summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2018-09-20 01:16:55 +0200
committerKees Cook <keescook@chromium.org>2019-01-08 22:18:42 +0100
commit657d910b52a38c5e0d753c2a5448c6ae26ec85d0 (patch)
tree16ff3ff6052bf1264301cf27164690e5df7e672c /security
parentLSM: Introduce LSM_FLAG_LEGACY_MAJOR (diff)
downloadlinux-657d910b52a38c5e0d753c2a5448c6ae26ec85d0.tar.xz
linux-657d910b52a38c5e0d753c2a5448c6ae26ec85d0.zip
LSM: Provide separate ordered initialization
This provides a place for ordered LSMs to be initialized, separate from the "major" LSMs. This is mainly a copy/paste from major_lsm_init() to ordered_lsm_init(), but it will change drastically in later patches. What is not obvious in the patch is that this change moves the integrity LSM from major_lsm_init() into ordered_lsm_init(), since it is not marked with the LSM_FLAG_LEGACY_MAJOR. As it is the only LSM in the "ordered" list, there is no reordering yet created. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r--security/security.c21
1 files changed, 21 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c
index f1b8d2587639..6bc591f77b1a 100644
--- a/security/security.c
+++ b/security/security.c
@@ -52,12 +52,30 @@ static __initdata bool debug;
pr_info(__VA_ARGS__); \
} while (0)
+static void __init ordered_lsm_init(void)
+{
+ struct lsm_info *lsm;
+ int ret;
+
+ for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) != 0)
+ continue;
+
+ init_debug("initializing %s\n", lsm->name);
+ ret = lsm->init();
+ WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
+ }
+}
+
static void __init major_lsm_init(void)
{
struct lsm_info *lsm;
int ret;
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0)
+ continue;
+
init_debug("initializing %s\n", lsm->name);
ret = lsm->init();
WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
@@ -87,6 +105,9 @@ int __init security_init(void)
yama_add_hooks();
loadpin_add_hooks();
+ /* Load LSMs in specified order. */
+ ordered_lsm_init();
+
/*
* Load all the remaining security modules.
*/