xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ima: added policy support for 'security.ima' type

Browse Source 
The 'security.ima' extended attribute may contain either the file data's
hash or a digital signature.  This patch adds support for requiring a
specific extended attribute type.  It extends the IMA policy with a new
keyword 'appraise_type=imasig'.  (Default is hash.)

Changelog v2:
- Fixed Documentation/ABI/testing/ima_policy option syntax
Changelog v1:
- Differentiate between 'required' vs. 'actual' extended attribute

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Dmitry Kasatkin
2012-06-08 13:58:49 +03:00
committed by Mimi Zohar
parent a175b8bb29
commit 0e5a247cb3
5 changed files with 28 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
security/integrity/integrity.h
View File

@@ -26,7 +26,9 @@
#define IMA_AUDITED 0x0080
/* iint cache flags */
#define IMA_ACTION_FLAGS 0xff00
#define IMA_DIGSIG 0x0100
#define IMA_DIGSIG_REQUIRED 0x0200
#define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT)
#define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED \