函数逻辑报告 |
Source Code:security\integrity\ima\ima_main.c |
Create Date:2022-07-27 21:59:33 |
| Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
| 首页 | 函数Tree |
| 注解内核,赢得工具 | 下载SCCT | English |
函数名称:process_measurement
函数原型:static int process_measurement(struct file *file, const struct cred *cred, unsigned int secid, char *buf, loff_t size, int mask, enum ima_hooks func)
返回类型:int
参数:
| 类型 | 参数 | 名称 |
|---|---|---|
| struct file * | file | |
| const struct cred * | cred | |
| unsigned int | secid | |
| char * | buf | |
| loff_t | size | |
| int | mask | |
| enum ima_hooks | func |
| 196 | inode等于file_inode(file) |
| 197 | struct integrity_iint_cache * iint = NULL |
| 198 | struct ima_template_desc * template_desc = NULL |
| 199 | char * pathbuf = NULL |
| 201 | const char * pathname = NULL |
| 202 | rc等于0, must_appraise等于0 |
| 204 | struct evm_ima_xattr_data * xattr_value = NULL |
| 206 | xattr_len等于0 |
| 210 | 如果非current content of the policy 或非S_ISREG(i_mode)则返回:0 |
| 219 | violation_check等于func恒等于FILE_CHECK或func恒等于MMAP_CHECK的值且current content of the policy 按位与 action cache flags |
| 221 | 如果非action且非violation_check则返回:0 |
| 224 | must_appraise等于action按位与IMA_APPRAISE |
| 227 | 如果action按位与 subaction appraise cache flags 则func等于FILE_CHECK |
| 230 | inode_lock(inode) |
| 232 | 如果action则 |
| 242 | inode_unlock(inode) |
| 266 | flags与等于IMA_DONE_MASK的反 |
| 267 | measured_pcrs等于0 |
| 275 | action与等于IMA_DO_MASK |
| 276 | action与等于flags按位与IMA_DONE_MASK按位异或IMA_MEASURED的值的值右移1位的值的反 |
| 279 | 如果action按位与 action cache flags 且measured_pcrs按位与0x1左移pcr位则action异或等于 action cache flags |
| 285 | xattr_len等于ima_read_xattr(file_dentry(file), & xattr_value) |
| 286 | 如果xattr_value且xattr_len大于2且type恒等于EVM_IMA_XATTR_DIGSIG则设置内存位 |
| 289 | flags或等于IMA_HASHED |
| 291 | 设置内存位 |
| 295 | 如果非action则 |
| 305 | 如果action按位与IMA_APPRAISE_SUBMASK或字符串比较不等于0则 |
| 333 | 如果action按位与 action cache flags 则ma_store_measurement - store file measurement* Create an "ima" template and then store the template by calling* ima_store_template |
| 337 | 如果rc恒等于0且action按位与IMA_APPRAISE_SUBMASK则 |
| 338 | rc等于ma_check_blacklist - determine if the binary is blacklisted.* Add the hash of the blacklisted binary to the measurement list, based* on policy.* Returns -EPERM if the hash is blacklisted. |
| 350 | 如果action按位与IMA_AUDIT则ima_audit_measurement(iint, pathname) |
| 353 | 如果f_flags按位与O_DIRECT且flags按位与IMA_PERMIT_DIRECTIO则rc等于0 |
| 355 | out_locked : |
| 356 | 如果mask按位与MAY_WRITE且st_bit - Determine whether a bit is set*@nr: bit number to test*@addr: Address to start counting from且非flags按位与IMA_NEW_FILE的值则rc等于负EACCES |
| 360 | 释放内存 |
| 361 | ima_free_modsig(modsig) |
| 362 | out : |
| 365 | 如果must_appraise则 |
| 366 | 如果rc且ima_appraise按位与Appraise integrity measurements 则返回:负EACCES |
| 368 | 如果f_mode按位与le is open for writing 则设置内存位 |
| 371 | 返回:0 |
| 名称 | 描述 |
|---|---|
| ima_file_mmap | ma_file_mmap - based on policy, collect/store measurement.*@file: pointer to the file to be measured (May be NULL)*@prot: contains the protection that will be applied by the kernel.* Measure files being mmapped executable based on the ima_must_measure() |
| ima_bprm_check | ma_bprm_check - based on policy, collect/store measurement.*@bprm: contains the linux_binprm structure* The OS protects against an executable file, already open for write,* from being executed in deny_write_access() and an executable file, |
| ima_file_check | ma_path_check - based on policy, collect/store measurement.*@file: pointer to the file to be measured*@mask: contains MAY_READ, MAY_WRITE, MAY_EXEC or MAY_APPEND* Measure files based on the ima_must_measure() policy decision.* On success return 0 |
| ima_post_read_file | ma_post_read_file - in memory collect/appraise/audit measurement*@file: pointer to the file to be measured/appraised/audit*@buf: pointer to in memory file contents*@size: size of in memory file contents*@read_id: caller identifier |
| 源代码转换工具 开放的插件接口 | X |
|---|---|
| 支持:c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现:逻辑报告 代码生成和批量转换代码 |