions or when the existing value is invalid.* The posix xattr acls are 'system' prefixed, which normally would not
evm_inode_setattrvm_inode_setattr - prevent updating an invalid EVM extended attribute*@dentry: pointer to the affected dentry* Permit update of file attributes when files have a valid EVM signature,* except in the case of them having an immutable portable signature.