Lines Matching full:file
13 * File: ima_main.c
19 #include <linux/file.h>
83 /* Prevent mmap'ing a file execute that is already mmap'ed write */
84 static int mmap_violation_check(enum ima_hooks func, struct file *file, in mmap_violation_check() argument
92 mapping_writably_mapped(file->f_mapping)) { in mmap_violation_check()
94 inode = file_inode(file); in mmap_violation_check()
97 *pathname = ima_d_path(&file->f_path, pathbuf, in mmap_violation_check()
109 * - Opening a file for write when already open for read,
111 * - Opening a file for read when already open for write,
112 * could result in a file measurement error.
115 static void ima_rdwr_violation_check(struct file *file, in ima_rdwr_violation_check() argument
122 struct inode *inode = file_inode(file); in ima_rdwr_violation_check()
123 fmode_t mode = file->f_mode; in ima_rdwr_violation_check()
145 *pathname = ima_d_path(&file->f_path, pathbuf, filename); in ima_rdwr_violation_check()
148 ima_add_violation(file, *pathname, iint, in ima_rdwr_violation_check()
151 ima_add_violation(file, *pathname, iint, in ima_rdwr_violation_check()
156 struct inode *inode, struct file *file) in ima_check_last_writer() argument
158 fmode_t mode = file->f_mode; in ima_check_last_writer()
171 vfs_getattr_nosec(&file->f_path, &stat, in ima_check_last_writer()
179 ima_update_xattr(iint, file); in ima_check_last_writer()
187 * @file: pointer to file structure being freed
191 void ima_file_free(struct file *file) in ima_file_free() argument
193 struct inode *inode = file_inode(file); in ima_file_free()
203 ima_check_last_writer(iint, inode, file); in ima_file_free()
206 static int process_measurement(struct file *file, const struct cred *cred, in process_measurement() argument
210 struct inode *inode = file_inode(file); in process_measurement()
232 action = ima_get_action(file_mnt_idmap(file), inode, cred, secid, in process_measurement()
256 ima_rdwr_violation_check(file, iint, action & IMA_MEASURE, in process_measurement()
275 * Re-evaulate the file if either the xattr has changed or the in process_measurement()
276 * kernel has no way of detecting file change on the filesystem. in process_measurement()
302 xattr_len = ima_read_xattr(file_dentry(file), in process_measurement()
315 rc = mmap_violation_check(func, file, &pathbuf, in process_measurement()
326 xattr_len = ima_read_xattr(file_dentry(file), in process_measurement()
332 * template format and whether the file was already measured. in process_measurement()
345 rc = ima_collect_measurement(iint, file, buf, size, hash_algo, modsig); in process_measurement()
350 pathname = ima_d_path(&file->f_path, &pathbuf, filename); in process_measurement()
353 ima_store_measurement(iint, file, pathname, in process_measurement()
360 rc = ima_appraise_measurement(func, iint, file, in process_measurement()
366 rc = mmap_violation_check(func, file, &pathbuf, in process_measurement()
372 if ((file->f_flags & O_DIRECT) && (iint->flags & IMA_PERMIT_DIRECTIO)) in process_measurement()
380 integrity_audit_msg(AUDIT_INTEGRITY_DATA, file_inode(file), in process_measurement()
397 if (file->f_mode & FMODE_WRITE) in process_measurement()
405 * @file: pointer to the file to be measured (May be NULL)
413 * On success return 0. On integrity appraisal error, assuming the file
416 int ima_file_mmap(struct file *file, unsigned long reqprot, in ima_file_mmap() argument
422 if (!file) in ima_file_mmap()
428 ret = process_measurement(file, current_cred(), secid, NULL, in ima_file_mmap()
435 return process_measurement(file, current_cred(), secid, NULL, in ima_file_mmap()
457 struct file *file; in ima_file_mprotect() local
467 /* Is mprotect making an mmap'ed file executable? */ in ima_file_mprotect()
482 /* Is the mmap'ed file in policy? */ in ima_file_mprotect()
489 file = vma->vm_file; in ima_file_mprotect()
490 pathname = ima_d_path(&file->f_path, &pathbuf, filename); in ima_file_mprotect()
503 * The OS protects against an executable file, already open for write,
504 * from being executed in deny_write_access() and an executable file,
509 * On success return 0. On integrity appraisal error, assuming the file
518 ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, in ima_bprm_check()
524 return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, in ima_bprm_check()
530 * @file: pointer to the file to be measured
535 * On success return 0. On integrity appraisal error, assuming the file
538 int ima_file_check(struct file *file, int mask) in ima_file_check() argument
543 return process_measurement(file, current_cred(), secid, NULL, 0, in ima_file_check()
549 static int __ima_inode_hash(struct inode *inode, struct file *file, char *buf, in __ima_inode_hash() argument
561 if ((!iint || !(iint->flags & IMA_COLLECTED)) && file) { in __ima_inode_hash()
569 rc = ima_collect_measurement(&tmp_iint, file, NULL, 0, in __ima_inode_hash()
611 * ima_file_hash - return a measurement of the file
612 * @file: pointer to the file
621 * The file hash returned is based on the entire file, including the appended
627 int ima_file_hash(struct file *file, char *buf, size_t buf_size) in ima_file_hash() argument
629 if (!file) in ima_file_hash()
632 return __ima_inode_hash(file_inode(file), file, buf, buf_size); in ima_file_hash()
702 * file data can be written later.
730 * @file: pointer to the file to be measured/appraised/audit
734 * Permit reading a file based on policy. The policy rules are written
736 * a file requires a file descriptor.
740 int ima_read_file(struct file *file, enum kernel_read_file_id read_id, in ima_read_file() argument
762 /* Read entire file for all partial reads. */ in ima_read_file()
765 return process_measurement(file, current_cred(), secid, NULL, in ima_read_file()
779 * @file: pointer to the file to be measured/appraised/audit
780 * @buf: pointer to in memory file contents
781 * @size: size of in memory file contents
784 * Measure/appraise/audit in memory file based on policy. Policy rules
787 * On success return 0. On integrity appraisal error, assuming the file
790 int ima_post_read_file(struct file *file, void *buf, loff_t size, in ima_post_read_file() argument
797 if (!file && read_id == READING_X509_CERTIFICATE) in ima_post_read_file()
800 if (!file || !buf || size == 0) { /* should never happen */ in ima_post_read_file()
808 return process_measurement(file, current_cred(), secid, buf, size, in ima_post_read_file()
819 * data provided by userspace. Enforce policy rules requiring a file
835 …pr_err("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load… in ima_load_data()
840 …pr_err("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load… in ima_load_data()
855 …pr_err("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter mi… in ima_load_data()
867 * @buf: pointer to in memory file contents
868 * @size: size of in memory file contents
875 * On success return 0. On integrity appraisal error, assuming the file
1021 * @kernel_fd: file descriptor of the kexec kernel being loaded
1035 if (!f.file) in ima_kexec_cmdline()
1038 process_buffer_measurement(file_mnt_idmap(f.file), file_inode(f.file), in ima_kexec_cmdline()