79 			 struct integrity_iint_cache *iint)  in ima_fix_xattr()  argument
82 	u8 algo = iint->ima_hash->algo;  in ima_fix_xattr()
86 		iint->ima_hash->xattr.sha1.type = IMA_XATTR_DIGEST;  in ima_fix_xattr()
89 		iint->ima_hash->xattr.ng.type = IMA_XATTR_DIGEST_NG;  in ima_fix_xattr()
90 		iint->ima_hash->xattr.ng.algo = algo;  in ima_fix_xattr()
93 				   &iint->ima_hash->xattr.data[offset],  in ima_fix_xattr()
94 				   (sizeof(iint->ima_hash->xattr) - offset) +  in ima_fix_xattr()
95 				   iint->ima_hash->length, 0);  in ima_fix_xattr()
100 enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,  in ima_get_cache_status()  argument
105 		return iint->ima_mmap_status;  in ima_get_cache_status()
107 		return iint->ima_bprm_status;  in ima_get_cache_status()
109 		return iint->ima_creds_status;  in ima_get_cache_status()
112 		return iint->ima_file_status;  in ima_get_cache_status()
115 		return iint->ima_read_status;  in ima_get_cache_status()
119 static void ima_set_cache_status(struct integrity_iint_cache *iint,  in ima_set_cache_status()  argument
125 		iint->ima_mmap_status = status;  in ima_set_cache_status()
128 		iint->ima_bprm_status = status;  in ima_set_cache_status()
131 		iint->ima_creds_status = status;  in ima_set_cache_status()
135 		iint->ima_file_status = status;  in ima_set_cache_status()
139 		iint->ima_read_status = status;  in ima_set_cache_status()
144 static void ima_cache_flags(struct integrity_iint_cache *iint,  in ima_cache_flags()  argument
149 		iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED);  in ima_cache_flags()
152 		iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED);  in ima_cache_flags()
155 		iint->flags |= (IMA_CREDS_APPRAISED | IMA_APPRAISED);  in ima_cache_flags()
159 		iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED);  in ima_cache_flags()
163 		iint->flags |= (IMA_READ_APPRAISED | IMA_APPRAISED);  in ima_cache_flags()
227 static int xattr_verify(enum ima_hooks func, struct integrity_iint_cache *iint,  in xattr_verify()  argument
239 		if (iint->flags & IMA_DIGSIG_REQUIRED) {  in xattr_verify()
244 		clear_bit(IMA_DIGSIG, &iint->atomic_flags);  in xattr_verify()
246 				iint->ima_hash->length)  in xattr_verify()
252 				    iint->ima_hash->digest,  in xattr_verify()
253 				    iint->ima_hash->length);  in xattr_verify()
264 		set_bit(IMA_DIGSIG, &iint->atomic_flags);  in xattr_verify()
268 					     iint->ima_hash->digest,  in xattr_verify()
269 					     iint->ima_hash->length);  in xattr_verify()
279 						     iint->ima_hash->digest,  in xattr_verify()
280 						     iint->ima_hash->length);  in xattr_verify()
332 int ima_check_blacklist(struct integrity_iint_cache *iint,  in ima_check_blacklist()  argument
340 	if (!(iint->flags & IMA_CHECK_BLACKLIST))  in ima_check_blacklist()
343 	if (iint->flags & IMA_MODSIG_ALLOWED && modsig) {  in ima_check_blacklist()
347 		if ((rc == -EPERM) && (iint->flags & IMA_MEASURE))  in ima_check_blacklist()
365 			     struct integrity_iint_cache *iint,  in ima_appraise_measurement()  argument
376 	bool try_modsig = iint->flags & IMA_MODSIG_ALLOWED && modsig;  in ima_appraise_measurement()
387 		cause = iint->flags & IMA_DIGSIG_REQUIRED ?  in ima_appraise_measurement()
391 			iint->flags |= IMA_NEW_FILE;  in ima_appraise_measurement()
392 		if ((iint->flags & IMA_NEW_FILE) &&  in ima_appraise_measurement()
393 		    (!(iint->flags & IMA_DIGSIG_REQUIRED) ||  in ima_appraise_measurement()
400 				 rc < 0 ? 0 : rc, iint);  in ima_appraise_measurement()
422 		rc = xattr_verify(func, iint, xattr_value, xattr_len, &status,  in ima_appraise_measurement()
443 	     (iint->flags & IMA_FAIL_UNVERIFIABLE_SIGS))) {  in ima_appraise_measurement()
453 			if (!ima_fix_xattr(dentry, iint))  in ima_appraise_measurement()
458 		if (inode->i_size == 0 && iint->flags & IMA_NEW_FILE &&  in ima_appraise_measurement()
466 		ima_cache_flags(iint, func);  in ima_appraise_measurement()
469 	ima_set_cache_status(iint, func, status);  in ima_appraise_measurement()
476 void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file)  in ima_update_xattr()  argument
482 	if (test_bit(IMA_DIGSIG, &iint->atomic_flags))  in ima_update_xattr()
485 	if ((iint->ima_file_status != INTEGRITY_PASS) &&  in ima_update_xattr()
486 	    !(iint->flags & IMA_HASH))  in ima_update_xattr()
489 	rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo, NULL);  in ima_update_xattr()
494 	ima_fix_xattr(dentry, iint);  in ima_update_xattr()
510 	struct integrity_iint_cache *iint;  in ima_inode_post_setattr()  local
520 	iint = integrity_iint_find(inode);  in ima_inode_post_setattr()
521 	if (iint) {  in ima_inode_post_setattr()
522 		set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags);  in ima_inode_post_setattr()
524 			clear_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);  in ima_inode_post_setattr()
546 	struct integrity_iint_cache *iint;  in ima_reset_appraise_flags()  local
551 	iint = integrity_iint_find(inode);  in ima_reset_appraise_flags()
552 	if (!iint)  in ima_reset_appraise_flags()
554 	iint->measured_pcrs = 0;  in ima_reset_appraise_flags()
555 	set_bit(IMA_CHANGE_XATTR, &iint->atomic_flags);  in ima_reset_appraise_flags()
557 		set_bit(IMA_DIGSIG, &iint->atomic_flags);  in ima_reset_appraise_flags()
559 		clear_bit(IMA_DIGSIG, &iint->atomic_flags);  in ima_reset_appraise_flags()