Lines Matching refs:action
70 int action; member
103 {.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
104 {.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
105 {.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
106 {.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
107 {.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
108 {.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
109 {.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
110 {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
111 {.action = DONT_MEASURE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
112 {.action = DONT_MEASURE, .fsmagic = CGROUP_SUPER_MAGIC,
114 {.action = DONT_MEASURE, .fsmagic = CGROUP2_SUPER_MAGIC,
116 {.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
117 {.action = DONT_MEASURE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC}
121 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
123 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
125 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
128 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
129 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
133 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
135 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
137 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
140 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
143 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
144 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
145 {.action = MEASURE, .func = POLICY_CHECK, .flags = IMA_FUNC},
149 {.action = DONT_APPRAISE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
150 {.action = DONT_APPRAISE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
151 {.action = DONT_APPRAISE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
152 {.action = DONT_APPRAISE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
153 {.action = DONT_APPRAISE, .fsmagic = RAMFS_MAGIC, .flags = IMA_FSMAGIC},
154 {.action = DONT_APPRAISE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
155 {.action = DONT_APPRAISE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
156 {.action = DONT_APPRAISE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
157 {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
158 {.action = DONT_APPRAISE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
159 {.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
160 {.action = DONT_APPRAISE, .fsmagic = EFIVARFS_MAGIC, .flags = IMA_FSMAGIC},
161 {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC},
162 {.action = DONT_APPRAISE, .fsmagic = CGROUP2_SUPER_MAGIC, .flags = IMA_FSMAGIC},
164 {.action = APPRAISE, .func = POLICY_CHECK,
168 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq,
172 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq,
179 {.action = APPRAISE, .func = MODULE_CHECK,
183 {.action = APPRAISE, .func = FIRMWARE_CHECK,
187 {.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
191 {.action = APPRAISE, .func = POLICY_CHECK,
197 {.action = APPRAISE, .func = MODULE_CHECK,
199 {.action = APPRAISE, .func = FIRMWARE_CHECK,
201 {.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
203 {.action = APPRAISE, .func = POLICY_CHECK,
629 int action = 0, actmask = flags | (flags << 1); in ima_match_policy() local
637 if (!(entry->action & actmask)) in ima_match_policy()
644 action |= entry->flags & IMA_ACTION_FLAGS; in ima_match_policy()
646 action |= entry->action & IMA_DO_MASK; in ima_match_policy()
647 if (entry->action & IMA_APPRAISE) { in ima_match_policy()
648 action |= get_subaction(entry, func); in ima_match_policy()
649 action &= ~IMA_HASH; in ima_match_policy()
651 action |= IMA_FAIL_UNVERIFIABLE_SIGS; in ima_match_policy()
655 if (entry->action & IMA_DO_MASK) in ima_match_policy()
656 actmask &= ~(entry->action | entry->action << 1); in ima_match_policy()
658 actmask &= ~(entry->action | entry->action >> 1); in ima_match_policy()
671 return action; in ima_match_policy()
685 if (entry->action & IMA_DO_MASK) in ima_update_policy_flag()
686 ima_policy_flag |= entry->action; in ima_update_policy_flag()
726 if (entries[i].action == APPRAISE) { in add_rules()
1035 if (entry->action == UNKNOWN) in ima_validate_rule()
1038 if (entry->action != MEASURE && entry->flags & IMA_PCR) in ima_validate_rule()
1041 if (entry->action != APPRAISE && in ima_validate_rule()
1089 if (entry->action & ~(MEASURE | DONT_MEASURE)) in ima_validate_rule()
1099 if (entry->action & ~(MEASURE | DONT_MEASURE)) in ima_validate_rule()
1138 entry->action = UNKNOWN; in ima_parse_rule()
1153 if (entry->action != UNKNOWN) in ima_parse_rule()
1156 entry->action = MEASURE; in ima_parse_rule()
1161 if (entry->action != UNKNOWN) in ima_parse_rule()
1164 entry->action = DONT_MEASURE; in ima_parse_rule()
1169 if (entry->action != UNKNOWN) in ima_parse_rule()
1172 entry->action = APPRAISE; in ima_parse_rule()
1177 if (entry->action != UNKNOWN) in ima_parse_rule()
1180 entry->action = DONT_APPRAISE; in ima_parse_rule()
1185 if (entry->action != UNKNOWN) in ima_parse_rule()
1188 entry->action = AUDIT; in ima_parse_rule()
1193 if (entry->action != UNKNOWN) in ima_parse_rule()
1196 entry->action = HASH; in ima_parse_rule()
1201 if (entry->action != UNKNOWN) in ima_parse_rule()
1204 entry->action = DONT_HASH; in ima_parse_rule()
1453 if (entry->action != MEASURE) { in ima_parse_rule()
1481 else if (entry->action == APPRAISE) in ima_parse_rule()
1647 if (entry->action & MEASURE) in ima_policy_show()
1649 if (entry->action & DONT_MEASURE) in ima_policy_show()
1651 if (entry->action & APPRAISE) in ima_policy_show()
1653 if (entry->action & DONT_APPRAISE) in ima_policy_show()
1655 if (entry->action & AUDIT) in ima_policy_show()
1657 if (entry->action & HASH) in ima_policy_show()
1659 if (entry->action & DONT_HASH) in ima_policy_show()
1816 if (entry->action != APPRAISE) in ima_appraise_signature()