Lines Matching full:entry
354 static void ima_lsm_free_rule(struct ima_rule_entry *entry) in ima_lsm_free_rule() argument
359 ima_filter_rule_free(entry->lsm[i].rule); in ima_lsm_free_rule()
360 kfree(entry->lsm[i].args_p); in ima_lsm_free_rule()
364 static void ima_free_rule(struct ima_rule_entry *entry) in ima_free_rule() argument
366 if (!entry) in ima_free_rule()
370 * entry->template->fields may be allocated in ima_parse_rule() but that in ima_free_rule()
374 kfree(entry->fsname); in ima_free_rule()
375 ima_free_rule_opt_list(entry->keyrings); in ima_free_rule()
376 ima_lsm_free_rule(entry); in ima_free_rule()
377 kfree(entry); in ima_free_rule()
380 static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) in ima_lsm_copy_rule() argument
389 nentry = kmemdup(entry, sizeof(*nentry), GFP_KERNEL); in ima_lsm_copy_rule()
396 if (!entry->lsm[i].args_p) in ima_lsm_copy_rule()
399 nentry->lsm[i].type = entry->lsm[i].type; in ima_lsm_copy_rule()
400 nentry->lsm[i].args_p = entry->lsm[i].args_p; in ima_lsm_copy_rule()
402 * Remove the reference from entry so that the associated in ima_lsm_copy_rule()
404 * ima_lsm_free_rule(entry). in ima_lsm_copy_rule()
406 entry->lsm[i].args_p = NULL; in ima_lsm_copy_rule()
418 static int ima_lsm_update_rule(struct ima_rule_entry *entry) in ima_lsm_update_rule() argument
422 nentry = ima_lsm_copy_rule(entry); in ima_lsm_update_rule()
426 list_replace_rcu(&entry->list, &nentry->list); in ima_lsm_update_rule()
430 * LSM references, from entry to nentry so we only want to free the LSM in ima_lsm_update_rule()
431 * references and the entry itself. All other memory references will now in ima_lsm_update_rule()
434 ima_lsm_free_rule(entry); in ima_lsm_update_rule()
435 kfree(entry); in ima_lsm_update_rule()
440 static bool ima_rule_contains_lsm_cond(struct ima_rule_entry *entry) in ima_rule_contains_lsm_cond() argument
445 if (entry->lsm[i].args_p) in ima_rule_contains_lsm_cond()
458 struct ima_rule_entry *entry, *e; in ima_lsm_update_rules() local
461 list_for_each_entry_safe(entry, e, &ima_policy_rules, list) { in ima_lsm_update_rules()
462 if (!ima_rule_contains_lsm_cond(entry)) in ima_lsm_update_rules()
465 result = ima_lsm_update_rule(entry); in ima_lsm_update_rules()
696 struct ima_rule_entry *entry; in ima_match_policy() local
705 list_for_each_entry_rcu(entry, ima_rules_tmp, list) { in ima_match_policy()
707 if (!(entry->action & actmask)) in ima_match_policy()
710 if (!ima_match_rules(entry, mnt_userns, inode, cred, secid, in ima_match_policy()
714 action |= entry->flags & IMA_NONACTION_FLAGS; in ima_match_policy()
716 action |= entry->action & IMA_DO_MASK; in ima_match_policy()
717 if (entry->action & IMA_APPRAISE) { in ima_match_policy()
718 action |= get_subaction(entry, func); in ima_match_policy()
724 entry->flags & IMA_VALIDATE_ALGOS) in ima_match_policy()
725 *allowed_algos = entry->allowed_algos; in ima_match_policy()
728 if (entry->action & IMA_DO_MASK) in ima_match_policy()
729 actmask &= ~(entry->action | entry->action << 1); in ima_match_policy()
731 actmask &= ~(entry->action | entry->action >> 1); in ima_match_policy()
733 if ((pcr) && (entry->flags & IMA_PCR)) in ima_match_policy()
734 *pcr = entry->pcr; in ima_match_policy()
736 if (template_desc && entry->template) in ima_match_policy()
737 *template_desc = entry->template; in ima_match_policy()
764 struct ima_rule_entry *entry; in ima_update_policy_flags() local
770 list_for_each_entry_rcu(entry, ima_rules_tmp, list) { in ima_update_policy_flags()
783 if (entry->func == SETXATTR_CHECK) { in ima_update_policy_flags()
785 0, entry->allowed_algos); in ima_update_policy_flags()
790 if (entry->action & IMA_DO_MASK) in ima_update_policy_flags()
791 new_policy_flag |= entry->action; in ima_update_policy_flags()
821 struct ima_rule_entry *entry; in add_rules() local
827 entry = kmemdup(&entries[i], sizeof(*entry), in add_rules()
829 if (!entry) in add_rules()
832 list_add_tail(&entry->list, &ima_policy_rules); in add_rules()
845 static int ima_parse_rule(char *rule, struct ima_rule_entry *entry);
1081 static int ima_lsm_rule_init(struct ima_rule_entry *entry, in ima_lsm_rule_init() argument
1086 if (entry->lsm[lsm_rule].rule) in ima_lsm_rule_init()
1089 entry->lsm[lsm_rule].args_p = match_strdup(args); in ima_lsm_rule_init()
1090 if (!entry->lsm[lsm_rule].args_p) in ima_lsm_rule_init()
1093 entry->lsm[lsm_rule].type = audit_type; in ima_lsm_rule_init()
1094 result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal, in ima_lsm_rule_init()
1095 entry->lsm[lsm_rule].args_p, in ima_lsm_rule_init()
1096 &entry->lsm[lsm_rule].rule); in ima_lsm_rule_init()
1097 if (!entry->lsm[lsm_rule].rule) { in ima_lsm_rule_init()
1099 entry->lsm[lsm_rule].args_p); in ima_lsm_rule_init()
1102 kfree(entry->lsm[lsm_rule].args_p); in ima_lsm_rule_init()
1103 entry->lsm[lsm_rule].args_p = NULL; in ima_lsm_rule_init()
1192 static bool ima_validate_rule(struct ima_rule_entry *entry) in ima_validate_rule() argument
1195 if (entry->action == UNKNOWN) in ima_validate_rule()
1198 if (entry->action != MEASURE && entry->flags & IMA_PCR) in ima_validate_rule()
1201 if (entry->action != APPRAISE && in ima_validate_rule()
1202 entry->flags & (IMA_DIGSIG_REQUIRED | IMA_MODSIG_ALLOWED | in ima_validate_rule()
1212 if (((entry->flags & IMA_FUNC) && entry->func == NONE) || in ima_validate_rule()
1213 (!(entry->flags & IMA_FUNC) && entry->func != NONE)) in ima_validate_rule()
1220 switch (entry->func) { in ima_validate_rule()
1229 if (entry->flags & ~(IMA_FUNC | IMA_MASK | IMA_FSMAGIC | in ima_validate_rule()
1242 if (entry->flags & ~(IMA_FUNC | IMA_MASK | IMA_FSMAGIC | in ima_validate_rule()
1253 if (entry->action & ~(MEASURE | DONT_MEASURE)) in ima_validate_rule()
1256 if (entry->flags & ~(IMA_FUNC | IMA_FSMAGIC | IMA_UID | in ima_validate_rule()
1264 if (entry->action & ~(MEASURE | DONT_MEASURE)) in ima_validate_rule()
1267 if (entry->flags & ~(IMA_FUNC | IMA_UID | IMA_GID | IMA_PCR | in ima_validate_rule()
1271 if (ima_rule_contains_lsm_cond(entry)) in ima_validate_rule()
1276 if (entry->action & ~(MEASURE | DONT_MEASURE)) in ima_validate_rule()
1279 if (entry->flags & ~(IMA_FUNC | IMA_UID | IMA_GID | IMA_PCR | in ima_validate_rule()
1283 if (ima_rule_contains_lsm_cond(entry)) in ima_validate_rule()
1289 if (entry->action != APPRAISE) in ima_validate_rule()
1293 if (!(entry->flags & IMA_VALIDATE_ALGOS)) in ima_validate_rule()
1300 if (entry->flags & ~(IMA_FUNC | IMA_VALIDATE_ALGOS)) in ima_validate_rule()
1309 if (entry->flags & IMA_CHECK_BLACKLIST && in ima_validate_rule()
1310 !(entry->flags & IMA_MODSIG_ALLOWED)) in ima_validate_rule()
1320 if (entry->action == APPRAISE && in ima_validate_rule()
1321 (entry->flags & IMA_VERITY_REQUIRED) && in ima_validate_rule()
1322 !(entry->flags & IMA_DIGSIG_REQUIRED)) in ima_validate_rule()
1356 static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) in ima_parse_rule() argument
1368 entry->uid = INVALID_UID; in ima_parse_rule()
1369 entry->gid = INVALID_GID; in ima_parse_rule()
1370 entry->fowner = INVALID_UID; in ima_parse_rule()
1371 entry->fgroup = INVALID_GID; in ima_parse_rule()
1372 entry->uid_op = &uid_eq; in ima_parse_rule()
1373 entry->gid_op = &gid_eq; in ima_parse_rule()
1374 entry->fowner_op = &uid_eq; in ima_parse_rule()
1375 entry->fgroup_op = &gid_eq; in ima_parse_rule()
1376 entry->action = UNKNOWN; in ima_parse_rule()
1391 if (entry->action != UNKNOWN) in ima_parse_rule()
1394 entry->action = MEASURE; in ima_parse_rule()
1399 if (entry->action != UNKNOWN) in ima_parse_rule()
1402 entry->action = DONT_MEASURE; in ima_parse_rule()
1407 if (entry->action != UNKNOWN) in ima_parse_rule()
1410 entry->action = APPRAISE; in ima_parse_rule()
1415 if (entry->action != UNKNOWN) in ima_parse_rule()
1418 entry->action = DONT_APPRAISE; in ima_parse_rule()
1423 if (entry->action != UNKNOWN) in ima_parse_rule()
1426 entry->action = AUDIT; in ima_parse_rule()
1431 if (entry->action != UNKNOWN) in ima_parse_rule()
1434 entry->action = HASH; in ima_parse_rule()
1439 if (entry->action != UNKNOWN) in ima_parse_rule()
1442 entry->action = DONT_HASH; in ima_parse_rule()
1447 if (entry->func) in ima_parse_rule()
1451 entry->func = FILE_CHECK; in ima_parse_rule()
1454 entry->func = FILE_CHECK; in ima_parse_rule()
1456 entry->func = MODULE_CHECK; in ima_parse_rule()
1458 entry->func = FIRMWARE_CHECK; in ima_parse_rule()
1461 entry->func = MMAP_CHECK; in ima_parse_rule()
1463 entry->func = BPRM_CHECK; in ima_parse_rule()
1465 entry->func = CREDS_CHECK; in ima_parse_rule()
1468 entry->func = KEXEC_KERNEL_CHECK; in ima_parse_rule()
1471 entry->func = KEXEC_INITRAMFS_CHECK; in ima_parse_rule()
1473 entry->func = POLICY_CHECK; in ima_parse_rule()
1475 entry->func = KEXEC_CMDLINE; in ima_parse_rule()
1478 entry->func = KEY_CHECK; in ima_parse_rule()
1480 entry->func = CRITICAL_DATA; in ima_parse_rule()
1482 entry->func = SETXATTR_CHECK; in ima_parse_rule()
1486 entry->flags |= IMA_FUNC; in ima_parse_rule()
1491 if (entry->mask) in ima_parse_rule()
1499 entry->mask = MAY_EXEC; in ima_parse_rule()
1501 entry->mask = MAY_WRITE; in ima_parse_rule()
1503 entry->mask = MAY_READ; in ima_parse_rule()
1505 entry->mask = MAY_APPEND; in ima_parse_rule()
1509 entry->flags |= (*args[0].from == '^') in ima_parse_rule()
1515 if (entry->fsmagic) { in ima_parse_rule()
1520 result = kstrtoul(args[0].from, 16, &entry->fsmagic); in ima_parse_rule()
1522 entry->flags |= IMA_FSMAGIC; in ima_parse_rule()
1527 entry->fsname = kstrdup(args[0].from, GFP_KERNEL); in ima_parse_rule()
1528 if (!entry->fsname) { in ima_parse_rule()
1533 entry->flags |= IMA_FSNAME; in ima_parse_rule()
1539 entry->keyrings) { in ima_parse_rule()
1544 entry->keyrings = ima_alloc_rule_opt_list(args); in ima_parse_rule()
1545 if (IS_ERR(entry->keyrings)) { in ima_parse_rule()
1546 result = PTR_ERR(entry->keyrings); in ima_parse_rule()
1547 entry->keyrings = NULL; in ima_parse_rule()
1551 entry->flags |= IMA_KEYRINGS; in ima_parse_rule()
1556 if (entry->label) { in ima_parse_rule()
1561 entry->label = ima_alloc_rule_opt_list(args); in ima_parse_rule()
1562 if (IS_ERR(entry->label)) { in ima_parse_rule()
1563 result = PTR_ERR(entry->label); in ima_parse_rule()
1564 entry->label = NULL; in ima_parse_rule()
1568 entry->flags |= IMA_LABEL; in ima_parse_rule()
1573 if (!uuid_is_null(&entry->fsuuid)) { in ima_parse_rule()
1578 result = uuid_parse(args[0].from, &entry->fsuuid); in ima_parse_rule()
1580 entry->flags |= IMA_FSUUID; in ima_parse_rule()
1584 entry->uid_op = &uid_gt; in ima_parse_rule()
1589 entry->uid_op = &uid_lt; in ima_parse_rule()
1600 if (uid_valid(entry->uid)) { in ima_parse_rule()
1607 entry->uid = make_kuid(current_user_ns(), in ima_parse_rule()
1609 if (!uid_valid(entry->uid) || in ima_parse_rule()
1613 entry->flags |= eid_token in ima_parse_rule()
1619 entry->gid_op = &gid_gt; in ima_parse_rule()
1624 entry->gid_op = &gid_lt; in ima_parse_rule()
1635 if (gid_valid(entry->gid)) { in ima_parse_rule()
1642 entry->gid = make_kgid(current_user_ns(), in ima_parse_rule()
1644 if (!gid_valid(entry->gid) || in ima_parse_rule()
1648 entry->flags |= eid_token in ima_parse_rule()
1653 entry->fowner_op = &uid_gt; in ima_parse_rule()
1657 entry->fowner_op = &uid_lt; in ima_parse_rule()
1662 if (uid_valid(entry->fowner)) { in ima_parse_rule()
1669 entry->fowner = make_kuid(current_user_ns(), in ima_parse_rule()
1671 if (!uid_valid(entry->fowner) || in ima_parse_rule()
1675 entry->flags |= IMA_FOWNER; in ima_parse_rule()
1679 entry->fgroup_op = &gid_gt; in ima_parse_rule()
1683 entry->fgroup_op = &gid_lt; in ima_parse_rule()
1688 if (gid_valid(entry->fgroup)) { in ima_parse_rule()
1695 entry->fgroup = make_kgid(current_user_ns(), in ima_parse_rule()
1697 if (!gid_valid(entry->fgroup) || in ima_parse_rule()
1701 entry->flags |= IMA_FGROUP; in ima_parse_rule()
1706 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1712 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1718 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1724 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1730 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1736 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1742 if (entry->flags & IMA_DIGSIG_REQUIRED) in ima_parse_rule()
1745 entry->flags |= IMA_VERITY_REQUIRED; in ima_parse_rule()
1753 if (entry->flags & IMA_VERITY_REQUIRED) in ima_parse_rule()
1756 entry->flags |= IMA_DIGSIG_REQUIRED; in ima_parse_rule()
1759 if (entry->flags & IMA_VERITY_REQUIRED) in ima_parse_rule()
1760 entry->flags |= IMA_DIGSIG_REQUIRED; in ima_parse_rule()
1765 if (entry->flags & IMA_VERITY_REQUIRED) in ima_parse_rule()
1768 entry->flags |= IMA_DIGSIG_REQUIRED | in ima_parse_rule()
1778 entry->flags |= IMA_CHECK_BLACKLIST; in ima_parse_rule()
1785 if (entry->allowed_algos) { in ima_parse_rule()
1790 entry->allowed_algos = in ima_parse_rule()
1793 if (!entry->allowed_algos) { in ima_parse_rule()
1798 entry->flags |= IMA_VALIDATE_ALGOS; in ima_parse_rule()
1802 entry->flags |= IMA_PERMIT_DIRECTIO; in ima_parse_rule()
1807 result = kstrtoint(args[0].from, 10, &entry->pcr); in ima_parse_rule()
1808 if (result || INVALID_PCR(entry->pcr)) in ima_parse_rule()
1811 entry->flags |= IMA_PCR; in ima_parse_rule()
1816 if (entry->action != MEASURE) { in ima_parse_rule()
1821 if (!template_desc || entry->template) { in ima_parse_rule()
1834 entry->template = template_desc; in ima_parse_rule()
1842 if (!result && !ima_validate_rule(entry)) in ima_parse_rule()
1844 else if (entry->action == APPRAISE) in ima_parse_rule()
1845 temp_ima_appraise |= ima_appraise_flag(entry->func); in ima_parse_rule()
1847 if (!result && entry->flags & IMA_MODSIG_ALLOWED) { in ima_parse_rule()
1848 template_desc = entry->template ? entry->template : in ima_parse_rule()
1854 if (!result && entry->action == MEASURE && in ima_parse_rule()
1855 entry->flags & IMA_VERITY_REQUIRED) { in ima_parse_rule()
1856 template_desc = entry->template ? entry->template : in ima_parse_rule()
1878 struct ima_rule_entry *entry; in ima_parse_add_rule() local
1889 entry = kzalloc(sizeof(*entry), GFP_KERNEL); in ima_parse_add_rule()
1890 if (!entry) { in ima_parse_add_rule()
1896 INIT_LIST_HEAD(&entry->list); in ima_parse_add_rule()
1898 result = ima_parse_rule(p, entry); in ima_parse_add_rule()
1900 ima_free_rule(entry); in ima_parse_add_rule()
1907 list_add_tail(&entry->list, &ima_temp_rules); in ima_parse_add_rule()
1920 struct ima_rule_entry *entry, *tmp; in ima_delete_rules() local
1923 list_for_each_entry_safe(entry, tmp, &ima_temp_rules, list) { in ima_delete_rules()
1924 list_del(&entry->list); in ima_delete_rules()
1925 ima_free_rule(entry); in ima_delete_rules()
1950 struct ima_rule_entry *entry; in ima_policy_start() local
1955 list_for_each_entry_rcu(entry, ima_rules_tmp, list) { in ima_policy_start()
1958 return entry; in ima_policy_start()
1967 struct ima_rule_entry *entry = v; in ima_policy_next() local
1970 entry = list_entry_rcu(entry->list.next, struct ima_rule_entry, list); in ima_policy_next()
1974 return (&entry->list == &ima_default_rules || in ima_policy_next()
1975 &entry->list == &ima_policy_rules) ? NULL : entry; in ima_policy_next()
2024 struct ima_rule_entry *entry = v; in ima_policy_show() local
2033 if (entry->lsm[i].args_p && !entry->lsm[i].rule) { in ima_policy_show()
2039 if (entry->action & MEASURE) in ima_policy_show()
2041 if (entry->action & DONT_MEASURE) in ima_policy_show()
2043 if (entry->action & APPRAISE) in ima_policy_show()
2045 if (entry->action & DONT_APPRAISE) in ima_policy_show()
2047 if (entry->action & AUDIT) in ima_policy_show()
2049 if (entry->action & HASH) in ima_policy_show()
2051 if (entry->action & DONT_HASH) in ima_policy_show()
2056 if (entry->flags & IMA_FUNC) in ima_policy_show()
2057 policy_func_show(m, entry->func); in ima_policy_show()
2059 if ((entry->flags & IMA_MASK) || (entry->flags & IMA_INMASK)) { in ima_policy_show()
2060 if (entry->flags & IMA_MASK) in ima_policy_show()
2062 if (entry->mask & MAY_EXEC) in ima_policy_show()
2064 if (entry->mask & MAY_WRITE) in ima_policy_show()
2066 if (entry->mask & MAY_READ) in ima_policy_show()
2068 if (entry->mask & MAY_APPEND) in ima_policy_show()
2073 if (entry->flags & IMA_FSMAGIC) { in ima_policy_show()
2074 snprintf(tbuf, sizeof(tbuf), "0x%lx", entry->fsmagic); in ima_policy_show()
2079 if (entry->flags & IMA_FSNAME) { in ima_policy_show()
2080 snprintf(tbuf, sizeof(tbuf), "%s", entry->fsname); in ima_policy_show()
2085 if (entry->flags & IMA_KEYRINGS) { in ima_policy_show()
2087 ima_show_rule_opt_list(m, entry->keyrings); in ima_policy_show()
2091 if (entry->flags & IMA_LABEL) { in ima_policy_show()
2093 ima_show_rule_opt_list(m, entry->label); in ima_policy_show()
2097 if (entry->flags & IMA_PCR) { in ima_policy_show()
2098 snprintf(tbuf, sizeof(tbuf), "%d", entry->pcr); in ima_policy_show()
2103 if (entry->flags & IMA_FSUUID) { in ima_policy_show()
2104 seq_printf(m, "fsuuid=%pU", &entry->fsuuid); in ima_policy_show()
2108 if (entry->flags & IMA_UID) { in ima_policy_show()
2109 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid)); in ima_policy_show()
2110 if (entry->uid_op == &uid_gt) in ima_policy_show()
2112 else if (entry->uid_op == &uid_lt) in ima_policy_show()
2119 if (entry->flags & IMA_EUID) { in ima_policy_show()
2120 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid)); in ima_policy_show()
2121 if (entry->uid_op == &uid_gt) in ima_policy_show()
2123 else if (entry->uid_op == &uid_lt) in ima_policy_show()
2130 if (entry->flags & IMA_GID) { in ima_policy_show()
2131 snprintf(tbuf, sizeof(tbuf), "%d", __kgid_val(entry->gid)); in ima_policy_show()
2132 if (entry->gid_op == &gid_gt) in ima_policy_show()
2134 else if (entry->gid_op == &gid_lt) in ima_policy_show()
2141 if (entry->flags & IMA_EGID) { in ima_policy_show()
2142 snprintf(tbuf, sizeof(tbuf), "%d", __kgid_val(entry->gid)); in ima_policy_show()
2143 if (entry->gid_op == &gid_gt) in ima_policy_show()
2145 else if (entry->gid_op == &gid_lt) in ima_policy_show()
2152 if (entry->flags & IMA_FOWNER) { in ima_policy_show()
2153 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->fowner)); in ima_policy_show()
2154 if (entry->fowner_op == &uid_gt) in ima_policy_show()
2156 else if (entry->fowner_op == &uid_lt) in ima_policy_show()
2163 if (entry->flags & IMA_FGROUP) { in ima_policy_show()
2164 snprintf(tbuf, sizeof(tbuf), "%d", __kgid_val(entry->fgroup)); in ima_policy_show()
2165 if (entry->fgroup_op == &gid_gt) in ima_policy_show()
2167 else if (entry->fgroup_op == &gid_lt) in ima_policy_show()
2174 if (entry->flags & IMA_VALIDATE_ALGOS) { in ima_policy_show()
2176 ima_policy_show_appraise_algos(m, entry->allowed_algos); in ima_policy_show()
2181 if (entry->lsm[i].rule) { in ima_policy_show()
2185 entry->lsm[i].args_p); in ima_policy_show()
2189 entry->lsm[i].args_p); in ima_policy_show()
2193 entry->lsm[i].args_p); in ima_policy_show()
2197 entry->lsm[i].args_p); in ima_policy_show()
2201 entry->lsm[i].args_p); in ima_policy_show()
2205 entry->lsm[i].args_p); in ima_policy_show()
2211 if (entry->template) in ima_policy_show()
2212 seq_printf(m, "template=%s ", entry->template->name); in ima_policy_show()
2213 if (entry->flags & IMA_DIGSIG_REQUIRED) { in ima_policy_show()
2214 if (entry->flags & IMA_VERITY_REQUIRED) in ima_policy_show()
2216 else if (entry->flags & IMA_MODSIG_ALLOWED) in ima_policy_show()
2221 if (entry->flags & IMA_VERITY_REQUIRED) in ima_policy_show()
2223 if (entry->flags & IMA_CHECK_BLACKLIST) in ima_policy_show()
2225 if (entry->flags & IMA_PERMIT_DIRECTIO) in ima_policy_show()
2242 struct ima_rule_entry *entry; in ima_appraise_signature() local
2258 list_for_each_entry_rcu(entry, ima_rules_tmp, list) { in ima_appraise_signature()
2259 if (entry->action != APPRAISE) in ima_appraise_signature()
2263 * A generic entry will match, but otherwise require that it in ima_appraise_signature()
2266 if (entry->func && entry->func != func) in ima_appraise_signature()
2273 if (entry->flags & IMA_DIGSIG_REQUIRED) in ima_appraise_signature()