61 			 struct integrity_iint_cache *iint)  in ima_fix_xattr()  argument
64 	u8 algo = iint->ima_hash->algo;  in ima_fix_xattr()
68 		iint->ima_hash->xattr.sha1.type = IMA_XATTR_DIGEST;  in ima_fix_xattr()
71 		iint->ima_hash->xattr.ng.type = IMA_XATTR_DIGEST_NG;  in ima_fix_xattr()
72 		iint->ima_hash->xattr.ng.algo = algo;  in ima_fix_xattr()
75 				   &iint->ima_hash->xattr.data[offset],  in ima_fix_xattr()
76 				   (sizeof(iint->ima_hash->xattr) - offset) +  in ima_fix_xattr()
77 				   iint->ima_hash->length, 0);  in ima_fix_xattr()
82 enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,  in ima_get_cache_status()  argument
87 		return iint->ima_mmap_status;  in ima_get_cache_status()
89 		return iint->ima_bprm_status;  in ima_get_cache_status()
91 		return iint->ima_creds_status;  in ima_get_cache_status()
94 		return iint->ima_file_status;  in ima_get_cache_status()
97 		return iint->ima_read_status;  in ima_get_cache_status()
101 static void ima_set_cache_status(struct integrity_iint_cache *iint,  in ima_set_cache_status()  argument
107 		iint->ima_mmap_status = status;  in ima_set_cache_status()
110 		iint->ima_bprm_status = status;  in ima_set_cache_status()
113 		iint->ima_creds_status = status;  in ima_set_cache_status()
117 		iint->ima_file_status = status;  in ima_set_cache_status()
121 		iint->ima_read_status = status;  in ima_set_cache_status()
126 static void ima_cache_flags(struct integrity_iint_cache *iint,  in ima_cache_flags()  argument
131 		iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED);  in ima_cache_flags()
134 		iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED);  in ima_cache_flags()
137 		iint->flags |= (IMA_CREDS_APPRAISED | IMA_APPRAISED);  in ima_cache_flags()
141 		iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED);  in ima_cache_flags()
145 		iint->flags |= (IMA_READ_APPRAISED | IMA_APPRAISED);  in ima_cache_flags()
209 static int xattr_verify(enum ima_hooks func, struct integrity_iint_cache *iint,  in xattr_verify()  argument
221 		if (iint->flags & IMA_DIGSIG_REQUIRED) {  in xattr_verify()
226 		clear_bit(IMA_DIGSIG, &iint->atomic_flags);  in xattr_verify()
228 				iint->ima_hash->length)  in xattr_verify()
234 				    iint->ima_hash->digest,  in xattr_verify()
235 				    iint->ima_hash->length);  in xattr_verify()
246 		set_bit(IMA_DIGSIG, &iint->atomic_flags);  in xattr_verify()
250 					     iint->ima_hash->digest,  in xattr_verify()
251 					     iint->ima_hash->length);  in xattr_verify()
261 						     iint->ima_hash->digest,  in xattr_verify()
262 						     iint->ima_hash->length);  in xattr_verify()
315 			     struct integrity_iint_cache *iint,  in ima_appraise_measurement()  argument
326 	bool try_modsig = iint->flags & IMA_MODSIG_ALLOWED && modsig;  in ima_appraise_measurement()
337 		cause = iint->flags & IMA_DIGSIG_REQUIRED ?  in ima_appraise_measurement()
341 			iint->flags |= IMA_NEW_FILE;  in ima_appraise_measurement()
342 		if ((iint->flags & IMA_NEW_FILE) &&  in ima_appraise_measurement()
343 		    (!(iint->flags & IMA_DIGSIG_REQUIRED) ||  in ima_appraise_measurement()
349 	status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint);  in ima_appraise_measurement()
371 		rc = xattr_verify(func, iint, xattr_value, xattr_len, &status,  in ima_appraise_measurement()
392 	     (iint->flags & IMA_FAIL_UNVERIFIABLE_SIGS))) {  in ima_appraise_measurement()
402 			if (!ima_fix_xattr(dentry, iint))  in ima_appraise_measurement()
407 		if (inode->i_size == 0 && iint->flags & IMA_NEW_FILE &&  in ima_appraise_measurement()
415 		ima_cache_flags(iint, func);  in ima_appraise_measurement()
418 	ima_set_cache_status(iint, func, status);  in ima_appraise_measurement()
425 void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file)  in ima_update_xattr()  argument
431 	if (test_bit(IMA_DIGSIG, &iint->atomic_flags))  in ima_update_xattr()
434 	if ((iint->ima_file_status != INTEGRITY_PASS) &&  in ima_update_xattr()
435 	    !(iint->flags & IMA_HASH))  in ima_update_xattr()
438 	rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo, NULL);  in ima_update_xattr()
443 	ima_fix_xattr(dentry, iint);  in ima_update_xattr()
459 	struct integrity_iint_cache *iint;  in ima_inode_post_setattr()  local
469 	iint = integrity_iint_find(inode);  in ima_inode_post_setattr()
470 	if (iint) {  in ima_inode_post_setattr()
471 		set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags);  in ima_inode_post_setattr()
473 			clear_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);  in ima_inode_post_setattr()
495 	struct integrity_iint_cache *iint;  in ima_reset_appraise_flags()  local
500 	iint = integrity_iint_find(inode);  in ima_reset_appraise_flags()
501 	if (!iint)  in ima_reset_appraise_flags()
503 	iint->measured_pcrs = 0;  in ima_reset_appraise_flags()
504 	set_bit(IMA_CHANGE_XATTR, &iint->atomic_flags);  in ima_reset_appraise_flags()
506 		set_bit(IMA_DIGSIG, &iint->atomic_flags);  in ima_reset_appraise_flags()
508 		clear_bit(IMA_DIGSIG, &iint->atomic_flags);  in ima_reset_appraise_flags()