diff options
| author | Dmitry Kasatkin <dmitry.kasatkin@intel.com> | 2012-09-12 20:51:32 +0300 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2012-09-13 14:23:57 -0400 |
| commit | 45e2472e67bf66f794d507b52e82af92e0614e49 (patch) | |
| tree | 4b3ba557d4f9da9bca14ce85bee965e4a9fcd6ac /security/integrity/ima/ima_main.c | |
| parent | d9d300cdb6f233c4c591348919c758062198a4f4 (diff) | |
ima: generic IMA action flag handling
Make the IMA action flag handling generic in order to support
additional new actions, without requiring changes to the base
implementation. New actions, like audit logging, will only
need to modify the define statements.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_main.c')
| -rw-r--r-- | security/integrity/ima/ima_main.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 60b047e96f4..5da08b75d36 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -117,7 +117,7 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint, mutex_lock(&inode->i_mutex); if (atomic_read(&inode->i_writecount) == 1 && iint->version != inode->i_version) { - iint->flags &= ~(IMA_COLLECTED | IMA_APPRAISED | IMA_MEASURED); + iint->flags &= ~IMA_DONE_MASK; if (iint->flags & IMA_APPRAISE) ima_update_xattr(iint, file); } @@ -173,7 +173,7 @@ static int process_measurement(struct file *file, const unsigned char *filename, /* Determine if already appraised/measured based on bitmask * (IMA_MEASURE, IMA_MEASURED, IMA_APPRAISE, IMA_APPRAISED) */ iint->flags |= action; - action &= ~((iint->flags & (IMA_MEASURED | IMA_APPRAISED)) >> 1); + action &= ~((iint->flags & IMA_DONE_MASK) >> 1); /* Nothing to do, just return existing appraised status */ if (!action) { |