diff options
author | Roberto Sassu <roberto.sassu@polito.it> | 2014-09-12 13:35:53 -0400 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-09-17 16:15:42 -0400 |
commit | be39ffc2fec78ff80d50e4b7970e94a8b1583862 (patch) | |
tree | c2b8c6097cf375ee24707f2fd50f69604ba9d655 /security/integrity | |
parent | 2faa6ef3b21152cc05b69a84113625dcee63176f (diff) |
ima: return an error code from ima_add_boot_aggregate()
This patch modifies ima_add_boot_aggregate() to return an error code.
This way we can determine if all the initialization procedures have
been executed successfully.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity')
-rw-r--r-- | security/integrity/ima/ima_init.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 8cf0f39c8cd2..9164fc8cac84 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c | |||
@@ -43,7 +43,7 @@ int ima_used_chip; | |||
43 | * a different value.) Violations add a zero entry to the measurement | 43 | * a different value.) Violations add a zero entry to the measurement |
44 | * list and extend the aggregate PCR value with ff...ff's. | 44 | * list and extend the aggregate PCR value with ff...ff's. |
45 | */ | 45 | */ |
46 | static void __init ima_add_boot_aggregate(void) | 46 | static int __init ima_add_boot_aggregate(void) |
47 | { | 47 | { |
48 | static const char op[] = "add_boot_aggregate"; | 48 | static const char op[] = "add_boot_aggregate"; |
49 | const char *audit_cause = "ENOMEM"; | 49 | const char *audit_cause = "ENOMEM"; |
@@ -72,17 +72,23 @@ static void __init ima_add_boot_aggregate(void) | |||
72 | 72 | ||
73 | result = ima_alloc_init_template(iint, NULL, boot_aggregate_name, | 73 | result = ima_alloc_init_template(iint, NULL, boot_aggregate_name, |
74 | NULL, 0, &entry); | 74 | NULL, 0, &entry); |
75 | if (result < 0) | 75 | if (result < 0) { |
76 | return; | 76 | audit_cause = "alloc_entry"; |
77 | goto err_out; | ||
78 | } | ||
77 | 79 | ||
78 | result = ima_store_template(entry, violation, NULL, | 80 | result = ima_store_template(entry, violation, NULL, |
79 | boot_aggregate_name); | 81 | boot_aggregate_name); |
80 | if (result < 0) | 82 | if (result < 0) { |
81 | ima_free_template_entry(entry); | 83 | ima_free_template_entry(entry); |
82 | return; | 84 | audit_cause = "store_entry"; |
85 | goto err_out; | ||
86 | } | ||
87 | return 0; | ||
83 | err_out: | 88 | err_out: |
84 | integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op, | 89 | integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op, |
85 | audit_cause, result, 0); | 90 | audit_cause, result, 0); |
91 | return result; | ||
86 | } | 92 | } |
87 | 93 | ||
88 | int __init ima_init(void) | 94 | int __init ima_init(void) |
@@ -109,7 +115,10 @@ int __init ima_init(void) | |||
109 | if (rc != 0) | 115 | if (rc != 0) |
110 | return rc; | 116 | return rc; |
111 | 117 | ||
112 | ima_add_boot_aggregate(); /* boot aggregate must be first entry */ | 118 | rc = ima_add_boot_aggregate(); /* boot aggregate must be first entry */ |
119 | if (rc != 0) | ||
120 | return rc; | ||
121 | |||
113 | ima_init_policy(); | 122 | ima_init_policy(); |
114 | 123 | ||
115 | return ima_fs_init(); | 124 | return ima_fs_init(); |