These changes are the raw update to linux-4.4.6-rt14. Kernel sources

[kvmfornfv.git] / kernel / security / integrity / ima / ima_init.c

diff --git a/kernel/security/integrity/ima/ima_init.c b/kernel/security/integrity/ima/ima_init.c
index 5e4c29d..e600cad 100644 (file)
--- a/kernel/security/integrity/ima/ima_init.c
+++ b/kernel/security/integrity/ima/ima_init.c
@@ -24,12 +24,6 @@
 #include <crypto/hash_info.h>
 #include "ima.h"
 
-#ifdef CONFIG_IMA_X509_PATH
-#define IMA_X509_PATH  CONFIG_IMA_X509_PATH
-#else
-#define IMA_X509_PATH  "/etc/keys/x509_ima.der"
-#endif
-
 /* name for boot aggregate entry */
 static const char *boot_aggregate_name = "boot_aggregate";
 int ima_used_chip;
@@ -55,6 +49,8 @@ static int __init ima_add_boot_aggregate(void)
        const char *audit_cause = "ENOMEM";
        struct ima_template_entry *entry;
        struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
+       struct ima_event_data event_data = {iint, NULL, boot_aggregate_name,
+                                           NULL, 0, NULL};
        int result = -ENOMEM;
        int violation = 0;
        struct {
@@ -76,8 +72,7 @@ static int __init ima_add_boot_aggregate(void)
                }
        }
 
-       result = ima_alloc_init_template(iint, NULL, boot_aggregate_name,
-                                        NULL, 0, &entry);
+       result = ima_alloc_init_template(&event_data, &entry);
        if (result < 0) {
                audit_cause = "alloc_entry";
                goto err_out;
@@ -103,7 +98,7 @@ void __init ima_load_x509(void)
        int unset_flags = ima_policy_flag & IMA_APPRAISE;
 
        ima_policy_flag &= ~unset_flags;
-       integrity_load_x509(INTEGRITY_KEYRING_IMA, IMA_X509_PATH);
+       integrity_load_x509(INTEGRITY_KEYRING_IMA, CONFIG_IMA_X509_PATH);
        ima_policy_flag |= unset_flags;
 }
 #endif