ima: move keyring initialization to ima_init()

ima_init() is used as a single place for all initializations. Experimental keyring patches used the 'late_initcall' which was co-located with the late_initcall(init_ima). When the late_initcall for the keyring initialization was abandoned, initialization moved to init_ima, though it would be more logical to move it to ima_init, where the rest of the initialization is done. This patch moves the keyring initialization to ima_init() as a preparatory step for loading the keys which will be added to ima_init() in following patches. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
git-mirror · Sep 17, 2014 · 31b70f6 · 31b70f6
1 parent ac60ab4
commit 31b70f6
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 8 deletions.
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
@@ -98,6 +98,10 @@ int __init ima_init(void)
 	if (!ima_used_chip)
 		pr_info("No TPM chip found, activating TPM-bypass!\n");
 
+	rc = ima_init_keyring(INTEGRITY_KEYRING_IMA);
+	if (rc)
+		return rc;
+
 	rc = ima_init_crypto();
 	if (rc)
 		return rc;

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
@@ -334,14 +334,8 @@ static int __init init_ima(void)
 
 	hash_setup(CONFIG_IMA_DEFAULT_HASH);
 	error = ima_init();
-	if (error)
-		goto out;
-
-	error = ima_init_keyring(INTEGRITY_KEYRING_IMA);
-	if (error)
-		goto out;
-	ima_initialized = 1;
-out:
+	if (!error)
+		ima_initialized = 1;
 	return error;
 }