// SPDX-License-Identifier: GPL-2.0 /* * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved. */ #include <linux/slab.h> #include <linux/audit.h> #include <linux/types.h> #include <crypto/hash.h> #include "ipe.h" #include "eval.h" #include "hooks.h" #include "policy.h" #include "audit.h" #include "digest.h" #define ACTSTR(x) … #define IPE_AUDIT_HASH_ALG … #define AUDIT_POLICY_LOAD_FMT … #define AUDIT_OLD_ACTIVE_POLICY_FMT … #define AUDIT_OLD_ACTIVE_POLICY_NULL_FMT … #define AUDIT_NEW_ACTIVE_POLICY_FMT … static const char *const audit_op_names[__IPE_OP_MAX + 1] = …; static const char *const audit_hook_names[__IPE_HOOK_MAX] = …; static const char *const audit_prop_names[__IPE_PROP_MAX] = …; /** * audit_dmv_roothash() - audit the roothash of a dmverity_roothash property. * @ab: Supplies a pointer to the audit_buffer to append to. * @rh: Supplies a pointer to the digest structure. */ static void audit_dmv_roothash(struct audit_buffer *ab, const void *rh) { … } /** * audit_fsv_digest() - audit the digest of a fsverity_digest property. * @ab: Supplies a pointer to the audit_buffer to append to. * @d: Supplies a pointer to the digest structure. */ static void audit_fsv_digest(struct audit_buffer *ab, const void *d) { … } /** * audit_rule() - audit an IPE policy rule. * @ab: Supplies a pointer to the audit_buffer to append to. * @r: Supplies a pointer to the ipe_rule to approximate a string form for. */ static void audit_rule(struct audit_buffer *ab, const struct ipe_rule *r) { … } /** * ipe_audit_match() - Audit a rule match in a policy evaluation. * @ctx: Supplies a pointer to the evaluation context that was used in the * evaluation. * @match_type: Supplies the scope of the match: rule, operation default, * global default. * @act: Supplies the IPE's evaluation decision, deny or allow. * @r: Supplies a pointer to the rule that was matched, if possible. */ void ipe_audit_match(const struct ipe_eval_ctx *const ctx, enum ipe_match match_type, enum ipe_action_type act, const struct ipe_rule *const r) { … } /** * audit_policy() - Audit a policy's name, version and thumbprint to @ab. * @ab: Supplies a pointer to the audit buffer to append to. * @audit_format: Supplies a pointer to the audit format string * @p: Supplies a pointer to the policy to audit. */ static void audit_policy(struct audit_buffer *ab, const char *audit_format, const struct ipe_policy *const p) { … } /** * ipe_audit_policy_activation() - Audit a policy being activated. * @op: Supplies a pointer to the previously activated policy to audit. * @np: Supplies a pointer to the newly activated policy to audit. */ void ipe_audit_policy_activation(const struct ipe_policy *const op, const struct ipe_policy *const np) { … } /** * ipe_audit_policy_load() - Audit a policy being loaded into the kernel. * @p: Supplies a pointer to the policy to audit. */ void ipe_audit_policy_load(const struct ipe_policy *const p) { … } /** * ipe_audit_enforce() - Audit a change in IPE's enforcement state. * @new_enforce: The new value enforce to be set. * @old_enforce: The old value currently in enforce. */ void ipe_audit_enforce(bool new_enforce, bool old_enforce) { … }
Codebase Browser
linux