projects / platform / adaptation / renesas_rcar / renesas_kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ima: rename PATH_CHECK to FILE_CHECK
[platform/adaptation/renesas_rcar/renesas_kernel.git] / Documentation / ABI / testing / ima_policy
diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
index 6434f0d..6cd6dae 100644 (file)
--- a/Documentation/ABI/testing/ima_policy
+++ b/Documentation/ABI/testing/ima_policy
@@ -20,7 +20,7 @@ Description:
                        lsm:    [[subj_user=] [subj_role=] [subj_type=]
                                 [obj_user=] [obj_role=] [obj_type=]]
 
                        lsm:    [[subj_user=] [subj_role=] [subj_type=]
                                 [obj_user=] [obj_role=] [obj_type=]]
 
-               base:   func:= [BPRM_CHECK][FILE_MMAP][INODE_PERMISSION]
+               base:   func:= [BPRM_CHECK][FILE_MMAP][FILE_CHECK]
                        mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
                        fsmagic:= hex value
                        uid:= decimal value
                        mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
                        fsmagic:= hex value
                        uid:= decimal value
@@ -40,11 +40,11 @@ Description:
 
                        measure func=BPRM_CHECK
                        measure func=FILE_MMAP mask=MAY_EXEC
 
                        measure func=BPRM_CHECK
                        measure func=FILE_MMAP mask=MAY_EXEC
-                       measure func=INODE_PERM mask=MAY_READ uid=0
+                       measure func=FILE_CHECK mask=MAY_READ uid=0
 
                The default policy measures all executables in bprm_check,
                all files mmapped executable in file_mmap, and all files
 
                The default policy measures all executables in bprm_check,
                all files mmapped executable in file_mmap, and all files
-               open for read by root in inode_permission.
+               open for read by root in do_filp_open.
 
                Examples of LSM specific definitions:
 
 
                Examples of LSM specific definitions:
 
@@ -54,8 +54,8 @@ Description:
 
                        dont_measure obj_type=var_log_t
                        dont_measure obj_type=auditd_log_t
 
                        dont_measure obj_type=var_log_t
                        dont_measure obj_type=auditd_log_t
-                       measure subj_user=system_u func=INODE_PERM mask=MAY_READ
-                       measure subj_role=system_r func=INODE_PERM mask=MAY_READ
+                       measure subj_user=system_u func=FILE_CHECK mask=MAY_READ
+                       measure subj_role=system_r func=FILE_CHECK mask=MAY_READ
 
                Smack:
 
                Smack:
-                       measure subj_user=_ func=INODE_PERM mask=MAY_READ
+                       measure subj_user=_ func=FILE_CHECK mask=MAY_READ
Domain: System / Uncategorized;