ima: move keyring initialization to ima_init()

ima_init() is used as a single place for all initializations.
Experimental keyring patches used the 'late_initcall' which was
co-located with the late_initcall(init_ima). When the late_initcall
for the keyring initialization was abandoned, initialization moved
to init_ima, though it would be more logical to move it to ima_init,
where the rest of the initialization is done. This patch moves the
keyring initialization to ima_init() as a preparatory step for
loading the keys which will be added to ima_init() in following
patches.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

2 files changed, 6 insertions, 8 deletions

diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index e8f9d70a465d..8cf0f39c8cd2 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -98,6 +98,10 @@ int __init ima_init(void)
         if (!ima_used_chip)
                 pr_info("No TPM chip found, activating TPM-bypass!\n");
 
+        rc = ima_init_keyring(INTEGRITY_KEYRING_IMA);
+        if (rc)
+                return rc;
+
         rc = ima_init_crypto();
         if (rc)
                 return rc;
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 673a37e92ba3..ed7d9fa4f536 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -334,14 +334,8 @@ static int __init init_ima(void)
 
         hash_setup(CONFIG_IMA_DEFAULT_HASH);
         error = ima_init();
-        if (error)
-                goto out;
-
-        error = ima_init_keyring(INTEGRITY_KEYRING_IMA);
-        if (error)
-                goto out;
-        ima_initialized = 1;
-out:
+        if (!error)
+                ima_initialized = 1;
         return error;
 }