76 	enum ima_hooks func;  member
135 	{.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
137 	{.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
139 	{.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
142 	{.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
143 	{.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
147 	{.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
149 	{.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
151 	{.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
154 	{.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
157 	{.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
158 	{.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
159 	{.action = MEASURE, .func = POLICY_CHECK, .flags = IMA_FUNC},
178 	{.action = APPRAISE, .func = POLICY_CHECK,
193 	{.action = APPRAISE, .func = MODULE_CHECK,
197 	{.action = APPRAISE, .func = FIRMWARE_CHECK,
201 	{.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
205 	{.action = APPRAISE, .func = POLICY_CHECK,
211 	{.action = APPRAISE, .func = MODULE_CHECK,
213 	{.action = APPRAISE, .func = FIRMWARE_CHECK,
215 	{.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
217 	{.action = APPRAISE, .func = POLICY_CHECK,
222 	{.action = MEASURE, .func = CRITICAL_DATA, .flags = IMA_FUNC},
491 	switch (rule->func) {  in ima_match_rule_data()
537 			    u32 secid, enum ima_hooks func, int mask,  in ima_match_rules()  argument
546 	    (rule->func != func && func != POST_SETATTR))  in ima_match_rules()
549 	switch (func) {  in ima_match_rules()
552 		return ((rule->func == func) &&  in ima_match_rules()
559 	    (rule->mask != mask && func != POST_SETATTR))  in ima_match_rules()
562 	    (!(rule->mask & mask) && func != POST_SETATTR))  in ima_match_rules()
647 static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func)  in get_subaction()  argument
652 	switch (func) {  in get_subaction()
691 		     const struct cred *cred, u32 secid, enum ima_hooks func,  in ima_match_policy()  argument
711 				     func, mask, func_data))  in ima_match_policy()
718 			action |= get_subaction(entry, func);  in ima_match_policy()
783 		if (entry->func == SETXATTR_CHECK) {  in ima_update_policy_flags()
802 static int ima_appraise_flag(enum ima_hooks func)  in ima_appraise_flag()  argument
804 	if (func == MODULE_CHECK)  in ima_appraise_flag()
806 	else if (func == FIRMWARE_CHECK)  in ima_appraise_flag()
808 	else if (func == POLICY_CHECK)  in ima_appraise_flag()
810 	else if (func == KEXEC_KERNEL_CHECK)  in ima_appraise_flag()
837 					ima_appraise_flag(entries[i].func);  in add_rules()
840 					ima_appraise_flag(entries[i].func);  in add_rules()
1170 	if (((entry->flags & IMA_FUNC) && entry->func == NONE) ||  in ima_validate_rule()
1171 	    (!(entry->flags & IMA_FUNC) && entry->func != NONE))  in ima_validate_rule()
1178 	switch (entry->func) {  in ima_validate_rule()
1385 			if (entry->func)  in ima_parse_rule()
1389 				entry->func = FILE_CHECK;  in ima_parse_rule()
1392 				entry->func = FILE_CHECK;  in ima_parse_rule()
1394 				entry->func = MODULE_CHECK;  in ima_parse_rule()
1396 				entry->func = FIRMWARE_CHECK;  in ima_parse_rule()
1399 				entry->func = MMAP_CHECK;  in ima_parse_rule()
1401 				entry->func = BPRM_CHECK;  in ima_parse_rule()
1403 				entry->func = CREDS_CHECK;  in ima_parse_rule()
1406 				entry->func = KEXEC_KERNEL_CHECK;  in ima_parse_rule()
1409 				entry->func = KEXEC_INITRAMFS_CHECK;  in ima_parse_rule()
1411 				entry->func = POLICY_CHECK;  in ima_parse_rule()
1413 				entry->func = KEXEC_CMDLINE;  in ima_parse_rule()
1416 				entry->func = KEY_CHECK;  in ima_parse_rule()
1418 				entry->func = CRITICAL_DATA;  in ima_parse_rule()
1420 				entry->func = SETXATTR_CHECK;  in ima_parse_rule()
1698 		temp_ima_appraise |= ima_appraise_flag(entry->func);  in ima_parse_rule()
1773 #define __ima_hook_stringify(func, str)	(#func),  argument
1832 static void policy_func_show(struct seq_file *m, enum ima_hooks func)  in policy_func_show()  argument
1834 	if (func > 0 && func < MAX_CHECK)  in policy_func_show()
1835 		seq_printf(m, "func=%s ", func_tokens[func]);  in policy_func_show()
1837 		seq_printf(m, "func=%d ", func);  in policy_func_show()
1901 		policy_func_show(m, entry->func);  in ima_policy_show()
2051 	enum ima_hooks func;  in ima_appraise_signature()  local
2061 	func = read_idmap[id] ?: FILE_CHECK;  in ima_appraise_signature()
2073 		if (entry->func && entry->func != func)  in ima_appraise_signature()