Lines Matching refs:iint
87 static int ima_fix_xattr(struct dentry *dentry, struct ima_iint_cache *iint)
90 u8 algo = iint->ima_hash->algo;
94 iint->ima_hash->xattr.sha1.type = IMA_XATTR_DIGEST;
97 iint->ima_hash->xattr.ng.type = IMA_XATTR_DIGEST_NG;
98 iint->ima_hash->xattr.ng.algo = algo;
101 &iint->ima_hash->xattr.data[offset],
102 (sizeof(iint->ima_hash->xattr) - offset) +
103 iint->ima_hash->length, 0);
108 enum integrity_status ima_get_cache_status(struct ima_iint_cache *iint,
114 return iint->ima_mmap_status;
116 return iint->ima_bprm_status;
118 return iint->ima_creds_status;
121 return iint->ima_file_status;
124 return iint->ima_read_status;
128 static void ima_set_cache_status(struct ima_iint_cache *iint,
135 iint->ima_mmap_status = status;
138 iint->ima_bprm_status = status;
141 iint->ima_creds_status = status;
145 iint->ima_file_status = status;
149 iint->ima_read_status = status;
154 static void ima_cache_flags(struct ima_iint_cache *iint, enum ima_hooks func)
159 iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED);
162 iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED);
165 iint->flags |= (IMA_CREDS_APPRAISED | IMA_APPRAISED);
169 iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED);
173 iint->flags |= (IMA_READ_APPRAISED | IMA_APPRAISED);
277 static int xattr_verify(enum ima_hooks func, struct ima_iint_cache *iint,
293 if (iint->flags & IMA_DIGSIG_REQUIRED) {
294 if (iint->flags & IMA_VERITY_REQUIRED)
301 clear_bit(IMA_DIGSIG, &iint->atomic_flags);
303 set_bit(IMA_DIGSIG, &iint->atomic_flags);
306 iint->ima_hash->length)
312 iint->ima_hash->digest,
313 iint->ima_hash->length);
324 set_bit(IMA_DIGSIG, &iint->atomic_flags);
327 if ((iint->flags & mask) == mask) {
342 iint->ima_hash->digest,
343 iint->ima_hash->length);
353 iint->ima_hash->digest,
354 iint->ima_hash->length);
363 set_bit(IMA_DIGSIG, &iint->atomic_flags);
365 if (iint->flags & IMA_DIGSIG_REQUIRED) {
366 if (!(iint->flags & IMA_VERITY_REQUIRED)) {
380 rc = calc_file_id_hash(IMA_VERITY_DIGSIG, iint->ima_hash->algo,
381 iint->ima_hash->digest,
446 int ima_check_blacklist(struct ima_iint_cache *iint,
454 if (!(iint->flags & IMA_CHECK_BLACKLIST))
457 if (iint->flags & IMA_MODSIG_ALLOWED && modsig) {
461 } else if (iint->flags & IMA_DIGSIG_REQUIRED && iint->ima_hash)
462 rc = is_binary_blacklisted(iint->ima_hash->digest, iint->ima_hash->length);
464 if ((rc == -EPERM) && (iint->flags & IMA_MEASURE))
480 int ima_appraise_measurement(enum ima_hooks func, struct ima_iint_cache *iint,
491 bool try_modsig = iint->flags & IMA_MODSIG_ALLOWED && modsig;
502 if (iint->flags & IMA_DIGSIG_REQUIRED) {
503 if (iint->flags & IMA_VERITY_REQUIRED)
513 iint->flags |= IMA_NEW_FILE;
514 if ((iint->flags & IMA_NEW_FILE) &&
515 (!(iint->flags & IMA_DIGSIG_REQUIRED) ||
537 set_bit(IMA_DIGSIG, &iint->atomic_flags);
548 rc = xattr_verify(func, iint, xattr_value, xattr_len, &status,
569 (iint->flags & IMA_FAIL_UNVERIFIABLE_SIGS))) {
579 if (!ima_fix_xattr(dentry, iint))
587 if (inode->i_size == 0 && iint->flags & IMA_NEW_FILE &&
588 test_bit(IMA_DIGSIG, &iint->atomic_flags)) {
595 ima_cache_flags(iint, func);
598 ima_set_cache_status(iint, func, status);
605 void ima_update_xattr(struct ima_iint_cache *iint, struct file *file)
611 if (test_bit(IMA_DIGSIG, &iint->atomic_flags))
614 if ((iint->ima_file_status != INTEGRITY_PASS) &&
615 !(iint->flags & IMA_HASH))
618 rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo, NULL);
623 ima_fix_xattr(dentry, iint);
642 struct ima_iint_cache *iint;
650 iint = ima_iint_find(inode);
651 if (iint) {
652 set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags);
654 clear_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
676 struct ima_iint_cache *iint;
681 iint = ima_iint_find(inode);
682 if (!iint)
684 iint->measured_pcrs = 0;
685 set_bit(IMA_CHANGE_XATTR, &iint->atomic_flags);
687 set_bit(IMA_DIGSIG, &iint->atomic_flags);
689 clear_bit(IMA_DIGSIG, &iint->atomic_flags);