iint 23 include/linux/evm.h struct integrity_iint_cache *iint); iint 58 include/linux/evm.h struct integrity_iint_cache *iint) iint 272 security/integrity/evm/evm_crypto.c struct integrity_iint_cache *iint; iint 275 security/integrity/evm/evm_crypto.c iint = integrity_iint_find(inode); iint 276 security/integrity/evm/evm_crypto.c if (iint && (iint->flags & EVM_IMMUTABLE_DIGSIG)) iint 132 security/integrity/evm/evm_main.c struct integrity_iint_cache *iint) iint 141 security/integrity/evm/evm_main.c if (iint && (iint->evm_status == INTEGRITY_PASS || iint 142 security/integrity/evm/evm_main.c iint->evm_status == INTEGRITY_PASS_IMMUTABLE)) iint 143 security/integrity/evm/evm_main.c return iint->evm_status; iint 199 security/integrity/evm/evm_main.c if (iint) iint 200 security/integrity/evm/evm_main.c iint->flags |= EVM_IMMUTABLE_DIGSIG; iint 220 security/integrity/evm/evm_main.c if (iint) iint 221 security/integrity/evm/evm_main.c iint->evm_status = evm_status; iint 269 security/integrity/evm/evm_main.c struct integrity_iint_cache *iint) iint 274 security/integrity/evm/evm_main.c if (!iint) { iint 275 security/integrity/evm/evm_main.c iint = integrity_iint_find(d_backing_inode(dentry)); iint 276 security/integrity/evm/evm_main.c if (!iint) iint 280 security/integrity/evm/evm_main.c xattr_value_len, iint); iint 332 security/integrity/evm/evm_main.c struct integrity_iint_cache *iint; iint 334 security/integrity/evm/evm_main.c iint = integrity_iint_find(d_backing_inode(dentry)); iint 335 security/integrity/evm/evm_main.c if (iint && (iint->flags & IMA_NEW_FILE)) iint 414 security/integrity/evm/evm_main.c struct integrity_iint_cache *iint; iint 416 security/integrity/evm/evm_main.c iint = integrity_iint_find(inode); iint 417 security/integrity/evm/evm_main.c if (iint) iint 418 security/integrity/evm/evm_main.c iint->evm_status = INTEGRITY_UNKNOWN; iint 35 security/integrity/iint.c struct integrity_iint_cache *iint; iint 39 security/integrity/iint.c iint = rb_entry(n, struct integrity_iint_cache, rb_node); iint 41 security/integrity/iint.c if (inode < iint->inode) iint 43 security/integrity/iint.c else if (inode > iint->inode) iint 51 security/integrity/iint.c return iint; iint 59 security/integrity/iint.c struct integrity_iint_cache *iint; iint 65 security/integrity/iint.c iint = __integrity_iint_find(inode); iint 68 security/integrity/iint.c return iint; iint 71 security/integrity/iint.c static void iint_free(struct integrity_iint_cache *iint) iint 73 security/integrity/iint.c kfree(iint->ima_hash); iint 74 security/integrity/iint.c iint->ima_hash = NULL; iint 75 security/integrity/iint.c iint->version = 0; iint 76 security/integrity/iint.c iint->flags = 0UL; iint 77 security/integrity/iint.c iint->atomic_flags = 0UL; iint 78 security/integrity/iint.c iint->ima_file_status = INTEGRITY_UNKNOWN; iint 79 security/integrity/iint.c iint->ima_mmap_status = INTEGRITY_UNKNOWN; iint 80 security/integrity/iint.c iint->ima_bprm_status = INTEGRITY_UNKNOWN; iint 81 security/integrity/iint.c iint->ima_read_status = INTEGRITY_UNKNOWN; iint 82 security/integrity/iint.c iint->ima_creds_status = INTEGRITY_UNKNOWN; iint 83 security/integrity/iint.c iint->evm_status = INTEGRITY_UNKNOWN; iint 84 security/integrity/iint.c iint->measured_pcrs = 0; iint 85 security/integrity/iint.c kmem_cache_free(iint_cache, iint); iint 99 security/integrity/iint.c struct integrity_iint_cache *iint, *test_iint; iint 101 security/integrity/iint.c iint = integrity_iint_find(inode); iint 102 security/integrity/iint.c if (iint) iint 103 security/integrity/iint.c return iint; iint 105 security/integrity/iint.c iint = kmem_cache_alloc(iint_cache, GFP_NOFS); iint 106 security/integrity/iint.c if (!iint) iint 122 security/integrity/iint.c iint->inode = inode; iint 123 security/integrity/iint.c node = &iint->rb_node; iint 129 security/integrity/iint.c return iint; iint 140 security/integrity/iint.c struct integrity_iint_cache *iint; iint 146 security/integrity/iint.c iint = __integrity_iint_find(inode); iint 147 security/integrity/iint.c rb_erase(&iint->rb_node, &integrity_iint_tree); iint 150 security/integrity/iint.c iint_free(iint); iint 155 security/integrity/iint.c struct integrity_iint_cache *iint = foo; iint 157 security/integrity/iint.c memset(iint, 0, sizeof(*iint)); iint 158 security/integrity/iint.c iint->ima_file_status = INTEGRITY_UNKNOWN; iint 159 security/integrity/iint.c iint->ima_mmap_status = INTEGRITY_UNKNOWN; iint 160 security/integrity/iint.c iint->ima_bprm_status = INTEGRITY_UNKNOWN; iint 161 security/integrity/iint.c iint->ima_read_status = INTEGRITY_UNKNOWN; iint 162 security/integrity/iint.c iint->ima_creds_status = INTEGRITY_UNKNOWN; iint 163 security/integrity/iint.c iint->evm_status = INTEGRITY_UNKNOWN; iint 164 security/integrity/iint.c mutex_init(&iint->mutex); iint 58 security/integrity/ima/ima.h struct integrity_iint_cache *iint; iint 145 security/integrity/ima/ima.h struct integrity_iint_cache *iint, iint 212 security/integrity/ima/ima.h int ima_collect_measurement(struct integrity_iint_cache *iint, iint 215 security/integrity/ima/ima.h void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, iint 220 security/integrity/ima/ima.h void ima_audit_measurement(struct integrity_iint_cache *iint, iint 257 security/integrity/ima/ima.h struct integrity_iint_cache *iint, iint 262 security/integrity/ima/ima.h void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file); iint 263 security/integrity/ima/ima.h enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint, iint 272 security/integrity/ima/ima.h struct integrity_iint_cache *iint, iint 288 security/integrity/ima/ima.h static inline void ima_update_xattr(struct integrity_iint_cache *iint, iint 294 security/integrity/ima/ima.h *iint, iint 133 security/integrity/ima/ima_api.c struct integrity_iint_cache *iint, iint 138 security/integrity/ima/ima_api.c struct ima_event_data event_data = { .iint = iint, iint 206 security/integrity/ima/ima_api.c int ima_collect_measurement(struct integrity_iint_cache *iint, iint 230 security/integrity/ima/ima_api.c if (iint->flags & IMA_COLLECTED) iint 253 security/integrity/ima/ima_api.c tmpbuf = krealloc(iint->ima_hash, length, GFP_NOFS); iint 259 security/integrity/ima/ima_api.c iint->ima_hash = tmpbuf; iint 260 security/integrity/ima/ima_api.c memcpy(iint->ima_hash, &hash, length); iint 261 security/integrity/ima/ima_api.c iint->version = i_version; iint 265 security/integrity/ima/ima_api.c iint->flags |= IMA_COLLECTED; iint 293 security/integrity/ima/ima_api.c void ima_store_measurement(struct integrity_iint_cache *iint, iint 304 security/integrity/ima/ima_api.c struct ima_event_data event_data = { .iint = iint, iint 318 security/integrity/ima/ima_api.c if (iint->measured_pcrs & (0x1 << pcr) && !modsig) iint 330 security/integrity/ima/ima_api.c iint->flags |= IMA_MEASURED; iint 331 security/integrity/ima/ima_api.c iint->measured_pcrs |= (0x1 << pcr); iint 337 security/integrity/ima/ima_api.c void ima_audit_measurement(struct integrity_iint_cache *iint, iint 342 security/integrity/ima/ima_api.c const char *algo_name = hash_algo_name[iint->ima_hash->algo]; iint 345 security/integrity/ima/ima_api.c if (iint->flags & IMA_AUDITED) iint 348 security/integrity/ima/ima_api.c hash = kzalloc((iint->ima_hash->length * 2) + 1, GFP_KERNEL); iint 352 security/integrity/ima/ima_api.c for (i = 0; i < iint->ima_hash->length; i++) iint 353 security/integrity/ima/ima_api.c hex_byte_pack(hash + (i * 2), iint->ima_hash->digest[i]); iint 368 security/integrity/ima/ima_api.c iint->flags |= IMA_AUDITED; iint 61 security/integrity/ima/ima_appraise.c struct integrity_iint_cache *iint) iint 64 security/integrity/ima/ima_appraise.c u8 algo = iint->ima_hash->algo; iint 68 security/integrity/ima/ima_appraise.c iint->ima_hash->xattr.sha1.type = IMA_XATTR_DIGEST; iint 71 security/integrity/ima/ima_appraise.c iint->ima_hash->xattr.ng.type = IMA_XATTR_DIGEST_NG; iint 72 security/integrity/ima/ima_appraise.c iint->ima_hash->xattr.ng.algo = algo; iint 75 security/integrity/ima/ima_appraise.c &iint->ima_hash->xattr.data[offset], iint 76 security/integrity/ima/ima_appraise.c (sizeof(iint->ima_hash->xattr) - offset) + iint 77 security/integrity/ima/ima_appraise.c iint->ima_hash->length, 0); iint 82 security/integrity/ima/ima_appraise.c enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint, iint 87 security/integrity/ima/ima_appraise.c return iint->ima_mmap_status; iint 89 security/integrity/ima/ima_appraise.c return iint->ima_bprm_status; iint 91 security/integrity/ima/ima_appraise.c return iint->ima_creds_status; iint 94 security/integrity/ima/ima_appraise.c return iint->ima_file_status; iint 97 security/integrity/ima/ima_appraise.c return iint->ima_read_status; iint 101 security/integrity/ima/ima_appraise.c static void ima_set_cache_status(struct integrity_iint_cache *iint, iint 107 security/integrity/ima/ima_appraise.c iint->ima_mmap_status = status; iint 110 security/integrity/ima/ima_appraise.c iint->ima_bprm_status = status; iint 113 security/integrity/ima/ima_appraise.c iint->ima_creds_status = status; iint 117 security/integrity/ima/ima_appraise.c iint->ima_file_status = status; iint 121 security/integrity/ima/ima_appraise.c iint->ima_read_status = status; iint 126 security/integrity/ima/ima_appraise.c static void ima_cache_flags(struct integrity_iint_cache *iint, iint 131 security/integrity/ima/ima_appraise.c iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED); iint 134 security/integrity/ima/ima_appraise.c iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED); iint 137 security/integrity/ima/ima_appraise.c iint->flags |= (IMA_CREDS_APPRAISED | IMA_APPRAISED); iint 141 security/integrity/ima/ima_appraise.c iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED); iint 145 security/integrity/ima/ima_appraise.c iint->flags |= (IMA_READ_APPRAISED | IMA_APPRAISED); iint 209 security/integrity/ima/ima_appraise.c static int xattr_verify(enum ima_hooks func, struct integrity_iint_cache *iint, iint 221 security/integrity/ima/ima_appraise.c if (iint->flags & IMA_DIGSIG_REQUIRED) { iint 226 security/integrity/ima/ima_appraise.c clear_bit(IMA_DIGSIG, &iint->atomic_flags); iint 228 security/integrity/ima/ima_appraise.c iint->ima_hash->length) iint 234 security/integrity/ima/ima_appraise.c iint->ima_hash->digest, iint 235 security/integrity/ima/ima_appraise.c iint->ima_hash->length); iint 246 security/integrity/ima/ima_appraise.c set_bit(IMA_DIGSIG, &iint->atomic_flags); iint 250 security/integrity/ima/ima_appraise.c iint->ima_hash->digest, iint 251 security/integrity/ima/ima_appraise.c iint->ima_hash->length); iint 261 security/integrity/ima/ima_appraise.c iint->ima_hash->digest, iint 262 security/integrity/ima/ima_appraise.c iint->ima_hash->length); iint 315 security/integrity/ima/ima_appraise.c struct integrity_iint_cache *iint, iint 326 security/integrity/ima/ima_appraise.c bool try_modsig = iint->flags & IMA_MODSIG_ALLOWED && modsig; iint 337 security/integrity/ima/ima_appraise.c cause = iint->flags & IMA_DIGSIG_REQUIRED ? iint 341 security/integrity/ima/ima_appraise.c iint->flags |= IMA_NEW_FILE; iint 342 security/integrity/ima/ima_appraise.c if ((iint->flags & IMA_NEW_FILE) && iint 343 security/integrity/ima/ima_appraise.c (!(iint->flags & IMA_DIGSIG_REQUIRED) || iint 349 security/integrity/ima/ima_appraise.c status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint); iint 371 security/integrity/ima/ima_appraise.c rc = xattr_verify(func, iint, xattr_value, xattr_len, &status, iint 392 security/integrity/ima/ima_appraise.c (iint->flags & IMA_FAIL_UNVERIFIABLE_SIGS))) { iint 402 security/integrity/ima/ima_appraise.c if (!ima_fix_xattr(dentry, iint)) iint 407 security/integrity/ima/ima_appraise.c if (inode->i_size == 0 && iint->flags & IMA_NEW_FILE && iint 415 security/integrity/ima/ima_appraise.c ima_cache_flags(iint, func); iint 418 security/integrity/ima/ima_appraise.c ima_set_cache_status(iint, func, status); iint 425 security/integrity/ima/ima_appraise.c void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file) iint 431 security/integrity/ima/ima_appraise.c if (test_bit(IMA_DIGSIG, &iint->atomic_flags)) iint 434 security/integrity/ima/ima_appraise.c if ((iint->ima_file_status != INTEGRITY_PASS) && iint 435 security/integrity/ima/ima_appraise.c !(iint->flags & IMA_HASH)) iint 438 security/integrity/ima/ima_appraise.c rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo, NULL); iint 443 security/integrity/ima/ima_appraise.c ima_fix_xattr(dentry, iint); iint 459 security/integrity/ima/ima_appraise.c struct integrity_iint_cache *iint; iint 469 security/integrity/ima/ima_appraise.c iint = integrity_iint_find(inode); iint 470 security/integrity/ima/ima_appraise.c if (iint) { iint 471 security/integrity/ima/ima_appraise.c set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags); iint 473 security/integrity/ima/ima_appraise.c clear_bit(IMA_UPDATE_XATTR, &iint->atomic_flags); iint 495 security/integrity/ima/ima_appraise.c struct integrity_iint_cache *iint; iint 500 security/integrity/ima/ima_appraise.c iint = integrity_iint_find(inode); iint 501 security/integrity/ima/ima_appraise.c if (!iint) iint 503 security/integrity/ima/ima_appraise.c iint->measured_pcrs = 0; iint 504 security/integrity/ima/ima_appraise.c set_bit(IMA_CHANGE_XATTR, &iint->atomic_flags); iint 506 security/integrity/ima/ima_appraise.c set_bit(IMA_DIGSIG, &iint->atomic_flags); iint 508 security/integrity/ima/ima_appraise.c clear_bit(IMA_DIGSIG, &iint->atomic_flags); iint 47 security/integrity/ima/ima_init.c struct integrity_iint_cache tmp_iint, *iint = &tmp_iint; iint 48 security/integrity/ima/ima_init.c struct ima_event_data event_data = { .iint = iint, iint 57 security/integrity/ima/ima_init.c memset(iint, 0, sizeof(*iint)); iint 59 security/integrity/ima/ima_init.c iint->ima_hash = &hash.hdr; iint 60 security/integrity/ima/ima_init.c iint->ima_hash->algo = HASH_ALGO_SHA1; iint 61 security/integrity/ima/ima_init.c iint->ima_hash->length = SHA1_DIGEST_SIZE; iint 107 security/integrity/ima/ima_main.c struct integrity_iint_cache *iint, iint 119 security/integrity/ima/ima_main.c if (!iint) iint 120 security/integrity/ima/ima_main.c iint = integrity_iint_find(inode); iint 122 security/integrity/ima/ima_main.c if (iint && test_bit(IMA_MUST_MEASURE, iint 123 security/integrity/ima/ima_main.c &iint->atomic_flags)) iint 128 security/integrity/ima/ima_main.c set_bit(IMA_MUST_MEASURE, &iint->atomic_flags); iint 139 security/integrity/ima/ima_main.c ima_add_violation(file, *pathname, iint, iint 142 security/integrity/ima/ima_main.c ima_add_violation(file, *pathname, iint, iint 146 security/integrity/ima/ima_main.c static void ima_check_last_writer(struct integrity_iint_cache *iint, iint 155 security/integrity/ima/ima_main.c mutex_lock(&iint->mutex); iint 158 security/integrity/ima/ima_main.c &iint->atomic_flags); iint 160 security/integrity/ima/ima_main.c !inode_eq_iversion(inode, iint->version) || iint 161 security/integrity/ima/ima_main.c (iint->flags & IMA_NEW_FILE)) { iint 162 security/integrity/ima/ima_main.c iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE); iint 163 security/integrity/ima/ima_main.c iint->measured_pcrs = 0; iint 165 security/integrity/ima/ima_main.c ima_update_xattr(iint, file); iint 168 security/integrity/ima/ima_main.c mutex_unlock(&iint->mutex); iint 180 security/integrity/ima/ima_main.c struct integrity_iint_cache *iint; iint 185 security/integrity/ima/ima_main.c iint = integrity_iint_find(inode); iint 186 security/integrity/ima/ima_main.c if (!iint) iint 189 security/integrity/ima/ima_main.c ima_check_last_writer(iint, inode, file); iint 197 security/integrity/ima/ima_main.c struct integrity_iint_cache *iint = NULL; iint 233 security/integrity/ima/ima_main.c iint = integrity_inode_get(inode); iint 234 security/integrity/ima/ima_main.c if (!iint) iint 239 security/integrity/ima/ima_main.c ima_rdwr_violation_check(file, iint, action & IMA_MEASURE, iint 249 security/integrity/ima/ima_main.c mutex_lock(&iint->mutex); iint 251 security/integrity/ima/ima_main.c if (test_and_clear_bit(IMA_CHANGE_ATTR, &iint->atomic_flags)) iint 253 security/integrity/ima/ima_main.c iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED | iint 262 security/integrity/ima/ima_main.c if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags) || iint 266 security/integrity/ima/ima_main.c iint->flags &= ~IMA_DONE_MASK; iint 267 security/integrity/ima/ima_main.c iint->measured_pcrs = 0; iint 274 security/integrity/ima/ima_main.c iint->flags |= action; iint 276 security/integrity/ima/ima_main.c action &= ~((iint->flags & (IMA_DONE_MASK ^ IMA_MEASURED)) >> 1); iint 279 security/integrity/ima/ima_main.c if ((action & IMA_MEASURE) && (iint->measured_pcrs & (0x1 << pcr))) iint 284 security/integrity/ima/ima_main.c !(test_bit(IMA_DIGSIG, &iint->atomic_flags))) { iint 288 security/integrity/ima/ima_main.c set_bit(IMA_DIGSIG, &iint->atomic_flags); iint 289 security/integrity/ima/ima_main.c iint->flags |= IMA_HASHED; iint 291 security/integrity/ima/ima_main.c set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags); iint 300 security/integrity/ima/ima_main.c rc = ima_get_cache_status(iint, func); iint 315 security/integrity/ima/ima_main.c if (iint->flags & IMA_MODSIG_ALLOWED) { iint 319 security/integrity/ima/ima_main.c iint->flags & IMA_MEASURED) iint 326 security/integrity/ima/ima_main.c rc = ima_collect_measurement(iint, file, buf, size, hash_algo, modsig); iint 334 security/integrity/ima/ima_main.c ima_store_measurement(iint, file, pathname, iint 339 security/integrity/ima/ima_main.c rc = ima_appraise_measurement(func, iint, file, pathname, iint 347 security/integrity/ima/ima_main.c ima_audit_measurement(iint, pathname); iint 349 security/integrity/ima/ima_main.c if ((file->f_flags & O_DIRECT) && (iint->flags & IMA_PERMIT_DIRECTIO)) iint 352 security/integrity/ima/ima_main.c if ((mask & MAY_WRITE) && test_bit(IMA_DIGSIG, &iint->atomic_flags) && iint 353 security/integrity/ima/ima_main.c !(iint->flags & IMA_NEW_FILE)) iint 355 security/integrity/ima/ima_main.c mutex_unlock(&iint->mutex); iint 365 security/integrity/ima/ima_main.c set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags); iint 454 security/integrity/ima/ima_main.c struct integrity_iint_cache *iint; iint 462 security/integrity/ima/ima_main.c iint = integrity_inode_get(inode); iint 463 security/integrity/ima/ima_main.c if (!iint) iint 467 security/integrity/ima/ima_main.c set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags); iint 468 security/integrity/ima/ima_main.c iint->ima_file_status = INTEGRITY_PASS; iint 480 security/integrity/ima/ima_main.c struct integrity_iint_cache *iint; iint 489 security/integrity/ima/ima_main.c iint = integrity_inode_get(inode); iint 490 security/integrity/ima/ima_main.c if (!iint) iint 494 security/integrity/ima/ima_main.c iint->flags |= IMA_NEW_FILE; iint 640 security/integrity/ima/ima_main.c struct integrity_iint_cache iint = {}; iint 641 security/integrity/ima/ima_main.c struct ima_event_data event_data = {.iint = &iint, iint 659 security/integrity/ima/ima_main.c iint.ima_hash = &hash.hdr; iint 660 security/integrity/ima/ima_main.c iint.ima_hash->algo = ima_hash_algo; iint 661 security/integrity/ima/ima_main.c iint.ima_hash->length = hash_digest_size[ima_hash_algo]; iint 663 security/integrity/ima/ima_main.c ret = ima_calc_buffer_hash(buf, size, iint.ima_hash); iint 285 security/integrity/ima/ima_template_lib.c if (ima_template_hash_algo_allowed(event_data->iint->ima_hash->algo)) { iint 286 security/integrity/ima/ima_template_lib.c cur_digest = event_data->iint->ima_hash->digest; iint 287 security/integrity/ima/ima_template_lib.c cur_digestsize = event_data->iint->ima_hash->length; iint 323 security/integrity/ima/ima_template_lib.c cur_digest = event_data->iint->ima_hash->digest; iint 324 security/integrity/ima/ima_template_lib.c cur_digestsize = event_data->iint->ima_hash->length; iint 326 security/integrity/ima/ima_template_lib.c hash_algo = event_data->iint->ima_hash->algo;