summaryrefslogtreecommitdiff
path: root/security/integrity/integrity.h
diff options
context:
space:
mode:
authorDmitry Kasatkin <d.kasatkin@samsung.com>2013-08-12 12:22:51 +0400
committerMimi Zohar <zohar@linux.vnet.ibm.com>2013-10-27 05:32:55 +0400
commit3ea7a56067e663278470c04fd655adf809e72d4d (patch)
tree8216b30887dc86cf7594f6fd1cc729b7eda28c0a /security/integrity/integrity.h
parente7a2ad7eb6f48ad80c70a22dd8167fb34b409466 (diff)
downloadlinux-3ea7a56067e663278470c04fd655adf809e72d4d.tar.xz
ima: provide hash algo info in the xattr
All files labeled with 'security.ima' hashes, are hashed using the same hash algorithm. Changing from one hash algorithm to another, requires relabeling the filesystem. This patch defines a new xattr type, which includes the hash algorithm, permitting different files to be hashed with different algorithms. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/integrity.h')
-rw-r--r--security/integrity/integrity.h13
1 files changed, 12 insertions, 1 deletions
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 5429ca59125b..2fb5e53e927f 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -54,6 +54,7 @@ enum evm_ima_xattr_type {
IMA_XATTR_DIGEST = 0x01,
EVM_XATTR_HMAC,
EVM_IMA_XATTR_DIGSIG,
+ IMA_XATTR_DIGEST_NG,
};
struct evm_ima_xattr_data {
@@ -66,7 +67,17 @@ struct evm_ima_xattr_data {
struct ima_digest_data {
u8 algo;
u8 length;
- u8 type;
+ union {
+ struct {
+ u8 unused;
+ u8 type;
+ } sha1;
+ struct {
+ u8 type;
+ u8 algo;
+ } ng;
+ u8 data[2];
+ } xattr;
u8 digest[0];
} __packed;