Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\integrity\integrity_audit.c Create Date:2022-07-28 19:56:09
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:integrity_audit_msg

Proto:void integrity_audit_msg(int audit_msgno, struct inode *inode, const unsigned char *fname, const char *op, const char *cause, int result, int audit_info)

Type:void

Parameter:

TypeParameterName
intaudit_msgno
struct inode *inode
const unsigned char *fname
const char *op
const char *cause
intresult
intaudit_info
35  If Not integrity_audit_info && audit_info == 1 Then Return
38  ab = audit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error
39  audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
44  audit_log_task_context(ab)
45  audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
46  audit_log_untrustedstring - log a string that may contain random characters*@ab: audit_buffer*@string: string to be logged* Same as audit_log_n_untrustedstring(), except that strlen is used to* determine string length.
47  If fname Then
48  audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
49  audit_log_untrustedstring - log a string that may contain random characters*@ab: audit_buffer*@string: string to be logged* Same as audit_log_n_untrustedstring(), except that strlen is used to* determine string length.
51  If inode Then
52  audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
53  audit_log_untrustedstring - log a string that may contain random characters*@ab: audit_buffer*@string: string to be logged* Same as audit_log_n_untrustedstring(), except that strlen is used to* determine string length.
54  audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
56  audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.
57  audit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove
Caller
NameDescribe
ima_write_policy
ima_release_policyma_release_policy - start using the new measure policy rules.* Initially, ima_measure points to the default policy rules, now* point to the new policy rules, and remove the securityfs policy file,* assuming a valid policy.
ima_add_template_entryAdd template entry to the measurement list and hash table, and* extend the pcr.* On systems which support carrying the IMA measurement list across* kexec, maintain the total memory size required for serializing the* binary_runtime_measurements.
ima_add_boot_aggregateAdd the boot aggregate to the IMA measurement list and extend* the PCR register.* Calculate the boot aggregate, a SHA1 over tpm registers 0-7,* assuming a TPM chip exists, and zeroes if the TPM chip does not* exist
mmap_violation_checkPrevent mmap'ing a file execute that is already mmap'ed write
ima_store_templatema_store_template - store ima template measurements* Calculate the hash of a template entry, add the template entry* to an ordered list of measurement entries maintained inside the kernel,* and also update the aggregate integrity value (maintained inside
ima_add_violationma_add_violation - add violation to measurement list.* Violations are flagged in the measurement list with zero hash values.* By extending the PCR with 0xFF's instead of with zeroes, the PCR* value is invalidated.
ima_collect_measurementma_collect_measurement - collect file measurement* Calculate the file hash, if it doesn't already exist,* storing the measurement and i_version in the iint.* Must be called with iint->mutex held.* Return 0 on success, error code otherwise
ima_store_measurementma_store_measurement - store file measurement* Create an "ima" template and then store the template by calling* ima_store_template
ima_parse_add_rulema_parse_add_rule - add a rule to ima_policy_rules*@rule - ima measurement policy rule* Avoid locking by allowing just one writer at a time in ima_write_policy()* Returns the length of the rule parsed, an error code on failure
ima_eventdigest_initThis function writes the digest of an event (with size limit).
ima_appraise_measurementma_appraise_measurement - appraise file measurement* Call evm_verifyxattr() to verify the integrity of 'security.ima'.* Assuming success, compare the xattr hash with the collected measurement.* Return 0 on success, error code otherwise
evm_protect_xattrvm_protect_xattr - protect the EVM extended attribute* Prevent security.evm from being modified or removed without the* necessary permissions or when the existing value is invalid.* The posix xattr acls are 'system' prefixed, which normally would not
evm_inode_setattrvm_inode_setattr - prevent updating an invalid EVM extended attribute*@dentry: pointer to the affected dentry* Permit update of file attributes when files have a valid EVM signature,* except in the case of them having an immutable portable signature.