[PATCH 2/3] security, ipe: Remove LSM_INT_VERDICT_UNEXPECTED support

[Blaise Boscaccy <bboscaccy@linux.microsoft.com>]

After commit cf5d6b993a43 ("hornet: fix TOCTOU in signed program
verification") LSM_INT_VERDICT_UNEXPECTED was no longer being produced
by any LSMs. Remove support for the orphaned enum value from IPE and
the set of possible verdicts.

Signed-off-by: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
---
 Documentation/admin-guide/LSM/Hornet.rst | 3 ---
 Documentation/admin-guide/LSM/ipe.rst    | 6 +-----
 Documentation/security/ipe.rst           | 3 +--
 include/linux/security.h                 | 1 -
 security/ipe/audit.c                     | 1 -
 security/ipe/eval.c                      | 2 --
 security/ipe/policy.h                    | 1 -
 security/ipe/policy_parser.c             | 2 --
 8 files changed, 2 insertions(+), 17 deletions(-)

diff --git a/Documentation/admin-guide/LSM/Hornet.rst b/Documentation/admin-guide/LSM/Hornet.rst
index a369bc11408f4..13dcf686ead71 100644
--- a/Documentation/admin-guide/LSM/Hornet.rst
+++ b/Documentation/admin-guide/LSM/Hornet.rst
@@ -47,9 +47,6 @@ make policy decisions based on the verification outcome:
 ``LSM_INT_VERDICT_FAULT``
   A system error occurred during verification.
 
-``LSM_INT_VERDICT_UNEXPECTED``
-  An unexpected map hash value was encountered.
-
 ``LSM_INT_VERDICT_BADSIG``
   The signature or a map hash failed verification.
 
diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
index d68ba9d98859e..a525b4cbb4f09 100644
--- a/Documentation/admin-guide/LSM/ipe.rst
+++ b/Documentation/admin-guide/LSM/ipe.rst
@@ -736,7 +736,7 @@ bpf_signature
    ``IPE_PROP_BPF_SIGNATURE`` config option.
    The format of this property is::
 
-      bpf_signature=(NONE|OK|UNSIGNED|PARTIALSIG|UNKNOWNKEY|UNEXPECTED|FAULT|BADSIG)
+      bpf_signature=(NONE|OK|UNSIGNED|PARTIALSIG|UNKNOWNKEY|FAULT|BADSIG)
 
    The possible values correspond to the integrity verdicts from Hornet:
 
@@ -762,10 +762,6 @@ bpf_signature
 
          The keyring requested by the user is invalid.
 
-      ``UNEXPECTED``
-
-         An unexpected map hash value was encountered during verification.
-
       ``FAULT``
 
          A system error occurred during signature verification.
diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst
index c51dcb16a377b..6a8d28a1b6be0 100644
--- a/Documentation/security/ipe.rst
+++ b/Documentation/security/ipe.rst
@@ -439,8 +439,7 @@ The hook flow is:
      ``attr->fd_array``. The function produces one of
      ``LSM_INT_VERDICT_OK``, ``LSM_INT_VERDICT_UNSIGNED``,
      ``LSM_INT_VERDICT_BADSIG``, ``LSM_INT_VERDICT_PARTIALSIG``,
-     ``LSM_INT_VERDICT_UNKNOWNKEY``, ``LSM_INT_VERDICT_UNEXPECTED``, or
-     ``LSM_INT_VERDICT_FAULT``.
+     ``LSM_INT_VERDICT_UNKNOWNKEY``, or ``LSM_INT_VERDICT_FAULT``.
   3. Hornet calls ``security_bpf_prog_load_post_integrity()`` with the
      resulting verdict and its ``lsm_id``. IPE's
      ``ipe_bpf_prog_load_post_integrity`` handler does **not** enforce
diff --git a/include/linux/security.h b/include/linux/security.h
index 598cd2eb1dcd5..2476ece76db73 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -107,7 +107,6 @@ enum lsm_integrity_verdict {
 	LSM_INT_VERDICT_UNSIGNED,
 	LSM_INT_VERDICT_PARTIALSIG,
 	LSM_INT_VERDICT_UNKNOWNKEY,
-	LSM_INT_VERDICT_UNEXPECTED,
 	LSM_INT_VERDICT_FAULT,
 	LSM_INT_VERDICT_BADSIG,
 };
diff --git a/security/ipe/audit.c b/security/ipe/audit.c
index 77bbf04d950bd..a2ae22cbc61ed 100644
--- a/security/ipe/audit.c
+++ b/security/ipe/audit.c
@@ -69,7 +69,6 @@ static const char *const audit_prop_names[__IPE_PROP_MAX] = {
 	"bpf_signature=UNSIGNED",
 	"bpf_signature=PARTIALSIG",
 	"bpf_signature=UNKNOWNKEY",
-	"bpf_signature=UNEXPECTED",
 	"bpf_signature=FAULT",
 	"bpf_signature=BADSIG",
 	"bpf_keyring=BUILTIN",
diff --git a/security/ipe/eval.c b/security/ipe/eval.c
index 23ae1edf896b0..58a168e9ebe2b 100644
--- a/security/ipe/eval.c
+++ b/security/ipe/eval.c
@@ -374,8 +374,6 @@ static bool evaluate_property(const struct ipe_eval_ctx *const ctx,
 		return evaluate_bpf_sig(ctx, LSM_INT_VERDICT_PARTIALSIG);
 	case IPE_PROP_BPF_SIG_UNKNOWNKEY:
 		return evaluate_bpf_sig(ctx, LSM_INT_VERDICT_UNKNOWNKEY);
-	case IPE_PROP_BPF_SIG_UNEXPECTED:
-		return evaluate_bpf_sig(ctx, LSM_INT_VERDICT_UNEXPECTED);
 	case IPE_PROP_BPF_SIG_FAULT:
 		return evaluate_bpf_sig(ctx, LSM_INT_VERDICT_FAULT);
 	case IPE_PROP_BPF_SIG_BADSIG:
diff --git a/security/ipe/policy.h b/security/ipe/policy.h
index 748bea92beb19..ba4f529da7d72 100644
--- a/security/ipe/policy.h
+++ b/security/ipe/policy.h
@@ -45,7 +45,6 @@ enum ipe_prop_type {
 	IPE_PROP_BPF_SIG_UNSIGNED,
 	IPE_PROP_BPF_SIG_PARTIALSIG,
 	IPE_PROP_BPF_SIG_UNKNOWNKEY,
-	IPE_PROP_BPF_SIG_UNEXPECTED,
 	IPE_PROP_BPF_SIG_FAULT,
 	IPE_PROP_BPF_SIG_BADSIG,
 	IPE_PROP_BPF_KEYRING_BUILTIN,
diff --git a/security/ipe/policy_parser.c b/security/ipe/policy_parser.c
index 71f63de56616b..b2b807620d89a 100644
--- a/security/ipe/policy_parser.c
+++ b/security/ipe/policy_parser.c
@@ -287,7 +287,6 @@ static const match_table_t property_tokens = {
 	{IPE_PROP_BPF_SIG_UNSIGNED,	"bpf_signature=UNSIGNED"},
 	{IPE_PROP_BPF_SIG_PARTIALSIG,	"bpf_signature=PARTIALSIG"},
 	{IPE_PROP_BPF_SIG_UNKNOWNKEY,	"bpf_signature=UNKNOWNKEY"},
-	{IPE_PROP_BPF_SIG_UNEXPECTED,	"bpf_signature=UNEXPECTED"},
 	{IPE_PROP_BPF_SIG_FAULT,	"bpf_signature=FAULT"},
 	{IPE_PROP_BPF_SIG_BADSIG,	"bpf_signature=BADSIG"},
 	{IPE_PROP_BPF_KEYRING_BUILTIN,	"bpf_keyring=BUILTIN"},
@@ -350,7 +349,6 @@ static int parse_property(char *t, struct ipe_rule *r)
 	case IPE_PROP_BPF_SIG_UNSIGNED:
 	case IPE_PROP_BPF_SIG_PARTIALSIG:
 	case IPE_PROP_BPF_SIG_UNKNOWNKEY:
-	case IPE_PROP_BPF_SIG_UNEXPECTED:
 	case IPE_PROP_BPF_SIG_FAULT:
 	case IPE_PROP_BPF_SIG_BADSIG:
 	case IPE_PROP_BPF_KEYRING_BUILTIN:
-- 
2.53.0