summaryrefslogtreecommitdiffstats
path: root/security/integrity/ima/ima_main.c
diff options
context:
space:
mode:
authorDmitry Kasatkin <dmitry.kasatkin@intel.com>2012-09-12 19:51:32 +0200
committerMimi Zohar <zohar@linux.vnet.ibm.com>2012-09-13 20:23:57 +0200
commit45e2472e67bf66f794d507b52e82af92e0614e49 (patch)
tree4b3ba557d4f9da9bca14ce85bee965e4a9fcd6ac /security/integrity/ima/ima_main.c
parentima: rename ima_must_appraise_or_measure (diff)
downloadlinux-45e2472e67bf66f794d507b52e82af92e0614e49.tar.xz
linux-45e2472e67bf66f794d507b52e82af92e0614e49.zip
ima: generic IMA action flag handling
Make the IMA action flag handling generic in order to support additional new actions, without requiring changes to the base implementation. New actions, like audit logging, will only need to modify the define statements. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_main.c')
-rw-r--r--security/integrity/ima/ima_main.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 60b047e96f4e..5da08b75d367 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -117,7 +117,7 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint,
mutex_lock(&inode->i_mutex);
if (atomic_read(&inode->i_writecount) == 1 &&
iint->version != inode->i_version) {
- iint->flags &= ~(IMA_COLLECTED | IMA_APPRAISED | IMA_MEASURED);
+ iint->flags &= ~IMA_DONE_MASK;
if (iint->flags & IMA_APPRAISE)
ima_update_xattr(iint, file);
}
@@ -173,7 +173,7 @@ static int process_measurement(struct file *file, const unsigned char *filename,
/* Determine if already appraised/measured based on bitmask
* (IMA_MEASURE, IMA_MEASURED, IMA_APPRAISE, IMA_APPRAISED) */
iint->flags |= action;
- action &= ~((iint->flags & (IMA_MEASURED | IMA_APPRAISED)) >> 1);
+ action &= ~((iint->flags & IMA_DONE_MASK) >> 1);
/* Nothing to do, just return existing appraised status */
if (!action) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 14:33:12 +0100