diff options
Diffstat (limited to 'security/integrity/ima/ima_init.c')
| -rw-r--r-- | security/integrity/ima/ima_init.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index e8f9d70a465d..9164fc8cac84 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c | |||
| @@ -43,7 +43,7 @@ int ima_used_chip; | |||
| 43 | * a different value.) Violations add a zero entry to the measurement | 43 | * a different value.) Violations add a zero entry to the measurement |
| 44 | * list and extend the aggregate PCR value with ff...ff's. | 44 | * list and extend the aggregate PCR value with ff...ff's. |
| 45 | */ | 45 | */ |
| 46 | static void __init ima_add_boot_aggregate(void) | 46 | static int __init ima_add_boot_aggregate(void) |
| 47 | { | 47 | { |
| 48 | static const char op[] = "add_boot_aggregate"; | 48 | static const char op[] = "add_boot_aggregate"; |
| 49 | const char *audit_cause = "ENOMEM"; | 49 | const char *audit_cause = "ENOMEM"; |
| @@ -72,17 +72,23 @@ static void __init ima_add_boot_aggregate(void) | |||
| 72 | 72 | ||
| 73 | result = ima_alloc_init_template(iint, NULL, boot_aggregate_name, | 73 | result = ima_alloc_init_template(iint, NULL, boot_aggregate_name, |
| 74 | NULL, 0, &entry); | 74 | NULL, 0, &entry); |
| 75 | if (result < 0) | 75 | if (result < 0) { |
| 76 | return; | 76 | audit_cause = "alloc_entry"; |
| 77 | goto err_out; | ||
| 78 | } | ||
| 77 | 79 | ||
| 78 | result = ima_store_template(entry, violation, NULL, | 80 | result = ima_store_template(entry, violation, NULL, |
| 79 | boot_aggregate_name); | 81 | boot_aggregate_name); |
| 80 | if (result < 0) | 82 | if (result < 0) { |
| 81 | ima_free_template_entry(entry); | 83 | ima_free_template_entry(entry); |
| 82 | return; | 84 | audit_cause = "store_entry"; |
| 85 | goto err_out; | ||
| 86 | } | ||
| 87 | return 0; | ||
| 83 | err_out: | 88 | err_out: |
| 84 | integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op, | 89 | integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op, |
| 85 | audit_cause, result, 0); | 90 | audit_cause, result, 0); |
| 91 | return result; | ||
| 86 | } | 92 | } |
| 87 | 93 | ||
| 88 | int __init ima_init(void) | 94 | int __init ima_init(void) |
| @@ -98,6 +104,10 @@ int __init ima_init(void) | |||
| 98 | if (!ima_used_chip) | 104 | if (!ima_used_chip) |
| 99 | pr_info("No TPM chip found, activating TPM-bypass!\n"); | 105 | pr_info("No TPM chip found, activating TPM-bypass!\n"); |
| 100 | 106 | ||
| 107 | rc = ima_init_keyring(INTEGRITY_KEYRING_IMA); | ||
| 108 | if (rc) | ||
| 109 | return rc; | ||
| 110 | |||
| 101 | rc = ima_init_crypto(); | 111 | rc = ima_init_crypto(); |
| 102 | if (rc) | 112 | if (rc) |
| 103 | return rc; | 113 | return rc; |
| @@ -105,7 +115,10 @@ int __init ima_init(void) | |||
| 105 | if (rc != 0) | 115 | if (rc != 0) |
| 106 | return rc; | 116 | return rc; |
| 107 | 117 | ||
| 108 | ima_add_boot_aggregate(); /* boot aggregate must be first entry */ | 118 | rc = ima_add_boot_aggregate(); /* boot aggregate must be first entry */ |
| 119 | if (rc != 0) | ||
| 120 | return rc; | ||
| 121 | |||
| 109 | ima_init_policy(); | 122 | ima_init_policy(); |
| 110 | 123 | ||
| 111 | return ima_fs_init(); | 124 | return ima_fs_init(); |