C++ (Cpp) is_module_sig_enforced Exemples

Langage de programmation: C++ (Cpp)

Méthode/Fonction: is_module_sig_enforced

Exemples au hotexamples.com: 2

C++ (Cpp) is_module_sig_enforced - 2 exemples trouvés. Ce sont les exemples réels les mieux notés de is_module_sig_enforced extraits de projets open source. Vous pouvez noter les exemples pour nous aider à en améliorer la qualité.

Exemple #1

0

Afficher le fichier

Fichier : ima_main.c Projet : markus-oberhumer/linux

/** * ima_load_data - appraise decision based on policy * @id: kernel load data caller identifier * * Callers of this LSM hook can not measure, appraise, or audit the * data provided by userspace. Enforce policy rules requring a file * signature (eg. kexec'ed kernel image). * * For permission return 0, otherwise return -EACCES. */ int ima_load_data(enum kernel_load_data_id id) { bool sig_enforce; if ((ima_appraise & IMA_APPRAISE_ENFORCE) != IMA_APPRAISE_ENFORCE) return 0; switch (id) { case LOADING_KEXEC_IMAGE: if (ima_appraise & IMA_APPRAISE_KEXEC) { pr_err("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load syscall.\n"); return -EACCES; /* INTEGRITY_UNKNOWN */ } break; case LOADING_FIRMWARE: if (ima_appraise & IMA_APPRAISE_FIRMWARE) { pr_err("Prevent firmware sysfs fallback loading.\n"); return -EACCES; /* INTEGRITY_UNKNOWN */ } break; case LOADING_MODULE: sig_enforce = is_module_sig_enforced(); if (!sig_enforce && (ima_appraise & IMA_APPRAISE_MODULES)) { pr_err("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter might help\n"); return -EACCES; /* INTEGRITY_UNKNOWN */ } default: break; } return 0; }

Exemple #2

0

Afficher le fichier

Fichier : ima_main.c Projet : krzk/linux

/** * ima_read_file - pre-measure/appraise hook decision based on policy * @file: pointer to the file to be measured/appraised/audit * @read_id: caller identifier * * Permit reading a file based on policy. The policy rules are written * in terms of the policy identifier. Appraising the integrity of * a file requires a file descriptor. * * For permission return 0, otherwise return -EACCES. */ int ima_read_file(struct file *file, enum kernel_read_file_id read_id) { bool sig_enforce = is_module_sig_enforced(); if (!file && read_id == READING_MODULE) { if (!sig_enforce && (ima_appraise & IMA_APPRAISE_MODULES) && (ima_appraise & IMA_APPRAISE_ENFORCE)) { pr_err("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter might help\n"); return -EACCES; /* INTEGRITY_UNKNOWN */ } return 0; /* We rely on module signature checking */ } return 0; }