diff options
| author | Mimi Zohar <zohar@linux.ibm.com> | 2021-12-28 17:53:14 +0300 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2022-02-15 19:21:59 +0300 |
| commit | aae6ccbd826d26730a6fd9bc01884f0a0a9cbb25 (patch) | |
| tree | 978973744ca1b7c07dd76ce1afc65a861f069a77 /security/integrity/integrity.h | |
| parent | e4e071baea41e43aebd7f17ed1ffceeca6aa9868 (diff) | |
| download | linux-aae6ccbd826d26730a6fd9bc01884f0a0a9cbb25.tar.xz | |
ima: rename IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS
Simple policy rule options, such as fowner, uid, or euid, can be checked
immediately, while other policy rule options, such as requiring a file
signature, need to be deferred.
The 'flags' field in the integrity_iint_cache struct contains the policy
action', 'subaction', and non action/subaction.
action: measure/measured, appraise/appraised, (collect)/collected,
audit/audited
subaction: appraise status for each hook (e.g. file, mmap, bprm, read,
creds)
non action/subaction: deferred policy rule options and state
Rename the IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS.
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/integrity.h')
| -rw-r--r-- | security/integrity/integrity.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 547425c20e11..d045dccd415a 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -30,8 +30,8 @@ #define IMA_HASH 0x00000100 #define IMA_HASHED 0x00000200 -/* iint cache flags */ -#define IMA_ACTION_FLAGS 0xff000000 +/* iint policy rule cache flags */ +#define IMA_NONACTION_FLAGS 0xff000000 #define IMA_DIGSIG_REQUIRED 0x01000000 #define IMA_PERMIT_DIRECTIO 0x02000000 #define IMA_NEW_FILE 0x04000000 |