ima_policy.c - OpenGrok cross reference for /kernel/linux/linux-5.10/security/integrity/ima/ima

Lines Matching refs:action
70 	int action;
93  * written in terms of .action, .func, .mask, .fsmagic, .uid, and .fowner
103 	{.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
104 	{.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
105 	{.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
106 	{.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
107 	{.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
108 	{.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
109 	{.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
110 	{.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
111 	{.action = DONT_MEASURE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
112 	{.action = DONT_MEASURE, .fsmagic = CGROUP_SUPER_MAGIC,
114 	{.action = DONT_MEASURE, .fsmagic = CGROUP2_SUPER_MAGIC,
116 	{.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
117 	{.action = DONT_MEASURE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC}
121 	{.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
123 	{.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
125 	{.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
128 	{.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
129 	{.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
133 	{.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
135 	{.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
137 	{.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
140 	{.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
143 	{.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
144 	{.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
145 	{.action = MEASURE, .func = POLICY_CHECK, .flags = IMA_FUNC},
149 	{.action = DONT_APPRAISE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
150 	{.action = DONT_APPRAISE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
151 	{.action = DONT_APPRAISE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
152 	{.action = DONT_APPRAISE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
153 	{.action = DONT_APPRAISE, .fsmagic = RAMFS_MAGIC, .flags = IMA_FSMAGIC},
154 	{.action = DONT_APPRAISE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
155 	{.action = DONT_APPRAISE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
156 	{.action = DONT_APPRAISE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
157 	{.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
158 	{.action = DONT_APPRAISE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
159 	{.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
160 	{.action = DONT_APPRAISE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC},
161 	{.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC},
162 	{.action = DONT_APPRAISE, .fsmagic = CGROUP2_SUPER_MAGIC, .flags = IMA_FSMAGIC},
164 	{.action = APPRAISE, .func = POLICY_CHECK,
168 	{.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq,
172 	{.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq,
179 	{.action = APPRAISE, .func = MODULE_CHECK,
183 	{.action = APPRAISE, .func = FIRMWARE_CHECK,
187 	{.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
191 	{.action = APPRAISE, .func = POLICY_CHECK,
197 	{.action = APPRAISE, .func = MODULE_CHECK,
199 	{.action = APPRAISE, .func = FIRMWARE_CHECK,
201 	{.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
203 	{.action = APPRAISE, .func = POLICY_CHECK,
491  * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
630  * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
650 	int action = 0, actmask = flags | (flags << 1);
658 		if (!(entry->action & actmask))
665 		action |= entry->flags & IMA_ACTION_FLAGS;
667 		action |= entry->action & IMA_DO_MASK;
668 		if (entry->action & IMA_APPRAISE) {
669 			action |= get_subaction(entry, func);
670 			action &= ~IMA_HASH;
672 				action |= IMA_FAIL_UNVERIFIABLE_SIGS;
676 		if (entry->action & IMA_DO_MASK)
677 			actmask &= ~(entry->action | entry->action << 1);
679 			actmask &= ~(entry->action | entry->action >> 1);
692 	return action;
706 		if (entry->action & IMA_DO_MASK)
707 			ima_policy_flag |= entry->action;
747 		if (entries[i].action == APPRAISE) {
1056 	/* Ensure that the action is set and is compatible with the flags */
1057 	if (entry->action == UNKNOWN)
1060 	if (entry->action != MEASURE && entry->flags & IMA_PCR)
1063 	if (entry->action != APPRAISE &&
1111 		if (entry->action & ~(MEASURE | DONT_MEASURE))
1121 		if (entry->action & ~(MEASURE | DONT_MEASURE))
1160 	entry->action = UNKNOWN;
1173 			ima_log_string(ab, "action", "measure");
1175 			if (entry->action != UNKNOWN)
1178 			entry->action = MEASURE;
1181 			ima_log_string(ab, "action", "dont_measure");
1183 			if (entry->action != UNKNOWN)
1186 			entry->action = DONT_MEASURE;
1189 			ima_log_string(ab, "action", "appraise");
1191 			if (entry->action != UNKNOWN)
1194 			entry->action = APPRAISE;
1197 			ima_log_string(ab, "action", "dont_appraise");
1199 			if (entry->action != UNKNOWN)
1202 			entry->action = DONT_APPRAISE;
1205 			ima_log_string(ab, "action", "audit");
1207 			if (entry->action != UNKNOWN)
1210 			entry->action = AUDIT;
1213 			ima_log_string(ab, "action", "hash");
1215 			if (entry->action != UNKNOWN)
1218 			entry->action = HASH;
1221 			ima_log_string(ab, "action", "dont_hash");
1223 			if (entry->action != UNKNOWN)
1226 			entry->action = DONT_HASH;
1475 			if (entry->action != MEASURE) {
1503 	else if (entry->action == APPRAISE)
1669 	if (entry->action & MEASURE)
1671 	if (entry->action & DONT_MEASURE)
1673 	if (entry->action & APPRAISE)
1675 	if (entry->action & DONT_APPRAISE)
1677 	if (entry->action & AUDIT)
1679 	if (entry->action & HASH)
1681 	if (entry->action & DONT_HASH)
1838 		if (entry->action != APPRAISE)