diff options
author | Dmitry Kasatkin <dmitry.kasatkin@nokia.com> | 2011-05-06 10:34:17 +0200 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-07-18 18:29:48 +0200 |
commit | 24e0198efe0df50034ec1c14b2d7b5bb0f66d54a (patch) | |
tree | 64f7d23cd7b07dabe826c2a6ed37f7c1842816b2 | |
parent | evm: evm_verify_hmac must not return INTEGRITY_UNKNOWN (diff) | |
download | linux-24e0198efe0df50034ec1c14b2d7b5bb0f66d54a.tar.xz linux-24e0198efe0df50034ec1c14b2d7b5bb0f66d54a.zip |
evm: replace hmac_status with evm_status
We will use digital signatures in addtion to hmac.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
-rw-r--r-- | security/integrity/evm/evm_main.c | 14 | ||||
-rw-r--r-- | security/integrity/iint.c | 2 | ||||
-rw-r--r-- | security/integrity/integrity.h | 2 |
3 files changed, 9 insertions, 9 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index bfe44dff61bb..eb07f9d13c24 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -56,8 +56,8 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, struct evm_ima_xattr_data xattr_data; int rc; - if (iint->hmac_status == INTEGRITY_PASS) - return iint->hmac_status; + if (iint->evm_status == INTEGRITY_PASS) + return iint->evm_status; /* if status is not PASS, try to check again - against -ENOMEM */ @@ -71,18 +71,18 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, sizeof xattr_data, GFP_NOFS); if (rc < 0) goto err_out; - iint->hmac_status = INTEGRITY_PASS; - return iint->hmac_status; + iint->evm_status = INTEGRITY_PASS; + return iint->evm_status; err_out: switch (rc) { case -ENODATA: /* file not labelled */ - iint->hmac_status = INTEGRITY_NOLABEL; + iint->evm_status = INTEGRITY_NOLABEL; break; default: - iint->hmac_status = INTEGRITY_FAIL; + iint->evm_status = INTEGRITY_FAIL; } - return iint->hmac_status; + return iint->evm_status; } static int evm_protected_xattr(const char *req_xattr_name) diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 991df20709b0..0a23e075e1d2 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -157,7 +157,7 @@ static void init_once(void *foo) iint->version = 0; iint->flags = 0UL; mutex_init(&iint->mutex); - iint->hmac_status = INTEGRITY_UNKNOWN; + iint->evm_status = INTEGRITY_UNKNOWN; } static int __init integrity_iintcache_init(void) diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 7efbf560b7d5..880bbee2f534 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -37,7 +37,7 @@ struct integrity_iint_cache { unsigned char flags; u8 digest[SHA1_DIGEST_SIZE]; struct mutex mutex; /* protects: version, flags, digest */ - enum integrity_status hmac_status; + enum integrity_status evm_status; }; /* rbtree tree calls to lookup, insert, delete |