Lines Matching refs:iint
88 struct integrity_iint_cache *iint)
91 u8 algo = iint->ima_hash->algo;
95 iint->ima_hash->xattr.sha1.type = IMA_XATTR_DIGEST;
98 iint->ima_hash->xattr.ng.type = IMA_XATTR_DIGEST_NG;
99 iint->ima_hash->xattr.ng.algo = algo;
102 &iint->ima_hash->xattr.data[offset],
103 (sizeof(iint->ima_hash->xattr) - offset) +
104 iint->ima_hash->length, 0);
109 enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
115 return iint->ima_mmap_status;
117 return iint->ima_bprm_status;
119 return iint->ima_creds_status;
122 return iint->ima_file_status;
125 return iint->ima_read_status;
129 static void ima_set_cache_status(struct integrity_iint_cache *iint,
136 iint->ima_mmap_status = status;
139 iint->ima_bprm_status = status;
142 iint->ima_creds_status = status;
146 iint->ima_file_status = status;
150 iint->ima_read_status = status;
155 static void ima_cache_flags(struct integrity_iint_cache *iint,
161 iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED);
164 iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED);
167 iint->flags |= (IMA_CREDS_APPRAISED | IMA_APPRAISED);
171 iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED);
175 iint->flags |= (IMA_READ_APPRAISED | IMA_APPRAISED);
279 static int xattr_verify(enum ima_hooks func, struct integrity_iint_cache *iint,
295 if (iint->flags & IMA_DIGSIG_REQUIRED) {
296 if (iint->flags & IMA_VERITY_REQUIRED)
303 clear_bit(IMA_DIGSIG, &iint->atomic_flags);
305 set_bit(IMA_DIGSIG, &iint->atomic_flags);
308 iint->ima_hash->length)
314 iint->ima_hash->digest,
315 iint->ima_hash->length);
326 set_bit(IMA_DIGSIG, &iint->atomic_flags);
329 if ((iint->flags & mask) == mask) {
344 iint->ima_hash->digest,
345 iint->ima_hash->length);
355 iint->ima_hash->digest,
356 iint->ima_hash->length);
365 set_bit(IMA_DIGSIG, &iint->atomic_flags);
367 if (iint->flags & IMA_DIGSIG_REQUIRED) {
368 if (!(iint->flags & IMA_VERITY_REQUIRED)) {
382 rc = calc_file_id_hash(IMA_VERITY_DIGSIG, iint->ima_hash->algo,
383 iint->ima_hash->digest, &hash.hdr);
446 int ima_check_blacklist(struct integrity_iint_cache *iint,
454 if (!(iint->flags & IMA_CHECK_BLACKLIST))
457 if (iint->flags & IMA_MODSIG_ALLOWED && modsig) {
461 } else if (iint->flags & IMA_DIGSIG_REQUIRED && iint->ima_hash)
462 rc = is_binary_blacklisted(iint->ima_hash->digest, iint->ima_hash->length);
464 if ((rc == -EPERM) && (iint->flags & IMA_MEASURE))
481 struct integrity_iint_cache *iint,
492 bool try_modsig = iint->flags & IMA_MODSIG_ALLOWED && modsig;
503 if (iint->flags & IMA_DIGSIG_REQUIRED) {
504 if (iint->flags & IMA_VERITY_REQUIRED)
514 iint->flags |= IMA_NEW_FILE;
515 if ((iint->flags & IMA_NEW_FILE) &&
516 (!(iint->flags & IMA_DIGSIG_REQUIRED) ||
523 rc < 0 ? 0 : rc, iint);
538 set_bit(IMA_DIGSIG, &iint->atomic_flags);
549 rc = xattr_verify(func, iint, xattr_value, xattr_len, &status,
570 (iint->flags & IMA_FAIL_UNVERIFIABLE_SIGS))) {
580 if (!ima_fix_xattr(dentry, iint))
588 if (inode->i_size == 0 && iint->flags & IMA_NEW_FILE &&
589 test_bit(IMA_DIGSIG, &iint->atomic_flags)) {
596 ima_cache_flags(iint, func);
599 ima_set_cache_status(iint, func, status);
606 void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file)
612 if (test_bit(IMA_DIGSIG, &iint->atomic_flags))
615 if ((iint->ima_file_status != INTEGRITY_PASS) &&
616 !(iint->flags & IMA_HASH))
619 rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo, NULL);
624 ima_fix_xattr(dentry, iint);
642 struct integrity_iint_cache *iint;
650 iint = integrity_iint_find(inode);
651 if (iint) {
652 set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags);
654 clear_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
676 struct integrity_iint_cache *iint;
681 iint = integrity_iint_find(inode);
682 if (!iint)
684 iint->measured_pcrs = 0;
685 set_bit(IMA_CHANGE_XATTR, &iint->atomic_flags);
687 set_bit(IMA_DIGSIG, &iint->atomic_flags);
689 clear_bit(IMA_DIGSIG, &iint->atomic_flags);