|
Linux Kernel
3.7.1
|
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
|
Linux Kernel
3.7.1
|
#include <linux/types.h>#include <linux/crypto.h>#include <linux/security.h>#include <linux/hash.h>#include <linux/tpm.h>#include <linux/audit.h>#include "../integrity.h"Go to the source code of this file.
Data Structures | |
| struct | ima_template_data |
| struct | ima_template_entry |
| struct | ima_queue_entry |
| struct | ima_h_table |
Macros | |
| #define | IMA_DIGEST_SIZE SHA1_DIGEST_SIZE |
| #define | IMA_EVENT_NAME_LEN_MAX 255 |
| #define | IMA_HASH_BITS 9 |
| #define | IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS) |
| #define | IMA_APPRAISE_ENFORCE 0x01 |
| #define | IMA_APPRAISE_FIX 0x02 |
Enumerations | |
| enum | ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_ASCII } |
| enum | tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 } |
| enum | ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK, POST_SETATTR } |
Variables | |
| int | ima_initialized |
| int | ima_used_chip |
| char * | ima_hash |
| int | ima_appraise |
| struct list_head | ima_measurements |
| spinlock_t | ima_queue_lock |
| struct ima_h_table | ima_htable |
| #define IMA_DIGEST_SIZE SHA1_DIGEST_SIZE |
| #define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS) |
| enum ima_hooks |
| enum ima_show_type |
| int ima_add_template_entry | ( | struct ima_template_entry * | entry, |
| int | violation, | ||
| const char * | op, | ||
| struct inode * | inode | ||
| ) |
Definition at line 107 of file ima_queue.c.
| void ima_audit_measurement | ( | struct integrity_iint_cache * | iint, |
| const unsigned char * | filename | ||
| ) |
Definition at line 127 of file ima_crypto.c.
Definition at line 97 of file ima_crypto.c.
| int ima_collect_measurement | ( | struct integrity_iint_cache * | iint, |
| struct file * | file | ||
| ) |
Definition at line 586 of file ima_policy.c.
ima_get_action - appraise & measure decision based on policy. : pointer to inode to measure : contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) : calling function (FILE_CHECK, BPRM_CHECK, FILE_MMAP)
The policy is defined in terms of keypairs: subj=, obj=, type=, func=, mask=, fsmagic= subj,obj, and type: are LSM specific. func: FILE_CHECK | BPRM_CHECK | FILE_MMAP mask: contains the permission mask fsmagic: hex value
Returns IMA_MEASURE, IMA_APPRAISE mask.
Definition at line 75 of file ima_init.c.
ima_match_policy - decision based on LSM and other conditions : pointer to an inode for which the policy decision is being made : IMA hook identifier : requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
Measure decision based on func/mask/fsmagic and LSM(subj/obj/type) conditions.
(There is no need for locking when walking the policy list, as elements in the list are never deleted, nor does the list change.)
Definition at line 197 of file ima_policy.c.
ima_parse_add_rule - add a rule to ima_policy_rules - ima measurement policy rule
Uses a mutex to protect the policy list from multiple concurrent writers. Returns the length of the rule parsed, an error code on failure
Definition at line 536 of file ima_policy.c.
| void ima_template_show | ( | struct seq_file * | m, |
| void * | e, | ||
| enum ima_show_type | show | ||
| ) |
ima_update_policy - update default_rules with new measure rules
Called on file .release to update the default rules with a complete new policy. Once updated, the policy is locked, no additional rules can be added to the policy.
Definition at line 261 of file ima_policy.c.
|
read |
|
read |
| int ima_appraise |
Definition at line 35 of file ima_main.c.
| char* ima_hash |
Definition at line 38 of file ima_main.c.
| struct ima_h_table ima_htable |
Definition at line 31 of file ima_queue.c.
| int ima_initialized |
Definition at line 30 of file ima_main.c.
| spinlock_t ima_queue_lock |
| int ima_used_chip |
Definition at line 25 of file ima_init.c.
1.8.2