summaryrefslogtreecommitdiffstats
path: root/security/integrity/integrity.h
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.ibm.com>2021-12-28 15:53:14 +0100
committerMimi Zohar <zohar@linux.ibm.com>2022-02-15 17:21:59 +0100
commitaae6ccbd826d26730a6fd9bc01884f0a0a9cbb25 (patch)
tree978973744ca1b7c07dd76ce1afc65a861f069a77 /security/integrity/integrity.h
parentima: Return error code obtained from securityfs functions (diff)
downloadlinux-aae6ccbd826d26730a6fd9bc01884f0a0a9cbb25.tar.xz
linux-aae6ccbd826d26730a6fd9bc01884f0a0a9cbb25.zip
ima: rename IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS
Simple policy rule options, such as fowner, uid, or euid, can be checked immediately, while other policy rule options, such as requiring a file signature, need to be deferred. The 'flags' field in the integrity_iint_cache struct contains the policy action', 'subaction', and non action/subaction. action: measure/measured, appraise/appraised, (collect)/collected, audit/audited subaction: appraise status for each hook (e.g. file, mmap, bprm, read, creds) non action/subaction: deferred policy rule options and state Rename the IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS. Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/integrity.h')
-rw-r--r--security/integrity/integrity.h4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 547425c20e11..d045dccd415a 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -30,8 +30,8 @@
#define IMA_HASH 0x00000100
#define IMA_HASHED 0x00000200
-/* iint cache flags */
-#define IMA_ACTION_FLAGS 0xff000000
+/* iint policy rule cache flags */
+#define IMA_NONACTION_FLAGS 0xff000000
#define IMA_DIGSIG_REQUIRED 0x01000000
#define IMA_PERMIT_DIRECTIO 0x02000000
#define IMA_NEW_FILE 0x04000000