ima: generic IMA action flag handling Make the IMA action flag handling generic in order to support additional new actions, without requiring changes to the base implementation. New actions, like audit logging, will only need to modify the define statements. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

commit: 45e2472e67bf66f794d507b52e82af92e0614e49 [log] [tgz]
author: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Wed Sep 12 20:51:32 2012 +0300
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> Thu Sep 13 14:23:57 2012 -0400
tree: 4b3ba557d4f9da9bca14ce85bee965e4a9fcd6ac
parent: d9d300cdb6f233c4c591348919c758062198a4f4 [diff] [blame]
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 4eec1b1..564ba7d 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h

@@ -15,13 +15,19 @@
 #include <linux/integrity.h>
 #include <crypto/sha.h>
 
+/* iint action cache flags */
+#define IMA_MEASURE		0x0001
+#define IMA_MEASURED		0x0002
+#define IMA_APPRAISE		0x0004
+#define IMA_APPRAISED		0x0008
+/*#define IMA_COLLECT		0x0010  do not use this flag */
+#define IMA_COLLECTED		0x0020
+
 /* iint cache flags */
-#define IMA_MEASURE		0x01
-#define IMA_MEASURED		0x02
-#define IMA_APPRAISE		0x04
-#define IMA_APPRAISED		0x08
-#define IMA_COLLECTED		0x10
-#define IMA_DIGSIG		0x20
+#define IMA_DIGSIG		0x0100
+
+#define IMA_DO_MASK		(IMA_MEASURE | IMA_APPRAISE)
+#define IMA_DONE_MASK		(IMA_MEASURED | IMA_APPRAISED | IMA_COLLECTED)
 
 enum evm_ima_xattr_type {
 	IMA_XATTR_DIGEST = 0x01,
commit	45e2472e67bf66f794d507b52e82af92e0614e49	[log] [tgz]
author	Dmitry Kasatkin <dmitry.kasatkin@intel.com>	Wed Sep 12 20:51:32 2012 +0300
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	Thu Sep 13 14:23:57 2012 -0400
tree	4b3ba557d4f9da9bca14ce85bee965e4a9fcd6ac
parent	d9d300cdb6f233c4c591348919c758062198a4f4 [diff] [blame]