aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
authorRoberto Sassu <roberto.sassu@polito.it>2014-09-12 13:35:53 -0400
committerMimi Zohar <zohar@linux.vnet.ibm.com>2014-09-17 16:15:42 -0400
commitbe39ffc2fec78ff80d50e4b7970e94a8b1583862 (patch)
treec2b8c6097cf375ee24707f2fd50f69604ba9d655 /security/integrity
parent2faa6ef3b21152cc05b69a84113625dcee63176f (diff)
ima: return an error code from ima_add_boot_aggregate()
This patch modifies ima_add_boot_aggregate() to return an error code. This way we can determine if all the initialization procedures have been executed successfully. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/ima/ima_init.c21
1 files changed, 15 insertions, 6 deletions
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index 8cf0f39c8cd2..9164fc8cac84 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -43,7 +43,7 @@ int ima_used_chip;
43 * a different value.) Violations add a zero entry to the measurement 43 * a different value.) Violations add a zero entry to the measurement
44 * list and extend the aggregate PCR value with ff...ff's. 44 * list and extend the aggregate PCR value with ff...ff's.
45 */ 45 */
46static void __init ima_add_boot_aggregate(void) 46static int __init ima_add_boot_aggregate(void)
47{ 47{
48 static const char op[] = "add_boot_aggregate"; 48 static const char op[] = "add_boot_aggregate";
49 const char *audit_cause = "ENOMEM"; 49 const char *audit_cause = "ENOMEM";
@@ -72,17 +72,23 @@ static void __init ima_add_boot_aggregate(void)
72 72
73 result = ima_alloc_init_template(iint, NULL, boot_aggregate_name, 73 result = ima_alloc_init_template(iint, NULL, boot_aggregate_name,
74 NULL, 0, &entry); 74 NULL, 0, &entry);
75 if (result < 0) 75 if (result < 0) {
76 return; 76 audit_cause = "alloc_entry";
77 goto err_out;
78 }
77 79
78 result = ima_store_template(entry, violation, NULL, 80 result = ima_store_template(entry, violation, NULL,
79 boot_aggregate_name); 81 boot_aggregate_name);
80 if (result < 0) 82 if (result < 0) {
81 ima_free_template_entry(entry); 83 ima_free_template_entry(entry);
82 return; 84 audit_cause = "store_entry";
85 goto err_out;
86 }
87 return 0;
83err_out: 88err_out:
84 integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op, 89 integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op,
85 audit_cause, result, 0); 90 audit_cause, result, 0);
91 return result;
86} 92}
87 93
88int __init ima_init(void) 94int __init ima_init(void)
@@ -109,7 +115,10 @@ int __init ima_init(void)
109 if (rc != 0) 115 if (rc != 0)
110 return rc; 116 return rc;
111 117
112 ima_add_boot_aggregate(); /* boot aggregate must be first entry */ 118 rc = ima_add_boot_aggregate(); /* boot aggregate must be first entry */
119 if (rc != 0)
120 return rc;
121
113 ima_init_policy(); 122 ima_init_policy();
114 123
115 return ima_fs_init(); 124 return ima_fs_init();