integrity: IMA hooks

	FB	The frame buffer device is enabled.

	HW	Appropriate hardware is enabled.

	IA-64	IA-64 architecture is enabled.

	IMA     Integrity measurement architecture is enabled.

	IOSCHED	More than one I/O scheduler is enabled.

	IP_PNP	IP DHCP, BOOTP, or RARP is enabled.

	ISAPNP	ISA PnP code is enabled.

#include <linux/proc_fs.h>

#include <linux/mount.h>

#include <linux/security.h>

#include <linux/ima.h>

#include <linux/syscalls.h>

#include <linux/tsacct_kern.h>

#include <linux/cn_proc.h>

		goto exit;

	error = vfs_permission(&nd, MAY_READ | MAY_EXEC | MAY_OPEN);

	if (error)

		goto exit;

	error = ima_path_check(&nd.path, MAY_READ | MAY_EXEC | MAY_OPEN);

	if (error)

		goto exit;

		goto out_path_put;

	err = vfs_permission(&nd, MAY_EXEC | MAY_OPEN);

	if (err)

		goto out_path_put;

	err = ima_path_check(&nd.path, MAY_EXEC | MAY_OPEN);

	if (err)

		goto out_path_put;

	}

#endif

	retval = security_bprm_check(bprm);

	if (retval)

		return retval;

	retval = ima_bprm_check(bprm);

	if (retval)

		return retval;

#include <linux/module.h>

#include <linux/fs.h>

#include <linux/security.h>

#include <linux/ima.h>

#include <linux/eventpoll.h>

#include <linux/rcupdate.h>

#include <linux/mount.h>

	if (file->f_op && file->f_op->release)

		file->f_op->release(inode, file);

	security_file_free(file);

	ima_file_free(file);

	if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL))

		cdev_put(inode->i_cdev);

	fops_put(file->f_op);

#include <linux/hash.h>

#include <linux/swap.h>

#include <linux/security.h>

#include <linux/ima.h>

#include <linux/pagemap.h>

#include <linux/cdev.h>

#include <linux/bootmem.h>

	inode->i_cdev = NULL;

	inode->i_rdev = 0;

	inode->dirtied_when = 0;

	if (security_inode_alloc(inode)) {

		if (inode->i_sb->s_op->destroy_inode)

			inode->i_sb->s_op->destroy_inode(inode);

		else

			kmem_cache_free(inode_cachep, (inode));

		return NULL;

	}

	if (security_inode_alloc(inode))

		goto out_free_inode;

	/* allocate and initialize an i_integrity */

	if (ima_inode_alloc(inode))

		goto out_free_security;

	spin_lock_init(&inode->i_lock);

	lockdep_set_class(&inode->i_lock, &sb->s_type->i_lock_key);

	inode->i_mapping = mapping;

	return inode;

out_free_security:

	security_inode_free(inode);

out_free_inode:

	if (inode->i_sb->s_op->destroy_inode)

		inode->i_sb->s_op->destroy_inode(inode);

	else

		kmem_cache_free(inode_cachep, (inode));

	return NULL;

}

EXPORT_SYMBOL(inode_init_always);

#include <linux/fsnotify.h>

#include <linux/personality.h>

#include <linux/security.h>

#include <linux/ima.h>

#include <linux/syscalls.h>

#include <linux/mount.h>

#include <linux/audit.h>

		err = exec_permission_lite(inode);

		if (err == -EAGAIN)

			err = vfs_permission(nd, MAY_EXEC);

		if (!err)

			err = ima_path_check(&nd->path, MAY_EXEC);

 		if (err)

			break;

	error = vfs_permission(nd, acc_mode);

	if (error)

		return error;

	error = ima_path_check(&nd->path,

			       acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC));

	if (error)

		return error;

	/*

	 * An append-only file must be opened in append mode for writing.

	 */