integrity.h - OpenGrok cross reference for /openbmc/linux/security/integrity/integrity.h

Deleted Added

sdiffudifftextold (50b97748..)new (0d73a552..)

integrity.h (50b977481fce90aa5fbda55e330b9d722733e358)	integrity.h (0d73a55208e94fc9fb6deaeea61438cd3280d4c0)
1/* 2 * Copyright (C) 2009-2010 IBM Corporation 3 * 4 * Authors: 5 * Mimi Zohar <zohar@us.ibm.com> 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License as --- 15 unchanged lines hidden (view full) --- 24/#define IMA_COLLECT 0x00000010 do not use this flag / 25#define IMA_COLLECTED 0x00000020 26#define IMA_AUDIT 0x00000040 27#define IMA_AUDITED 0x00000080 28 29/* iint cache flags */ 30#define IMA_ACTION_FLAGS 0xff000000 31#define IMA_ACTION_RULE_FLAGS 0x06000000	1/* 2 * Copyright (C) 2009-2010 IBM Corporation 3 * 4 * Authors: 5 * Mimi Zohar <zohar@us.ibm.com> 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License as --- 15 unchanged lines hidden (view full) --- 24/#define IMA_COLLECT 0x00000010 do not use this flag / 25#define IMA_COLLECTED 0x00000020 26#define IMA_AUDIT 0x00000040 27#define IMA_AUDITED 0x00000080 28 29/* iint cache flags */ 30#define IMA_ACTION_FLAGS 0xff000000 31#define IMA_ACTION_RULE_FLAGS 0x06000000
32#define IMA_DIGSIG 0x01000000 33#define IMA_DIGSIG_REQUIRED 0x02000000 34#define IMA_PERMIT_DIRECTIO 0x04000000 35#define IMA_NEW_FILE 0x08000000 36#define EVM_IMMUTABLE_DIGSIG 0x10000000	32#define IMA_DIGSIG_REQUIRED 0x01000000 33#define IMA_PERMIT_DIRECTIO 0x02000000 34#define IMA_NEW_FILE 0x04000000 35#define EVM_IMMUTABLE_DIGSIG 0x08000000
37 38#define IMA_DO_MASK (IMA_MEASURE \| IMA_APPRAISE \| IMA_AUDIT \| \ 39 IMA_APPRAISE_SUBMASK) 40#define IMA_DONE_MASK (IMA_MEASURED \| IMA_APPRAISED \| IMA_AUDITED \| \ 41 IMA_COLLECTED \| IMA_APPRAISED_SUBMASK) 42 43/* iint subaction appraise cache flags / 44#define IMA_FILE_APPRAISE 0x00000100 --- 4 unchanged lines hidden* (view full) --- 49#define IMA_BPRM_APPRAISED 0x00002000 50#define IMA_READ_APPRAISE 0x00004000 51#define IMA_READ_APPRAISED 0x00008000 52#define IMA_APPRAISE_SUBMASK (IMA_FILE_APPRAISE \| IMA_MMAP_APPRAISE \| \ 53 IMA_BPRM_APPRAISE \| IMA_READ_APPRAISE) 54#define IMA_APPRAISED_SUBMASK (IMA_FILE_APPRAISED \| IMA_MMAP_APPRAISED \| \ 55 IMA_BPRM_APPRAISED \| IMA_READ_APPRAISED) 56	36 37#define IMA_DO_MASK (IMA_MEASURE \| IMA_APPRAISE \| IMA_AUDIT \| \ 38 IMA_APPRAISE_SUBMASK) 39#define IMA_DONE_MASK (IMA_MEASURED \| IMA_APPRAISED \| IMA_AUDITED \| \ 40 IMA_COLLECTED \| IMA_APPRAISED_SUBMASK) 41 42/* iint subaction appraise cache flags / 43#define IMA_FILE_APPRAISE 0x00000100 --- 4 unchanged lines hidden* (view full) --- 48#define IMA_BPRM_APPRAISED 0x00002000 49#define IMA_READ_APPRAISE 0x00004000 50#define IMA_READ_APPRAISED 0x00008000 51#define IMA_APPRAISE_SUBMASK (IMA_FILE_APPRAISE \| IMA_MMAP_APPRAISE \| \ 52 IMA_BPRM_APPRAISE \| IMA_READ_APPRAISE) 53#define IMA_APPRAISED_SUBMASK (IMA_FILE_APPRAISED \| IMA_MMAP_APPRAISED \| \ 54 IMA_BPRM_APPRAISED \| IMA_READ_APPRAISED) 55
	56/* iint cache atomic_flags */ 57#define IMA_CHANGE_XATTR 0 58#define IMA_UPDATE_XATTR 1 59#define IMA_CHANGE_ATTR 2 60#define IMA_DIGSIG 3 61#define IMA_MUST_MEASURE 4 62
57enum evm_ima_xattr_type { 58 IMA_XATTR_DIGEST = 0x01, 59 EVM_XATTR_HMAC, 60 EVM_IMA_XATTR_DIGSIG, 61 IMA_XATTR_DIGEST_NG, 62 EVM_XATTR_PORTABLE_DIGSIG, 63 IMA_XATTR_LAST 64}; --- 32 unchanged lines hidden (view full) --- 97 __be32 keyid; /* IMA key identifier - not X509/PGP specific / 98 __be16 sig_size; / signature size / 99 uint8_t sig[0]; / signature payload / 100} __packed; 101 102/ integrity data associated with an inode / 103struct integrity_iint_cache { 104 struct rb_node rb_node; / rooted in integrity_iint_tree */	63enum evm_ima_xattr_type { 64 IMA_XATTR_DIGEST = 0x01, 65 EVM_XATTR_HMAC, 66 EVM_IMA_XATTR_DIGSIG, 67 IMA_XATTR_DIGEST_NG, 68 EVM_XATTR_PORTABLE_DIGSIG, 69 IMA_XATTR_LAST 70}; --- 32 unchanged lines hidden (view full) --- 103 __be32 keyid; /* IMA key identifier - not X509/PGP specific / 104 __be16 sig_size; / signature size / 105 uint8_t sig[0]; / signature payload / 106} __packed; 107 108/ integrity data associated with an inode / 109struct integrity_iint_cache { 110 struct rb_node rb_node; / rooted in integrity_iint_tree */
	111 struct mutex mutex; /* protects: version, flags, digest */
105 struct inode inode; / back pointer to inode in question / 106 u64 version; / track inode changes */ 107 unsigned long flags; 108 unsigned long measured_pcrs;	112 struct inode inode; / back pointer to inode in question / 113 u64 version; / track inode changes */ 114 unsigned long flags; 115 unsigned long measured_pcrs;
	116 unsigned long atomic_flags;
109 enum integrity_status ima_file_status:4; 110 enum integrity_status ima_mmap_status:4; 111 enum integrity_status ima_bprm_status:4; 112 enum integrity_status ima_read_status:4; 113 enum integrity_status evm_status:4; 114 struct ima_digest_data ima_hash; 115}; 116 --- 75 unchanged lines hidden* ---	117 enum integrity_status ima_file_status:4; 118 enum integrity_status ima_mmap_status:4; 119 enum integrity_status ima_bprm_status:4; 120 enum integrity_status ima_read_status:4; 121 enum integrity_status evm_status:4; 122 struct ima_digest_data ima_hash; 123}; 124 --- 75 unchanged lines hidden* ---