ima: added policy support for 'security.ima' type

The 'security.ima' extended attribute may contain either the file data's hash or a digital signature. This patch adds support for requiring a specific extended attribute type. It extends the IMA policy with a new keyword 'appraise_type=imasig'. (Default is hash.) Changelog v2: - Fixed Documentation/ABI/testing/ima_policy option syntax Changelog v1: - Differentiate between 'required' vs. 'actual' extended attribute Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
author: Dmitry Kasatkin <dmitry.kasatkin@intel.com> 2012-06-08 13:58:49 +0300
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2013-01-22 16:10:31 -0500
commit: 0e5a247cb37a97d843ef76d09d5f80deb7893ba3 (patch)
tree: 7206abaf6d20e69a89584046ed7dc9970ba2da12 /security/integrity/integrity.h
parent: a175b8bb29ebbad380ab4788f307fbfc47997b19 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 0a298def503..9334691b2b7 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -26,7 +26,9 @@
 #define IMA_AUDITED		0x0080
 
 /* iint cache flags */
+#define IMA_ACTION_FLAGS	0xff00
 #define IMA_DIGSIG		0x0100
+#define IMA_DIGSIG_REQUIRED	0x0200
 
 #define IMA_DO_MASK		(IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT)
 #define IMA_DONE_MASK		(IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED \
author	Dmitry Kasatkin <dmitry.kasatkin@intel.com>	2012-06-08 13:58:49 +0300
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2013-01-22 16:10:31 -0500
commit	0e5a247cb37a97d843ef76d09d5f80deb7893ba3 (patch)
tree	7206abaf6d20e69a89584046ed7dc9970ba2da12 /security/integrity/integrity.h
parent	a175b8bb29ebbad380ab4788f307fbfc47997b19 (diff)