ima: Add support for measurement with digest lists

			Use the canonical format for the binary runtime

			measurements, instead of host native format.

	ima_digest_list_pcr=

			[IMA]

			Specify which PCR is extended when file digests are

			not found in the loaded digest lists. If '+' is not

			specified, no measurement entry is created if the

			digest is found. Otherwise, IMA creates also entries

			with PCR 10, according to the existing behavior.

			Format: { [+]<unsigned int> }

	ima_hash=	[IMA]

			Format: { md5 | sha1 | rmd160 | sha256 | sha384

				   | sha512 | ... }

extern int ima_extra_slots __ro_after_init;

extern int ima_appraise;

extern struct tpm_chip *ima_tpm_chip;

extern int ima_digest_list_pcr;

extern bool ima_plus_standard_pcr;

extern const char boot_aggregate_name[];

extern int ima_digest_list_actions;

			   const unsigned char *filename,

			   struct evm_ima_xattr_data *xattr_value,

			   int xattr_len, const struct modsig *modsig, int pcr,

			   struct ima_template_desc *template_desc);

			   struct ima_template_desc *template_desc,

			   struct ima_digest *digest);

void process_buffer_measurement(struct inode *inode, const void *buf, int size,

				const char *eventname, enum ima_hooks func,

				int pcr, const char *keyring);

			    struct ima_template_entry **entry,

			    struct ima_template_desc *template_desc);

int ima_store_template(struct ima_template_entry *entry, int violation,

		       struct inode *inode,

		       const unsigned char *filename, int pcr);

		       struct inode *inode, const unsigned char *filename,

		       int pcr, struct ima_digest *digest);

void ima_free_template_entry(struct ima_template_entry *entry);

const char *ima_d_path(const struct path *path, char **pathbuf, char *filename);

 */

int ima_store_template(struct ima_template_entry *entry,

		       int violation, struct inode *inode,

		       const unsigned char *filename, int pcr)

		       const unsigned char *filename, int pcr,

		       struct ima_digest *digest)

{

	static const char op[] = "add_template_measure";

	static const char audit_cause[] = "hashing_error";

	char *template_name = entry->template_desc->name;

	struct ima_template_entry *duplicated_entry = NULL;

	int result;

	if (!violation) {

			return result;

		}

	}

	if (ima_plus_standard_pcr && !digest) {

		duplicated_entry = kmemdup(entry,

			sizeof(*entry) + entry->template_desc->num_fields *

			sizeof(struct ima_field_data), GFP_KERNEL);

		if (duplicated_entry)

			duplicated_entry->pcr = ima_digest_list_pcr;

	} else if (!ima_plus_standard_pcr && ima_digest_list_pcr >= 0) {

		pcr = ima_digest_list_pcr;

	}

	entry->pcr = pcr;

	result = ima_add_template_entry(entry, violation, op, inode, filename);

	if (!result && duplicated_entry) {

		result = ima_add_template_entry(duplicated_entry, violation, op,

						inode, filename);

		if (result < 0)

			kfree(duplicated_entry);

	}

	return result;

}

		result = -ENOMEM;

		goto err_out;

	}

	result = ima_store_template(entry, violation, inode,

				    filename, CONFIG_IMA_MEASURE_PCR_IDX);

	result = ima_store_template(entry, violation, inode, filename,

				    CONFIG_IMA_MEASURE_PCR_IDX, NULL);

	if (result < 0)

		ima_free_template_entry(entry);

err_out:

			   struct file *file, const unsigned char *filename,

			   struct evm_ima_xattr_data *xattr_value,

			   int xattr_len, const struct modsig *modsig, int pcr,

			   struct ima_template_desc *template_desc)

			   struct ima_template_desc *template_desc,

			   struct ima_digest *digest)

{

	static const char op[] = "add_template_measure";

	static const char audit_cause[] = "ENOMEM";

	int result = -ENOMEM;

	struct inode *inode = file_inode(file);

	struct ima_template_entry *entry;

	struct ima_template_entry *entry = NULL;

	struct ima_event_data event_data = { .iint = iint,

					     .file = file,

					     .filename = filename,

	if (iint->measured_pcrs & (0x1 << pcr) && !modsig)

		return;

	if (digest && !ima_plus_standard_pcr && ima_digest_list_pcr >= 0) {

		result = -EEXIST;

		goto out;

	}

	result = ima_alloc_init_template(&event_data, &entry, template_desc);

	if (result < 0) {

		integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,

		return;

	}

	result = ima_store_template(entry, violation, inode, filename, pcr);

	result = ima_store_template(entry, violation, inode, filename, pcr,

				    digest);

out:

	if ((!result || result == -EEXIST) && !(file->f_flags & O_DIRECT)) {

		iint->flags |= IMA_MEASURED;

		iint->measured_pcrs |= (0x1 << pcr);

	}

	if (result < 0)

	if (result < 0 && entry)

		ima_free_template_entry(entry);

}

	.queue[0 ... IMA_MEASURE_HTABLE_SIZE - 1] = HLIST_HEAD_INIT

};

static int __init digest_list_pcr_setup(char *str)

{

	int pcr, ret;

	ret = kstrtouint(str, 10, &pcr);

	if (ret) {

		pr_err("Invalid PCR number %s\n", str);

		return 1;

	}

	if (pcr == CONFIG_IMA_MEASURE_PCR_IDX) {

		pr_err("Default PCR cannot be used for digest lists\n");

		return 1;

	}

	ima_digest_list_pcr = pcr;

	ima_digest_list_actions |= IMA_MEASURE;

	if (*str == '+')

		ima_plus_standard_pcr = true;

	return 1;

}

__setup("ima_digest_list_pcr=", digest_list_pcr_setup);

/*************************

 * Get/add/del functions *

 *************************/

	result = ima_store_template(entry, violation, NULL,

				    boot_aggregate_name,

				    CONFIG_IMA_MEASURE_PCR_IDX);

				    CONFIG_IMA_MEASURE_PCR_IDX, NULL);

	if (result < 0) {

		ima_free_template_entry(entry);

		audit_cause = "store_entry";