xref: /kernel/linux/linux-5.10/security/integrity/ima/ima_main.c

112 				     struct integrity_iint_cache *iint,
124 			if (!iint)
125 				iint = integrity_iint_find(inode);
127 			if (iint && test_bit(IMA_MUST_MEASURE,
128 						&iint->atomic_flags))
133 			set_bit(IMA_MUST_MEASURE, &iint->atomic_flags);
144 		ima_add_violation(file, *pathname, iint,
147 		ima_add_violation(file, *pathname, iint,
151 static void ima_check_last_writer(struct integrity_iint_cache *iint,
160 	mutex_lock(&iint->mutex);
163 					    &iint->atomic_flags);
165 		    !inode_eq_iversion(inode, iint->version) ||
166 		    (iint->flags & IMA_NEW_FILE)) {
167 			iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE);
168 			iint->measured_pcrs = 0;
170 				ima_update_xattr(iint, file);
173 	mutex_unlock(&iint->mutex);
185 	struct integrity_iint_cache *iint;
190 	iint = integrity_iint_find(inode);
191 	if (!iint)
194 	ima_check_last_writer(iint, inode, file);
202 	struct integrity_iint_cache *iint = NULL;
238 		iint = integrity_inode_get(inode);
239 		if (!iint)
244 		ima_rdwr_violation_check(file, iint, action & IMA_MEASURE,
254 	mutex_lock(&iint->mutex);
256 	if (test_and_clear_bit(IMA_CHANGE_ATTR, &iint->atomic_flags))
258 		iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED |
267 	if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags) ||
271 		iint->flags &= ~IMA_DONE_MASK;
272 		iint->measured_pcrs = 0;
278 	    (action & IMA_DO_MASK) && (iint->flags & IMA_DONE_MASK)) {
280 		    backing_inode->i_sb->s_dev != iint->real_dev ||
281 		    backing_inode->i_ino != iint->real_ino ||
282 		    !inode_eq_iversion(backing_inode, iint->version)) {
283 			iint->flags &= ~IMA_DONE_MASK;
284 			iint->measured_pcrs = 0;
292 	iint->flags |= action;
294 	action &= ~((iint->flags & (IMA_DONE_MASK ^ IMA_MEASURED)) >> 1);
297 	if ((action & IMA_MEASURE) && (iint->measured_pcrs & (0x1 << pcr)))
302 	    !(test_bit(IMA_DIGSIG, &iint->atomic_flags))) {
306 			set_bit(IMA_DIGSIG, &iint->atomic_flags);
307 		iint->flags |= IMA_HASHED;
309 		set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
318 				rc = ima_get_cache_status(iint, func);
333 		if (iint->flags & IMA_MODSIG_ALLOWED) {
337 			    iint->flags & IMA_MEASURED)
344 	rc = ima_collect_measurement(iint, file, buf, size, hash_algo, modsig);
352 		ima_store_measurement(iint, file, pathname,
356 		rc = ima_check_blacklist(iint, modsig, pcr);
359 			rc = ima_appraise_measurement(func, iint, file,
369 		ima_audit_measurement(iint, pathname);
371 	if ((file->f_flags & O_DIRECT) && (iint->flags & IMA_PERMIT_DIRECTIO))
374 	if ((mask & MAY_WRITE) && test_bit(IMA_DIGSIG, &iint->atomic_flags) &&
375 	     !(iint->flags & IMA_NEW_FILE))
377 	mutex_unlock(&iint->mutex);
387 			set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
523  * is in the iint cache.
542 	struct integrity_iint_cache *iint;
552 	iint = integrity_iint_find(inode);
553 	if (!iint)
556 	mutex_lock(&iint->mutex);
562 	if (!iint->ima_hash) {
563 		mutex_unlock(&iint->mutex);
570 		copied_size = min_t(size_t, iint->ima_hash->length, buf_size);
571 		memcpy(buf, iint->ima_hash->digest, copied_size);
573 	hash_algo = iint->ima_hash->algo;
574 	mutex_unlock(&iint->mutex);
590 	struct integrity_iint_cache *iint;
598 	iint = integrity_inode_get(inode);
599 	if (!iint)
603 	set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
604 	iint->ima_file_status = INTEGRITY_PASS;
616 	struct integrity_iint_cache *iint;
625 	iint = integrity_inode_get(inode);
626 	if (!iint)
630 	iint->flags |= IMA_NEW_FILE;
818 	struct integrity_iint_cache iint = {};
819 	struct ima_event_data event_data = {.iint = &iint,
866 	iint.ima_hash = &hash.hdr;
867 	iint.ima_hash->algo = ima_hash_algo;
868 	iint.ima_hash->length = hash_digest_size[ima_hash_algo];
870 	ret = ima_calc_buffer_hash(buf, size, iint.ima_hash);

Indexes created Thu Nov 07 10:32:03 CST 2024