Lines Matching defs:flags
25 /* flags definitions */
71 unsigned int flags;
103 {.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
104 {.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
105 {.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
106 {.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
107 {.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
108 {.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
109 {.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
110 {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
111 {.action = DONT_MEASURE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
113 .flags = IMA_FSMAGIC},
115 .flags = IMA_FSMAGIC},
116 {.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
117 {.action = DONT_MEASURE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC}
122 .flags = IMA_FUNC | IMA_MASK},
124 .flags = IMA_FUNC | IMA_MASK},
127 .flags = IMA_FUNC | IMA_MASK | IMA_UID},
128 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
129 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
134 .flags = IMA_FUNC | IMA_MASK},
136 .flags = IMA_FUNC | IMA_MASK},
139 .flags = IMA_FUNC | IMA_INMASK | IMA_EUID},
142 .flags = IMA_FUNC | IMA_INMASK | IMA_UID},
143 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
144 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
145 {.action = MEASURE, .func = POLICY_CHECK, .flags = IMA_FUNC},
149 {.action = DONT_APPRAISE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
150 {.action = DONT_APPRAISE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
151 {.action = DONT_APPRAISE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
152 {.action = DONT_APPRAISE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
153 {.action = DONT_APPRAISE, .fsmagic = RAMFS_MAGIC, .flags = IMA_FSMAGIC},
154 {.action = DONT_APPRAISE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
155 {.action = DONT_APPRAISE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
156 {.action = DONT_APPRAISE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
157 {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
158 {.action = DONT_APPRAISE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
159 {.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
160 {.action = DONT_APPRAISE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC},
161 {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC},
162 {.action = DONT_APPRAISE, .fsmagic = CGROUP2_SUPER_MAGIC, .flags = IMA_FSMAGIC},
165 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
169 .flags = IMA_FOWNER},
173 .flags = IMA_FOWNER | IMA_DIGSIG_REQUIRED},
180 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
184 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
188 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
192 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
198 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
200 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
202 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
204 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
465 if ((rule->flags & IMA_UID) && !rule->uid_op(cred->uid, rule->uid))
507 return (rule->flags & IMA_FUNC) && (rule->func == func) &&
510 if ((rule->flags & IMA_FUNC) &&
513 if ((rule->flags & IMA_MASK) &&
516 if ((rule->flags & IMA_INMASK) &&
519 if ((rule->flags & IMA_FSMAGIC)
522 if ((rule->flags & IMA_FSNAME)
525 if ((rule->flags & IMA_FSUUID) &&
528 if ((rule->flags & IMA_UID) && !rule->uid_op(cred->uid, rule->uid))
530 if (rule->flags & IMA_EUID) {
540 if ((rule->flags & IMA_FOWNER) &&
604 if (!(rule->flags & IMA_FUNC))
631 * @flags: IMA actions to consider (e.g. IMA_MEASURE | IMA_APPRAISE)
645 enum ima_hooks func, int mask, int flags, int *pcr,
650 int action = 0, actmask = flags | (flags << 1);
665 action |= entry->flags & IMA_ACTION_FLAGS;
681 if ((pcr) && (entry->flags & IMA_PCR))
832 * Based on runtime secure boot flags, insert arch specific measurement
1056 /* Ensure that the action is set and is compatible with the flags */
1060 if (entry->action != MEASURE && entry->flags & IMA_PCR)
1064 entry->flags & (IMA_DIGSIG_REQUIRED | IMA_MODSIG_ALLOWED | IMA_CHECK_BLACKLIST))
1073 if (((entry->flags & IMA_FUNC) && entry->func == NONE) ||
1074 (!(entry->flags & IMA_FUNC) && entry->func != NONE))
1090 if (entry->flags & ~(IMA_FUNC | IMA_MASK | IMA_FSMAGIC |
1101 if (entry->flags & ~(IMA_FUNC | IMA_MASK | IMA_FSMAGIC |
1114 if (entry->flags & ~(IMA_FUNC | IMA_FSMAGIC | IMA_UID |
1124 if (entry->flags & ~(IMA_FUNC | IMA_UID | IMA_PCR |
1136 /* Ensure that combinations of flags are compatible with each other */
1137 if (entry->flags & IMA_CHECK_BLACKLIST &&
1138 !(entry->flags & IMA_MODSIG_ALLOWED))
1266 entry->flags |= IMA_FUNC;
1289 entry->flags |= (*args[0].from == '^')
1302 entry->flags |= IMA_FSMAGIC;
1313 entry->flags |= IMA_FSNAME;
1331 entry->flags |= IMA_KEYRINGS;
1343 entry->flags |= IMA_FSUUID;
1376 entry->flags |= uid_token
1402 entry->flags |= IMA_FOWNER;
1444 entry->flags |= IMA_DIGSIG_REQUIRED;
1447 entry->flags |= IMA_DIGSIG_REQUIRED |
1456 entry->flags |= IMA_CHECK_BLACKLIST;
1461 entry->flags |= IMA_PERMIT_DIRECTIO;
1470 entry->flags |= IMA_PCR;
1506 if (!result && entry->flags & IMA_MODSIG_ALLOWED) {
1686 if (entry->flags & IMA_FUNC)
1689 if ((entry->flags & IMA_MASK) || (entry->flags & IMA_INMASK)) {
1690 if (entry->flags & IMA_MASK)
1703 if (entry->flags & IMA_FSMAGIC) {
1709 if (entry->flags & IMA_FSNAME) {
1715 if (entry->flags & IMA_KEYRINGS) {
1721 if (entry->flags & IMA_PCR) {
1727 if (entry->flags & IMA_FSUUID) {
1732 if (entry->flags & IMA_UID) {
1743 if (entry->flags & IMA_EUID) {
1754 if (entry->flags & IMA_FOWNER) {
1798 if (entry->flags & IMA_DIGSIG_REQUIRED) {
1799 if (entry->flags & IMA_MODSIG_ALLOWED)
1804 if (entry->flags & IMA_CHECK_BLACKLIST)
1806 if (entry->flags & IMA_PERMIT_DIRECTIO)
1852 if (entry->flags & IMA_DIGSIG_REQUIRED)