1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2011 IBM Corporation
4  *
5  * Author:
6  * Mimi Zohar <zohar@us.ibm.com>
7  */
8 #include <linux/module.h>
9 #include <linux/init.h>
10 #include <linux/file.h>
11 #include <linux/fs.h>
12 #include <linux/xattr.h>
13 #include <linux/magic.h>
14 #include <linux/ima.h>
15 #include <linux/evm.h>
16 #include <keys/system_keyring.h>
17 
18 #include "ima.h"
19 
20 #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
21 static char *ima_appraise_cmdline_default __initdata;
22 core_param(ima_appraise, ima_appraise_cmdline_default, charp, 0);
23 
24 void __init ima_appraise_parse_cmdline(void)
25 {
26 	const char *str = ima_appraise_cmdline_default;
27 	bool sb_state = arch_ima_get_secureboot();
28 	int appraisal_state = ima_appraise;
29 
30 	if (!str)
31 		return;
32 
33 	if (strncmp(str, "off", 3) == 0)
34 		appraisal_state = 0;
35 	else if (strncmp(str, "log", 3) == 0)
36 		appraisal_state = IMA_APPRAISE_LOG;
37 	else if (strncmp(str, "fix", 3) == 0)
38 		appraisal_state = IMA_APPRAISE_FIX;
39 	else if (strncmp(str, "enforce", 7) == 0)
40 		appraisal_state = IMA_APPRAISE_ENFORCE;
41 	else
42 		pr_err("invalid \"%s\" appraise option", str);
43 
44 	/* If appraisal state was changed, but secure boot is enabled,
45 	 * keep its default */
46 	if (sb_state) {
47 		if (!(appraisal_state & IMA_APPRAISE_ENFORCE))
48 			pr_info("Secure boot enabled: ignoring ima_appraise=%s option",
49 				str);
50 	} else {
51 		ima_appraise = appraisal_state;
52 	}
53 }
54 #endif
55 
56 /*
57  * is_ima_appraise_enabled - return appraise status
58  *
59  * Only return enabled, if not in ima_appraise="fix" or "log" modes.
60  */
61 bool is_ima_appraise_enabled(void)
62 {
63 	return ima_appraise & IMA_APPRAISE_ENFORCE;
64 }
65 
66 /*
67  * ima_must_appraise - set appraise flag
68  *
69  * Return 1 to appraise or hash
70  */
71 int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode,
72 		      int mask, enum ima_hooks func)
73 {
74 	u32 secid;
75 
76 	if (!ima_appraise)
77 		return 0;
78 
79 	security_current_getsecid_subj(&secid);
80 	return ima_match_policy(mnt_userns, inode, current_cred(), secid,
81 				func, mask, IMA_APPRAISE | IMA_HASH, NULL,
82 				NULL, NULL, NULL);
83 }
84 
85 static int ima_fix_xattr(struct dentry *dentry,
86 			 struct integrity_iint_cache *iint)
87 {
88 	int rc, offset;
89 	u8 algo = iint->ima_hash->algo;
90 
91 	if (algo <= HASH_ALGO_SHA1) {
92 		offset = 1;
93 		iint->ima_hash->xattr.sha1.type = IMA_XATTR_DIGEST;
94 	} else {
95 		offset = 0;
96 		iint->ima_hash->xattr.ng.type = IMA_XATTR_DIGEST_NG;
97 		iint->ima_hash->xattr.ng.algo = algo;
98 	}
99 	rc = __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_IMA,
100 				   &iint->ima_hash->xattr.data[offset],
101 				   (sizeof(iint->ima_hash->xattr) - offset) +
102 				   iint->ima_hash->length, 0);
103 	return rc;
104 }
105 
106 /* Return specific func appraised cached result */
107 enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
108 					   enum ima_hooks func)
109 {
110 	switch (func) {
111 	case MMAP_CHECK:
112 		return iint->ima_mmap_status;
113 	case BPRM_CHECK:
114 		return iint->ima_bprm_status;
115 	case CREDS_CHECK:
116 		return iint->ima_creds_status;
117 	case FILE_CHECK:
118 	case POST_SETATTR:
119 		return iint->ima_file_status;
120 	case MODULE_CHECK ... MAX_CHECK - 1:
121 	default:
122 		return iint->ima_read_status;
123 	}
124 }
125 
126 static void ima_set_cache_status(struct integrity_iint_cache *iint,
127 				 enum ima_hooks func,
128 				 enum integrity_status status)
129 {
130 	switch (func) {
131 	case MMAP_CHECK:
132 		iint->ima_mmap_status = status;
133 		break;
134 	case BPRM_CHECK:
135 		iint->ima_bprm_status = status;
136 		break;
137 	case CREDS_CHECK:
138 		iint->ima_creds_status = status;
139 		break;
140 	case FILE_CHECK:
141 	case POST_SETATTR:
142 		iint->ima_file_status = status;
143 		break;
144 	case MODULE_CHECK ... MAX_CHECK - 1:
145 	default:
146 		iint->ima_read_status = status;
147 		break;
148 	}
149 }
150 
151 static void ima_cache_flags(struct integrity_iint_cache *iint,
152 			     enum ima_hooks func)
153 {
154 	switch (func) {
155 	case MMAP_CHECK:
156 		iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED);
157 		break;
158 	case BPRM_CHECK:
159 		iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED);
160 		break;
161 	case CREDS_CHECK:
162 		iint->flags |= (IMA_CREDS_APPRAISED | IMA_APPRAISED);
163 		break;
164 	case FILE_CHECK:
165 	case POST_SETATTR:
166 		iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED);
167 		break;
168 	case MODULE_CHECK ... MAX_CHECK - 1:
169 	default:
170 		iint->flags |= (IMA_READ_APPRAISED | IMA_APPRAISED);
171 		break;
172 	}
173 }
174 
175 enum hash_algo ima_get_hash_algo(const struct evm_ima_xattr_data *xattr_value,
176 				 int xattr_len)
177 {
178 	struct signature_v2_hdr *sig;
179 	enum hash_algo ret;
180 
181 	if (!xattr_value || xattr_len < 2)
182 		/* return default hash algo */
183 		return ima_hash_algo;
184 
185 	switch (xattr_value->type) {
186 	case EVM_IMA_XATTR_DIGSIG:
187 		sig = (typeof(sig))xattr_value;
188 		if (sig->version != 2 || xattr_len <= sizeof(*sig)
189 		    || sig->hash_algo >= HASH_ALGO__LAST)
190 			return ima_hash_algo;
191 		return sig->hash_algo;
192 		break;
193 	case IMA_XATTR_DIGEST_NG:
194 		/* first byte contains algorithm id */
195 		ret = xattr_value->data[0];
196 		if (ret < HASH_ALGO__LAST)
197 			return ret;
198 		break;
199 	case IMA_XATTR_DIGEST:
200 		/* this is for backward compatibility */
201 		if (xattr_len == 21) {
202 			unsigned int zero = 0;
203 			if (!memcmp(&xattr_value->data[16], &zero, 4))
204 				return HASH_ALGO_MD5;
205 			else
206 				return HASH_ALGO_SHA1;
207 		} else if (xattr_len == 17)
208 			return HASH_ALGO_MD5;
209 		break;
210 	}
211 
212 	/* return default hash algo */
213 	return ima_hash_algo;
214 }
215 
216 int ima_read_xattr(struct dentry *dentry,
217 		   struct evm_ima_xattr_data **xattr_value)
218 {
219 	ssize_t ret;
220 
221 	ret = vfs_getxattr_alloc(&init_user_ns, dentry, XATTR_NAME_IMA,
222 				 (char **)xattr_value, 0, GFP_NOFS);
223 	if (ret == -EOPNOTSUPP)
224 		ret = 0;
225 	return ret;
226 }
227 
228 /*
229  * xattr_verify - verify xattr digest or signature
230  *
231  * Verify whether the hash or signature matches the file contents.
232  *
233  * Return 0 on success, error code otherwise.
234  */
235 static int xattr_verify(enum ima_hooks func, struct integrity_iint_cache *iint,
236 			struct evm_ima_xattr_data *xattr_value, int xattr_len,
237 			enum integrity_status *status, const char **cause)
238 {
239 	int rc = -EINVAL, hash_start = 0;
240 
241 	switch (xattr_value->type) {
242 	case IMA_XATTR_DIGEST_NG:
243 		/* first byte contains algorithm id */
244 		hash_start = 1;
245 		fallthrough;
246 	case IMA_XATTR_DIGEST:
247 		if (*status != INTEGRITY_PASS_IMMUTABLE) {
248 			if (iint->flags & IMA_DIGSIG_REQUIRED) {
249 				*cause = "IMA-signature-required";
250 				*status = INTEGRITY_FAIL;
251 				break;
252 			}
253 			clear_bit(IMA_DIGSIG, &iint->atomic_flags);
254 		} else {
255 			set_bit(IMA_DIGSIG, &iint->atomic_flags);
256 		}
257 		if (xattr_len - sizeof(xattr_value->type) - hash_start >=
258 				iint->ima_hash->length)
259 			/*
260 			 * xattr length may be longer. md5 hash in previous
261 			 * version occupied 20 bytes in xattr, instead of 16
262 			 */
263 			rc = memcmp(&xattr_value->data[hash_start],
264 				    iint->ima_hash->digest,
265 				    iint->ima_hash->length);
266 		else
267 			rc = -EINVAL;
268 		if (rc) {
269 			*cause = "invalid-hash";
270 			*status = INTEGRITY_FAIL;
271 			break;
272 		}
273 		*status = INTEGRITY_PASS;
274 		break;
275 	case EVM_IMA_XATTR_DIGSIG:
276 		set_bit(IMA_DIGSIG, &iint->atomic_flags);
277 		rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA,
278 					     (const char *)xattr_value,
279 					     xattr_len,
280 					     iint->ima_hash->digest,
281 					     iint->ima_hash->length);
282 		if (rc == -EOPNOTSUPP) {
283 			*status = INTEGRITY_UNKNOWN;
284 			break;
285 		}
286 		if (IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING) && rc &&
287 		    func == KEXEC_KERNEL_CHECK)
288 			rc = integrity_digsig_verify(INTEGRITY_KEYRING_PLATFORM,
289 						     (const char *)xattr_value,
290 						     xattr_len,
291 						     iint->ima_hash->digest,
292 						     iint->ima_hash->length);
293 		if (rc) {
294 			*cause = "invalid-signature";
295 			*status = INTEGRITY_FAIL;
296 		} else {
297 			*status = INTEGRITY_PASS;
298 		}
299 		break;
300 	default:
301 		*status = INTEGRITY_UNKNOWN;
302 		*cause = "unknown-ima-data";
303 		break;
304 	}
305 
306 	return rc;
307 }
308 
309 /*
310  * modsig_verify - verify modsig signature
311  *
312  * Verify whether the signature matches the file contents.
313  *
314  * Return 0 on success, error code otherwise.
315  */
316 static int modsig_verify(enum ima_hooks func, const struct modsig *modsig,
317 			 enum integrity_status *status, const char **cause)
318 {
319 	int rc;
320 
321 	rc = integrity_modsig_verify(INTEGRITY_KEYRING_IMA, modsig);
322 	if (IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING) && rc &&
323 	    func == KEXEC_KERNEL_CHECK)
324 		rc = integrity_modsig_verify(INTEGRITY_KEYRING_PLATFORM,
325 					     modsig);
326 	if (rc) {
327 		*cause = "invalid-signature";
328 		*status = INTEGRITY_FAIL;
329 	} else {
330 		*status = INTEGRITY_PASS;
331 	}
332 
333 	return rc;
334 }
335 
336 /*
337  * ima_check_blacklist - determine if the binary is blacklisted.
338  *
339  * Add the hash of the blacklisted binary to the measurement list, based
340  * on policy.
341  *
342  * Returns -EPERM if the hash is blacklisted.
343  */
344 int ima_check_blacklist(struct integrity_iint_cache *iint,
345 			const struct modsig *modsig, int pcr)
346 {
347 	enum hash_algo hash_algo;
348 	const u8 *digest = NULL;
349 	u32 digestsize = 0;
350 	int rc = 0;
351 
352 	if (!(iint->flags & IMA_CHECK_BLACKLIST))
353 		return 0;
354 
355 	if (iint->flags & IMA_MODSIG_ALLOWED && modsig) {
356 		ima_get_modsig_digest(modsig, &hash_algo, &digest, &digestsize);
357 
358 		rc = is_binary_blacklisted(digest, digestsize);
359 		if ((rc == -EPERM) && (iint->flags & IMA_MEASURE))
360 			process_buffer_measurement(&init_user_ns, NULL, digest, digestsize,
361 						   "blacklisted-hash", NONE,
362 						   pcr, NULL, false, NULL, 0);
363 	}
364 
365 	return rc;
366 }
367 
368 /*
369  * ima_appraise_measurement - appraise file measurement
370  *
371  * Call evm_verifyxattr() to verify the integrity of 'security.ima'.
372  * Assuming success, compare the xattr hash with the collected measurement.
373  *
374  * Return 0 on success, error code otherwise
375  */
376 int ima_appraise_measurement(enum ima_hooks func,
377 			     struct integrity_iint_cache *iint,
378 			     struct file *file, const unsigned char *filename,
379 			     struct evm_ima_xattr_data *xattr_value,
380 			     int xattr_len, const struct modsig *modsig)
381 {
382 	static const char op[] = "appraise_data";
383 	const char *cause = "unknown";
384 	struct dentry *dentry = file_dentry(file);
385 	struct inode *inode = d_backing_inode(dentry);
386 	enum integrity_status status = INTEGRITY_UNKNOWN;
387 	int rc = xattr_len;
388 	bool try_modsig = iint->flags & IMA_MODSIG_ALLOWED && modsig;
389 
390 	/* If not appraising a modsig, we need an xattr. */
391 	if (!(inode->i_opflags & IOP_XATTR) && !try_modsig)
392 		return INTEGRITY_UNKNOWN;
393 
394 	/* If reading the xattr failed and there's no modsig, error out. */
395 	if (rc <= 0 && !try_modsig) {
396 		if (rc && rc != -ENODATA)
397 			goto out;
398 
399 		cause = iint->flags & IMA_DIGSIG_REQUIRED ?
400 				"IMA-signature-required" : "missing-hash";
401 		status = INTEGRITY_NOLABEL;
402 		if (file->f_mode & FMODE_CREATED)
403 			iint->flags |= IMA_NEW_FILE;
404 		if ((iint->flags & IMA_NEW_FILE) &&
405 		    (!(iint->flags & IMA_DIGSIG_REQUIRED) ||
406 		     (inode->i_size == 0)))
407 			status = INTEGRITY_PASS;
408 		goto out;
409 	}
410 
411 	status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint);
412 	switch (status) {
413 	case INTEGRITY_PASS:
414 	case INTEGRITY_PASS_IMMUTABLE:
415 	case INTEGRITY_UNKNOWN:
416 		break;
417 	case INTEGRITY_NOXATTRS:	/* No EVM protected xattrs. */
418 		/* It's fine not to have xattrs when using a modsig. */
419 		if (try_modsig)
420 			break;
421 		fallthrough;
422 	case INTEGRITY_NOLABEL:		/* No security.evm xattr. */
423 		cause = "missing-HMAC";
424 		goto out;
425 	case INTEGRITY_FAIL_IMMUTABLE:
426 		set_bit(IMA_DIGSIG, &iint->atomic_flags);
427 		cause = "invalid-fail-immutable";
428 		goto out;
429 	case INTEGRITY_FAIL:		/* Invalid HMAC/signature. */
430 		cause = "invalid-HMAC";
431 		goto out;
432 	default:
433 		WARN_ONCE(true, "Unexpected integrity status %d\n", status);
434 	}
435 
436 	if (xattr_value)
437 		rc = xattr_verify(func, iint, xattr_value, xattr_len, &status,
438 				  &cause);
439 
440 	/*
441 	 * If we have a modsig and either no imasig or the imasig's key isn't
442 	 * known, then try verifying the modsig.
443 	 */
444 	if (try_modsig &&
445 	    (!xattr_value || xattr_value->type == IMA_XATTR_DIGEST_NG ||
446 	     rc == -ENOKEY))
447 		rc = modsig_verify(func, modsig, &status, &cause);
448 
449 out:
450 	/*
451 	 * File signatures on some filesystems can not be properly verified.
452 	 * When such filesystems are mounted by an untrusted mounter or on a
453 	 * system not willing to accept such a risk, fail the file signature
454 	 * verification.
455 	 */
456 	if ((inode->i_sb->s_iflags & SB_I_IMA_UNVERIFIABLE_SIGNATURE) &&
457 	    ((inode->i_sb->s_iflags & SB_I_UNTRUSTED_MOUNTER) ||
458 	     (iint->flags & IMA_FAIL_UNVERIFIABLE_SIGS))) {
459 		status = INTEGRITY_FAIL;
460 		cause = "unverifiable-signature";
461 		integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename,
462 				    op, cause, rc, 0);
463 	} else if (status != INTEGRITY_PASS) {
464 		/* Fix mode, but don't replace file signatures. */
465 		if ((ima_appraise & IMA_APPRAISE_FIX) && !try_modsig &&
466 		    (!xattr_value ||
467 		     xattr_value->type != EVM_IMA_XATTR_DIGSIG)) {
468 			if (!ima_fix_xattr(dentry, iint))
469 				status = INTEGRITY_PASS;
470 		}
471 
472 		/*
473 		 * Permit new files with file/EVM portable signatures, but
474 		 * without data.
475 		 */
476 		if (inode->i_size == 0 && iint->flags & IMA_NEW_FILE &&
477 		    test_bit(IMA_DIGSIG, &iint->atomic_flags)) {
478 			status = INTEGRITY_PASS;
479 		}
480 
481 		integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename,
482 				    op, cause, rc, 0);
483 	} else {
484 		ima_cache_flags(iint, func);
485 	}
486 
487 	ima_set_cache_status(iint, func, status);
488 	return status;
489 }
490 
491 /*
492  * ima_update_xattr - update 'security.ima' hash value
493  */
494 void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file)
495 {
496 	struct dentry *dentry = file_dentry(file);
497 	int rc = 0;
498 
499 	/* do not collect and update hash for digital signatures */
500 	if (test_bit(IMA_DIGSIG, &iint->atomic_flags))
501 		return;
502 
503 	if ((iint->ima_file_status != INTEGRITY_PASS) &&
504 	    !(iint->flags & IMA_HASH))
505 		return;
506 
507 	rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo, NULL);
508 	if (rc < 0)
509 		return;
510 
511 	inode_lock(file_inode(file));
512 	ima_fix_xattr(dentry, iint);
513 	inode_unlock(file_inode(file));
514 }
515 
516 /**
517  * ima_inode_post_setattr - reflect file metadata changes
518  * @mnt_userns:	user namespace of the mount the inode was found from
519  * @dentry: pointer to the affected dentry
520  *
521  * Changes to a dentry's metadata might result in needing to appraise.
522  *
523  * This function is called from notify_change(), which expects the caller
524  * to lock the inode's i_mutex.
525  */
526 void ima_inode_post_setattr(struct user_namespace *mnt_userns,
527 			    struct dentry *dentry)
528 {
529 	struct inode *inode = d_backing_inode(dentry);
530 	struct integrity_iint_cache *iint;
531 	int action;
532 
533 	if (!(ima_policy_flag & IMA_APPRAISE) || !S_ISREG(inode->i_mode)
534 	    || !(inode->i_opflags & IOP_XATTR))
535 		return;
536 
537 	action = ima_must_appraise(mnt_userns, inode, MAY_ACCESS, POST_SETATTR);
538 	iint = integrity_iint_find(inode);
539 	if (iint) {
540 		set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags);
541 		if (!action)
542 			clear_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
543 	}
544 }
545 
546 /*
547  * ima_protect_xattr - protect 'security.ima'
548  *
549  * Ensure that not just anyone can modify or remove 'security.ima'.
550  */
551 static int ima_protect_xattr(struct dentry *dentry, const char *xattr_name,
552 			     const void *xattr_value, size_t xattr_value_len)
553 {
554 	if (strcmp(xattr_name, XATTR_NAME_IMA) == 0) {
555 		if (!capable(CAP_SYS_ADMIN))
556 			return -EPERM;
557 		return 1;
558 	}
559 	return 0;
560 }
561 
562 static void ima_reset_appraise_flags(struct inode *inode, int digsig)
563 {
564 	struct integrity_iint_cache *iint;
565 
566 	if (!(ima_policy_flag & IMA_APPRAISE) || !S_ISREG(inode->i_mode))
567 		return;
568 
569 	iint = integrity_iint_find(inode);
570 	if (!iint)
571 		return;
572 	iint->measured_pcrs = 0;
573 	set_bit(IMA_CHANGE_XATTR, &iint->atomic_flags);
574 	if (digsig)
575 		set_bit(IMA_DIGSIG, &iint->atomic_flags);
576 	else
577 		clear_bit(IMA_DIGSIG, &iint->atomic_flags);
578 }
579 
580 /**
581  * validate_hash_algo() - Block setxattr with unsupported hash algorithms
582  * @dentry: object of the setxattr()
583  * @xattr_value: userland supplied xattr value
584  * @xattr_value_len: length of xattr_value
585  *
586  * The xattr value is mapped to its hash algorithm, and this algorithm
587  * must be built in the kernel for the setxattr to be allowed.
588  *
589  * Emit an audit message when the algorithm is invalid.
590  *
591  * Return: 0 on success, else an error.
592  */
593 static int validate_hash_algo(struct dentry *dentry,
594 			      const struct evm_ima_xattr_data *xattr_value,
595 			      size_t xattr_value_len)
596 {
597 	char *path = NULL, *pathbuf = NULL;
598 	enum hash_algo xattr_hash_algo;
599 	const char *errmsg = "unavailable-hash-algorithm";
600 	unsigned int allowed_hashes;
601 
602 	xattr_hash_algo = ima_get_hash_algo(xattr_value, xattr_value_len);
603 
604 	allowed_hashes = atomic_read(&ima_setxattr_allowed_hash_algorithms);
605 
606 	if (allowed_hashes) {
607 		/* success if the algorithm is allowed in the ima policy */
608 		if (allowed_hashes & (1U << xattr_hash_algo))
609 			return 0;
610 
611 		/*
612 		 * We use a different audit message when the hash algorithm
613 		 * is denied by a policy rule, instead of not being built
614 		 * in the kernel image
615 		 */
616 		errmsg = "denied-hash-algorithm";
617 	} else {
618 		if (likely(xattr_hash_algo == ima_hash_algo))
619 			return 0;
620 
621 		/* allow any xattr using an algorithm built in the kernel */
622 		if (crypto_has_alg(hash_algo_name[xattr_hash_algo], 0, 0))
623 			return 0;
624 	}
625 
626 	pathbuf = kmalloc(PATH_MAX, GFP_KERNEL);
627 	if (!pathbuf)
628 		return -EACCES;
629 
630 	path = dentry_path(dentry, pathbuf, PATH_MAX);
631 
632 	integrity_audit_msg(AUDIT_INTEGRITY_DATA, d_inode(dentry), path,
633 			    "set_data", errmsg, -EACCES, 0);
634 
635 	kfree(pathbuf);
636 
637 	return -EACCES;
638 }
639 
640 int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
641 		       const void *xattr_value, size_t xattr_value_len)
642 {
643 	const struct evm_ima_xattr_data *xvalue = xattr_value;
644 	int digsig = 0;
645 	int result;
646 
647 	result = ima_protect_xattr(dentry, xattr_name, xattr_value,
648 				   xattr_value_len);
649 	if (result == 1) {
650 		if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))
651 			return -EINVAL;
652 		digsig = (xvalue->type == EVM_IMA_XATTR_DIGSIG);
653 	} else if (!strcmp(xattr_name, XATTR_NAME_EVM) && xattr_value_len > 0) {
654 		digsig = (xvalue->type == EVM_XATTR_PORTABLE_DIGSIG);
655 	}
656 	if (result == 1 || evm_revalidate_status(xattr_name)) {
657 		result = validate_hash_algo(dentry, xvalue, xattr_value_len);
658 		if (result)
659 			return result;
660 
661 		ima_reset_appraise_flags(d_backing_inode(dentry), digsig);
662 	}
663 	return result;
664 }
665 
666 int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name)
667 {
668 	int result;
669 
670 	result = ima_protect_xattr(dentry, xattr_name, NULL, 0);
671 	if (result == 1 || evm_revalidate_status(xattr_name)) {
672 		ima_reset_appraise_flags(d_backing_inode(dentry), 0);
673 		if (result == 1)
674 			result = 0;
675 	}
676 	return result;
677 }
678