/** * ima_post_path_mknod - mark as a new inode * @dentry: newly created dentry * * Mark files created via the mknodat syscall as new, so that the * file data can be written later. */ void ima_post_path_mknod(struct dentry *dentry) { struct integrity_iint_cache *iint; struct inode *inode = dentry->d_inode; int must_appraise; must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK); if (!must_appraise) return; iint = integrity_inode_get(inode); if (iint) iint->flags |= IMA_NEW_FILE; }
/** * ima_post_path_mknod - mark as a new inode * @dentry: newly created dentry * * Mark files created via the mknodat syscall as new, so that the * file data can be written later. */ void ima_post_path_mknod(struct dentry *dentry) { struct integrity_iint_cache *iint; struct inode *inode = dentry->d_inode; int must_appraise; must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK); if (!must_appraise) return; /* Nothing to do if we can't allocate memory */ iint = integrity_inode_get(inode); if (!iint) return; /* needed for re-opening empty files */ iint->flags |= IMA_NEW_FILE; }
/** * ima_post_create_tmpfile - mark newly created tmpfile as new * @file : newly created tmpfile * * No measuring, appraising or auditing of newly created tmpfiles is needed. * Skip calling process_measurement(), but indicate which newly, created * tmpfiles are in policy. */ void ima_post_create_tmpfile(struct inode *inode) { struct integrity_iint_cache *iint; int must_appraise; must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK); if (!must_appraise) return; /* Nothing to do if we can't allocate memory */ iint = integrity_inode_get(inode); if (!iint) return; /* needed for writing the security xattrs */ set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags); iint->ima_file_status = INTEGRITY_PASS; }
/** * ima_inode_post_setattr - reflect file metadata changes * @dentry: pointer to the affected dentry * * Changes to a dentry's metadata might result in needing to appraise. * * This function is called from notify_change(), which expects the caller * to lock the inode's i_mutex. */ void ima_inode_post_setattr(struct dentry *dentry) { struct inode *inode = dentry->d_inode; struct integrity_iint_cache *iint; int must_appraise, rc; if (!ima_initialized || !ima_appraise || !S_ISREG(inode->i_mode) || !inode->i_op->removexattr) return; must_appraise = ima_must_appraise(inode, MAY_ACCESS, POST_SETATTR); iint = integrity_iint_find(inode); if (iint) { if (must_appraise) iint->flags |= IMA_APPRAISE; else iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED); } if (!must_appraise) rc = inode->i_op->removexattr(dentry, XATTR_NAME_IMA); return; }
/** * ima_inode_post_setattr - reflect file metadata changes * @dentry: pointer to the affected dentry * * Changes to a dentry's metadata might result in needing to appraise. * * This function is called from notify_change(), which expects the caller * to lock the inode's i_mutex. */ void ima_inode_post_setattr(struct dentry *dentry) { struct inode *inode = d_backing_inode(dentry); struct integrity_iint_cache *iint; int must_appraise, rc; if (!(ima_policy_flag & IMA_APPRAISE) || !S_ISREG(inode->i_mode) || !inode->i_op->removexattr) return; must_appraise = ima_must_appraise(inode, MAY_ACCESS, POST_SETATTR); iint = integrity_iint_find(inode); if (iint) { iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED | IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK | IMA_ACTION_FLAGS); if (must_appraise) iint->flags |= IMA_APPRAISE; } if (!must_appraise) rc = inode->i_op->removexattr(dentry, XATTR_NAME_IMA); return; }