Revert "ima: Add ima namespace to the ima subsystem APIs"

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA -------------------------------- This reverts commit c2b095cc. Signed-off-by: N Zhang Tianxing <zhangtianxing3@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

Revert "ima: Add ima namespace to the ima subsystem APIs"
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA -------------------------------- This reverts commit c2b095cc. Signed-off-by: N Zhang Tianxing <zhangtianxing3@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
8b4670bc · Zhang Tianxing · Zheng Zengkai · ad99f818 · 8b4670bc · 8b4670bc
9 changed file
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -152,7 +152,7 @@ static inline void ima_post_key_create_or_update(struct key *keyring,
 #endif  /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */
 #ifdef CONFIG_IMA_APPRAISE
-extern bool is_ima_appraise_enabled(const struct ima_namespace *ima_ns);
+extern bool is_ima_appraise_enabled(void);
 extern void ima_inode_post_setattr(struct dentry *dentry);
 extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
 		       const void *xattr_value, size_t xattr_value_len);
@@ -164,7 +164,7 @@ extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name);
 extern void ima_inode_post_removexattr(struct dentry *dentry,
 				       const char *xattr_name);
 #else
-static inline bool is_ima_appraise_enabled(const struct ima_namespace *ima_ns)
+static inline bool is_ima_appraise_enabled(void)
 {
 	return 0;
 }

--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -268,8 +268,7 @@ static inline void ima_process_queued_keys(void) {}
 int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid,
 		   int mask, enum ima_hooks func, int *pcr,
 		   struct ima_template_desc **template_desc,
-		   const char *keyring,
+		   const char *keyring);
-		   struct ima_namespace *ima_ns);
 int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func);
 int ima_collect_measurement(struct integrity_iint_cache *iint,
 			    struct file *file, void *buf, loff_t size,
@@ -279,12 +278,10 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
 			   struct evm_ima_xattr_data *xattr_value,
 			   int xattr_len, const struct modsig *modsig, int pcr,
 			   struct ima_template_desc *template_desc,
-			   struct ima_digest *digest,
+			   struct ima_digest *digest);
-			   struct ima_namespace *ima_ns);
 void process_buffer_measurement(struct inode *inode, const void *buf, int size,
 				const char *eventname, enum ima_hooks func,
-				int pcr, const char *keyring,
+				int pcr, const char *keyring);
-				struct ima_namespace *ima_ns);
 void ima_audit_measurement(struct integrity_iint_cache *iint,
 			   const unsigned char *filename);
 int ima_alloc_init_template(struct ima_event_data *event_data,
@@ -300,16 +297,15 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *filename);
 int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
 		     enum ima_hooks func, int mask, int flags, int *pcr,
 		     struct ima_template_desc **template_desc,
-		     const char *keyring,
+		     const char *keyring);
-		     struct ima_namespace *ima_ns);
 void ima_init_policy(void);
 void ima_init_ns_policy(struct ima_namespace *ima_ns,
 			const struct ima_policy_setup_data *policy_setup_data);
 void ima_update_policy(void);
-void ima_update_policy_flag(struct ima_namespace *ima_ns);
+void ima_update_policy_flag(void);
 ssize_t ima_parse_add_rule(char *);
 void ima_delete_rules(void);
-int ima_check_policy(const struct ima_namespace *ima_ns);
+int ima_check_policy(void);
 void *ima_policy_start(struct seq_file *m, loff_t *pos);
 void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos);
 void ima_policy_stop(struct seq_file *m, void *v);
@@ -337,23 +333,20 @@ int ima_default_appraise_setup(const char *str,
 #ifdef CONFIG_IMA_APPRAISE
 int ima_check_blacklist(struct integrity_iint_cache *iint,
-			const struct modsig *modsig, int pcr,
+			const struct modsig *modsig, int pcr);
-			struct ima_namespace *ima_ns);
 int ima_appraise_measurement(enum ima_hooks func,
 			     struct integrity_iint_cache *iint,
 			     struct file *file, const unsigned char *filename,
 			     struct evm_ima_xattr_data *xattr_value,
 			     int xattr_len, const struct modsig *modsig,
 			     struct ima_digest *found_digest);
-int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func,
+int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func);
-		      struct ima_namespace *ima_ns);
 void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file);
 enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
 					   enum ima_hooks func);
 #else
 static inline int ima_check_blacklist(struct integrity_iint_cache *iint,
-				      const struct modsig *modsig, int pcr,
+				      const struct modsig *modsig, int pcr)
-				      struct ima_namespace *ima_ns)
 {
 	return 0;
 }
@@ -371,8 +364,7 @@ static inline int ima_appraise_measurement(enum ima_hooks func,
 }
 static inline int ima_must_appraise(struct inode *inode, int mask,
-				    enum ima_hooks func,
+				    enum ima_hooks func)
-				    struct ima_namespace *ima_ns)
 {
 	return 0;
 }

--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -191,7 +191,6 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
 * @pcr: pointer filled in if matched measure policy sets pcr=
 * @template_desc: pointer filled in if matched measure policy sets template=
 * @keyring: keyring name used to determine the action
- * @ima_ns: ima namespace whose policy data will be used
 *
 * The policy is defined in terms of keypairs:
 *		subj=, obj=, type=, func=, mask=, fsmagic=
@@ -207,15 +206,14 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
 int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid,
 		   int mask, enum ima_hooks func, int *pcr,
 		   struct ima_template_desc **template_desc,
-		   const char *keyring,
+		   const char *keyring)
-		   struct ima_namespace *ima_ns)
 {
 	int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH;
 	flags &= ima_policy_flag;
 	return ima_match_policy(inode, cred, secid, func, mask, flags, pcr,
-				template_desc, keyring, ima_ns);
+				template_desc, keyring);
 }
 /*
@@ -320,8 +318,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
 			   struct evm_ima_xattr_data *xattr_value,
 			   int xattr_len, const struct modsig *modsig, int pcr,
 			   struct ima_template_desc *template_desc,
-			   struct ima_digest *digest,
+			   struct ima_digest *digest)
-			   struct ima_namespace *ima_ns)
 {
 	static const char op[] = "add_template_measure";
 	static const char audit_cause[] = "ENOMEM";

--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -81,11 +81,10 @@ __setup("ima_appraise_digest_list=", appraise_digest_list_setup);
 /*
 * is_ima_appraise_enabled - return appraise status
- * @ima_ns: pointer to the ima namespace being checked
 *
 * Only return enabled, if not in ima_appraise="fix" or "log" modes.
 */
-bool is_ima_appraise_enabled(const struct ima_namespace *ima_ns)
+bool is_ima_appraise_enabled(void)
 {
 	return ima_appraise & IMA_APPRAISE_ENFORCE;
 }
@@ -95,8 +94,7 @@ bool is_ima_appraise_enabled(const struct ima_namespace *ima_ns)
 *
 * Return 1 to appraise or hash
 */
-int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func,
+int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func)
-		      struct ima_namespace *ima_ns)
 {
 	u32 secid;
@@ -105,8 +103,7 @@ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func,
 	security_task_getsecid(current, &secid);
 	return ima_match_policy(inode, current_cred(), secid, func, mask,
-				IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL,
+				IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL);
-				NULL);
 }
 static int ima_fix_xattr(struct dentry *dentry,
@@ -334,8 +331,7 @@ static int modsig_verify(enum ima_hooks func, const struct modsig *modsig,
 * Returns -EPERM if the hash is blacklisted.
 */
 int ima_check_blacklist(struct integrity_iint_cache *iint,
-			const struct modsig *modsig, int pcr,
+			const struct modsig *modsig, int pcr)
-			struct ima_namespace *ima_ns)
 {
 	enum hash_algo hash_algo;
 	const u8 *digest = NULL;
@@ -352,7 +348,7 @@ int ima_check_blacklist(struct integrity_iint_cache *iint,
 		if ((rc == -EPERM) && (iint->flags & IMA_MEASURE))
 			process_buffer_measurement(NULL, digest, digestsize,
 						   "blacklisted-hash", NONE,
-						   pcr, NULL, NULL);
+						   pcr, NULL);
 	}
 	return rc;
@@ -579,7 +575,7 @@ void ima_inode_post_setattr(struct dentry *dentry)
 	    || !(inode->i_opflags & IOP_XATTR))
 		return;
-	action = ima_must_appraise(inode, MAY_ACCESS, POST_SETATTR, NULL);
+	action = ima_must_appraise(inode, MAY_ACCESS, POST_SETATTR);
 	iint = integrity_iint_find(inode);
 	if (iint) {
 		set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags);

--- a/security/integrity/ima/ima_asymmetric_keys.c
+++ b/security/integrity/ima/ima_asymmetric_keys.c
@@ -60,6 +60,5 @@ void ima_post_key_create_or_update(struct key *keyring, struct key *key,
 	 */
 	process_buffer_measurement(NULL, payload, payload_len,
 				   keyring->description, KEY_CHECK, 0,
-				   keyring->description,
+				   keyring->description);
-				   NULL);
 }
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -531,7 +531,7 @@ static int ima_release_data_upload(struct inode *inode, struct file *file)
 		return 0;
 	}
-	if (valid_policy && ima_check_policy(NULL) < 0) {
+	if (valid_policy && ima_check_policy() < 0) {
 		cause = "failed";
 		valid_policy = 0;
 	}

--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -124,8 +124,7 @@ static void ima_rdwr_violation_check(struct file *file,
 				     int must_measure,
 				     char **pathbuf,
 				     const char **pathname,
-				     char *filename,
+				     char *filename)
-				     struct ima_namespace *ima_ns)
 {
 	struct inode *inode = file_inode(file);
 	fmode_t mode = file->f_mode;
@@ -295,8 +294,7 @@ void ima_file_free(struct file *file)
 static int process_measurement(struct file *file, const struct cred *cred,
 			       u32 secid, char *buf, loff_t size, int mask,
-			       enum ima_hooks func,
+			       enum ima_hooks func)
-			       struct ima_namespace *ima_ns)
 {
 	struct inode *inode = file_inode(file);
 	struct integrity_iint_cache *iint = NULL;
@@ -321,7 +319,7 @@ static int process_measurement(struct file *file, const struct cred *cred,
 	 * Included is the appraise submask.
 	 */
 	action = ima_get_action(inode, cred, secid, mask, func, &pcr,
-				&template_desc, NULL, ima_ns);
+				&template_desc, NULL);
 	violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) &&
 			   (ima_policy_flag & IMA_MEASURE));
 	if (!action && !violation_check)
@@ -343,7 +341,7 @@ static int process_measurement(struct file *file, const struct cred *cred,
 	if (!rc && violation_check)
 		ima_rdwr_violation_check(file, iint, action & IMA_MEASURE,
-					 &pathbuf, &pathname, filename, ima_ns);
+					 &pathbuf, &pathname, filename);
 	inode_unlock(inode);
@@ -447,11 +445,10 @@ static int process_measurement(struct file *file, const struct cred *cred,
 				      xattr_value, xattr_len, modsig, pcr,
 				      template_desc,
 				      ima_digest_allow(found_digest,
-						       IMA_MEASURE),
+						       IMA_MEASURE));
-				      ima_ns);
 	if (rc == 0 && (action & IMA_APPRAISE_SUBMASK)) {
-		rc = ima_check_blacklist(iint, modsig, pcr, ima_ns);
+		rc = ima_check_blacklist(iint, modsig, pcr);
 		if (rc != -EPERM) {
 			inode_lock(inode);
 			rc = ima_appraise_measurement(func, iint, file,
@@ -507,7 +504,7 @@ int ima_file_mmap(struct file *file, unsigned long prot)
 	if (file && (prot & PROT_EXEC)) {
 		security_task_getsecid(current, &secid);
 		return process_measurement(file, current_cred(), secid, NULL,
-					   0, MAY_EXEC, MMAP_CHECK, NULL);
+					   0, MAY_EXEC, MMAP_CHECK);
 	}
 	return 0;
@@ -546,7 +543,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
 	security_task_getsecid(current, &secid);
 	inode = file_inode(vma->vm_file);
 	action = ima_get_action(inode, current_cred(), secid, MAY_EXEC,
-				MMAP_CHECK, &pcr, &template, 0, NULL);
+				MMAP_CHECK, &pcr, &template, 0);
 	/* Is the mmap'ed file in policy? */
 	if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK)))
@@ -585,13 +582,13 @@ int ima_bprm_check(struct linux_binprm *bprm)
 	security_task_getsecid(current, &secid);
 	ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0,
-				  MAY_EXEC, BPRM_CHECK, NULL);
+				  MAY_EXEC, BPRM_CHECK);
 	if (ret)
 		return ret;
 	security_cred_getsecid(bprm->cred, &secid);
 	return process_measurement(bprm->file, bprm->cred, secid, NULL, 0,
-				   MAY_EXEC, CREDS_CHECK, NULL);
+				   MAY_EXEC, CREDS_CHECK);
 }
 /**
@@ -612,7 +609,7 @@ int ima_file_check(struct file *file, int mask)
 	security_task_getsecid(current, &secid);
 	rc = process_measurement(file, current_cred(), secid, NULL, 0,
 				 mask & (MAY_READ | MAY_WRITE | MAY_EXEC |
-					 MAY_APPEND), FILE_CHECK, NULL);
+					 MAY_APPEND), FILE_CHECK);
 	if (ima_current_is_parser() && !rc)
 		ima_check_measured_appraised(file);
 	return rc;
@@ -691,7 +688,7 @@ void ima_post_create_tmpfile(struct inode *inode)
 	struct integrity_iint_cache *iint;
 	int must_appraise;
-	must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK, NULL);
+	must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK);
 	if (!must_appraise)
 		return;
@@ -718,7 +715,7 @@ void ima_post_path_mknod(struct dentry *dentry)
 	struct inode *inode = dentry->d_inode;
 	int must_appraise;
-	must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK, NULL);
+	must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK);
 	if (!must_appraise)
 		return;
@@ -769,7 +766,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id,
 	func = read_idmap[read_id] ?: FILE_CHECK;
 	security_task_getsecid(current, &secid);
 	return process_measurement(file, current_cred(), secid, NULL,
-				   0, MAY_READ, func, NULL);
+				   0, MAY_READ, func);
 }
 const int read_idmap[READING_MAX_ID] = {
@@ -813,7 +810,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
 	func = read_idmap[read_id] ?: FILE_CHECK;
 	security_task_getsecid(current, &secid);
 	return process_measurement(file, current_cred(), secid, buf, size,
-				   MAY_READ, func, NULL);
+				   MAY_READ, func);
 }
 /**
@@ -911,8 +908,7 @@ int ima_post_load_data(char *buf, loff_t size,
 */
 void process_buffer_measurement(struct inode *inode, const void *buf, int size,
 				const char *eventname, enum ima_hooks func,
-				int pcr, const char *keyring,
+				int pcr, const char *keyring)
-				struct ima_namespace *ima_ns)
 {
 	int ret = 0;
 	const char *audit_cause = "ENOMEM";
@@ -944,7 +940,7 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size,
 	if (func) {
 		security_task_getsecid(current, &secid);
 		action = ima_get_action(inode, current_cred(), secid, 0, func,
-					&pcr, &template, keyring, NULL);
+					&pcr, &template, keyring);
 		if (!(action & IMA_MEASURE))
 			return;
 	}
@@ -1016,8 +1012,7 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size)
 		return;
 	process_buffer_measurement(file_inode(f.file), buf, size,
-				   "kexec-cmdline", KEXEC_CMDLINE, 0, NULL,
+				   "kexec-cmdline", KEXEC_CMDLINE, 0, NULL);
-				   NULL);
 	fdput(f);
 }
@@ -1046,7 +1041,7 @@ static int __init init_ima(void)
 		pr_warn("Couldn't register LSM notifier, error %d\n", error);
 	if (!error)
-		ima_update_policy_flag(&init_ima_ns);
+		ima_update_policy_flag();
 	return error;
 }

--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -692,7 +692,6 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func)
 * @template_desc: the template that should be used for this rule
 * @keyring: the keyring name, if given, to be used to check in the policy.
 *           keyring can be NULL if func is anything other than KEY_CHECK.
- * @ima_ns: IMA namespace whose policies are being checked
 *
 * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type)
 * conditions.
@@ -704,8 +703,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func)
 int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
 		     enum ima_hooks func, int mask, int flags, int *pcr,
 		     struct ima_template_desc **template_desc,
-		     const char *keyring,
+		     const char *keyring)
-		     struct ima_namespace *ima_ns)
 {
 	struct ima_rule_entry *entry;
 	int action = 0, actmask = flags | (flags << 1);
@@ -758,9 +756,8 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
 * loaded policy.  Based on this flag, the decision to short circuit
 * out of a function or not call the function in the first place
 * can be made earlier.
- * @ima_ns: pointer to the ima namespace whose policy flag is updated
 */
-void ima_update_policy_flag(struct ima_namespace *ima_ns)
+void ima_update_policy_flag(void)
 {
 	struct ima_rule_entry *entry;
@@ -789,8 +786,7 @@ static int ima_appraise_flag(enum ima_hooks func)
 	return 0;
 }
-static void __init add_rules(struct ima_policy_data *policy_data,
+static void __init add_rules(struct ima_rule_entry *entries, int count,
-			     struct ima_rule_entry *entries, int count,
 			     enum policy_rule_list policy_rule)
 {
 	int i = 0;
@@ -918,20 +914,19 @@ void __init ima_init_policy(void)
 	/* if !ima_policy, we load NO default rules */
 	if (ima_policy)
-		add_rules(NULL,
+		add_rules(dont_measure_rules, ARRAY_SIZE(dont_measure_rules),
-			  dont_measure_rules, ARRAY_SIZE(dont_measure_rules),
 			  IMA_DEFAULT_POLICY);
 	switch (ima_policy) {
 	case ORIGINAL_TCB:
-		add_rules(NULL, original_measurement_rules,
+		add_rules(original_measurement_rules,
 			  ARRAY_SIZE(original_measurement_rules),
 			  IMA_DEFAULT_POLICY);
 		break;
 	case EXEC_TCB:
 		fallthrough;
 	case DEFAULT_TCB:
-		add_rules(NULL, default_measurement_rules,
+		add_rules(default_measurement_rules,
 			  ARRAY_SIZE(default_measurement_rules),
 			  IMA_DEFAULT_POLICY);
 	default:
@@ -939,7 +934,7 @@ void __init ima_init_policy(void)
 	}
 	if (ima_policy)
-		add_rules(NULL, &ima_parser_measure_rule, 1, IMA_DEFAULT_POLICY);
+		add_rules(&ima_parser_measure_rule, 1, IMA_DEFAULT_POLICY);
 	/*
 	 * Based on runtime secure boot flags, insert arch specific measurement
@@ -951,7 +946,7 @@ void __init ima_init_policy(void)
 	if (!arch_entries)
 		pr_info("No architecture policies found\n");
 	else
-		add_rules(NULL, arch_policy_entry, arch_entries,
+		add_rules(arch_policy_entry, arch_entries,
 			  IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY);
 	/*
@@ -959,8 +954,7 @@ void __init ima_init_policy(void)
 	 * signatures, prior to other appraise rules.
 	 */
 	if (ima_use_secure_boot || ima_use_appraise_exec_tcb)
-		add_rules(NULL,
+		add_rules(secure_boot_rules, ARRAY_SIZE(secure_boot_rules),
-			  secure_boot_rules, ARRAY_SIZE(secure_boot_rules),
 			  IMA_DEFAULT_POLICY);
 	/*
@@ -972,34 +966,32 @@ void __init ima_init_policy(void)
 	build_appraise_entries = ARRAY_SIZE(build_appraise_rules);
 	if (build_appraise_entries) {
 		if (ima_use_secure_boot)
-			add_rules(NULL,
+			add_rules(build_appraise_rules, build_appraise_entries,
-				  build_appraise_rules, build_appraise_entries,
 				  IMA_CUSTOM_POLICY);
 		else
-			add_rules(NULL,
+			add_rules(build_appraise_rules, build_appraise_entries,
-				  build_appraise_rules, build_appraise_entries,
 				  IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY);
 	}
 	if (ima_use_appraise_tcb || ima_use_appraise_exec_tcb)
-		add_rules(NULL, default_appraise_rules,
+		add_rules(default_appraise_rules,
 			  ARRAY_SIZE(default_appraise_rules),
 			  IMA_DEFAULT_POLICY);
 	if (ima_use_appraise_exec_tcb)
-		add_rules(NULL, appraise_exec_rules,
+		add_rules(appraise_exec_rules,
 			  ARRAY_SIZE(appraise_exec_rules),
 			  IMA_DEFAULT_POLICY);
 	if (ima_use_secure_boot || ima_use_appraise_tcb ||
 	    ima_use_appraise_exec_tcb)
-		add_rules(NULL, &ima_parser_appraise_rule, 1, IMA_DEFAULT_POLICY);
+		add_rules(&ima_parser_appraise_rule, 1, IMA_DEFAULT_POLICY);
-	ima_update_policy_flag(NULL);
+	ima_update_policy_flag();
 }
 /* Make sure we have a valid policy, at least containing some rules. */
-int ima_check_policy(const struct ima_namespace *ima_ns)
+int ima_check_policy(void)
 {
 	if (list_empty(&ima_temp_rules))
 		return -EINVAL;
@@ -1035,7 +1027,7 @@ void ima_update_policy(void)
 		 */
 		kfree(arch_policy_entry);
 	}
-	ima_update_policy_flag(NULL);
+	ima_update_policy_flag();
 	/* Custom IMA policy has been loaded */
 	ima_process_queued_keys();

--- a/security/integrity/ima/ima_queue_keys.c
+++ b/security/integrity/ima/ima_queue_keys.c
@@ -162,8 +162,7 @@ void ima_process_queued_keys(void)
 						   entry->payload_len,
 						   entry->keyring_name,
 						   KEY_CHECK, 0,
-						   entry->keyring_name,
+						   entry->keyring_name);
-						   NULL);
 		list_del(&entry->list);
 		ima_free_key_entry(entry);
 	}