From: Roberto Sassu <roberto.sassu@polito.it>
Date: Fri, 12 Sep 2014 17:35:53 +0000 (+0200)
Subject: ima: return an error code from ima_add_boot_aggregate()
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=be39ffc2fec78ff80d50e4b7970e94a8b1583862;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git

ima: return an error code from ima_add_boot_aggregate()

This patch modifies ima_add_boot_aggregate() to return an error code.
This way we can determine if all the initialization procedures have
been executed successfully.

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---

diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index 8cf0f39c8cd2..9164fc8cac84 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -43,7 +43,7 @@ int ima_used_chip;
  * a different value.) Violations add a zero entry to the measurement
  * list and extend the aggregate PCR value with ff...ff's.
  */
-static void __init ima_add_boot_aggregate(void)
+static int __init ima_add_boot_aggregate(void)
 {
 	static const char op[] = "add_boot_aggregate";
 	const char *audit_cause = "ENOMEM";
@@ -72,17 +72,23 @@ static void __init ima_add_boot_aggregate(void)
 
 	result = ima_alloc_init_template(iint, NULL, boot_aggregate_name,
 					 NULL, 0, &entry);
-	if (result < 0)
-		return;
+	if (result < 0) {
+		audit_cause = "alloc_entry";
+		goto err_out;
+	}
 
 	result = ima_store_template(entry, violation, NULL,
 				    boot_aggregate_name);
-	if (result < 0)
+	if (result < 0) {
 		ima_free_template_entry(entry);
-	return;
+		audit_cause = "store_entry";
+		goto err_out;
+	}
+	return 0;
 err_out:
 	integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op,
 			    audit_cause, result, 0);
+	return result;
 }
 
 int __init ima_init(void)
@@ -109,7 +115,10 @@ int __init ima_init(void)
 	if (rc != 0)
 		return rc;
 
-	ima_add_boot_aggregate();	/* boot aggregate must be first entry */
+	rc = ima_add_boot_aggregate();	/* boot aggregate must be first entry */
+	if (rc != 0)
+		return rc;
+
 	ima_init_policy();
 
 	return ima_fs_init();