if (!iint)
return;
- iint->flags &= ~(IMA_COLLECTED | IMA_APPRAISED | IMA_MEASURED);
+ iint->flags &= ~IMA_DONE_MASK;
return;
}
mutex_lock(&inode->i_mutex);
if (atomic_read(&inode->i_writecount) == 1 &&
iint->version != inode->i_version) {
- iint->flags &= ~(IMA_COLLECTED | IMA_APPRAISED | IMA_MEASURED);
+ iint->flags &= ~IMA_DONE_MASK;
if (iint->flags & IMA_APPRAISE)
ima_update_xattr(iint, file);
}
/* Determine if already appraised/measured based on bitmask
* (IMA_MEASURE, IMA_MEASURED, IMA_APPRAISE, IMA_APPRAISED) */
iint->flags |= action;
- action &= ~((iint->flags & (IMA_MEASURED | IMA_APPRAISED)) >> 1);
+ action &= ~((iint->flags & IMA_DONE_MASK) >> 1);
/* Nothing to do, just return existing appraised status */
if (!action) {
#define IMA_UID 0x0008
#define IMA_FOWNER 0x0010
-#define UNKNOWN 0
-#define MEASURE 1 /* same as IMA_MEASURE */
-#define DONT_MEASURE 2
-#define MEASURE_MASK 3
-#define APPRAISE 4 /* same as IMA_APPRAISE */
-#define DONT_APPRAISE 8
-#define APPRAISE_MASK 12
+#define UNKNOWN 0
+#define MEASURE 0x0001 /* same as IMA_MEASURE */
+#define DONT_MEASURE 0x0002
+#define APPRAISE 0x0004 /* same as IMA_APPRAISE */
+#define DONT_APPRAISE 0x0008
#define MAX_LSM_RULES 6
enum lsm_rule_types { LSM_OBJ_USER, LSM_OBJ_ROLE, LSM_OBJ_TYPE,
if (!ima_match_rules(entry, inode, func, mask))
continue;
- action |= (entry->action & (IMA_APPRAISE | IMA_MEASURE));
- actmask &= (entry->action & APPRAISE_MASK) ?
- ~APPRAISE_MASK : ~MEASURE_MASK;
+ action |= entry->action & IMA_DO_MASK;
+ if (entry->action & IMA_DO_MASK)
+ actmask &= ~(entry->action | entry->action << 1);
+ else
+ actmask &= ~(entry->action | entry->action >> 1);
+
if (!actmask)
break;
}
#include <linux/integrity.h>
#include <crypto/sha.h>
+/* iint action cache flags */
+#define IMA_MEASURE 0x0001
+#define IMA_MEASURED 0x0002
+#define IMA_APPRAISE 0x0004
+#define IMA_APPRAISED 0x0008
+/*#define IMA_COLLECT 0x0010 do not use this flag */
+#define IMA_COLLECTED 0x0020
+
/* iint cache flags */
-#define IMA_MEASURE 0x01
-#define IMA_MEASURED 0x02
-#define IMA_APPRAISE 0x04
-#define IMA_APPRAISED 0x08
-#define IMA_COLLECTED 0x10
-#define IMA_DIGSIG 0x20
+#define IMA_DIGSIG 0x0100
+
+#define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE)
+#define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_COLLECTED)
enum evm_ima_xattr_type {
IMA_XATTR_DIGEST = 0x01,