evm_main.c - OpenGrok cross reference for /kernel/linux/linux-6.6/security/integrity/evm/evm

Lines Matching full:evm
14 #define pr_fmt(fmt) "EVM: "fmt
21 #include <linux/evm.h>
29 #include "evm.h"
86 __setup("evm=", evm_set_fixmode);
94 	pr_info("Initialising EVM extended attributes:\n");  in evm_init_config()
116  * errors, based on the ability of EVM to calculate HMACs. If the HMAC key
156  * evm_verify_hmac - calculate and compare the HMAC with the EVM xattr
159  * and compare it against the stored security.evm xattr.
320  * evm_read_protected_xattrs - read EVM protected xattr names, lengths, values
396  * security.evm xattr. For performance, use the xattr value and length
427  * before EVM is initialized or in 'fix' mode.
475  * evm_protect_xattr - protect the EVM extended attribute
477  * Prevent security.evm from being modified or removed without the
481  * affect security.evm.  An interesting side affect of writing posix xattr
482  * acls is their modifying of the i_mode, which is included in security.evm.
483  * For posix xattr acls only, permit security.evm, even if it currently
484  * doesn't exist, to be updated unless the EVM signature is immutable.
556  * evm_inode_setxattr - protect the EVM extended attribute
563  * Before allowing the 'security.evm' protected xattr to be updated,
565  * access to the EVM encrypted key needed to calculate the HMAC, prevent
566  * userspace from writing HMAC value.  Writing 'security.evm' requires
593  * evm_inode_removexattr - protect the EVM extended attribute
598  * Removing 'security.evm' requires CAP_SYS_ADMIN privileges and that
643  * evm_inode_set_acl - protect the EVM extended attribute from posix acls
649  * Prevent modifying posix acls causing the EVM HMAC to be re-calculated
650  * and 'security.evm' xattr updated, unless the existing 'security.evm' is
703  * evm_revalidate_status - report whether EVM status re-validation is necessary
707  * EVM status.
728  * evm_inode_post_setxattr - update 'security.evm' to reflect the changes
734  * Update the HMAC stored in 'security.evm' to reflect the change.
758  * evm_inode_post_removexattr - update 'security.evm' after removing the xattr
762  * Update the HMAC stored in 'security.evm' to reflect removal of the xattr.
798  * evm_inode_setattr - prevent updating an invalid EVM extended attribute
803  * Permit update of file attributes when files have a valid EVM signature,
843  * evm_inode_post_setattr - update 'security.evm' after modifying metadata
847  * For now, update the HMAC stored in 'security.evm' to reflect UID/GID
875  * evm_inode_init_security - initializes security.evm HMAC value
891 	 * contiguous, there is enough space for security.evm, and that there is  in evm_inode_init_security()
899 	/* EVM xattr not needed. */  in evm_inode_init_security()