From 19f8a84713edc1d27ea05be00effb97b8f1ef207 Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Fri, 15 Jan 2016 10:17:12 -0500 Subject: ima: measure and appraise the IMA policy itself Add support for measuring and appraising the IMA policy itself. Changelog v4: - use braces on both if/else branches, even if single line on one of the branches - Dmitry - Use the id mapping - Dmitry Signed-off-by: Mimi Zohar Acked-by: Petko Manolov Acked-by: Dmitry Kasatkin --- security/integrity/ima/ima.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'security/integrity/ima/ima.h') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index bd97e0d290de..5d0f61163d98 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -149,6 +149,7 @@ enum ima_hooks { FIRMWARE_CHECK, KEXEC_KERNEL_CHECK, KEXEC_INITRAMFS_CHECK, + POLICY_CHECK, MAX_CHECK }; @@ -191,6 +192,7 @@ int ima_policy_show(struct seq_file *m, void *v); #define IMA_APPRAISE_LOG 0x04 #define IMA_APPRAISE_MODULES 0x08 #define IMA_APPRAISE_FIRMWARE 0x10 +#define IMA_APPRAISE_POLICY 0x20 #ifdef CONFIG_IMA_APPRAISE int ima_appraise_measurement(enum ima_hooks func, -- cgit v1.2.3