LSM: imbed ima calls in the security hooks

#include <linux/proc_fs.h>

#include <linux/proc_fs.h>

#include <linux/mount.h>

#include <linux/mount.h>

#include <linux/security.h>

#include <linux/security.h>

#include <linux/ima.h>

#include <linux/syscalls.h>

#include <linux/syscalls.h>

#include <linux/tsacct_kern.h>

#include <linux/tsacct_kern.h>

#include <linux/cn_proc.h>

#include <linux/cn_proc.h>

	struct linux_binfmt *fmt;

	struct linux_binfmt *fmt;

	retval = security_bprm_check(bprm);

	retval = security_bprm_check(bprm);

	if (retval)

		return retval;

	retval = ima_bprm_check(bprm);

	if (retval)

	if (retval)

		return retval;

		return retval;

#include <linux/module.h>

#include <linux/module.h>

#include <linux/fs.h>

#include <linux/fs.h>

#include <linux/security.h>

#include <linux/security.h>

#include <linux/ima.h>

#include <linux/eventpoll.h>

#include <linux/eventpoll.h>

#include <linux/rcupdate.h>

#include <linux/rcupdate.h>

#include <linux/mount.h>

#include <linux/mount.h>

	if (file->f_op && file->f_op->release)

	if (file->f_op && file->f_op->release)

		file->f_op->release(inode, file);

		file->f_op->release(inode, file);

	security_file_free(file);

	security_file_free(file);

	ima_file_free(file);

	if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL))

	if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL))

		cdev_put(inode->i_cdev);

		cdev_put(inode->i_cdev);

	fops_put(file->f_op);

	fops_put(file->f_op);

#include <linux/hash.h>

#include <linux/hash.h>

#include <linux/swap.h>

#include <linux/swap.h>

#include <linux/security.h>

#include <linux/security.h>

#include <linux/ima.h>

#include <linux/pagemap.h>

#include <linux/pagemap.h>

#include <linux/cdev.h>

#include <linux/cdev.h>

#include <linux/bootmem.h>

#include <linux/bootmem.h>

	if (security_inode_alloc(inode))

	if (security_inode_alloc(inode))

		goto out;

		goto out;

	/* allocate and initialize an i_integrity */

	if (ima_inode_alloc(inode))

		goto out_free_security;

	spin_lock_init(&inode->i_lock);

	spin_lock_init(&inode->i_lock);

	lockdep_set_class(&inode->i_lock, &sb->s_type->i_lock_key);

	lockdep_set_class(&inode->i_lock, &sb->s_type->i_lock_key);

#endif

#endif

	return 0;

	return 0;

out_free_security:

	security_inode_free(inode);

out:

out:

	return -ENOMEM;

	return -ENOMEM;

}

}

void __destroy_inode(struct inode *inode)

void __destroy_inode(struct inode *inode)

{

{

	BUG_ON(inode_has_buffers(inode));

	BUG_ON(inode_has_buffers(inode));

	ima_inode_free(inode);

	security_inode_free(inode);

	security_inode_free(inode);

	fsnotify_inode_delete(inode);

	fsnotify_inode_delete(inode);

#ifdef CONFIG_FS_POSIX_ACL

#ifdef CONFIG_FS_POSIX_ACL

#include <linux/fs.h>

#include <linux/fs.h>

#include <linux/personality.h>

#include <linux/personality.h>

#include <linux/security.h>

#include <linux/security.h>

#include <linux/ima.h>

#include <linux/hugetlb.h>

#include <linux/hugetlb.h>

#include <linux/profile.h>

#include <linux/profile.h>

#include <linux/module.h>

#include <linux/module.h>

	}

	}

	error = security_file_mmap(file, reqprot, prot, flags, addr, 0);

	error = security_file_mmap(file, reqprot, prot, flags, addr, 0);

	if (error)

		return error;

	error = ima_file_mmap(file, prot);

	if (error)

	if (error)

		return error;

		return error;

config IMA

config IMA

	bool "Integrity Measurement Architecture(IMA)"

	bool "Integrity Measurement Architecture(IMA)"

	depends on ACPI

	depends on ACPI

	depends on SECURITY

	select SECURITYFS

	select SECURITYFS

	select CRYPTO

	select CRYPTO

	select CRYPTO_HMAC

	select CRYPTO_HMAC