apparmor: add parameter to control whether policy hashing is used

	  If you are unsure how to answer this question, answer 1.

config SECURITY_APPARMOR_HASH

	bool "SHA1 hash of loaded profiles"

	bool "Enable introspection of sha1 hashes for loaded profiles"

	depends on SECURITY_APPARMOR

	select CRYPTO

	select CRYPTO_SHA1

	default y

	help

	  This option selects whether sha1 hashing is done against loaded

          profiles and exported for inspection to user space via the apparmor

          filesystem.

	  This option selects whether introspection of loaded policy

	  is available to userspace via the apparmor filesystem.

config SECURITY_APPARMOR_HASH_DEFAULT

       bool "Enable policy hash introspection by default"

       depends on SECURITY_APPARMOR_HASH

       default y

       help

         This option selects whether sha1 hashing of loaded policy

	 is enabled by default. The generation of sha1 hashes for

	 loaded policy provide system administrators a quick way

	 to verify that policy in the kernel matches what is expected,

	 however it can slow down policy load on some devices. In

	 these cases policy hashing can be disabled by default and

	 enabled only if needed.

extern enum audit_mode aa_g_audit;

extern bool aa_g_audit_header;

extern bool aa_g_debug;

extern bool aa_g_hash_policy;

extern bool aa_g_lock_policy;

extern bool aa_g_logsyscall;

extern bool aa_g_paranoid_load;

module_param_call(mode, param_set_mode, param_get_mode,

		  &aa_g_profile_mode, S_IRUSR | S_IWUSR);

/* whether policy verification hashing is enabled */

bool aa_g_hash_policy = CONFIG_SECURITY_APPARMOR_HASH_DEFAULT;

module_param_named(hash_policy, aa_g_hash_policy, aabool, S_IRUSR | S_IWUSR);

/* Debug mode */

bool aa_g_debug;

module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR);

		if (error)

			goto fail_profile;

		if (aa_g_hash_policy)

			error = aa_calc_profile_hash(profile, e.version, start,

						     e.pos - start);

		if (error)