|
Linux Kernel
3.7.1
|
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
|
Linux Kernel
3.7.1
|
#include <linux/module.h>#include <linux/list.h>#include <linux/security.h>#include <linux/magic.h>#include <linux/parser.h>#include <linux/slab.h>#include "ima.h"Go to the source code of this file.
Data Structures | |
| struct | ima_rule_entry |
Macros | |
| #define | IMA_FUNC 0x0001 |
| #define | IMA_MASK 0x0002 |
| #define | IMA_FSMAGIC 0x0004 |
| #define | IMA_UID 0x0008 |
| #define | IMA_FOWNER 0x0010 |
| #define | UNKNOWN 0 |
| #define | MEASURE 0x0001 /* same as IMA_MEASURE */ |
| #define | DONT_MEASURE 0x0002 |
| #define | APPRAISE 0x0004 /* same as IMA_APPRAISE */ |
| #define | DONT_APPRAISE 0x0008 |
| #define | AUDIT 0x0040 |
| #define | MAX_LSM_RULES 6 |
Enumerations | |
| enum | lsm_rule_types { LSM_OBJ_USER, LSM_OBJ_ROLE, LSM_OBJ_TYPE, LSM_SUBJ_USER, LSM_SUBJ_ROLE, LSM_SUBJ_TYPE } |
| enum | { Opt_err = -1, Opt_measure = 1, Opt_dont_measure, Opt_appraise, Opt_dont_appraise, Opt_audit, Opt_obj_user, Opt_obj_role, Opt_obj_type, Opt_subj_user, Opt_subj_role, Opt_subj_type, Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner } |
Functions | |
| __setup ("ima_tcb", default_measure_policy_setup) | |
| __setup ("ima_appraise_tcb", default_appraise_policy_setup) | |
| int | ima_match_policy (struct inode *inode, enum ima_hooks func, int mask, int flags) |
| void __init | ima_init_policy (void) |
| void | ima_update_policy (void) |
| ssize_t | ima_parse_add_rule (char *rule) |
| void | ima_delete_rules (void) |
| #define APPRAISE 0x0004 /* same as IMA_APPRAISE */ |
Definition at line 32 of file ima_policy.c.
| #define AUDIT 0x0040 |
Definition at line 34 of file ima_policy.c.
| #define DONT_APPRAISE 0x0008 |
Definition at line 33 of file ima_policy.c.
| #define DONT_MEASURE 0x0002 |
Definition at line 31 of file ima_policy.c.
| #define IMA_FOWNER 0x0010 |
Definition at line 27 of file ima_policy.c.
| #define IMA_FSMAGIC 0x0004 |
Definition at line 25 of file ima_policy.c.
| #define IMA_FUNC 0x0001 |
Definition at line 23 of file ima_policy.c.
| #define IMA_MASK 0x0002 |
Definition at line 24 of file ima_policy.c.
| #define IMA_UID 0x0008 |
Definition at line 26 of file ima_policy.c.
| #define MAX_LSM_RULES 6 |
Definition at line 36 of file ima_policy.c.
| #define MEASURE 0x0001 /* same as IMA_MEASURE */ |
Definition at line 30 of file ima_policy.c.
| #define UNKNOWN 0 |
Definition at line 29 of file ima_policy.c.
| anonymous enum |
Definition at line 277 of file ima_policy.c.
| enum lsm_rule_types |
Definition at line 37 of file ima_policy.c.
| __setup | ( | "ima_tcb" | , |
| default_measure_policy_setup | |||
| ) |
| __setup | ( | "ima_appraise_tcb" | , |
| default_appraise_policy_setup | |||
| ) |
Definition at line 586 of file ima_policy.c.
ima_match_policy - decision based on LSM and other conditions : pointer to an inode for which the policy decision is being made : IMA hook identifier : requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
Measure decision based on func/mask/fsmagic and LSM(subj/obj/type) conditions.
(There is no need for locking when walking the policy list, as elements in the list are never deleted, nor does the list change.)
Definition at line 197 of file ima_policy.c.
ima_parse_add_rule - add a rule to ima_policy_rules - ima measurement policy rule
Uses a mutex to protect the policy list from multiple concurrent writers. Returns the length of the rule parsed, an error code on failure
Definition at line 536 of file ima_policy.c.
ima_update_policy - update default_rules with new measure rules
Called on file .release to update the default rules with a complete new policy. Once updated, the policy is locked, no additional rules can be added to the policy.
Definition at line 261 of file ima_policy.c.
1.8.2