ima: use "ima_hooks" enum as function argument

	return hash_long(*digest, IMA_HASH_BITS);

}

enum ima_hooks {

	FILE_CHECK = 1,

	MMAP_CHECK,

	BPRM_CHECK,

	MODULE_CHECK,

	FIRMWARE_CHECK,

	POST_SETATTR

};

/* LIM API function definitions */

int ima_get_action(struct inode *inode, int mask, int function);

int ima_must_measure(struct inode *inode, int mask, int function);

int ima_get_action(struct inode *inode, int mask, enum ima_hooks func);

int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func);

int ima_collect_measurement(struct integrity_iint_cache *iint,

			    struct file *file, enum hash_algo algo);

void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,

const char *ima_d_path(struct path *path, char **pathbuf);

/* IMA policy related functions */

enum ima_hooks { FILE_CHECK = 1, MMAP_CHECK, BPRM_CHECK, MODULE_CHECK, FIRMWARE_CHECK, POST_SETATTR };

int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,

		     int flags);

void ima_init_policy(void);

#define IMA_APPRAISE_FIRMWARE	0x10

#ifdef CONFIG_IMA_APPRAISE

int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,

int ima_appraise_measurement(enum ima_hooks func,

			     struct integrity_iint_cache *iint,

			     struct file *file, const unsigned char *filename,

			     struct evm_ima_xattr_data *xattr_value,

			     int xattr_len, int opened);

int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func);

void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file);

enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,

					   int func);

					   enum ima_hooks func);

enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,

				 int xattr_len);

int ima_read_xattr(struct dentry *dentry,

		   struct evm_ima_xattr_data **xattr_value);

#else

static inline int ima_appraise_measurement(int func,

static inline int ima_appraise_measurement(enum ima_hooks func,

					   struct integrity_iint_cache *iint,

					   struct file *file,

					   const unsigned char *filename,

}

static inline enum integrity_status ima_get_cache_status(struct integrity_iint_cache

							 *iint, int func)

							 *iint,

							 enum ima_hooks func)

{

	return INTEGRITY_UNKNOWN;

}

 * ima_get_action - appraise & measure decision based on policy.

 * @inode: pointer to inode to measure

 * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE)

 * @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK)

 * @func: caller identifier

 *

 * The policy is defined in terms of keypairs:

 *		subj=, obj=, type=, func=, mask=, fsmagic=

 * Returns IMA_MEASURE, IMA_APPRAISE mask.

 *

 */

int ima_get_action(struct inode *inode, int mask, int function)

int ima_get_action(struct inode *inode, int mask, enum ima_hooks func)

{

	int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE;

	flags &= ima_policy_flag;

	return ima_match_policy(inode, function, mask, flags);

	return ima_match_policy(inode, func, mask, flags);

}

/*

/* Return specific func appraised cached result */

enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,

					   int func)

					   enum ima_hooks func)

{

	switch (func) {

	case MMAP_CHECK:

}

static void ima_set_cache_status(struct integrity_iint_cache *iint,

				 int func, enum integrity_status status)

				 enum ima_hooks func,

				 enum integrity_status status)

{

	switch (func) {

	case MMAP_CHECK:

	case FILE_CHECK:

	default:

		iint->ima_file_status = status;

		break;

	}

}

static void ima_cache_flags(struct integrity_iint_cache *iint, int func)

static void ima_cache_flags(struct integrity_iint_cache *iint,

			     enum ima_hooks func)

{

	switch (func) {

	case MMAP_CHECK:

	case FILE_CHECK:

	default:

		iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED);

		break;

	}

}

 *

 * Return 0 on success, error code otherwise

 */

int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,

int ima_appraise_measurement(enum ima_hooks func,

			     struct integrity_iint_cache *iint,

			     struct file *file, const unsigned char *filename,

			     struct evm_ima_xattr_data *xattr_value,

			     int xattr_len, int opened)

	ima_check_last_writer(iint, inode, file);

}

static int process_measurement(struct file *file, int mask, int function,

			       int opened)

static int process_measurement(struct file *file, int mask,

			       enum ima_hooks func, int opened)

{

	struct inode *inode = file_inode(file);

	struct integrity_iint_cache *iint = NULL;

	 * bitmask based on the appraise/audit/measurement policy.

	 * Included is the appraise submask.

	 */

	action = ima_get_action(inode, mask, function);

	violation_check = ((function == FILE_CHECK || function == MMAP_CHECK) &&

	action = ima_get_action(inode, mask, func);

	violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) &&

			   (ima_policy_flag & IMA_MEASURE));

	if (!action && !violation_check)

		return 0;

	/*  Is the appraise rule hook specific?  */

	if (action & IMA_FILE_APPRAISE)

		function = FILE_CHECK;

		func = FILE_CHECK;

	inode_lock(inode);

	/* Nothing to do, just return existing appraised status */

	if (!action) {

		if (must_appraise)

			rc = ima_get_cache_status(iint, function);

			rc = ima_get_cache_status(iint, func);

		goto out_digsig;

	}

		ima_store_measurement(iint, file, pathname,

				      xattr_value, xattr_len);

	if (action & IMA_APPRAISE_SUBMASK)

		rc = ima_appraise_measurement(function, iint, file, pathname,

		rc = ima_appraise_measurement(func, iint, file, pathname,

					      xattr_value, xattr_len, opened);

	if (action & IMA_AUDIT)

		ima_audit_measurement(iint, pathname);

 *

 * Returns true on rule match, false on failure.

 */

static bool ima_match_rules(struct ima_rule_entry *rule,

			    struct inode *inode, enum ima_hooks func, int mask)

static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,

			    enum ima_hooks func, int mask)

{

	struct task_struct *tsk = current;

	const struct cred *cred = current_cred();

 * In addition to knowing that we need to appraise the file in general,

 * we need to differentiate between calling hooks, for hook specific rules.

 */

static int get_subaction(struct ima_rule_entry *rule, int func)

static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func)

{

	if (!(rule->flags & IMA_FUNC))

		return IMA_FILE_APPRAISE;