调用者| 名称 | 描述 |
|---|
| ima_write_policy | |
| ima_release_policy | ma_release_policy - start using the new measure policy rules.* Initially, ima_measure points to the default policy rules, now* point to the new policy rules, and remove the securityfs policy file,* assuming a valid policy. |
| ima_add_template_entry | Add template entry to the measurement list and hash table, and* extend the pcr.* On systems which support carrying the IMA measurement list across* kexec, maintain the total memory size required for serializing the* binary_runtime_measurements. |
| ima_add_boot_aggregate | Add the boot aggregate to the IMA measurement list and extend* the PCR register.* Calculate the boot aggregate, a SHA1 over tpm registers 0-7,* assuming a TPM chip exists, and zeroes if the TPM chip does not* exist |
| mmap_violation_check | Prevent mmap'ing a file execute that is already mmap'ed write |
| ima_store_template | ma_store_template - store ima template measurements* Calculate the hash of a template entry, add the template entry* to an ordered list of measurement entries maintained inside the kernel,* and also update the aggregate integrity value (maintained inside |
| ima_add_violation | ma_add_violation - add violation to measurement list.* Violations are flagged in the measurement list with zero hash values.* By extending the PCR with 0xFF's instead of with zeroes, the PCR* value is invalidated. |
| ima_collect_measurement | ma_collect_measurement - collect file measurement* Calculate the file hash, if it doesn't already exist,* storing the measurement and i_version in the iint.* Must be called with iint->mutex held.* Return 0 on success, error code otherwise |
| ima_store_measurement | ma_store_measurement - store file measurement* Create an "ima" template and then store the template by calling* ima_store_template |
| ima_parse_add_rule | ma_parse_add_rule - add a rule to ima_policy_rules*@rule - ima measurement policy rule* Avoid locking by allowing just one writer at a time in ima_write_policy()* Returns the length of the rule parsed, an error code on failure |
| ima_eventdigest_init | This function writes the digest of an event (with size limit). |
| ima_appraise_measurement | ma_appraise_measurement - appraise file measurement* Call evm_verifyxattr() to verify the integrity of 'security.ima'.* Assuming success, compare the xattr hash with the collected measurement.* Return 0 on success, error code otherwise |
| evm_protect_xattr | vm_protect_xattr - protect the EVM extended attribute* Prevent security.evm from being modified or removed without the* necessary permissions or when the existing value is invalid.* The posix xattr acls are 'system' prefixed, which normally would not |
| evm_inode_setattr | vm_inode_setattr - prevent updating an invalid EVM extended attribute*@dentry: pointer to the affected dentry* Permit update of file attributes when files have a valid EVM signature,* except in the case of them having an immutable portable signature. |