evm: reset EVM status when file attributes change

The EVM verification status is cached in iint->evm_status and if it
was successful, never re-verified again when IMA passes the 'iint' to
evm_verifyxattr().

When file attributes or extended attributes change, we may wish to
re-verify EVM integrity as well.  For example, after setting a digital
signature we may need to re-verify the signature and update the
iint->flags that there is an EVM signature.

This patch enables that by resetting evm_status to INTEGRITY_UKNOWN
state.

Changes in v2:
* Flag setting moved to EVM layer

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

0 files changed, 0 insertions, 0 deletions