evm: replace hmac_status with evm_status
We will use digital signatures in addtion to hmac. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com> Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
This commit is contained in:
parent
6d38ca01c0
commit
24e0198efe
|
@ -56,8 +56,8 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
|
|||
struct evm_ima_xattr_data xattr_data;
|
||||
int rc;
|
||||
|
||||
if (iint->hmac_status == INTEGRITY_PASS)
|
||||
return iint->hmac_status;
|
||||
if (iint->evm_status == INTEGRITY_PASS)
|
||||
return iint->evm_status;
|
||||
|
||||
/* if status is not PASS, try to check again - against -ENOMEM */
|
||||
|
||||
|
@ -71,18 +71,18 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
|
|||
sizeof xattr_data, GFP_NOFS);
|
||||
if (rc < 0)
|
||||
goto err_out;
|
||||
iint->hmac_status = INTEGRITY_PASS;
|
||||
return iint->hmac_status;
|
||||
iint->evm_status = INTEGRITY_PASS;
|
||||
return iint->evm_status;
|
||||
|
||||
err_out:
|
||||
switch (rc) {
|
||||
case -ENODATA: /* file not labelled */
|
||||
iint->hmac_status = INTEGRITY_NOLABEL;
|
||||
iint->evm_status = INTEGRITY_NOLABEL;
|
||||
break;
|
||||
default:
|
||||
iint->hmac_status = INTEGRITY_FAIL;
|
||||
iint->evm_status = INTEGRITY_FAIL;
|
||||
}
|
||||
return iint->hmac_status;
|
||||
return iint->evm_status;
|
||||
}
|
||||
|
||||
static int evm_protected_xattr(const char *req_xattr_name)
|
||||
|
|
|
@ -157,7 +157,7 @@ static void init_once(void *foo)
|
|||
iint->version = 0;
|
||||
iint->flags = 0UL;
|
||||
mutex_init(&iint->mutex);
|
||||
iint->hmac_status = INTEGRITY_UNKNOWN;
|
||||
iint->evm_status = INTEGRITY_UNKNOWN;
|
||||
}
|
||||
|
||||
static int __init integrity_iintcache_init(void)
|
||||
|
|
|
@ -37,7 +37,7 @@ struct integrity_iint_cache {
|
|||
unsigned char flags;
|
||||
u8 digest[SHA1_DIGEST_SIZE];
|
||||
struct mutex mutex; /* protects: version, flags, digest */
|
||||
enum integrity_status hmac_status;
|
||||
enum integrity_status evm_status;
|
||||
};
|
||||
|
||||
/* rbtree tree calls to lookup, insert, delete
|
||||
|
|
Loading…
Reference in New Issue