diff options
| author |   Mimi Zohar <zohar@linux.ibm.com> | 2021-12-28 09:53:14 -0500 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2022-02-15 11:21:59 -0500 |
| commit | aae6ccbd826d26730a6fd9bc01884f0a0a9cbb25 (patch) | |
| tree | 978973744ca1b7c07dd76ce1afc65a861f069a77 /security/integrity/ima/ima_main.c | |
| parent | ima: Return error code obtained from securityfs functions (diff) | |
| download | linux-dev-aae6ccbd826d26730a6fd9bc01884f0a0a9cbb25.tar.xz linux-dev-aae6ccbd826d26730a6fd9bc01884f0a0a9cbb25.zip | |
ima: rename IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS
Simple policy rule options, such as fowner, uid, or euid, can be checked
immediately, while other policy rule options, such as requiring a file
signature, need to be deferred.
The 'flags' field in the integrity_iint_cache struct contains the policy
action', 'subaction', and non action/subaction.
action: measure/measured, appraise/appraised, (collect)/collected,
audit/audited
subaction: appraise status for each hook (e.g. file, mmap, bprm, read,
creds)
non action/subaction: deferred policy rule options and state
Rename the IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS.
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_main.c')
| -rw-r--r-- | security/integrity/ima/ima_main.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 8ed6da428328..7c80dfe2c7a5 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -263,7 +263,7 @@ static int process_measurement(struct file *file, const struct cred *cred, /* reset appraisal flags if ima_inode_post_setattr was called */ iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED | IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK | - IMA_ACTION_FLAGS); + IMA_NONACTION_FLAGS); /* * Re-evaulate the file if either the xattr has changed or the |