ima: Introduce exec_tcb policy

			mode bit set by either the effective uid (euid=0) or

			uid=0.

			The "exec_tcb" policy is similar to the "tcb" policy

			except for file open, which is not considered. Files

			in the tmpfs filesystem are not excluded from

			measurement.

			The "appraise_tcb" policy appraises the integrity of

			all files owned by root.

	LSM_SUBJ_USER, LSM_SUBJ_ROLE, LSM_SUBJ_TYPE

};

#ifdef CONFIG_IMA_DIGEST_LIST

enum policy_types { ORIGINAL_TCB = 1, DEFAULT_TCB, EXEC_TCB };

#else

enum policy_types { ORIGINAL_TCB = 1, DEFAULT_TCB };

#endif

enum policy_rule_list { IMA_DEFAULT_POLICY = 1, IMA_CUSTOM_POLICY };

			continue;

		if ((strcmp(p, "tcb") == 0) && !ima_policy)

			ima_policy = DEFAULT_TCB;

#ifdef CONFIG_IMA_DIGEST_LIST

		else if ((strcmp(p, "exec_tcb") == 0) && !ima_policy)

			ima_policy = EXEC_TCB;

#endif

		else if (strcmp(p, "appraise_tcb") == 0)

			ima_use_appraise_tcb = true;

		else if (strcmp(p, "secure_boot") == 0)

	return 0;

}

#ifdef CONFIG_IMA_DIGEST_LIST

static void __init add_rules(struct ima_rule_entry *entries, int count,

		      enum policy_rule_list policy_rule)

#else

static void add_rules(struct ima_rule_entry *entries, int count,

			     enum policy_rule_list policy_rule)

#endif

{

	int i = 0;

	for (i = 0; i < count; i++) {

		struct ima_rule_entry *entry;

#ifdef CONFIG_IMA_DIGEST_LIST

		if (ima_policy == EXEC_TCB) {

			if (entries == dont_measure_rules)

				if ((entries[i].flags & IMA_FSMAGIC) &&

				    entries[i].fsmagic == TMPFS_MAGIC)

					continue;

			if (entries == default_measurement_rules)

				if ((entries[i].flags & IMA_FUNC) &&

				    entries[i].func == FILE_CHECK)

					continue;

		}

#endif

		if (policy_rule & IMA_DEFAULT_POLICY)

			list_add_tail(&entries[i].list, &ima_default_rules);

			  ARRAY_SIZE(original_measurement_rules),

			  IMA_DEFAULT_POLICY);

		break;

#ifdef CONFIG_IMA_DIGEST_LIST

	case EXEC_TCB:

		fallthrough;

#endif

	case DEFAULT_TCB:

		add_rules(default_measurement_rules,

			  ARRAY_SIZE(default_measurement_rules),