diff options
author | Mimi Zohar <zohar@linux.ibm.com> | 2021-12-28 15:53:14 +0100 |
---|---|---|
committer | Mimi Zohar <zohar@linux.ibm.com> | 2022-02-15 17:21:59 +0100 |
commit | aae6ccbd826d26730a6fd9bc01884f0a0a9cbb25 (patch) | |
tree | 978973744ca1b7c07dd76ce1afc65a861f069a77 /security/integrity/integrity.h | |
parent | ima: Return error code obtained from securityfs functions (diff) | |
download | linux-aae6ccbd826d26730a6fd9bc01884f0a0a9cbb25.tar.xz linux-aae6ccbd826d26730a6fd9bc01884f0a0a9cbb25.zip |
ima: rename IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS
Simple policy rule options, such as fowner, uid, or euid, can be checked
immediately, while other policy rule options, such as requiring a file
signature, need to be deferred.
The 'flags' field in the integrity_iint_cache struct contains the policy
action', 'subaction', and non action/subaction.
action: measure/measured, appraise/appraised, (collect)/collected,
audit/audited
subaction: appraise status for each hook (e.g. file, mmap, bprm, read,
creds)
non action/subaction: deferred policy rule options and state
Rename the IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS.
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/integrity.h')
-rw-r--r-- | security/integrity/integrity.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 547425c20e11..d045dccd415a 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -30,8 +30,8 @@ #define IMA_HASH 0x00000100 #define IMA_HASHED 0x00000200 -/* iint cache flags */ -#define IMA_ACTION_FLAGS 0xff000000 +/* iint policy rule cache flags */ +#define IMA_NONACTION_FLAGS 0xff000000 #define IMA_DIGSIG_REQUIRED 0x01000000 #define IMA_PERMIT_DIRECTIO 0x02000000 #define IMA_NEW_FILE 0x04000000 |