|
|
@@ -43,7 +43,7 @@ int ima_used_chip;
|
|
|
* a different value.) Violations add a zero entry to the measurement
|
|
|
* list and extend the aggregate PCR value with ff...ff's.
|
|
|
*/
|
|
|
-static void __init ima_add_boot_aggregate(void)
|
|
|
+static int __init ima_add_boot_aggregate(void)
|
|
|
{
|
|
|
static const char op[] = "add_boot_aggregate";
|
|
|
const char *audit_cause = "ENOMEM";
|
|
|
@@ -72,17 +72,23 @@ static void __init ima_add_boot_aggregate(void)
|
|
|
|
|
|
result = ima_alloc_init_template(iint, NULL, boot_aggregate_name,
|
|
|
NULL, 0, &entry);
|
|
|
- if (result < 0)
|
|
|
- return;
|
|
|
+ if (result < 0) {
|
|
|
+ audit_cause = "alloc_entry";
|
|
|
+ goto err_out;
|
|
|
+ }
|
|
|
|
|
|
result = ima_store_template(entry, violation, NULL,
|
|
|
boot_aggregate_name);
|
|
|
- if (result < 0)
|
|
|
+ if (result < 0) {
|
|
|
ima_free_template_entry(entry);
|
|
|
- return;
|
|
|
+ audit_cause = "store_entry";
|
|
|
+ goto err_out;
|
|
|
+ }
|
|
|
+ return 0;
|
|
|
err_out:
|
|
|
integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op,
|
|
|
audit_cause, result, 0);
|
|
|
+ return result;
|
|
|
}
|
|
|
|
|
|
int __init ima_init(void)
|
|
|
@@ -109,7 +115,10 @@ int __init ima_init(void)
|
|
|
if (rc != 0)
|
|
|
return rc;
|
|
|
|
|
|
- ima_add_boot_aggregate(); /* boot aggregate must be first entry */
|
|
|
+ rc = ima_add_boot_aggregate(); /* boot aggregate must be first entry */
|
|
|
+ if (rc != 0)
|
|
|
+ return rc;
|
|
|
+
|
|
|
ima_init_policy();
|
|
|
|
|
|
return ima_fs_init();
|
Roberto Sassu