def validate(self, digest: ast.Digest, path: ast.Name,
data: ast.Buffer) -> Failure:
"""Validate a single entry."""
failure = Failure(Component.IMA, ["validation", "dm"])
try:
event = parse(data.data.decode("utf-8"), path.name)
hash_alg = Hash(digest.algorithm)
if digest.hash != hash_alg.hash(data.data):
failure.add_event(
"invalid_data",
"hash in IMA log and of the actual data mismatch", True)
match_key = self.policies["match_on"]
if path.name == "dm_table_load":
failure.merge(
self.validate_table_load(event, match_key, digest))
elif path.name == "dm_device_resume":
failure.merge(self.validate_device_resume(event, match_key))
elif path.name == "dm_device_remove":
failure.merge(self.validate_device_remove(event, match_key))
elif path.name == "dm_device_rename":
failure.merge(self.validate_device_rename(event, match_key))
elif path.name == "dm_table_clear":
failure.merge(self.validate_table_clear(event, match_key))
elif path.name == "dm_target_update":
failure.merge(self.validate_target_update(event, match_key))
else:
failure.add_event("invalid_event_type", {"got": path.name},
True)
except lark.exceptions.LarkError as e:
failure.add_event("parsing_failed",
f"Could not construct valid entry: {e}", True)
return failure
def get_FF_HASH(hash_alg: Hash) -> bytes:
return codecs.decode(b'f' * (hash_alg.get_size() // 4), 'hex')
def get_FF_HASH(hash_alg: Hash) -> bytes:
return codecs.decode(b"f" * (hash_alg.get_size() // 4), "hex")
def get_START_HASH(hash_alg: Hash):
return codecs.decode(b'0' * (hash_alg.get_size() // 4), 'hex')