ima: return an error code from ima_add_boot_aggregate()
authorRoberto Sassu <roberto.sassu@polito.it>
Fri, 12 Sep 2014 17:35:53 +0000 (19:35 +0200)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Wed, 17 Sep 2014 20:15:42 +0000 (16:15 -0400)
This patch modifies ima_add_boot_aggregate() to return an error code.
This way we can determine if all the initialization procedures have
been executed successfully.

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
security/integrity/ima/ima_init.c

index 8cf0f39c8cd206a710283cff1ed6b1f017f5bdec..9164fc8cac84adb53d79b867d7547fcaaf35aa70 100644 (file)
@@ -43,7 +43,7 @@ int ima_used_chip;
  * a different value.) Violations add a zero entry to the measurement
  * list and extend the aggregate PCR value with ff...ff's.
  */
-static void __init ima_add_boot_aggregate(void)
+static int __init ima_add_boot_aggregate(void)
 {
        static const char op[] = "add_boot_aggregate";
        const char *audit_cause = "ENOMEM";
@@ -72,17 +72,23 @@ static void __init ima_add_boot_aggregate(void)
 
        result = ima_alloc_init_template(iint, NULL, boot_aggregate_name,
                                         NULL, 0, &entry);
-       if (result < 0)
-               return;
+       if (result < 0) {
+               audit_cause = "alloc_entry";
+               goto err_out;
+       }
 
        result = ima_store_template(entry, violation, NULL,
                                    boot_aggregate_name);
-       if (result < 0)
+       if (result < 0) {
                ima_free_template_entry(entry);
-       return;
+               audit_cause = "store_entry";
+               goto err_out;
+       }
+       return 0;
 err_out:
        integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op,
                            audit_cause, result, 0);
+       return result;
 }
 
 int __init ima_init(void)
@@ -109,7 +115,10 @@ int __init ima_init(void)
        if (rc != 0)
                return rc;
 
-       ima_add_boot_aggregate();       /* boot aggregate must be first entry */
+       rc = ima_add_boot_aggregate();  /* boot aggregate must be first entry */
+       if (rc != 0)
+               return rc;
+
        ima_init_policy();
 
        return ima_fs_init();