Lines Matching refs:entry
252 static void ima_lsm_free_rule(struct ima_rule_entry *entry) in ima_lsm_free_rule() argument
257 kfree(entry->lsm[i].rule); in ima_lsm_free_rule()
258 kfree(entry->lsm[i].args_p); in ima_lsm_free_rule()
260 kfree(entry); in ima_lsm_free_rule()
263 static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) in ima_lsm_copy_rule() argument
276 memcpy(nentry, entry, sizeof(*nentry)); in ima_lsm_copy_rule()
280 if (!entry->lsm[i].rule) in ima_lsm_copy_rule()
283 nentry->lsm[i].type = entry->lsm[i].type; in ima_lsm_copy_rule()
284 nentry->lsm[i].args_p = kstrdup(entry->lsm[i].args_p, in ima_lsm_copy_rule()
295 entry->lsm[i].type); in ima_lsm_copy_rule()
304 static int ima_lsm_update_rule(struct ima_rule_entry *entry) in ima_lsm_update_rule() argument
308 nentry = ima_lsm_copy_rule(entry); in ima_lsm_update_rule()
312 list_replace_rcu(&entry->list, &nentry->list); in ima_lsm_update_rule()
314 ima_lsm_free_rule(entry); in ima_lsm_update_rule()
326 struct ima_rule_entry *entry, *e; in ima_lsm_update_rules() local
329 list_for_each_entry_safe(entry, e, &ima_policy_rules, list) { in ima_lsm_update_rules()
332 if (entry->lsm[i].rule) { in ima_lsm_update_rules()
340 result = ima_lsm_update_rule(entry); in ima_lsm_update_rules()
494 struct ima_rule_entry *entry; in ima_match_policy() local
501 list_for_each_entry_rcu(entry, ima_rules, list) { in ima_match_policy()
503 if (!(entry->action & actmask)) in ima_match_policy()
506 if (!ima_match_rules(entry, inode, cred, secid, func, mask)) in ima_match_policy()
509 action |= entry->flags & IMA_ACTION_FLAGS; in ima_match_policy()
511 action |= entry->action & IMA_DO_MASK; in ima_match_policy()
512 if (entry->action & IMA_APPRAISE) { in ima_match_policy()
513 action |= get_subaction(entry, func); in ima_match_policy()
520 if (entry->action & IMA_DO_MASK) in ima_match_policy()
521 actmask &= ~(entry->action | entry->action << 1); in ima_match_policy()
523 actmask &= ~(entry->action | entry->action >> 1); in ima_match_policy()
525 if ((pcr) && (entry->flags & IMA_PCR)) in ima_match_policy()
526 *pcr = entry->pcr; in ima_match_policy()
528 if (template_desc && entry->template) in ima_match_policy()
529 *template_desc = entry->template; in ima_match_policy()
547 struct ima_rule_entry *entry; in ima_update_policy_flag() local
549 list_for_each_entry(entry, ima_rules, list) { in ima_update_policy_flag()
550 if (entry->action & IMA_DO_MASK) in ima_update_policy_flag()
551 ima_policy_flag |= entry->action; in ima_update_policy_flag()
578 struct ima_rule_entry *entry; in add_rules() local
584 entry = kmemdup(&entries[i], sizeof(*entry), in add_rules()
586 if (!entry) in add_rules()
589 list_add_tail(&entry->list, &ima_policy_rules); in add_rules()
599 static int ima_parse_rule(char *rule, struct ima_rule_entry *entry);
807 static int ima_lsm_rule_init(struct ima_rule_entry *entry, in ima_lsm_rule_init() argument
812 if (entry->lsm[lsm_rule].rule) in ima_lsm_rule_init()
815 entry->lsm[lsm_rule].args_p = match_strdup(args); in ima_lsm_rule_init()
816 if (!entry->lsm[lsm_rule].args_p) in ima_lsm_rule_init()
819 entry->lsm[lsm_rule].type = audit_type; in ima_lsm_rule_init()
820 result = security_filter_rule_init(entry->lsm[lsm_rule].type, in ima_lsm_rule_init()
822 entry->lsm[lsm_rule].args_p, in ima_lsm_rule_init()
823 &entry->lsm[lsm_rule].rule); in ima_lsm_rule_init()
824 if (!entry->lsm[lsm_rule].rule) { in ima_lsm_rule_init()
825 kfree(entry->lsm[lsm_rule].args_p); in ima_lsm_rule_init()
883 static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) in ima_parse_rule() argument
895 entry->uid = INVALID_UID; in ima_parse_rule()
896 entry->fowner = INVALID_UID; in ima_parse_rule()
897 entry->uid_op = &uid_eq; in ima_parse_rule()
898 entry->fowner_op = &uid_eq; in ima_parse_rule()
899 entry->action = UNKNOWN; in ima_parse_rule()
914 if (entry->action != UNKNOWN) in ima_parse_rule()
917 entry->action = MEASURE; in ima_parse_rule()
922 if (entry->action != UNKNOWN) in ima_parse_rule()
925 entry->action = DONT_MEASURE; in ima_parse_rule()
930 if (entry->action != UNKNOWN) in ima_parse_rule()
933 entry->action = APPRAISE; in ima_parse_rule()
938 if (entry->action != UNKNOWN) in ima_parse_rule()
941 entry->action = DONT_APPRAISE; in ima_parse_rule()
946 if (entry->action != UNKNOWN) in ima_parse_rule()
949 entry->action = AUDIT; in ima_parse_rule()
954 if (entry->action != UNKNOWN) in ima_parse_rule()
957 entry->action = HASH; in ima_parse_rule()
962 if (entry->action != UNKNOWN) in ima_parse_rule()
965 entry->action = DONT_HASH; in ima_parse_rule()
970 if (entry->func) in ima_parse_rule()
974 entry->func = FILE_CHECK; in ima_parse_rule()
977 entry->func = FILE_CHECK; in ima_parse_rule()
979 entry->func = MODULE_CHECK; in ima_parse_rule()
981 entry->func = FIRMWARE_CHECK; in ima_parse_rule()
984 entry->func = MMAP_CHECK; in ima_parse_rule()
986 entry->func = BPRM_CHECK; in ima_parse_rule()
988 entry->func = CREDS_CHECK; in ima_parse_rule()
991 entry->func = KEXEC_KERNEL_CHECK; in ima_parse_rule()
994 entry->func = KEXEC_INITRAMFS_CHECK; in ima_parse_rule()
996 entry->func = POLICY_CHECK; in ima_parse_rule()
998 entry->func = KEXEC_CMDLINE; in ima_parse_rule()
1002 entry->flags |= IMA_FUNC; in ima_parse_rule()
1007 if (entry->mask) in ima_parse_rule()
1015 entry->mask = MAY_EXEC; in ima_parse_rule()
1017 entry->mask = MAY_WRITE; in ima_parse_rule()
1019 entry->mask = MAY_READ; in ima_parse_rule()
1021 entry->mask = MAY_APPEND; in ima_parse_rule()
1025 entry->flags |= (*args[0].from == '^') in ima_parse_rule()
1031 if (entry->fsmagic) { in ima_parse_rule()
1036 result = kstrtoul(args[0].from, 16, &entry->fsmagic); in ima_parse_rule()
1038 entry->flags |= IMA_FSMAGIC; in ima_parse_rule()
1043 entry->fsname = kstrdup(args[0].from, GFP_KERNEL); in ima_parse_rule()
1044 if (!entry->fsname) { in ima_parse_rule()
1049 entry->flags |= IMA_FSNAME; in ima_parse_rule()
1054 if (!uuid_is_null(&entry->fsuuid)) { in ima_parse_rule()
1059 result = uuid_parse(args[0].from, &entry->fsuuid); in ima_parse_rule()
1061 entry->flags |= IMA_FSUUID; in ima_parse_rule()
1065 entry->uid_op = &uid_gt; in ima_parse_rule()
1070 entry->uid_op = &uid_lt; in ima_parse_rule()
1079 args[0].from, entry->uid_op); in ima_parse_rule()
1081 if (uid_valid(entry->uid)) { in ima_parse_rule()
1088 entry->uid = make_kuid(current_user_ns(), in ima_parse_rule()
1090 if (!uid_valid(entry->uid) || in ima_parse_rule()
1094 entry->flags |= uid_token in ima_parse_rule()
1099 entry->fowner_op = &uid_gt; in ima_parse_rule()
1103 entry->fowner_op = &uid_lt; in ima_parse_rule()
1107 entry->fowner_op); in ima_parse_rule()
1109 if (uid_valid(entry->fowner)) { in ima_parse_rule()
1116 entry->fowner = make_kuid(current_user_ns(), (uid_t)lnum); in ima_parse_rule()
1117 if (!uid_valid(entry->fowner) || (((uid_t)lnum) != lnum)) in ima_parse_rule()
1120 entry->flags |= IMA_FOWNER; in ima_parse_rule()
1125 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1131 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1137 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1143 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1149 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1155 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1160 if (entry->action != APPRAISE) { in ima_parse_rule()
1167 entry->flags |= IMA_DIGSIG_REQUIRED; in ima_parse_rule()
1168 else if (ima_hook_supports_modsig(entry->func) && in ima_parse_rule()
1170 entry->flags |= IMA_DIGSIG_REQUIRED | in ima_parse_rule()
1176 entry->flags |= IMA_PERMIT_DIRECTIO; in ima_parse_rule()
1179 if (entry->action != MEASURE) { in ima_parse_rule()
1185 result = kstrtoint(args[0].from, 10, &entry->pcr); in ima_parse_rule()
1186 if (result || INVALID_PCR(entry->pcr)) in ima_parse_rule()
1189 entry->flags |= IMA_PCR; in ima_parse_rule()
1194 if (entry->action != MEASURE) { in ima_parse_rule()
1199 if (!template_desc || entry->template) { in ima_parse_rule()
1212 entry->template = template_desc; in ima_parse_rule()
1220 if (!result && (entry->action == UNKNOWN)) in ima_parse_rule()
1222 else if (entry->action == APPRAISE) in ima_parse_rule()
1223 temp_ima_appraise |= ima_appraise_flag(entry->func); in ima_parse_rule()
1225 if (!result && entry->flags & IMA_MODSIG_ALLOWED) { in ima_parse_rule()
1226 template_desc = entry->template ? entry->template : in ima_parse_rule()
1247 struct ima_rule_entry *entry; in ima_parse_add_rule() local
1258 entry = kzalloc(sizeof(*entry), GFP_KERNEL); in ima_parse_add_rule()
1259 if (!entry) { in ima_parse_add_rule()
1265 INIT_LIST_HEAD(&entry->list); in ima_parse_add_rule()
1267 result = ima_parse_rule(p, entry); in ima_parse_add_rule()
1269 kfree(entry); in ima_parse_add_rule()
1276 list_add_tail(&entry->list, &ima_temp_rules); in ima_parse_add_rule()
1289 struct ima_rule_entry *entry, *tmp; in ima_delete_rules() local
1293 list_for_each_entry_safe(entry, tmp, &ima_temp_rules, list) { in ima_delete_rules()
1295 kfree(entry->lsm[i].args_p); in ima_delete_rules()
1297 list_del(&entry->list); in ima_delete_rules()
1298 kfree(entry); in ima_delete_rules()
1323 struct ima_rule_entry *entry; in ima_policy_start() local
1326 list_for_each_entry_rcu(entry, ima_rules, list) { in ima_policy_start()
1329 return entry; in ima_policy_start()
1338 struct ima_rule_entry *entry = v; in ima_policy_next() local
1341 entry = list_entry_rcu(entry->list.next, struct ima_rule_entry, list); in ima_policy_next()
1345 return (&entry->list == ima_rules) ? NULL : entry; in ima_policy_next()
1368 struct ima_rule_entry *entry = v; in ima_policy_show() local
1375 if (entry->action & MEASURE) in ima_policy_show()
1377 if (entry->action & DONT_MEASURE) in ima_policy_show()
1379 if (entry->action & APPRAISE) in ima_policy_show()
1381 if (entry->action & DONT_APPRAISE) in ima_policy_show()
1383 if (entry->action & AUDIT) in ima_policy_show()
1385 if (entry->action & HASH) in ima_policy_show()
1387 if (entry->action & DONT_HASH) in ima_policy_show()
1392 if (entry->flags & IMA_FUNC) in ima_policy_show()
1393 policy_func_show(m, entry->func); in ima_policy_show()
1395 if ((entry->flags & IMA_MASK) || (entry->flags & IMA_INMASK)) { in ima_policy_show()
1396 if (entry->flags & IMA_MASK) in ima_policy_show()
1398 if (entry->mask & MAY_EXEC) in ima_policy_show()
1400 if (entry->mask & MAY_WRITE) in ima_policy_show()
1402 if (entry->mask & MAY_READ) in ima_policy_show()
1404 if (entry->mask & MAY_APPEND) in ima_policy_show()
1409 if (entry->flags & IMA_FSMAGIC) { in ima_policy_show()
1410 snprintf(tbuf, sizeof(tbuf), "0x%lx", entry->fsmagic); in ima_policy_show()
1415 if (entry->flags & IMA_FSNAME) { in ima_policy_show()
1416 snprintf(tbuf, sizeof(tbuf), "%s", entry->fsname); in ima_policy_show()
1421 if (entry->flags & IMA_PCR) { in ima_policy_show()
1422 snprintf(tbuf, sizeof(tbuf), "%d", entry->pcr); in ima_policy_show()
1427 if (entry->flags & IMA_FSUUID) { in ima_policy_show()
1428 seq_printf(m, "fsuuid=%pU", &entry->fsuuid); in ima_policy_show()
1432 if (entry->flags & IMA_UID) { in ima_policy_show()
1433 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid)); in ima_policy_show()
1434 if (entry->uid_op == &uid_gt) in ima_policy_show()
1436 else if (entry->uid_op == &uid_lt) in ima_policy_show()
1443 if (entry->flags & IMA_EUID) { in ima_policy_show()
1444 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid)); in ima_policy_show()
1445 if (entry->uid_op == &uid_gt) in ima_policy_show()
1447 else if (entry->uid_op == &uid_lt) in ima_policy_show()
1454 if (entry->flags & IMA_FOWNER) { in ima_policy_show()
1455 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->fowner)); in ima_policy_show()
1456 if (entry->fowner_op == &uid_gt) in ima_policy_show()
1458 else if (entry->fowner_op == &uid_lt) in ima_policy_show()
1466 if (entry->lsm[i].rule) { in ima_policy_show()
1470 (char *)entry->lsm[i].args_p); in ima_policy_show()
1474 (char *)entry->lsm[i].args_p); in ima_policy_show()
1478 (char *)entry->lsm[i].args_p); in ima_policy_show()
1482 (char *)entry->lsm[i].args_p); in ima_policy_show()
1486 (char *)entry->lsm[i].args_p); in ima_policy_show()
1490 (char *)entry->lsm[i].args_p); in ima_policy_show()
1495 if (entry->template) in ima_policy_show()
1496 seq_printf(m, "template=%s ", entry->template->name); in ima_policy_show()
1497 if (entry->flags & IMA_DIGSIG_REQUIRED) { in ima_policy_show()
1498 if (entry->flags & IMA_MODSIG_ALLOWED) in ima_policy_show()
1503 if (entry->flags & IMA_PERMIT_DIRECTIO) in ima_policy_show()
1520 struct ima_rule_entry *entry; in ima_appraise_signature() local
1530 list_for_each_entry_rcu(entry, ima_rules, list) { in ima_appraise_signature()
1531 if (entry->action != APPRAISE) in ima_appraise_signature()
1538 if (entry->func && entry->func != func) in ima_appraise_signature()
1545 if (entry->flags & IMA_DIGSIG_REQUIRED) in ima_appraise_signature()