86 			 struct integrity_iint_cache *iint)  in ima_fix_xattr()  argument
89 	u8 algo = iint->ima_hash->algo;  in ima_fix_xattr()
93 		iint->ima_hash->xattr.sha1.type = IMA_XATTR_DIGEST;  in ima_fix_xattr()
96 		iint->ima_hash->xattr.ng.type = IMA_XATTR_DIGEST_NG;  in ima_fix_xattr()
97 		iint->ima_hash->xattr.ng.algo = algo;  in ima_fix_xattr()
100 				   &iint->ima_hash->xattr.data[offset],  in ima_fix_xattr()
101 				   (sizeof(iint->ima_hash->xattr) - offset) +  in ima_fix_xattr()
102 				   iint->ima_hash->length, 0);  in ima_fix_xattr()
107 enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,  in ima_get_cache_status()  argument
112 		return iint->ima_mmap_status;  in ima_get_cache_status()
114 		return iint->ima_bprm_status;  in ima_get_cache_status()
116 		return iint->ima_creds_status;  in ima_get_cache_status()
119 		return iint->ima_file_status;  in ima_get_cache_status()
122 		return iint->ima_read_status;  in ima_get_cache_status()
126 static void ima_set_cache_status(struct integrity_iint_cache *iint,  in ima_set_cache_status()  argument
132 		iint->ima_mmap_status = status;  in ima_set_cache_status()
135 		iint->ima_bprm_status = status;  in ima_set_cache_status()
138 		iint->ima_creds_status = status;  in ima_set_cache_status()
142 		iint->ima_file_status = status;  in ima_set_cache_status()
146 		iint->ima_read_status = status;  in ima_set_cache_status()
151 static void ima_cache_flags(struct integrity_iint_cache *iint,  in ima_cache_flags()  argument
156 		iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED);  in ima_cache_flags()
159 		iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED);  in ima_cache_flags()
162 		iint->flags |= (IMA_CREDS_APPRAISED | IMA_APPRAISED);  in ima_cache_flags()
166 		iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED);  in ima_cache_flags()
170 		iint->flags |= (IMA_READ_APPRAISED | IMA_APPRAISED);  in ima_cache_flags()
235 static int xattr_verify(enum ima_hooks func, struct integrity_iint_cache *iint,  in xattr_verify()  argument
248 			if (iint->flags & IMA_DIGSIG_REQUIRED) {  in xattr_verify()
253 			clear_bit(IMA_DIGSIG, &iint->atomic_flags);  in xattr_verify()
255 			set_bit(IMA_DIGSIG, &iint->atomic_flags);  in xattr_verify()
258 				iint->ima_hash->length)  in xattr_verify()
264 				    iint->ima_hash->digest,  in xattr_verify()
265 				    iint->ima_hash->length);  in xattr_verify()
276 		set_bit(IMA_DIGSIG, &iint->atomic_flags);  in xattr_verify()
280 					     iint->ima_hash->digest,  in xattr_verify()
281 					     iint->ima_hash->length);  in xattr_verify()
291 						     iint->ima_hash->digest,  in xattr_verify()
292 						     iint->ima_hash->length);  in xattr_verify()
344 int ima_check_blacklist(struct integrity_iint_cache *iint,  in ima_check_blacklist()  argument
352 	if (!(iint->flags & IMA_CHECK_BLACKLIST))  in ima_check_blacklist()
355 	if (iint->flags & IMA_MODSIG_ALLOWED && modsig) {  in ima_check_blacklist()
359 		if ((rc == -EPERM) && (iint->flags & IMA_MEASURE))  in ima_check_blacklist()
377 			     struct integrity_iint_cache *iint,  in ima_appraise_measurement()  argument
388 	bool try_modsig = iint->flags & IMA_MODSIG_ALLOWED && modsig;  in ima_appraise_measurement()
399 		cause = iint->flags & IMA_DIGSIG_REQUIRED ?  in ima_appraise_measurement()
403 			iint->flags |= IMA_NEW_FILE;  in ima_appraise_measurement()
404 		if ((iint->flags & IMA_NEW_FILE) &&  in ima_appraise_measurement()
405 		    (!(iint->flags & IMA_DIGSIG_REQUIRED) ||  in ima_appraise_measurement()
411 	status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint);  in ima_appraise_measurement()
426 		set_bit(IMA_DIGSIG, &iint->atomic_flags);  in ima_appraise_measurement()
437 		rc = xattr_verify(func, iint, xattr_value, xattr_len, &status,  in ima_appraise_measurement()
458 	     (iint->flags & IMA_FAIL_UNVERIFIABLE_SIGS))) {  in ima_appraise_measurement()
468 			if (!ima_fix_xattr(dentry, iint))  in ima_appraise_measurement()
476 		if (inode->i_size == 0 && iint->flags & IMA_NEW_FILE &&  in ima_appraise_measurement()
477 		    test_bit(IMA_DIGSIG, &iint->atomic_flags)) {  in ima_appraise_measurement()
484 		ima_cache_flags(iint, func);  in ima_appraise_measurement()
487 	ima_set_cache_status(iint, func, status);  in ima_appraise_measurement()
494 void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file)  in ima_update_xattr()  argument
500 	if (test_bit(IMA_DIGSIG, &iint->atomic_flags))  in ima_update_xattr()
503 	if ((iint->ima_file_status != INTEGRITY_PASS) &&  in ima_update_xattr()
504 	    !(iint->flags & IMA_HASH))  in ima_update_xattr()
507 	rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo, NULL);  in ima_update_xattr()
512 	ima_fix_xattr(dentry, iint);  in ima_update_xattr()
530 	struct integrity_iint_cache *iint;  in ima_inode_post_setattr()  local
538 	iint = integrity_iint_find(inode);  in ima_inode_post_setattr()
539 	if (iint) {  in ima_inode_post_setattr()
540 		set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags);  in ima_inode_post_setattr()
542 			clear_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);  in ima_inode_post_setattr()
564 	struct integrity_iint_cache *iint;  in ima_reset_appraise_flags()  local
569 	iint = integrity_iint_find(inode);  in ima_reset_appraise_flags()
570 	if (!iint)  in ima_reset_appraise_flags()
572 	iint->measured_pcrs = 0;  in ima_reset_appraise_flags()
573 	set_bit(IMA_CHANGE_XATTR, &iint->atomic_flags);  in ima_reset_appraise_flags()
575 		set_bit(IMA_DIGSIG, &iint->atomic_flags);  in ima_reset_appraise_flags()
577 		clear_bit(IMA_DIGSIG, &iint->atomic_flags);  in ima_reset_appraise_flags()