From: Dmitry Kasatkin Date: Fri, 27 Jun 2014 10:01:32 +0000 (+0300) Subject: ima: move keyring initialization to ima_init() X-Git-Tag: v3.18-rc1~77^2~7^2~5 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=31b70f66328e85517b159c786ab31f3fd9a7293c;p=users%2Fwilly%2Flinux.git ima: move keyring initialization to ima_init() ima_init() is used as a single place for all initializations. Experimental keyring patches used the 'late_initcall' which was co-located with the late_initcall(init_ima). When the late_initcall for the keyring initialization was abandoned, initialization moved to init_ima, though it would be more logical to move it to ima_init, where the rest of the initialization is done. This patch moves the keyring initialization to ima_init() as a preparatory step for loading the keys which will be added to ima_init() in following patches. Signed-off-by: Dmitry Kasatkin Signed-off-by: Mimi Zohar --- diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index e8f9d70a465d..8cf0f39c8cd2 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -98,6 +98,10 @@ int __init ima_init(void) if (!ima_used_chip) pr_info("No TPM chip found, activating TPM-bypass!\n"); + rc = ima_init_keyring(INTEGRITY_KEYRING_IMA); + if (rc) + return rc; + rc = ima_init_crypto(); if (rc) return rc; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 673a37e92ba3..ed7d9fa4f536 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -334,14 +334,8 @@ static int __init init_ima(void) hash_setup(CONFIG_IMA_DEFAULT_HASH); error = ima_init(); - if (error) - goto out; - - error = ima_init_keyring(INTEGRITY_KEYRING_IMA); - if (error) - goto out; - ima_initialized = 1; -out: + if (!error) + ima_initialized = 1; return error; }