Lines Matching refs:action
100 int action;
137 * written in terms of .action, .func, .mask, .fsmagic, .uid, .gid,
148 {.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
149 {.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
150 {.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
151 {.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
152 {.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
153 {.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
154 {.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
155 {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
156 {.action = DONT_MEASURE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
157 {.action = DONT_MEASURE, .fsmagic = CGROUP_SUPER_MAGIC,
159 {.action = DONT_MEASURE, .fsmagic = CGROUP2_SUPER_MAGIC,
161 {.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
162 {.action = DONT_MEASURE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC}
166 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
168 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
170 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
173 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
174 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
178 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
180 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
182 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
185 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
188 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
189 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
190 {.action = MEASURE, .func = POLICY_CHECK, .flags = IMA_FUNC},
194 {.action = DONT_APPRAISE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
195 {.action = DONT_APPRAISE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
196 {.action = DONT_APPRAISE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
197 {.action = DONT_APPRAISE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
198 {.action = DONT_APPRAISE, .fsmagic = RAMFS_MAGIC, .flags = IMA_FSMAGIC},
199 {.action = DONT_APPRAISE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
200 {.action = DONT_APPRAISE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
201 {.action = DONT_APPRAISE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
202 {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
203 {.action = DONT_APPRAISE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
204 {.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
205 {.action = DONT_APPRAISE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC},
206 {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC},
207 {.action = DONT_APPRAISE, .fsmagic = CGROUP2_SUPER_MAGIC, .flags = IMA_FSMAGIC},
209 {.action = APPRAISE, .func = POLICY_CHECK,
213 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &vfsuid_eq_kuid,
217 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &vfsuid_eq_kuid,
224 {.action = APPRAISE, .func = MODULE_CHECK,
228 {.action = APPRAISE, .func = FIRMWARE_CHECK,
232 {.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
236 {.action = APPRAISE, .func = POLICY_CHECK,
242 {.action = APPRAISE, .func = MODULE_CHECK,
244 {.action = APPRAISE, .func = FIRMWARE_CHECK,
246 {.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
248 {.action = APPRAISE, .func = POLICY_CHECK,
253 {.action = MEASURE, .func = CRITICAL_DATA, .flags = IMA_FUNC},
560 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
723 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
744 int action = 0, actmask = flags | (flags << 1);
754 if (!(entry->action & actmask))
761 action |= entry->flags & IMA_NONACTION_FLAGS;
763 action |= entry->action & IMA_DO_MASK;
764 if (entry->action & IMA_APPRAISE) {
765 action |= get_subaction(entry, func);
766 action &= ~IMA_HASH;
768 action |= IMA_FAIL_UNVERIFIABLE_SIGS;
775 if (entry->action & IMA_DO_MASK)
776 actmask &= ~(entry->action | entry->action << 1);
778 actmask &= ~(entry->action | entry->action >> 1);
791 return action;
837 if (entry->action & IMA_DO_MASK)
838 new_policy_flag |= entry->action;
881 if (entries[i].action == APPRAISE) {
1241 /* Ensure that the action is set and is compatible with the flags */
1242 if (entry->action == UNKNOWN)
1245 if (entry->action != MEASURE && entry->flags & IMA_PCR)
1248 if (entry->action != APPRAISE &&
1301 if (entry->action & ~(MEASURE | DONT_MEASURE))
1312 if (entry->action & ~(MEASURE | DONT_MEASURE))
1324 if (entry->action & ~(MEASURE | DONT_MEASURE))
1336 /* any action other than APPRAISE is unsupported */
1337 if (entry->action != APPRAISE)
1368 if (entry->action == APPRAISE &&
1424 entry->action = UNKNOWN;
1437 ima_log_string(ab, "action", "measure");
1439 if (entry->action != UNKNOWN)
1442 entry->action = MEASURE;
1445 ima_log_string(ab, "action", "dont_measure");
1447 if (entry->action != UNKNOWN)
1450 entry->action = DONT_MEASURE;
1453 ima_log_string(ab, "action", "appraise");
1455 if (entry->action != UNKNOWN)
1458 entry->action = APPRAISE;
1461 ima_log_string(ab, "action", "dont_appraise");
1463 if (entry->action != UNKNOWN)
1466 entry->action = DONT_APPRAISE;
1469 ima_log_string(ab, "action", "audit");
1471 if (entry->action != UNKNOWN)
1474 entry->action = AUDIT;
1477 ima_log_string(ab, "action", "hash");
1479 if (entry->action != UNKNOWN)
1482 entry->action = HASH;
1485 ima_log_string(ab, "action", "dont_hash");
1487 if (entry->action != UNKNOWN)
1490 entry->action = DONT_HASH;
1861 if (entry->action != MEASURE) {
1889 else if (entry->action == APPRAISE)
1899 if (!result && entry->action == MEASURE &&
2085 if (entry->action & MEASURE)
2087 if (entry->action & DONT_MEASURE)
2089 if (entry->action & APPRAISE)
2091 if (entry->action & DONT_APPRAISE)
2093 if (entry->action & AUDIT)
2095 if (entry->action & HASH)
2097 if (entry->action & DONT_HASH)
2303 if (entry->action != APPRAISE)