diff options
| author | Roberto Sassu <roberto.sassu@polito.it> | 2014-09-12 13:35:53 -0400 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-09-17 16:15:42 -0400 |
| commit | be39ffc2fec78ff80d50e4b7970e94a8b1583862 (patch) | |
| tree | c2b8c6097cf375ee24707f2fd50f69604ba9d655 | |
| parent | 2faa6ef3b21152cc05b69a84113625dcee63176f (diff) | |
ima: return an error code from ima_add_boot_aggregate()
This patch modifies ima_add_boot_aggregate() to return an error code.
This way we can determine if all the initialization procedures have
been executed successfully.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
| -rw-r--r-- | security/integrity/ima/ima_init.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 8cf0f39c8cd2..9164fc8cac84 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c | |||
| @@ -43,7 +43,7 @@ int ima_used_chip; | |||
| 43 | * a different value.) Violations add a zero entry to the measurement | 43 | * a different value.) Violations add a zero entry to the measurement |
| 44 | * list and extend the aggregate PCR value with ff...ff's. | 44 | * list and extend the aggregate PCR value with ff...ff's. |
| 45 | */ | 45 | */ |
| 46 | static void __init ima_add_boot_aggregate(void) | 46 | static int __init ima_add_boot_aggregate(void) |
| 47 | { | 47 | { |
| 48 | static const char op[] = "add_boot_aggregate"; | 48 | static const char op[] = "add_boot_aggregate"; |
| 49 | const char *audit_cause = "ENOMEM"; | 49 | const char *audit_cause = "ENOMEM"; |
| @@ -72,17 +72,23 @@ static void __init ima_add_boot_aggregate(void) | |||
| 72 | 72 | ||
| 73 | result = ima_alloc_init_template(iint, NULL, boot_aggregate_name, | 73 | result = ima_alloc_init_template(iint, NULL, boot_aggregate_name, |
| 74 | NULL, 0, &entry); | 74 | NULL, 0, &entry); |
| 75 | if (result < 0) | 75 | if (result < 0) { |
| 76 | return; | 76 | audit_cause = "alloc_entry"; |
| 77 | goto err_out; | ||
| 78 | } | ||
| 77 | 79 | ||
| 78 | result = ima_store_template(entry, violation, NULL, | 80 | result = ima_store_template(entry, violation, NULL, |
| 79 | boot_aggregate_name); | 81 | boot_aggregate_name); |
| 80 | if (result < 0) | 82 | if (result < 0) { |
| 81 | ima_free_template_entry(entry); | 83 | ima_free_template_entry(entry); |
| 82 | return; | 84 | audit_cause = "store_entry"; |
| 85 | goto err_out; | ||
| 86 | } | ||
| 87 | return 0; | ||
| 83 | err_out: | 88 | err_out: |
| 84 | integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op, | 89 | integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op, |
| 85 | audit_cause, result, 0); | 90 | audit_cause, result, 0); |
| 91 | return result; | ||
| 86 | } | 92 | } |
| 87 | 93 | ||
| 88 | int __init ima_init(void) | 94 | int __init ima_init(void) |
| @@ -109,7 +115,10 @@ int __init ima_init(void) | |||
| 109 | if (rc != 0) | 115 | if (rc != 0) |
| 110 | return rc; | 116 | return rc; |
| 111 | 117 | ||
| 112 | ima_add_boot_aggregate(); /* boot aggregate must be first entry */ | 118 | rc = ima_add_boot_aggregate(); /* boot aggregate must be first entry */ |
| 119 | if (rc != 0) | ||
| 120 | return rc; | ||
| 121 | |||
| 113 | ima_init_policy(); | 122 | ima_init_policy(); |
| 114 | 123 | ||
| 115 | return ima_fs_init(); | 124 | return ima_fs_init(); |