Commit 31b70f66 authored Jun 27, 2014 by Dmitry Kasatkin Committed by Mimi Zohar Sep 17, 2014

ima: move keyring initialization to ima_init()



ima_init() is used as a single place for all initializations.
Experimental keyring patches used the 'late_initcall' which was
co-located with the late_initcall(init_ima). When the late_initcall
for the keyring initialization was abandoned, initialization moved
to init_ima, though it would be more logical to move it to ima_init,
where the rest of the initialization is done. This patch moves the
keyring initialization to ima_init() as a preparatory step for
loading the keys which will be added to ima_init() in following
patches.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

parent ac60ab4b

security/integrity/ima/ima_init.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -98,6 +98,10 @@ int __init ima_init(void)
		if (!ima_used_chip)
		pr_info("No TPM chip found, activating TPM-bypass!\n");

		rc = ima_init_keyring(INTEGRITY_KEYRING_IMA);
		if (rc)
		return rc;

		rc = ima_init_crypto();
		if (rc)
		return rc;

security/integrity/ima/ima_main.c

+2 −8

Original line number	Diff line number	Diff line
		@@ -334,14 +334,8 @@ static int __init init_ima(void)

		hash_setup(CONFIG_IMA_DEFAULT_HASH);
		error = ima_init();
		if (error)
		goto out;

		error = ima_init_keyring(INTEGRITY_KEYRING_IMA);
		if (error)
		goto out;
		if (!error)
		ima_initialized = 1;
		out:
		return error;
		}