Merge branch 'validate-policy-rules' into next-integrity

			      enum kernel_read_file_id id);

extern void ima_post_path_mknod(struct dentry *dentry);

extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);

extern void ima_kexec_cmdline(const void *buf, int size);

extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);

#ifdef CONFIG_IMA_KEXEC

extern void ima_add_kexec_buffer(struct kimage *image);

	return -EOPNOTSUPP;

}

static inline void ima_kexec_cmdline(const void *buf, int size) {}

static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {}

#endif /* CONFIG_IMA */

#ifndef CONFIG_IMA_KEXEC

			goto out;

		}

		ima_kexec_cmdline(image->cmdline_buf,

		ima_kexec_cmdline(kernel_fd, image->cmdline_buf,

				  image->cmdline_buf_len - 1);

	}

			   struct evm_ima_xattr_data *xattr_value,

			   int xattr_len, const struct modsig *modsig, int pcr,

			   struct ima_template_desc *template_desc);

void process_buffer_measurement(const void *buf, int size,

void process_buffer_measurement(struct inode *inode, const void *buf, int size,

				const char *eventname, enum ima_hooks func,

				int pcr, const char *keyring);

void ima_audit_measurement(struct integrity_iint_cache *iint,

#endif /* CONFIG_IMA_APPRAISE */

#ifdef CONFIG_IMA_APPRAISE_MODSIG

bool ima_hook_supports_modsig(enum ima_hooks func);

int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,

		    struct modsig **modsig);

void ima_collect_modsig(struct modsig *modsig, const void *buf, loff_t size);

		       u32 *data_len);

void ima_free_modsig(struct modsig *modsig);

#else

static inline bool ima_hook_supports_modsig(enum ima_hooks func)

{

	return false;

}

static inline int ima_read_modsig(enum ima_hooks func, const void *buf,

				  loff_t buf_len, struct modsig **modsig)

{

#ifdef CONFIG_IMA_LSM_RULES

#define security_filter_rule_init security_audit_rule_init

#define security_filter_rule_free security_audit_rule_free

#define security_filter_rule_match security_audit_rule_match

#else

	return -EINVAL;

}

static inline void security_filter_rule_free(void *lsmrule)

{

}

static inline int security_filter_rule_match(u32 secid, u32 field, u32 op,

					     void *lsmrule)

{

/**

 * ima_get_action - appraise & measure decision based on policy.

 * @inode: pointer to inode to measure

 * @inode: pointer to the inode associated with the object being validated

 * @cred: pointer to credentials structure to validate

 * @secid: secid of the task being validated

 * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC,

		rc = is_binary_blacklisted(digest, digestsize);

		if ((rc == -EPERM) && (iint->flags & IMA_MEASURE))

			process_buffer_measurement(digest, digestsize,

			process_buffer_measurement(NULL, digest, digestsize,

						   "blacklisted-hash", NONE,

						   pcr, NULL);

	}