Lines Matching refs:entry
183 struct ima_rule_entry *entry, *tmp; in ima_lsm_update_rules() local
188 list_for_each_entry_safe(entry, tmp, &ima_policy_rules, list) { in ima_lsm_update_rules()
190 if (!entry->lsm[i].rule) in ima_lsm_update_rules()
192 result = security_filter_rule_init(entry->lsm[i].type, in ima_lsm_update_rules()
194 entry->lsm[i].args_p, in ima_lsm_update_rules()
195 &entry->lsm[i].rule); in ima_lsm_update_rules()
196 BUG_ON(!entry->lsm[i].rule); in ima_lsm_update_rules()
329 struct ima_rule_entry *entry; in ima_match_policy() local
332 list_for_each_entry(entry, ima_rules, list) { in ima_match_policy()
334 if (!(entry->action & actmask)) in ima_match_policy()
337 if (!ima_match_rules(entry, inode, func, mask)) in ima_match_policy()
340 action |= entry->flags & IMA_ACTION_FLAGS; in ima_match_policy()
342 action |= entry->action & IMA_DO_MASK; in ima_match_policy()
343 if (entry->action & IMA_APPRAISE) in ima_match_policy()
344 action |= get_subaction(entry, func); in ima_match_policy()
346 if (entry->action & IMA_DO_MASK) in ima_match_policy()
347 actmask &= ~(entry->action | entry->action << 1); in ima_match_policy()
349 actmask &= ~(entry->action | entry->action >> 1); in ima_match_policy()
366 struct ima_rule_entry *entry; in ima_update_policy_flag() local
369 list_for_each_entry(entry, ima_rules, list) { in ima_update_policy_flag()
370 if (entry->action & IMA_DO_MASK) in ima_update_policy_flag()
371 ima_policy_flag |= entry->action; in ima_update_policy_flag()
467 static int ima_lsm_rule_init(struct ima_rule_entry *entry, in ima_lsm_rule_init() argument
472 if (entry->lsm[lsm_rule].rule) in ima_lsm_rule_init()
475 entry->lsm[lsm_rule].args_p = match_strdup(args); in ima_lsm_rule_init()
476 if (!entry->lsm[lsm_rule].args_p) in ima_lsm_rule_init()
479 entry->lsm[lsm_rule].type = audit_type; in ima_lsm_rule_init()
480 result = security_filter_rule_init(entry->lsm[lsm_rule].type, in ima_lsm_rule_init()
482 entry->lsm[lsm_rule].args_p, in ima_lsm_rule_init()
483 &entry->lsm[lsm_rule].rule); in ima_lsm_rule_init()
484 if (!entry->lsm[lsm_rule].rule) { in ima_lsm_rule_init()
485 kfree(entry->lsm[lsm_rule].args_p); in ima_lsm_rule_init()
499 static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) in ima_parse_rule() argument
508 entry->uid = INVALID_UID; in ima_parse_rule()
509 entry->fowner = INVALID_UID; in ima_parse_rule()
510 entry->action = UNKNOWN; in ima_parse_rule()
525 if (entry->action != UNKNOWN) in ima_parse_rule()
528 entry->action = MEASURE; in ima_parse_rule()
533 if (entry->action != UNKNOWN) in ima_parse_rule()
536 entry->action = DONT_MEASURE; in ima_parse_rule()
541 if (entry->action != UNKNOWN) in ima_parse_rule()
544 entry->action = APPRAISE; in ima_parse_rule()
549 if (entry->action != UNKNOWN) in ima_parse_rule()
552 entry->action = DONT_APPRAISE; in ima_parse_rule()
557 if (entry->action != UNKNOWN) in ima_parse_rule()
560 entry->action = AUDIT; in ima_parse_rule()
565 if (entry->func) in ima_parse_rule()
569 entry->func = FILE_CHECK; in ima_parse_rule()
572 entry->func = FILE_CHECK; in ima_parse_rule()
574 entry->func = MODULE_CHECK; in ima_parse_rule()
576 entry->func = FIRMWARE_CHECK; in ima_parse_rule()
579 entry->func = MMAP_CHECK; in ima_parse_rule()
581 entry->func = BPRM_CHECK; in ima_parse_rule()
585 entry->flags |= IMA_FUNC; in ima_parse_rule()
590 if (entry->mask) in ima_parse_rule()
598 entry->mask = MAY_EXEC; in ima_parse_rule()
600 entry->mask = MAY_WRITE; in ima_parse_rule()
602 entry->mask = MAY_READ; in ima_parse_rule()
604 entry->mask = MAY_APPEND; in ima_parse_rule()
608 entry->flags |= (*args[0].from == '^') in ima_parse_rule()
614 if (entry->fsmagic) { in ima_parse_rule()
619 result = kstrtoul(args[0].from, 16, &entry->fsmagic); in ima_parse_rule()
621 entry->flags |= IMA_FSMAGIC; in ima_parse_rule()
626 if (memchr_inv(entry->fsuuid, 0x00, in ima_parse_rule()
627 sizeof(entry->fsuuid))) { in ima_parse_rule()
633 entry->fsuuid); in ima_parse_rule()
635 entry->flags |= IMA_FSUUID; in ima_parse_rule()
643 if (uid_valid(entry->uid)) { in ima_parse_rule()
650 entry->uid = make_kuid(current_user_ns(), in ima_parse_rule()
652 if (!uid_valid(entry->uid) || in ima_parse_rule()
656 entry->flags |= (token == Opt_uid) in ima_parse_rule()
663 if (uid_valid(entry->fowner)) { in ima_parse_rule()
670 entry->fowner = make_kuid(current_user_ns(), (uid_t)lnum); in ima_parse_rule()
671 if (!uid_valid(entry->fowner) || (((uid_t)lnum) != lnum)) in ima_parse_rule()
674 entry->flags |= IMA_FOWNER; in ima_parse_rule()
679 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
685 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
691 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
697 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
703 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
709 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
714 if (entry->action != APPRAISE) { in ima_parse_rule()
721 entry->flags |= IMA_DIGSIG_REQUIRED; in ima_parse_rule()
726 entry->flags |= IMA_PERMIT_DIRECTIO; in ima_parse_rule()
734 if (!result && (entry->action == UNKNOWN)) in ima_parse_rule()
736 else if (entry->func == MODULE_CHECK) in ima_parse_rule()
738 else if (entry->func == FIRMWARE_CHECK) in ima_parse_rule()
756 struct ima_rule_entry *entry; in ima_parse_add_rule() local
767 entry = kzalloc(sizeof(*entry), GFP_KERNEL); in ima_parse_add_rule()
768 if (!entry) { in ima_parse_add_rule()
774 INIT_LIST_HEAD(&entry->list); in ima_parse_add_rule()
776 result = ima_parse_rule(p, entry); in ima_parse_add_rule()
778 kfree(entry); in ima_parse_add_rule()
786 list_add_tail(&entry->list, &ima_policy_rules); in ima_parse_add_rule()
795 struct ima_rule_entry *entry, *tmp; in ima_delete_rules() local
799 list_for_each_entry_safe(entry, tmp, &ima_policy_rules, list) { in ima_delete_rules()
801 kfree(entry->lsm[i].args_p); in ima_delete_rules()
803 list_del(&entry->list); in ima_delete_rules()
804 kfree(entry); in ima_delete_rules()