// SPDX-License-Identifier: GPL-2.0-only /* * Copyright (C) 2005,2006,2007,2008 IBM Corporation * * Authors: * Kylene Hall <[email protected]> * Reiner Sailer <[email protected]> * Mimi Zohar <[email protected]> * * File: ima_fs.c * implemenents security file system for reporting * current measurement list and IMA statistics */ #include <linux/fcntl.h> #include <linux/kernel_read_file.h> #include <linux/slab.h> #include <linux/init.h> #include <linux/seq_file.h> #include <linux/rculist.h> #include <linux/rcupdate.h> #include <linux/parser.h> #include <linux/vmalloc.h> #include "ima.h" static DEFINE_MUTEX(ima_write_mutex); bool ima_canonical_fmt; static int __init default_canonical_fmt_setup(char *str) { … } __setup(…); static int valid_policy = …; static ssize_t ima_show_htable_value(char __user *buf, size_t count, loff_t *ppos, atomic_long_t *val) { … } static ssize_t ima_show_htable_violations(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations ima_htable_violations_ops = …; static ssize_t ima_show_measurements_count(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations ima_measurements_count_ops = …; /* returns pointer to hlist_node */ static void *ima_measurements_start(struct seq_file *m, loff_t *pos) { … } static void *ima_measurements_next(struct seq_file *m, void *v, loff_t *pos) { … } static void ima_measurements_stop(struct seq_file *m, void *v) { … } void ima_putc(struct seq_file *m, void *data, int datalen) { … } static struct dentry **ascii_securityfs_measurement_lists __ro_after_init; static struct dentry **binary_securityfs_measurement_lists __ro_after_init; static int securityfs_measurement_list_count __ro_after_init; static void lookup_template_data_hash_algo(int *algo_idx, enum hash_algo *algo, struct seq_file *m, struct dentry **lists) { … } /* print format: * 32bit-le=pcr# * char[n]=template digest * 32bit-le=template name size * char[n]=template name * [eventdata length] * eventdata[n]=template specific data */ int ima_measurements_show(struct seq_file *m, void *v) { … } static const struct seq_operations ima_measurments_seqops = …; static int ima_measurements_open(struct inode *inode, struct file *file) { … } static const struct file_operations ima_measurements_ops = …; void ima_print_digest(struct seq_file *m, u8 *digest, u32 size) { … } /* print in ascii */ static int ima_ascii_measurements_show(struct seq_file *m, void *v) { … } static const struct seq_operations ima_ascii_measurements_seqops = …; static int ima_ascii_measurements_open(struct inode *inode, struct file *file) { … } static const struct file_operations ima_ascii_measurements_ops = …; static ssize_t ima_read_policy(char *path) { … } static ssize_t ima_write_policy(struct file *file, const char __user *buf, size_t datalen, loff_t *ppos) { … } static struct dentry *ima_dir; static struct dentry *ima_symlink; static struct dentry *binary_runtime_measurements; static struct dentry *ascii_runtime_measurements; static struct dentry *runtime_measurements_count; static struct dentry *violations; static struct dentry *ima_policy; enum ima_fs_flags { … }; static unsigned long ima_fs_flags; #ifdef CONFIG_IMA_READ_POLICY static const struct seq_operations ima_policy_seqops = …; #endif static void __init remove_securityfs_measurement_lists(struct dentry **lists) { … } static int __init create_securityfs_measurement_lists(void) { … } /* * ima_open_policy: sequentialize access to the policy file */ static int ima_open_policy(struct inode *inode, struct file *filp) { … } /* * ima_release_policy - start using the new measure policy rules. * * Initially, ima_measure points to the default policy rules, now * point to the new policy rules, and remove the securityfs policy file, * assuming a valid policy. */ static int ima_release_policy(struct inode *inode, struct file *file) { … } static const struct file_operations ima_measure_policy_ops = …; int __init ima_fs_init(void) { … }
Codebase Browser
linux