Merge branch 'next-integrity' of...

				[euid=] [fowner=] [fsname=]]

			lsm:	[[subj_user=] [subj_role=] [subj_type=]

				 [obj_user=] [obj_role=] [obj_type=]]

			option:	[[appraise_type=]] [permit_directio]

			option:	[[appraise_type=]] [template=] [permit_directio]

		base: 	func:= [BPRM_CHECK][MMAP_CHECK][CREDS_CHECK][FILE_CHECK][MODULE_CHECK]

				[FIRMWARE_CHECK]

				[KEXEC_KERNEL_CHECK] [KEXEC_INITRAMFS_CHECK]

				[KEXEC_CMDLINE]

			mask:= [[^]MAY_READ] [[^]MAY_WRITE] [[^]MAY_APPEND]

			       [[^]MAY_EXEC]

			fsmagic:= hex value

			fowner:= decimal value

		lsm:  	are LSM specific

		option:	appraise_type:= [imasig]

			template:= name of a defined IMA template type

			(eg, ima-ng). Only valid when action is "measure".

			pcr:= decimal value

		default policy:

   algorithm (field format: [<hash algo>:]digest, where the digest

   prefix is shown only if the hash algorithm is not SHA1 or MD5);

 - 'n-ng': the name of the event, without size limitations;

 - 'sig': the file signature.

 - 'sig': the file signature;

 - 'buf': the buffer data that was used to generate the hash without size limitations;

Below, there is the list of defined template descriptors:

 - "ima": its format is ``d|n``;

 - "ima-ng" (default): its format is ``d-ng|n-ng``;

 - "ima-sig": its format is ``d-ng|n-ng|sig``.

 - "ima-sig": its format is ``d-ng|n-ng|sig``;

 - "ima-buf": its format is ``d-ng|n-ng|buf``;

Use

static enum efi_secureboot_mode get_sb_mode(void)

{

	efi_char16_t efi_SecureBoot_name[] = L"SecureBoot";

	efi_char16_t efi_SetupMode_name[] = L"SecureBoot";

	efi_guid_t efi_variable_guid = EFI_GLOBAL_VARIABLE_GUID;

	efi_status_t status;

	unsigned long size;

	u8 secboot;

	u8 secboot, setupmode;

	size = sizeof(secboot);

		return efi_secureboot_mode_unknown;

	}

	if (secboot == 0) {

	size = sizeof(setupmode);

	status = efi.get_variable(efi_SetupMode_name, &efi_variable_guid,

				  NULL, &size, &setupmode);

	if (status != EFI_SUCCESS)	/* ignore unknown SetupMode */

		setupmode = 0;

	if (secboot == 0 || setupmode == 1) {

		pr_info("ima: secureboot mode disabled\n");

		return efi_secureboot_mode_disabled;

	}

		goto err_mad;

	}

	ret = register_lsm_notifier(&ibdev_lsm_nb);

	ret = register_blocking_lsm_notifier(&ibdev_lsm_nb);

	if (ret) {

		pr_warn("Couldn't register LSM notifier. ret %d\n", ret);

		goto err_sa;

	return 0;

err_compat:

	unregister_lsm_notifier(&ibdev_lsm_nb);

	unregister_blocking_lsm_notifier(&ibdev_lsm_nb);

err_sa:

	ib_sa_cleanup();

err_mad:

	nldev_exit();

	rdma_nl_unregister(RDMA_NL_LS);

	unregister_pernet_device(&rdma_dev_net_ops);

	unregister_lsm_notifier(&ibdev_lsm_nb);

	unregister_blocking_lsm_notifier(&ibdev_lsm_nb);

	ib_sa_cleanup();

	ib_mad_cleanup();

	addr_cleanup();

extern int ima_post_read_file(struct file *file, void *buf, loff_t size,

			      enum kernel_read_file_id id);

extern void ima_post_path_mknod(struct dentry *dentry);

extern void ima_kexec_cmdline(const void *buf, int size);

#ifdef CONFIG_IMA_KEXEC

extern void ima_add_kexec_buffer(struct kimage *image);

	return;

}

static inline void ima_kexec_cmdline(const void *buf, int size) {}

#endif /* CONFIG_IMA */

#ifndef CONFIG_IMA_KEXEC