Merge branch 'next' of...

	error = open_check_o_direct(file);

	if (error)

		goto exit_fput;

	error = ima_file_check(file, op->acc_mode);

	error = ima_file_check(file, op->acc_mode, *opened);

	if (error)

		goto exit_fput;

		host_err = PTR_ERR(*filp);

		*filp = NULL;

	} else {

		host_err = ima_file_check(*filp, may_flags);

		host_err = ima_file_check(*filp, may_flags, 0);

		if (may_flags & NFSD_MAY_64BIT_COOKIE)

			(*filp)->f_mode |= FMODE_64BITHASH;

#ifdef CONFIG_IMA

extern int ima_bprm_check(struct linux_binprm *bprm);

extern int ima_file_check(struct file *file, int mask);

extern int ima_file_check(struct file *file, int mask, int opened);

extern void ima_file_free(struct file *file);

extern int ima_file_mmap(struct file *file, unsigned long prot);

extern int ima_module_check(struct file *file);

	return 0;

}

static inline int ima_file_check(struct file *file, int mask)

static inline int ima_file_check(struct file *file, int mask, int opened)

{

	return 0;

}

#

config INTEGRITY

	def_bool y

	depends on IMA || EVM

	bool "Integrity subsystem"

	depends on SECURITY

	default y

	help

	  This option enables the integrity subsystem, which is comprised

	  of a number of different components including the Integrity

	  Measurement Architecture (IMA), Extended Verification Module

	  (EVM), IMA-appraisal extension, digital signature verification

	  extension and audit measurement log support.

	  Each of these components can be enabled/disabled separately.

	  Refer to the individual components for additional details.

if INTEGRITY

config INTEGRITY_SIGNATURE

	boolean "Digital signature verification using multiple keyrings"

	depends on INTEGRITY && KEYS

	depends on KEYS

	default n

	select SIGNATURE

	help

	  This is useful for evm and module keyrings, when keys are

	  usually only added from initramfs.

config INTEGRITY_ASYMMETRIC_KEYS

	boolean "Enable asymmetric keys support"

	depends on INTEGRITY_SIGNATURE

	default n

        select ASYMMETRIC_KEY_TYPE

        select ASYMMETRIC_PUBLIC_KEY_SUBTYPE

        select PUBLIC_KEY_ALGO_RSA

        select X509_CERTIFICATE_PARSER

	help

	  This option enables digital signature verification using

	  asymmetric keys.

config INTEGRITY_AUDIT

	bool "Enables integrity auditing support "

	depends on INTEGRITY && AUDIT

	depends on AUDIT

	default y

	help

	  In addition to enabling integrity auditing support, this

	  be enabled by specifying 'integrity_audit=1' on the kernel

	  command line.

config INTEGRITY_ASYMMETRIC_KEYS

	boolean "Enable asymmetric keys support"

	depends on INTEGRITY_SIGNATURE

	default n

        select ASYMMETRIC_KEY_TYPE

        select ASYMMETRIC_PUBLIC_KEY_SUBTYPE

        select PUBLIC_KEY_ALGO_RSA

        select X509_CERTIFICATE_PARSER

	help

	  This option enables digital signature verification using

	  asymmetric keys.

source security/integrity/ima/Kconfig

source security/integrity/evm/Kconfig

endif   # if INTEGRITY

#

obj-$(CONFIG_INTEGRITY) += integrity.o

obj-$(CONFIG_INTEGRITY_AUDIT) += integrity_audit.o

obj-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o

obj-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o

integrity-y := iint.o

integrity-$(CONFIG_INTEGRITY_AUDIT) += integrity_audit.o

integrity-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o

integrity-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o

subdir-$(CONFIG_IMA)			+= ima

obj-$(CONFIG_IMA)			+= ima/