diff options
author | Kees Cook <keescook@chromium.org> | 2018-09-20 01:16:55 +0200 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2019-01-08 22:18:42 +0100 |
commit | 657d910b52a38c5e0d753c2a5448c6ae26ec85d0 (patch) | |
tree | 16ff3ff6052bf1264301cf27164690e5df7e672c /security | |
parent | LSM: Introduce LSM_FLAG_LEGACY_MAJOR (diff) | |
download | linux-657d910b52a38c5e0d753c2a5448c6ae26ec85d0.tar.xz linux-657d910b52a38c5e0d753c2a5448c6ae26ec85d0.zip |
LSM: Provide separate ordered initialization
This provides a place for ordered LSMs to be initialized, separate from
the "major" LSMs. This is mainly a copy/paste from major_lsm_init() to
ordered_lsm_init(), but it will change drastically in later patches.
What is not obvious in the patch is that this change moves the integrity
LSM from major_lsm_init() into ordered_lsm_init(), since it is not marked
with the LSM_FLAG_LEGACY_MAJOR. As it is the only LSM in the "ordered"
list, there is no reordering yet created.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/security.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c index f1b8d2587639..6bc591f77b1a 100644 --- a/security/security.c +++ b/security/security.c @@ -52,12 +52,30 @@ static __initdata bool debug; pr_info(__VA_ARGS__); \ } while (0) +static void __init ordered_lsm_init(void) +{ + struct lsm_info *lsm; + int ret; + + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) != 0) + continue; + + init_debug("initializing %s\n", lsm->name); + ret = lsm->init(); + WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); + } +} + static void __init major_lsm_init(void) { struct lsm_info *lsm; int ret; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) + continue; + init_debug("initializing %s\n", lsm->name); ret = lsm->init(); WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); @@ -87,6 +105,9 @@ int __init security_init(void) yama_add_hooks(); loadpin_add_hooks(); + /* Load LSMs in specified order. */ + ordered_lsm_init(); + /* * Load all the remaining security modules. */ |