Lines Matching refs:action
59 int action; member
89 {.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
90 {.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
91 {.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
92 {.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
93 {.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
94 {.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
95 {.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
96 {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
97 {.action = DONT_MEASURE, .fsmagic = CGROUP_SUPER_MAGIC,
99 {.action = DONT_MEASURE, .fsmagic = CGROUP2_SUPER_MAGIC,
101 {.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC}
105 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
107 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
109 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
112 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
113 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
117 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
119 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
121 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
124 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
127 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
128 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
129 {.action = MEASURE, .func = POLICY_CHECK, .flags = IMA_FUNC},
133 {.action = DONT_APPRAISE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
134 {.action = DONT_APPRAISE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
135 {.action = DONT_APPRAISE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
136 {.action = DONT_APPRAISE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
137 {.action = DONT_APPRAISE, .fsmagic = RAMFS_MAGIC, .flags = IMA_FSMAGIC},
138 {.action = DONT_APPRAISE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
139 {.action = DONT_APPRAISE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
140 {.action = DONT_APPRAISE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
141 {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
142 {.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
143 {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC},
144 {.action = DONT_APPRAISE, .fsmagic = CGROUP2_SUPER_MAGIC, .flags = IMA_FSMAGIC},
146 {.action = APPRAISE, .func = POLICY_CHECK,
150 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq,
154 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq,
160 {.action = APPRAISE, .func = MODULE_CHECK,
162 {.action = APPRAISE, .func = FIRMWARE_CHECK,
164 {.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
166 {.action = APPRAISE, .func = POLICY_CHECK,
369 int action = 0, actmask = flags | (flags << 1); in ima_match_policy() local
374 if (!(entry->action & actmask)) in ima_match_policy()
380 action |= entry->flags & IMA_ACTION_FLAGS; in ima_match_policy()
382 action |= entry->action & IMA_DO_MASK; in ima_match_policy()
383 if (entry->action & IMA_APPRAISE) in ima_match_policy()
384 action |= get_subaction(entry, func); in ima_match_policy()
386 if (entry->action & IMA_DO_MASK) in ima_match_policy()
387 actmask &= ~(entry->action | entry->action << 1); in ima_match_policy()
389 actmask &= ~(entry->action | entry->action >> 1); in ima_match_policy()
399 return action; in ima_match_policy()
413 if (entry->action & IMA_DO_MASK) in ima_update_policy_flag()
414 ima_policy_flag |= entry->action; in ima_update_policy_flag()
622 entry->action = UNKNOWN; in ima_parse_rule()
637 if (entry->action != UNKNOWN) in ima_parse_rule()
640 entry->action = MEASURE; in ima_parse_rule()
645 if (entry->action != UNKNOWN) in ima_parse_rule()
648 entry->action = DONT_MEASURE; in ima_parse_rule()
653 if (entry->action != UNKNOWN) in ima_parse_rule()
656 entry->action = APPRAISE; in ima_parse_rule()
661 if (entry->action != UNKNOWN) in ima_parse_rule()
664 entry->action = DONT_APPRAISE; in ima_parse_rule()
669 if (entry->action != UNKNOWN) in ima_parse_rule()
672 entry->action = AUDIT; in ima_parse_rule()
848 if (entry->action != APPRAISE) { in ima_parse_rule()
863 if (entry->action != MEASURE) { in ima_parse_rule()
882 if (!result && (entry->action == UNKNOWN)) in ima_parse_rule()
1034 if (entry->action & MEASURE) in ima_policy_show()
1036 if (entry->action & DONT_MEASURE) in ima_policy_show()
1038 if (entry->action & APPRAISE) in ima_policy_show()
1040 if (entry->action & DONT_APPRAISE) in ima_policy_show()
1042 if (entry->action & AUDIT) in ima_policy_show()