Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit be39ffc2 authored by Roberto Sassu's avatar Roberto Sassu Committed by Mimi Zohar
Browse files

ima: return an error code from ima_add_boot_aggregate() 



This patch modifies ima_add_boot_aggregate() to return an error code.
This way we can determine if all the initialization procedures have
been executed successfully.

Signed-off-by: default avatarRoberto Sassu <roberto.sassu@polito.it>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent 2faa6ef3

security/integrity/ima/ima_init.c

+15 −6
Original line number Diff line number Diff line
@@ -43,7 +43,7 @@ int ima_used_chip; 
 * a different value.) Violations add a zero entry to the measurement

 * list and extend the aggregate PCR value with ff...ff's.

 */

static void __init ima_add_boot_aggregate(void)

static int __init ima_add_boot_aggregate(void)

{

	static const char op[] = "add_boot_aggregate";

	const char *audit_cause = "ENOMEM";
@@ -72,17 +72,23 @@ static void __init ima_add_boot_aggregate(void) 


	result = ima_alloc_init_template(iint, NULL, boot_aggregate_name,

					 NULL, 0, &entry);

	if (result < 0)

		return;

	if (result < 0) {

		audit_cause = "alloc_entry";

		goto err_out;

	}



	result = ima_store_template(entry, violation, NULL,

				    boot_aggregate_name);

	if (result < 0)

	if (result < 0) {

		ima_free_template_entry(entry);

	return;

		audit_cause = "store_entry";

		goto err_out;

	}

	return 0;

err_out:

	integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op,

			    audit_cause, result, 0);

	return result;

}



int __init ima_init(void)
@@ -109,7 +115,10 @@ int __init ima_init(void) 
	if (rc != 0)

		return rc;



	ima_add_boot_aggregate();	/* boot aggregate must be first entry */

	rc = ima_add_boot_aggregate();	/* boot aggregate must be first entry */

	if (rc != 0)

		return rc;



	ima_init_policy();



	return ima_fs_init();