aboutsummaryrefslogtreecommitdiff
path: root/security/integrity/ima/ima_policy.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/integrity/ima/ima_policy.c')
-rw-r--r--security/integrity/ima/ima_policy.c21
1 files changed, 11 insertions, 10 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 0d6d60b4ba6f..f46f685a1711 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -26,13 +26,11 @@
#define IMA_UID 0x0008
#define IMA_FOWNER 0x0010
-#define UNKNOWN 0
-#define MEASURE 1 /* same as IMA_MEASURE */
-#define DONT_MEASURE 2
-#define MEASURE_MASK 3
-#define APPRAISE 4 /* same as IMA_APPRAISE */
-#define DONT_APPRAISE 8
-#define APPRAISE_MASK 12
+#define UNKNOWN 0
+#define MEASURE 0x0001 /* same as IMA_MEASURE */
+#define DONT_MEASURE 0x0002
+#define APPRAISE 0x0004 /* same as IMA_APPRAISE */
+#define DONT_APPRAISE 0x0008
#define MAX_LSM_RULES 6
enum lsm_rule_types { LSM_OBJ_USER, LSM_OBJ_ROLE, LSM_OBJ_TYPE,
@@ -209,9 +207,12 @@ int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
if (!ima_match_rules(entry, inode, func, mask))
continue;
- action |= (entry->action & (IMA_APPRAISE | IMA_MEASURE));
- actmask &= (entry->action & APPRAISE_MASK) ?
- ~APPRAISE_MASK : ~MEASURE_MASK;
+ action |= entry->action & IMA_DO_MASK;
+ if (entry->action & IMA_DO_MASK)
+ actmask &= ~(entry->action | entry->action << 1);
+ else
+ actmask &= ~(entry->action | entry->action >> 1);
+
if (!actmask)
break;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 00:31:47 +0000