projects
/
platform
/
adaptation
/
renesas_rcar
/
renesas_kernel.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
ima: rename PATH_CHECK to FILE_CHECK
[platform/adaptation/renesas_rcar/renesas_kernel.git]
/
Documentation
/
ABI
/
testing
/
ima_policy
diff --git
a/Documentation/ABI/testing/ima_policy
b/Documentation/ABI/testing/ima_policy
index
6434f0d
..
6cd6dae
100644
(file)
--- a/
Documentation/ABI/testing/ima_policy
+++ b/
Documentation/ABI/testing/ima_policy
@@
-20,7
+20,7
@@
Description:
lsm: [[subj_user=] [subj_role=] [subj_type=]
[obj_user=] [obj_role=] [obj_type=]]
lsm: [[subj_user=] [subj_role=] [subj_type=]
[obj_user=] [obj_role=] [obj_type=]]
- base: func:= [BPRM_CHECK][FILE_MMAP][
INODE_PERMISSION
]
+ base: func:= [BPRM_CHECK][FILE_MMAP][
FILE_CHECK
]
mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
fsmagic:= hex value
uid:= decimal value
mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
fsmagic:= hex value
uid:= decimal value
@@
-40,11
+40,11
@@
Description:
measure func=BPRM_CHECK
measure func=FILE_MMAP mask=MAY_EXEC
measure func=BPRM_CHECK
measure func=FILE_MMAP mask=MAY_EXEC
- measure func=
INODE_PERM
mask=MAY_READ uid=0
+ measure func=
FILE_CHECK
mask=MAY_READ uid=0
The default policy measures all executables in bprm_check,
all files mmapped executable in file_mmap, and all files
The default policy measures all executables in bprm_check,
all files mmapped executable in file_mmap, and all files
- open for read by root in
inode_permissio
n.
+ open for read by root in
do_filp_ope
n.
Examples of LSM specific definitions:
Examples of LSM specific definitions:
@@
-54,8
+54,8
@@
Description:
dont_measure obj_type=var_log_t
dont_measure obj_type=auditd_log_t
dont_measure obj_type=var_log_t
dont_measure obj_type=auditd_log_t
- measure subj_user=system_u func=
INODE_PERM
mask=MAY_READ
- measure subj_role=system_r func=
INODE_PERM
mask=MAY_READ
+ measure subj_user=system_u func=
FILE_CHECK
mask=MAY_READ
+ measure subj_role=system_r func=
FILE_CHECK
mask=MAY_READ
Smack:
Smack:
- measure subj_user=_ func=
INODE_PERM
mask=MAY_READ
+ measure subj_user=_ func=
FILE_CHECK
mask=MAY_READ