Lines Matching full:entry
383 static void ima_lsm_free_rule(struct ima_rule_entry *entry) in ima_lsm_free_rule() argument
388 ima_filter_rule_free(entry->lsm[i].rule); in ima_lsm_free_rule()
389 kfree(entry->lsm[i].args_p); in ima_lsm_free_rule()
393 static void ima_free_rule(struct ima_rule_entry *entry) in ima_free_rule() argument
395 if (!entry) in ima_free_rule()
399 * entry->template->fields may be allocated in ima_parse_rule() but that in ima_free_rule()
403 kfree(entry->fsname); in ima_free_rule()
404 kfree(entry->fs_subtype); in ima_free_rule()
405 ima_free_rule_opt_list(entry->keyrings); in ima_free_rule()
406 ima_lsm_free_rule(entry); in ima_free_rule()
407 kfree(entry); in ima_free_rule()
410 static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry, in ima_lsm_copy_rule() argument
420 nentry = kmemdup(entry, sizeof(*nentry), gfp); in ima_lsm_copy_rule()
427 if (!entry->lsm[i].args_p) in ima_lsm_copy_rule()
430 nentry->lsm[i].type = entry->lsm[i].type; in ima_lsm_copy_rule()
431 nentry->lsm[i].args_p = entry->lsm[i].args_p; in ima_lsm_copy_rule()
444 static int ima_lsm_update_rule(struct ima_rule_entry *entry) in ima_lsm_update_rule() argument
449 nentry = ima_lsm_copy_rule(entry, GFP_KERNEL); in ima_lsm_update_rule()
453 list_replace_rcu(&entry->list, &nentry->list); in ima_lsm_update_rule()
457 * LSM references, from entry to nentry so we only want to free the LSM in ima_lsm_update_rule()
458 * references and the entry itself. All other memory references will now in ima_lsm_update_rule()
462 ima_filter_rule_free(entry->lsm[i].rule); in ima_lsm_update_rule()
463 kfree(entry); in ima_lsm_update_rule()
468 static bool ima_rule_contains_lsm_cond(struct ima_rule_entry *entry) in ima_rule_contains_lsm_cond() argument
473 if (entry->lsm[i].args_p) in ima_rule_contains_lsm_cond()
486 struct ima_rule_entry *entry, *e; in ima_lsm_update_rules() local
489 list_for_each_entry_safe(entry, e, &ima_policy_rules, list) { in ima_lsm_update_rules()
490 if (!ima_rule_contains_lsm_cond(entry)) in ima_lsm_update_rules()
493 result = ima_lsm_update_rule(entry); in ima_lsm_update_rules()
758 struct ima_rule_entry *entry; in ima_match_policy() local
767 list_for_each_entry_rcu(entry, ima_rules_tmp, list) { in ima_match_policy()
769 if (!(entry->action & actmask)) in ima_match_policy()
772 if (!ima_match_rules(entry, idmap, inode, cred, prop, in ima_match_policy()
776 action |= entry->flags & IMA_NONACTION_FLAGS; in ima_match_policy()
778 action |= entry->action & IMA_DO_MASK; in ima_match_policy()
779 if (entry->action & IMA_APPRAISE) { in ima_match_policy()
780 action |= get_subaction(entry, func); in ima_match_policy()
786 entry->flags & IMA_VALIDATE_ALGOS) in ima_match_policy()
787 *allowed_algos = entry->allowed_algos; in ima_match_policy()
790 if (entry->action & IMA_DO_MASK) in ima_match_policy()
791 actmask &= ~(entry->action | entry->action << 1); in ima_match_policy()
793 actmask &= ~(entry->action | entry->action >> 1); in ima_match_policy()
795 if ((pcr) && (entry->flags & IMA_PCR)) in ima_match_policy()
796 *pcr = entry->pcr; in ima_match_policy()
798 if (template_desc && entry->template) in ima_match_policy()
799 *template_desc = entry->template; in ima_match_policy()
826 struct ima_rule_entry *entry; in ima_update_policy_flags() local
832 list_for_each_entry_rcu(entry, ima_rules_tmp, list) { in ima_update_policy_flags()
845 if (entry->func == SETXATTR_CHECK) { in ima_update_policy_flags()
847 0, entry->allowed_algos); in ima_update_policy_flags()
852 if (entry->action & IMA_DO_MASK) in ima_update_policy_flags()
853 new_policy_flag |= entry->action; in ima_update_policy_flags()
883 struct ima_rule_entry *entry; in add_rules() local
889 entry = kmemdup(&entries[i], sizeof(*entry), in add_rules()
891 if (!entry) in add_rules()
894 list_add_tail(&entry->list, &ima_policy_rules); in add_rules()
907 static int ima_parse_rule(char *rule, struct ima_rule_entry *entry);
1145 static int ima_lsm_rule_init(struct ima_rule_entry *entry, in ima_lsm_rule_init() argument
1150 if (entry->lsm[lsm_rule].rule) in ima_lsm_rule_init()
1153 entry->lsm[lsm_rule].args_p = match_strdup(args); in ima_lsm_rule_init()
1154 if (!entry->lsm[lsm_rule].args_p) in ima_lsm_rule_init()
1157 entry->lsm[lsm_rule].type = audit_type; in ima_lsm_rule_init()
1158 result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal, in ima_lsm_rule_init()
1159 entry->lsm[lsm_rule].args_p, in ima_lsm_rule_init()
1160 &entry->lsm[lsm_rule].rule, in ima_lsm_rule_init()
1162 if (!entry->lsm[lsm_rule].rule) { in ima_lsm_rule_init()
1164 entry->lsm[lsm_rule].args_p); in ima_lsm_rule_init()
1167 kfree(entry->lsm[lsm_rule].args_p); in ima_lsm_rule_init()
1168 entry->lsm[lsm_rule].args_p = NULL; in ima_lsm_rule_init()
1257 static bool ima_validate_rule(struct ima_rule_entry *entry) in ima_validate_rule() argument
1260 if (entry->action == UNKNOWN) in ima_validate_rule()
1263 if (entry->action != MEASURE && entry->flags & IMA_PCR) in ima_validate_rule()
1266 if (entry->action != APPRAISE && in ima_validate_rule()
1267 entry->flags & (IMA_DIGSIG_REQUIRED | IMA_MODSIG_ALLOWED | in ima_validate_rule()
1277 if (((entry->flags & IMA_FUNC) && entry->func == NONE) || in ima_validate_rule()
1278 (!(entry->flags & IMA_FUNC) && entry->func != NONE)) in ima_validate_rule()
1285 switch (entry->func) { in ima_validate_rule()
1295 if (entry->flags & ~(IMA_FUNC | IMA_MASK | IMA_FSMAGIC | in ima_validate_rule()
1309 if (entry->flags & ~(IMA_FUNC | IMA_MASK | IMA_FSMAGIC | in ima_validate_rule()
1321 if (entry->action & ~(MEASURE | DONT_MEASURE)) in ima_validate_rule()
1324 if (entry->flags & ~(IMA_FUNC | IMA_FSMAGIC | IMA_UID | in ima_validate_rule()
1333 if (entry->action & ~(MEASURE | DONT_MEASURE)) in ima_validate_rule()
1336 if (entry->flags & ~(IMA_FUNC | IMA_UID | IMA_GID | IMA_PCR | in ima_validate_rule()
1340 if (ima_rule_contains_lsm_cond(entry)) in ima_validate_rule()
1345 if (entry->action & ~(MEASURE | DONT_MEASURE)) in ima_validate_rule()
1348 if (entry->flags & ~(IMA_FUNC | IMA_UID | IMA_GID | IMA_PCR | in ima_validate_rule()
1352 if (ima_rule_contains_lsm_cond(entry)) in ima_validate_rule()
1358 if (entry->action != APPRAISE) in ima_validate_rule()
1362 if (!(entry->flags & IMA_VALIDATE_ALGOS)) in ima_validate_rule()
1369 if (entry->flags & ~(IMA_FUNC | IMA_VALIDATE_ALGOS)) in ima_validate_rule()
1378 if (entry->flags & IMA_CHECK_BLACKLIST && in ima_validate_rule()
1379 !(entry->flags & IMA_DIGSIG_REQUIRED)) in ima_validate_rule()
1389 if (entry->action == APPRAISE && in ima_validate_rule()
1390 (entry->flags & IMA_VERITY_REQUIRED) && in ima_validate_rule()
1391 !(entry->flags & IMA_DIGSIG_REQUIRED)) in ima_validate_rule()
1425 static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) in ima_parse_rule() argument
1437 entry->uid = INVALID_UID; in ima_parse_rule()
1438 entry->gid = INVALID_GID; in ima_parse_rule()
1439 entry->fowner = INVALID_UID; in ima_parse_rule()
1440 entry->fgroup = INVALID_GID; in ima_parse_rule()
1441 entry->uid_op = &uid_eq; in ima_parse_rule()
1442 entry->gid_op = &gid_eq; in ima_parse_rule()
1443 entry->fowner_op = &vfsuid_eq_kuid; in ima_parse_rule()
1444 entry->fgroup_op = &vfsgid_eq_kgid; in ima_parse_rule()
1445 entry->action = UNKNOWN; in ima_parse_rule()
1460 if (entry->action != UNKNOWN) in ima_parse_rule()
1463 entry->action = MEASURE; in ima_parse_rule()
1468 if (entry->action != UNKNOWN) in ima_parse_rule()
1471 entry->action = DONT_MEASURE; in ima_parse_rule()
1476 if (entry->action != UNKNOWN) in ima_parse_rule()
1479 entry->action = APPRAISE; in ima_parse_rule()
1484 if (entry->action != UNKNOWN) in ima_parse_rule()
1487 entry->action = DONT_APPRAISE; in ima_parse_rule()
1492 if (entry->action != UNKNOWN) in ima_parse_rule()
1495 entry->action = AUDIT; in ima_parse_rule()
1500 if (entry->action != UNKNOWN) in ima_parse_rule()
1503 entry->action = DONT_AUDIT; in ima_parse_rule()
1508 if (entry->action != UNKNOWN) in ima_parse_rule()
1511 entry->action = HASH; in ima_parse_rule()
1516 if (entry->action != UNKNOWN) in ima_parse_rule()
1519 entry->action = DONT_HASH; in ima_parse_rule()
1524 if (entry->func) in ima_parse_rule()
1528 entry->func = FILE_CHECK; in ima_parse_rule()
1531 entry->func = FILE_CHECK; in ima_parse_rule()
1533 entry->func = MODULE_CHECK; in ima_parse_rule()
1535 entry->func = FIRMWARE_CHECK; in ima_parse_rule()
1538 entry->func = MMAP_CHECK; in ima_parse_rule()
1540 entry->func = MMAP_CHECK_REQPROT; in ima_parse_rule()
1542 entry->func = BPRM_CHECK; in ima_parse_rule()
1544 entry->func = CREDS_CHECK; in ima_parse_rule()
1547 entry->func = KEXEC_KERNEL_CHECK; in ima_parse_rule()
1550 entry->func = KEXEC_INITRAMFS_CHECK; in ima_parse_rule()
1552 entry->func = POLICY_CHECK; in ima_parse_rule()
1554 entry->func = KEXEC_CMDLINE; in ima_parse_rule()
1557 entry->func = KEY_CHECK; in ima_parse_rule()
1559 entry->func = CRITICAL_DATA; in ima_parse_rule()
1561 entry->func = SETXATTR_CHECK; in ima_parse_rule()
1565 entry->flags |= IMA_FUNC; in ima_parse_rule()
1570 if (entry->mask) in ima_parse_rule()
1578 entry->mask = MAY_EXEC; in ima_parse_rule()
1580 entry->mask = MAY_WRITE; in ima_parse_rule()
1582 entry->mask = MAY_READ; in ima_parse_rule()
1584 entry->mask = MAY_APPEND; in ima_parse_rule()
1588 entry->flags |= (*args[0].from == '^') in ima_parse_rule()
1594 if (entry->fsmagic) { in ima_parse_rule()
1599 result = kstrtoul(args[0].from, 16, &entry->fsmagic); in ima_parse_rule()
1601 entry->flags |= IMA_FSMAGIC; in ima_parse_rule()
1606 entry->fsname = kstrdup(args[0].from, GFP_KERNEL); in ima_parse_rule()
1607 if (!entry->fsname) { in ima_parse_rule()
1612 entry->flags |= IMA_FSNAME; in ima_parse_rule()
1617 if (entry->fs_subtype) { in ima_parse_rule()
1622 entry->fs_subtype = kstrdup(args[0].from, GFP_KERNEL); in ima_parse_rule()
1623 if (!entry->fs_subtype) { in ima_parse_rule()
1628 entry->flags |= IMA_FS_SUBTYPE; in ima_parse_rule()
1634 entry->keyrings) { in ima_parse_rule()
1639 entry->keyrings = ima_alloc_rule_opt_list(args); in ima_parse_rule()
1640 if (IS_ERR(entry->keyrings)) { in ima_parse_rule()
1641 result = PTR_ERR(entry->keyrings); in ima_parse_rule()
1642 entry->keyrings = NULL; in ima_parse_rule()
1646 entry->flags |= IMA_KEYRINGS; in ima_parse_rule()
1651 if (entry->label) { in ima_parse_rule()
1656 entry->label = ima_alloc_rule_opt_list(args); in ima_parse_rule()
1657 if (IS_ERR(entry->label)) { in ima_parse_rule()
1658 result = PTR_ERR(entry->label); in ima_parse_rule()
1659 entry->label = NULL; in ima_parse_rule()
1663 entry->flags |= IMA_LABEL; in ima_parse_rule()
1668 if (!uuid_is_null(&entry->fsuuid)) { in ima_parse_rule()
1673 result = uuid_parse(args[0].from, &entry->fsuuid); in ima_parse_rule()
1675 entry->flags |= IMA_FSUUID; in ima_parse_rule()
1679 entry->uid_op = &uid_gt; in ima_parse_rule()
1684 entry->uid_op = &uid_lt; in ima_parse_rule()
1695 if (uid_valid(entry->uid)) { in ima_parse_rule()
1702 entry->uid = make_kuid(current_user_ns(), in ima_parse_rule()
1704 if (!uid_valid(entry->uid) || in ima_parse_rule()
1708 entry->flags |= eid_token in ima_parse_rule()
1714 entry->gid_op = &gid_gt; in ima_parse_rule()
1719 entry->gid_op = &gid_lt; in ima_parse_rule()
1730 if (gid_valid(entry->gid)) { in ima_parse_rule()
1737 entry->gid = make_kgid(current_user_ns(), in ima_parse_rule()
1739 if (!gid_valid(entry->gid) || in ima_parse_rule()
1743 entry->flags |= eid_token in ima_parse_rule()
1748 entry->fowner_op = &vfsuid_gt_kuid; in ima_parse_rule()
1752 entry->fowner_op = &vfsuid_lt_kuid; in ima_parse_rule()
1757 if (uid_valid(entry->fowner)) { in ima_parse_rule()
1764 entry->fowner = make_kuid(current_user_ns(), in ima_parse_rule()
1766 if (!uid_valid(entry->fowner) || in ima_parse_rule()
1770 entry->flags |= IMA_FOWNER; in ima_parse_rule()
1774 entry->fgroup_op = &vfsgid_gt_kgid; in ima_parse_rule()
1778 entry->fgroup_op = &vfsgid_lt_kgid; in ima_parse_rule()
1783 if (gid_valid(entry->fgroup)) { in ima_parse_rule()
1790 entry->fgroup = make_kgid(current_user_ns(), in ima_parse_rule()
1792 if (!gid_valid(entry->fgroup) || in ima_parse_rule()
1796 entry->flags |= IMA_FGROUP; in ima_parse_rule()
1801 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1807 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1813 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1819 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1825 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1831 result = ima_lsm_rule_init(entry, args, in ima_parse_rule()
1837 if (entry->flags & IMA_DIGSIG_REQUIRED) in ima_parse_rule()
1840 entry->flags |= IMA_VERITY_REQUIRED; in ima_parse_rule()
1848 if (entry->flags & IMA_VERITY_REQUIRED) in ima_parse_rule()
1851 entry->flags |= IMA_DIGSIG_REQUIRED | IMA_CHECK_BLACKLIST; in ima_parse_rule()
1854 if (entry->flags & IMA_VERITY_REQUIRED) in ima_parse_rule()
1855 entry->flags |= IMA_DIGSIG_REQUIRED | IMA_CHECK_BLACKLIST; in ima_parse_rule()
1860 if (entry->flags & IMA_VERITY_REQUIRED) in ima_parse_rule()
1863 entry->flags |= IMA_DIGSIG_REQUIRED | in ima_parse_rule()
1875 if (entry->allowed_algos) { in ima_parse_rule()
1880 entry->allowed_algos = in ima_parse_rule()
1883 if (!entry->allowed_algos) { in ima_parse_rule()
1888 entry->flags |= IMA_VALIDATE_ALGOS; in ima_parse_rule()
1892 entry->flags |= IMA_PERMIT_DIRECTIO; in ima_parse_rule()
1897 result = kstrtoint(args[0].from, 10, &entry->pcr); in ima_parse_rule()
1898 if (result || INVALID_PCR(entry->pcr)) in ima_parse_rule()
1901 entry->flags |= IMA_PCR; in ima_parse_rule()
1906 if (entry->action != MEASURE) { in ima_parse_rule()
1911 if (!template_desc || entry->template) { in ima_parse_rule()
1924 entry->template = template_desc; in ima_parse_rule()
1932 if (!result && !ima_validate_rule(entry)) in ima_parse_rule()
1934 else if (entry->action == APPRAISE) in ima_parse_rule()
1935 temp_ima_appraise |= ima_appraise_flag(entry->func); in ima_parse_rule()
1937 if (!result && entry->flags & IMA_MODSIG_ALLOWED) { in ima_parse_rule()
1938 template_desc = entry->template ? entry->template : in ima_parse_rule()
1944 if (!result && entry->action == MEASURE && in ima_parse_rule()
1945 entry->flags & IMA_VERITY_REQUIRED) { in ima_parse_rule()
1946 template_desc = entry->template ? entry->template : in ima_parse_rule()
1968 struct ima_rule_entry *entry; in ima_parse_add_rule() local
1979 entry = kzalloc(sizeof(*entry), GFP_KERNEL); in ima_parse_add_rule()
1980 if (!entry) { in ima_parse_add_rule()
1986 INIT_LIST_HEAD(&entry->list); in ima_parse_add_rule()
1988 result = ima_parse_rule(p, entry); in ima_parse_add_rule()
1990 ima_free_rule(entry); in ima_parse_add_rule()
1997 list_add_tail(&entry->list, &ima_temp_rules); in ima_parse_add_rule()
2011 struct ima_rule_entry *entry, *tmp; in ima_delete_rules() local
2014 list_for_each_entry_safe(entry, tmp, &ima_temp_rules, list) { in ima_delete_rules()
2015 list_del(&entry->list); in ima_delete_rules()
2016 ima_free_rule(entry); in ima_delete_rules()
2041 struct ima_rule_entry *entry; in ima_policy_start() local
2046 list_for_each_entry_rcu(entry, ima_rules_tmp, list) { in ima_policy_start()
2049 return entry; in ima_policy_start()
2058 struct ima_rule_entry *entry = v; in ima_policy_next() local
2061 entry = list_entry_rcu(entry->list.next, struct ima_rule_entry, list); in ima_policy_next()
2065 return (&entry->list == &ima_default_rules || in ima_policy_next()
2066 &entry->list == &ima_policy_rules) ? NULL : entry; in ima_policy_next()
2115 struct ima_rule_entry *entry = v; in ima_policy_show() local
2124 if (entry->lsm[i].args_p && !entry->lsm[i].rule) { in ima_policy_show()
2130 if (entry->action & MEASURE) in ima_policy_show()
2132 if (entry->action & DONT_MEASURE) in ima_policy_show()
2134 if (entry->action & APPRAISE) in ima_policy_show()
2136 if (entry->action & DONT_APPRAISE) in ima_policy_show()
2138 if (entry->action & AUDIT) in ima_policy_show()
2140 if (entry->action & DONT_AUDIT) in ima_policy_show()
2142 if (entry->action & HASH) in ima_policy_show()
2144 if (entry->action & DONT_HASH) in ima_policy_show()
2149 if (entry->flags & IMA_FUNC) in ima_policy_show()
2150 policy_func_show(m, entry->func); in ima_policy_show()
2152 if ((entry->flags & IMA_MASK) || (entry->flags & IMA_INMASK)) { in ima_policy_show()
2153 if (entry->flags & IMA_MASK) in ima_policy_show()
2155 if (entry->mask & MAY_EXEC) in ima_policy_show()
2157 if (entry->mask & MAY_WRITE) in ima_policy_show()
2159 if (entry->mask & MAY_READ) in ima_policy_show()
2161 if (entry->mask & MAY_APPEND) in ima_policy_show()
2166 if (entry->flags & IMA_FSMAGIC) { in ima_policy_show()
2167 snprintf(tbuf, sizeof(tbuf), "0x%lx", entry->fsmagic); in ima_policy_show()
2172 if (entry->flags & IMA_FSNAME) { in ima_policy_show()
2173 snprintf(tbuf, sizeof(tbuf), "%s", entry->fsname); in ima_policy_show()
2178 if (entry->flags & IMA_FS_SUBTYPE) { in ima_policy_show()
2179 snprintf(tbuf, sizeof(tbuf), "%s", entry->fs_subtype); in ima_policy_show()
2184 if (entry->flags & IMA_KEYRINGS) { in ima_policy_show()
2186 ima_show_rule_opt_list(m, entry->keyrings); in ima_policy_show()
2190 if (entry->flags & IMA_LABEL) { in ima_policy_show()
2192 ima_show_rule_opt_list(m, entry->label); in ima_policy_show()
2196 if (entry->flags & IMA_PCR) { in ima_policy_show()
2197 snprintf(tbuf, sizeof(tbuf), "%d", entry->pcr); in ima_policy_show()
2202 if (entry->flags & IMA_FSUUID) { in ima_policy_show()
2203 seq_printf(m, "fsuuid=%pU", &entry->fsuuid); in ima_policy_show()
2207 if (entry->flags & IMA_UID) { in ima_policy_show()
2208 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid)); in ima_policy_show()
2209 if (entry->uid_op == &uid_gt) in ima_policy_show()
2211 else if (entry->uid_op == &uid_lt) in ima_policy_show()
2218 if (entry->flags & IMA_EUID) { in ima_policy_show()
2219 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid)); in ima_policy_show()
2220 if (entry->uid_op == &uid_gt) in ima_policy_show()
2222 else if (entry->uid_op == &uid_lt) in ima_policy_show()
2229 if (entry->flags & IMA_GID) { in ima_policy_show()
2230 snprintf(tbuf, sizeof(tbuf), "%d", __kgid_val(entry->gid)); in ima_policy_show()
2231 if (entry->gid_op == &gid_gt) in ima_policy_show()
2233 else if (entry->gid_op == &gid_lt) in ima_policy_show()
2240 if (entry->flags & IMA_EGID) { in ima_policy_show()
2241 snprintf(tbuf, sizeof(tbuf), "%d", __kgid_val(entry->gid)); in ima_policy_show()
2242 if (entry->gid_op == &gid_gt) in ima_policy_show()
2244 else if (entry->gid_op == &gid_lt) in ima_policy_show()
2251 if (entry->flags & IMA_FOWNER) { in ima_policy_show()
2252 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->fowner)); in ima_policy_show()
2253 if (entry->fowner_op == &vfsuid_gt_kuid) in ima_policy_show()
2255 else if (entry->fowner_op == &vfsuid_lt_kuid) in ima_policy_show()
2262 if (entry->flags & IMA_FGROUP) { in ima_policy_show()
2263 snprintf(tbuf, sizeof(tbuf), "%d", __kgid_val(entry->fgroup)); in ima_policy_show()
2264 if (entry->fgroup_op == &vfsgid_gt_kgid) in ima_policy_show()
2266 else if (entry->fgroup_op == &vfsgid_lt_kgid) in ima_policy_show()
2273 if (entry->flags & IMA_VALIDATE_ALGOS) { in ima_policy_show()
2275 ima_policy_show_appraise_algos(m, entry->allowed_algos); in ima_policy_show()
2280 if (entry->lsm[i].rule) { in ima_policy_show()
2284 entry->lsm[i].args_p); in ima_policy_show()
2288 entry->lsm[i].args_p); in ima_policy_show()
2292 entry->lsm[i].args_p); in ima_policy_show()
2296 entry->lsm[i].args_p); in ima_policy_show()
2300 entry->lsm[i].args_p); in ima_policy_show()
2304 entry->lsm[i].args_p); in ima_policy_show()
2310 if (entry->template) in ima_policy_show()
2311 seq_printf(m, "template=%s ", entry->template->name); in ima_policy_show()
2312 if (entry->flags & IMA_DIGSIG_REQUIRED) { in ima_policy_show()
2313 if (entry->flags & IMA_VERITY_REQUIRED) in ima_policy_show()
2315 else if (entry->flags & IMA_MODSIG_ALLOWED) in ima_policy_show()
2320 if (entry->flags & IMA_VERITY_REQUIRED) in ima_policy_show()
2322 if (entry->flags & IMA_PERMIT_DIRECTIO) in ima_policy_show()
2339 struct ima_rule_entry *entry; in ima_appraise_signature() local
2355 list_for_each_entry_rcu(entry, ima_rules_tmp, list) { in ima_appraise_signature()
2356 if (entry->action != APPRAISE) in ima_appraise_signature()
2360 * A generic entry will match, but otherwise require that it in ima_appraise_signature()
2363 if (entry->func && entry->func != func) in ima_appraise_signature()
2370 if (entry->flags & IMA_DIGSIG_REQUIRED) in ima_appraise_signature()