LSM: Initialize security_hook_heads upon registration.

"struct security_hook_heads" is an array of "struct list_head" where elements can be initialized just before registration. There is no need to waste 350+ lines for initialization. Let's initialize "struct security_hook_heads" just before registration. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Kees Cook <keescook@chromium.org> Cc: John Johansen <john.johansen@canonical.com> Cc: Kees Cook <keescook@chromium.org> Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: James Morris <james.l.morris@oracle.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2017-03-22 06:46:19 -0400
committer: James Morris <james.l.morris@oracle.com> 2017-03-23 23:24:41 -0400
commit: 3dfc9b02864b19f4dab376f14479ee4ad1de6c9e (patch)
tree: 8a386143e6ce7a3c8a48b0b25dd7e506de04c6a1
parent: ca97d939db114c8d1619e10a3b82af8615372dae (diff)
1 files changed, 7 insertions, 354 deletions
diff --git a/security/security.c b/security/security.c
index d6d18a3721aa..2f15488dc6bc 100644
--- a/security/security.c
+++ b/security/security.c
@@ -32,6 +32,7 @@
 /* Maximum number of letters for an LSM name string */
 #define SECURITY_NAME_MAX       10
+struct security_hook_heads security_hook_heads __lsm_ro_after_init;
 char *lsm_names;
 /* Boot-time LSM user choice */
 static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
@@ -54,6 +55,12 @@ static void __init do_security_initcalls(void)
 */
 int __init security_init(void)
 {
+        int i;
+        struct list_head *list = (struct list_head *) &security_hook_heads;
+        for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct list_head);
+             i++)
+                INIT_LIST_HEAD(&list[i]);
        pr_info("Security Framework initialized\n");
        /*
@@ -1627,357 +1634,3 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
                                actx);
 }
 #endif /* CONFIG_AUDIT */
-struct security_hook_heads security_hook_heads __lsm_ro_after_init = {
-        .binder_set_context_mgr =
-                LIST_HEAD_INIT(security_hook_heads.binder_set_context_mgr),
-        .binder_transaction =
-                LIST_HEAD_INIT(security_hook_heads.binder_transaction),
-        .binder_transfer_binder =
-                LIST_HEAD_INIT(security_hook_heads.binder_transfer_binder),
-        .binder_transfer_file =
-                LIST_HEAD_INIT(security_hook_heads.binder_transfer_file),
-        .ptrace_access_check =
-                LIST_HEAD_INIT(security_hook_heads.ptrace_access_check),
-        .ptrace_traceme =
-                LIST_HEAD_INIT(security_hook_heads.ptrace_traceme),
-        .capget =       LIST_HEAD_INIT(security_hook_heads.capget),
-        .capset =       LIST_HEAD_INIT(security_hook_heads.capset),
-        .capable =      LIST_HEAD_INIT(security_hook_heads.capable),
-        .quotactl =     LIST_HEAD_INIT(security_hook_heads.quotactl),
-        .quota_on =     LIST_HEAD_INIT(security_hook_heads.quota_on),
-        .syslog =       LIST_HEAD_INIT(security_hook_heads.syslog),
-        .settime =      LIST_HEAD_INIT(security_hook_heads.settime),
-        .vm_enough_memory =
-                LIST_HEAD_INIT(security_hook_heads.vm_enough_memory),
-        .bprm_set_creds =
-                LIST_HEAD_INIT(security_hook_heads.bprm_set_creds),
-        .bprm_check_security =
-                LIST_HEAD_INIT(security_hook_heads.bprm_check_security),
-        .bprm_secureexec =
-                LIST_HEAD_INIT(security_hook_heads.bprm_secureexec),
-        .bprm_committing_creds =
-                LIST_HEAD_INIT(security_hook_heads.bprm_committing_creds),
-        .bprm_committed_creds =
-                LIST_HEAD_INIT(security_hook_heads.bprm_committed_creds),
-        .sb_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.sb_alloc_security),
-        .sb_free_security =
-                LIST_HEAD_INIT(security_hook_heads.sb_free_security),
-        .sb_copy_data = LIST_HEAD_INIT(security_hook_heads.sb_copy_data),
-        .sb_remount =   LIST_HEAD_INIT(security_hook_heads.sb_remount),
-        .sb_kern_mount =
-                LIST_HEAD_INIT(security_hook_heads.sb_kern_mount),
-        .sb_show_options =
-                LIST_HEAD_INIT(security_hook_heads.sb_show_options),
-        .sb_statfs =    LIST_HEAD_INIT(security_hook_heads.sb_statfs),
-        .sb_mount =     LIST_HEAD_INIT(security_hook_heads.sb_mount),
-        .sb_umount =    LIST_HEAD_INIT(security_hook_heads.sb_umount),
-        .sb_pivotroot = LIST_HEAD_INIT(security_hook_heads.sb_pivotroot),
-        .sb_set_mnt_opts =
-                LIST_HEAD_INIT(security_hook_heads.sb_set_mnt_opts),
-        .sb_clone_mnt_opts =
-                LIST_HEAD_INIT(security_hook_heads.sb_clone_mnt_opts),
-        .sb_parse_opts_str =
-                LIST_HEAD_INIT(security_hook_heads.sb_parse_opts_str),
-        .dentry_init_security =
-                LIST_HEAD_INIT(security_hook_heads.dentry_init_security),
-        .dentry_create_files_as =
-                LIST_HEAD_INIT(security_hook_heads.dentry_create_files_as),
-#ifdef CONFIG_SECURITY_PATH
-        .path_unlink =  LIST_HEAD_INIT(security_hook_heads.path_unlink),
-        .path_mkdir =   LIST_HEAD_INIT(security_hook_heads.path_mkdir),
-        .path_rmdir =   LIST_HEAD_INIT(security_hook_heads.path_rmdir),
-        .path_mknod =   LIST_HEAD_INIT(security_hook_heads.path_mknod),
-        .path_truncate =
-                LIST_HEAD_INIT(security_hook_heads.path_truncate),
-        .path_symlink = LIST_HEAD_INIT(security_hook_heads.path_symlink),
-        .path_link =    LIST_HEAD_INIT(security_hook_heads.path_link),
-        .path_rename =  LIST_HEAD_INIT(security_hook_heads.path_rename),
-        .path_chmod =   LIST_HEAD_INIT(security_hook_heads.path_chmod),
-        .path_chown =   LIST_HEAD_INIT(security_hook_heads.path_chown),
-        .path_chroot =  LIST_HEAD_INIT(security_hook_heads.path_chroot),
-#endif
-        .inode_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.inode_alloc_security),
-        .inode_free_security =
-                LIST_HEAD_INIT(security_hook_heads.inode_free_security),
-        .inode_init_security =
-                LIST_HEAD_INIT(security_hook_heads.inode_init_security),
-        .inode_create = LIST_HEAD_INIT(security_hook_heads.inode_create),
-        .inode_link =   LIST_HEAD_INIT(security_hook_heads.inode_link),
-        .inode_unlink = LIST_HEAD_INIT(security_hook_heads.inode_unlink),
-        .inode_symlink =
-                LIST_HEAD_INIT(security_hook_heads.inode_symlink),
-        .inode_mkdir =  LIST_HEAD_INIT(security_hook_heads.inode_mkdir),
-        .inode_rmdir =  LIST_HEAD_INIT(security_hook_heads.inode_rmdir),
-        .inode_mknod =  LIST_HEAD_INIT(security_hook_heads.inode_mknod),
-        .inode_rename = LIST_HEAD_INIT(security_hook_heads.inode_rename),
-        .inode_readlink =
-                LIST_HEAD_INIT(security_hook_heads.inode_readlink),
-        .inode_follow_link =
-                LIST_HEAD_INIT(security_hook_heads.inode_follow_link),
-        .inode_permission =
-                LIST_HEAD_INIT(security_hook_heads.inode_permission),
-        .inode_setattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_setattr),
-        .inode_getattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_getattr),
-        .inode_setxattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_setxattr),
-        .inode_post_setxattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_post_setxattr),
-        .inode_getxattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_getxattr),
-        .inode_listxattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_listxattr),
-        .inode_removexattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_removexattr),
-        .inode_need_killpriv =
-                LIST_HEAD_INIT(security_hook_heads.inode_need_killpriv),
-        .inode_killpriv =
-                LIST_HEAD_INIT(security_hook_heads.inode_killpriv),
-        .inode_getsecurity =
-                LIST_HEAD_INIT(security_hook_heads.inode_getsecurity),
-        .inode_setsecurity =
-                LIST_HEAD_INIT(security_hook_heads.inode_setsecurity),
-        .inode_listsecurity =
-                LIST_HEAD_INIT(security_hook_heads.inode_listsecurity),
-        .inode_getsecid =
-                LIST_HEAD_INIT(security_hook_heads.inode_getsecid),
-        .inode_copy_up =
-                LIST_HEAD_INIT(security_hook_heads.inode_copy_up),
-        .inode_copy_up_xattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_copy_up_xattr),
-        .file_permission =
-                LIST_HEAD_INIT(security_hook_heads.file_permission),
-        .file_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.file_alloc_security),
-        .file_free_security =
-                LIST_HEAD_INIT(security_hook_heads.file_free_security),
-        .file_ioctl =   LIST_HEAD_INIT(security_hook_heads.file_ioctl),
-        .mmap_addr =    LIST_HEAD_INIT(security_hook_heads.mmap_addr),
-        .mmap_file =    LIST_HEAD_INIT(security_hook_heads.mmap_file),
-        .file_mprotect =
-                LIST_HEAD_INIT(security_hook_heads.file_mprotect),
-        .file_lock =    LIST_HEAD_INIT(security_hook_heads.file_lock),
-        .file_fcntl =   LIST_HEAD_INIT(security_hook_heads.file_fcntl),
-        .file_set_fowner =
-                LIST_HEAD_INIT(security_hook_heads.file_set_fowner),
-        .file_send_sigiotask =
-                LIST_HEAD_INIT(security_hook_heads.file_send_sigiotask),
-        .file_receive = LIST_HEAD_INIT(security_hook_heads.file_receive),
-        .file_open =    LIST_HEAD_INIT(security_hook_heads.file_open),
-        .task_create =  LIST_HEAD_INIT(security_hook_heads.task_create),
-        .task_free =    LIST_HEAD_INIT(security_hook_heads.task_free),
-        .cred_alloc_blank =
-                LIST_HEAD_INIT(security_hook_heads.cred_alloc_blank),
-        .cred_free =    LIST_HEAD_INIT(security_hook_heads.cred_free),
-        .cred_prepare = LIST_HEAD_INIT(security_hook_heads.cred_prepare),
-        .cred_transfer =
-                LIST_HEAD_INIT(security_hook_heads.cred_transfer),
-        .kernel_act_as =
-                LIST_HEAD_INIT(security_hook_heads.kernel_act_as),
-        .kernel_create_files_as =
-                LIST_HEAD_INIT(security_hook_heads.kernel_create_files_as),
-        .kernel_module_request =
-                LIST_HEAD_INIT(security_hook_heads.kernel_module_request),
-        .kernel_read_file =
-                LIST_HEAD_INIT(security_hook_heads.kernel_read_file),
-        .kernel_post_read_file =
-                LIST_HEAD_INIT(security_hook_heads.kernel_post_read_file),
-        .task_fix_setuid =
-                LIST_HEAD_INIT(security_hook_heads.task_fix_setuid),
-        .task_setpgid = LIST_HEAD_INIT(security_hook_heads.task_setpgid),
-        .task_getpgid = LIST_HEAD_INIT(security_hook_heads.task_getpgid),
-        .task_getsid =  LIST_HEAD_INIT(security_hook_heads.task_getsid),
-        .task_getsecid =
-                LIST_HEAD_INIT(security_hook_heads.task_getsecid),
-        .task_setnice = LIST_HEAD_INIT(security_hook_heads.task_setnice),
-        .task_setioprio =
-                LIST_HEAD_INIT(security_hook_heads.task_setioprio),
-        .task_getioprio =
-                LIST_HEAD_INIT(security_hook_heads.task_getioprio),
-        .task_prlimit =
-                LIST_HEAD_INIT(security_hook_heads.task_prlimit),
-        .task_setrlimit =
-                LIST_HEAD_INIT(security_hook_heads.task_setrlimit),
-        .task_setscheduler =
-                LIST_HEAD_INIT(security_hook_heads.task_setscheduler),
-        .task_getscheduler =
-                LIST_HEAD_INIT(security_hook_heads.task_getscheduler),
-        .task_movememory =
-                LIST_HEAD_INIT(security_hook_heads.task_movememory),
-        .task_kill =    LIST_HEAD_INIT(security_hook_heads.task_kill),
-        .task_prctl =   LIST_HEAD_INIT(security_hook_heads.task_prctl),
-        .task_to_inode =
-                LIST_HEAD_INIT(security_hook_heads.task_to_inode),
-        .ipc_permission =
-                LIST_HEAD_INIT(security_hook_heads.ipc_permission),
-        .ipc_getsecid = LIST_HEAD_INIT(security_hook_heads.ipc_getsecid),
-        .msg_msg_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.msg_msg_alloc_security),
-        .msg_msg_free_security =
-                LIST_HEAD_INIT(security_hook_heads.msg_msg_free_security),
-        .msg_queue_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.msg_queue_alloc_security),
-        .msg_queue_free_security =
-                LIST_HEAD_INIT(security_hook_heads.msg_queue_free_security),
-        .msg_queue_associate =
-                LIST_HEAD_INIT(security_hook_heads.msg_queue_associate),
-        .msg_queue_msgctl =
-                LIST_HEAD_INIT(security_hook_heads.msg_queue_msgctl),
-        .msg_queue_msgsnd =
-                LIST_HEAD_INIT(security_hook_heads.msg_queue_msgsnd),
-        .msg_queue_msgrcv =
-                LIST_HEAD_INIT(security_hook_heads.msg_queue_msgrcv),
-        .shm_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.shm_alloc_security),
-        .shm_free_security =
-                LIST_HEAD_INIT(security_hook_heads.shm_free_security),
-        .shm_associate =
-                LIST_HEAD_INIT(security_hook_heads.shm_associate),
-        .shm_shmctl =   LIST_HEAD_INIT(security_hook_heads.shm_shmctl),
-        .shm_shmat =    LIST_HEAD_INIT(security_hook_heads.shm_shmat),
-        .sem_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.sem_alloc_security),
-        .sem_free_security =
-                LIST_HEAD_INIT(security_hook_heads.sem_free_security),
-        .sem_associate =
-                LIST_HEAD_INIT(security_hook_heads.sem_associate),
-        .sem_semctl =   LIST_HEAD_INIT(security_hook_heads.sem_semctl),
-        .sem_semop =    LIST_HEAD_INIT(security_hook_heads.sem_semop),
-        .netlink_send = LIST_HEAD_INIT(security_hook_heads.netlink_send),
-        .d_instantiate =
-                LIST_HEAD_INIT(security_hook_heads.d_instantiate),
-        .getprocattr =  LIST_HEAD_INIT(security_hook_heads.getprocattr),
-        .setprocattr =  LIST_HEAD_INIT(security_hook_heads.setprocattr),
-        .ismaclabel =   LIST_HEAD_INIT(security_hook_heads.ismaclabel),
-        .secid_to_secctx =
-                LIST_HEAD_INIT(security_hook_heads.secid_to_secctx),
-        .secctx_to_secid =
-                LIST_HEAD_INIT(security_hook_heads.secctx_to_secid),
-        .release_secctx =
-                LIST_HEAD_INIT(security_hook_heads.release_secctx),
-        .inode_invalidate_secctx =
-                LIST_HEAD_INIT(security_hook_heads.inode_invalidate_secctx),
-        .inode_notifysecctx =
-                LIST_HEAD_INIT(security_hook_heads.inode_notifysecctx),
-        .inode_setsecctx =
-                LIST_HEAD_INIT(security_hook_heads.inode_setsecctx),
-        .inode_getsecctx =
-                LIST_HEAD_INIT(security_hook_heads.inode_getsecctx),
-#ifdef CONFIG_SECURITY_NETWORK
-        .unix_stream_connect =
-                LIST_HEAD_INIT(security_hook_heads.unix_stream_connect),
-        .unix_may_send =
-                LIST_HEAD_INIT(security_hook_heads.unix_may_send),
-        .socket_create =
-                LIST_HEAD_INIT(security_hook_heads.socket_create),
-        .socket_post_create =
-                LIST_HEAD_INIT(security_hook_heads.socket_post_create),
-        .socket_bind =  LIST_HEAD_INIT(security_hook_heads.socket_bind),
-        .socket_connect =
-                LIST_HEAD_INIT(security_hook_heads.socket_connect),
-        .socket_listen =
-                LIST_HEAD_INIT(security_hook_heads.socket_listen),
-        .socket_accept =
-                LIST_HEAD_INIT(security_hook_heads.socket_accept),
-        .socket_sendmsg =
-                LIST_HEAD_INIT(security_hook_heads.socket_sendmsg),
-        .socket_recvmsg =
-                LIST_HEAD_INIT(security_hook_heads.socket_recvmsg),
-        .socket_getsockname =
-                LIST_HEAD_INIT(security_hook_heads.socket_getsockname),
-        .socket_getpeername =
-                LIST_HEAD_INIT(security_hook_heads.socket_getpeername),
-        .socket_getsockopt =
-                LIST_HEAD_INIT(security_hook_heads.socket_getsockopt),
-        .socket_setsockopt =
-                LIST_HEAD_INIT(security_hook_heads.socket_setsockopt),
-        .socket_shutdown =
-                LIST_HEAD_INIT(security_hook_heads.socket_shutdown),
-        .socket_sock_rcv_skb =
-                LIST_HEAD_INIT(security_hook_heads.socket_sock_rcv_skb),
-        .socket_getpeersec_stream =
-                LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_stream),
-        .socket_getpeersec_dgram =
-                LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_dgram),
-        .sk_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.sk_alloc_security),
-        .sk_free_security =
-                LIST_HEAD_INIT(security_hook_heads.sk_free_security),
-        .sk_clone_security =
-                LIST_HEAD_INIT(security_hook_heads.sk_clone_security),
-        .sk_getsecid =  LIST_HEAD_INIT(security_hook_heads.sk_getsecid),
-        .sock_graft =   LIST_HEAD_INIT(security_hook_heads.sock_graft),
-        .inet_conn_request =
-                LIST_HEAD_INIT(security_hook_heads.inet_conn_request),
-        .inet_csk_clone =
-                LIST_HEAD_INIT(security_hook_heads.inet_csk_clone),
-        .inet_conn_established =
-                LIST_HEAD_INIT(security_hook_heads.inet_conn_established),
-        .secmark_relabel_packet =
-                LIST_HEAD_INIT(security_hook_heads.secmark_relabel_packet),
-        .secmark_refcount_inc =
-                LIST_HEAD_INIT(security_hook_heads.secmark_refcount_inc),
-        .secmark_refcount_dec =
-                LIST_HEAD_INIT(security_hook_heads.secmark_refcount_dec),
-        .req_classify_flow =
-                LIST_HEAD_INIT(security_hook_heads.req_classify_flow),
-        .tun_dev_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.tun_dev_alloc_security),
-        .tun_dev_free_security =
-                LIST_HEAD_INIT(security_hook_heads.tun_dev_free_security),
-        .tun_dev_create =
-                LIST_HEAD_INIT(security_hook_heads.tun_dev_create),
-        .tun_dev_attach_queue =
-                LIST_HEAD_INIT(security_hook_heads.tun_dev_attach_queue),
-        .tun_dev_attach =
-                LIST_HEAD_INIT(security_hook_heads.tun_dev_attach),
-        .tun_dev_open = LIST_HEAD_INIT(security_hook_heads.tun_dev_open),
-#endif  /* CONFIG_SECURITY_NETWORK */
-#ifdef CONFIG_SECURITY_NETWORK_XFRM
-        .xfrm_policy_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_policy_alloc_security),
-        .xfrm_policy_clone_security =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_policy_clone_security),
-        .xfrm_policy_free_security =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_policy_free_security),
-        .xfrm_policy_delete_security =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_policy_delete_security),
-        .xfrm_state_alloc =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc),
-        .xfrm_state_alloc_acquire =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc_acquire),
-        .xfrm_state_free_security =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_state_free_security),
-        .xfrm_state_delete_security =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_state_delete_security),
-        .xfrm_policy_lookup =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_policy_lookup),
-        .xfrm_state_pol_flow_match =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_state_pol_flow_match),
-        .xfrm_decode_session =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_decode_session),
-#endif  /* CONFIG_SECURITY_NETWORK_XFRM */
-#ifdef CONFIG_KEYS
-        .key_alloc =    LIST_HEAD_INIT(security_hook_heads.key_alloc),
-        .key_free =     LIST_HEAD_INIT(security_hook_heads.key_free),
-        .key_permission =
-                LIST_HEAD_INIT(security_hook_heads.key_permission),
-        .key_getsecurity =
-                LIST_HEAD_INIT(security_hook_heads.key_getsecurity),
-#endif  /* CONFIG_KEYS */
-#ifdef CONFIG_AUDIT
-        .audit_rule_init =
-                LIST_HEAD_INIT(security_hook_heads.audit_rule_init),
-        .audit_rule_known =
-                LIST_HEAD_INIT(security_hook_heads.audit_rule_known),
-        .audit_rule_match =
-                LIST_HEAD_INIT(security_hook_heads.audit_rule_match),
-        .audit_rule_free =
-                LIST_HEAD_INIT(security_hook_heads.audit_rule_free),
-#endif /* CONFIG_AUDIT */
-};
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2017-03-22 06:46:19 -0400
committer	James Morris <james.l.morris@oracle.com>	2017-03-23 23:24:41 -0400
commit	3dfc9b02864b19f4dab376f14479ee4ad1de6c9e (patch)
tree	8a386143e6ce7a3c8a48b0b25dd7e506de04c6a1
parent	ca97d939db114c8d1619e10a3b82af8615372dae (diff)

diff --git a/security/security.c b/security/security.c index d6d18a3721aa..2f15488dc6bc 100644 --- a/security/security.c +++ b/security/security.c
@@ -32,6 +32,7 @@
32	/* Maximum number of letters for an LSM name string */	32	/* Maximum number of letters for an LSM name string */
33	#define SECURITY_NAME_MAX 10	33	#define SECURITY_NAME_MAX 10
34		34
		35	struct security_hook_heads security_hook_heads __lsm_ro_after_init;
35	char *lsm_names;	36	char *lsm_names;
36	/* Boot-time LSM user choice */	37	/* Boot-time LSM user choice */
37	static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =	38	static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
@@ -54,6 +55,12 @@ static void __init do_security_initcalls(void)
54	*/	55	*/
55	int __init security_init(void)	56	int __init security_init(void)
56	{	57	{
		58	int i;
		59	struct list_head list = (struct list_head ) &security_hook_heads;
		60
		61	for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct list_head);
		62	i++)
		63	INIT_LIST_HEAD(&list[i]);
57	pr_info("Security Framework initialized\n");	64	pr_info("Security Framework initialized\n");
58		65
59	/*	66	/*
@@ -1627,357 +1634,3 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
1627	actx);	1634	actx);
1628	}	1635	}
1629	#endif /* CONFIG_AUDIT */	1636	#endif /* CONFIG_AUDIT */
1630
1631	struct security_hook_heads security_hook_heads __lsm_ro_after_init = {
1632	.binder_set_context_mgr =
1633	LIST_HEAD_INIT(security_hook_heads.binder_set_context_mgr),
1634	.binder_transaction =
1635	LIST_HEAD_INIT(security_hook_heads.binder_transaction),
1636	.binder_transfer_binder =
1637	LIST_HEAD_INIT(security_hook_heads.binder_transfer_binder),
1638	.binder_transfer_file =
1639	LIST_HEAD_INIT(security_hook_heads.binder_transfer_file),
1640
1641	.ptrace_access_check =
1642	LIST_HEAD_INIT(security_hook_heads.ptrace_access_check),
1643	.ptrace_traceme =
1644	LIST_HEAD_INIT(security_hook_heads.ptrace_traceme),
1645	.capget = LIST_HEAD_INIT(security_hook_heads.capget),
1646	.capset = LIST_HEAD_INIT(security_hook_heads.capset),
1647	.capable = LIST_HEAD_INIT(security_hook_heads.capable),
1648	.quotactl = LIST_HEAD_INIT(security_hook_heads.quotactl),
1649	.quota_on = LIST_HEAD_INIT(security_hook_heads.quota_on),
1650	.syslog = LIST_HEAD_INIT(security_hook_heads.syslog),
1651	.settime = LIST_HEAD_INIT(security_hook_heads.settime),
1652	.vm_enough_memory =
1653	LIST_HEAD_INIT(security_hook_heads.vm_enough_memory),
1654	.bprm_set_creds =
1655	LIST_HEAD_INIT(security_hook_heads.bprm_set_creds),
1656	.bprm_check_security =
1657	LIST_HEAD_INIT(security_hook_heads.bprm_check_security),
1658	.bprm_secureexec =
1659	LIST_HEAD_INIT(security_hook_heads.bprm_secureexec),
1660	.bprm_committing_creds =
1661	LIST_HEAD_INIT(security_hook_heads.bprm_committing_creds),
1662	.bprm_committed_creds =
1663	LIST_HEAD_INIT(security_hook_heads.bprm_committed_creds),
1664	.sb_alloc_security =
1665	LIST_HEAD_INIT(security_hook_heads.sb_alloc_security),
1666	.sb_free_security =
1667	LIST_HEAD_INIT(security_hook_heads.sb_free_security),
1668	.sb_copy_data = LIST_HEAD_INIT(security_hook_heads.sb_copy_data),
1669	.sb_remount = LIST_HEAD_INIT(security_hook_heads.sb_remount),
1670	.sb_kern_mount =
1671	LIST_HEAD_INIT(security_hook_heads.sb_kern_mount),
1672	.sb_show_options =
1673	LIST_HEAD_INIT(security_hook_heads.sb_show_options),
1674	.sb_statfs = LIST_HEAD_INIT(security_hook_heads.sb_statfs),
1675	.sb_mount = LIST_HEAD_INIT(security_hook_heads.sb_mount),
1676	.sb_umount = LIST_HEAD_INIT(security_hook_heads.sb_umount),
1677	.sb_pivotroot = LIST_HEAD_INIT(security_hook_heads.sb_pivotroot),
1678	.sb_set_mnt_opts =
1679	LIST_HEAD_INIT(security_hook_heads.sb_set_mnt_opts),
1680	.sb_clone_mnt_opts =
1681	LIST_HEAD_INIT(security_hook_heads.sb_clone_mnt_opts),
1682	.sb_parse_opts_str =
1683	LIST_HEAD_INIT(security_hook_heads.sb_parse_opts_str),
1684	.dentry_init_security =
1685	LIST_HEAD_INIT(security_hook_heads.dentry_init_security),
1686	.dentry_create_files_as =
1687	LIST_HEAD_INIT(security_hook_heads.dentry_create_files_as),
1688	#ifdef CONFIG_SECURITY_PATH
1689	.path_unlink = LIST_HEAD_INIT(security_hook_heads.path_unlink),
1690	.path_mkdir = LIST_HEAD_INIT(security_hook_heads.path_mkdir),
1691	.path_rmdir = LIST_HEAD_INIT(security_hook_heads.path_rmdir),
1692	.path_mknod = LIST_HEAD_INIT(security_hook_heads.path_mknod),
1693	.path_truncate =
1694	LIST_HEAD_INIT(security_hook_heads.path_truncate),
1695	.path_symlink = LIST_HEAD_INIT(security_hook_heads.path_symlink),
1696	.path_link = LIST_HEAD_INIT(security_hook_heads.path_link),
1697	.path_rename = LIST_HEAD_INIT(security_hook_heads.path_rename),
1698	.path_chmod = LIST_HEAD_INIT(security_hook_heads.path_chmod),
1699	.path_chown = LIST_HEAD_INIT(security_hook_heads.path_chown),
1700	.path_chroot = LIST_HEAD_INIT(security_hook_heads.path_chroot),
1701	#endif
1702	.inode_alloc_security =
1703	LIST_HEAD_INIT(security_hook_heads.inode_alloc_security),
1704	.inode_free_security =
1705	LIST_HEAD_INIT(security_hook_heads.inode_free_security),
1706	.inode_init_security =
1707	LIST_HEAD_INIT(security_hook_heads.inode_init_security),
1708	.inode_create = LIST_HEAD_INIT(security_hook_heads.inode_create),
1709	.inode_link = LIST_HEAD_INIT(security_hook_heads.inode_link),
1710	.inode_unlink = LIST_HEAD_INIT(security_hook_heads.inode_unlink),
1711	.inode_symlink =
1712	LIST_HEAD_INIT(security_hook_heads.inode_symlink),
1713	.inode_mkdir = LIST_HEAD_INIT(security_hook_heads.inode_mkdir),
1714	.inode_rmdir = LIST_HEAD_INIT(security_hook_heads.inode_rmdir),
1715	.inode_mknod = LIST_HEAD_INIT(security_hook_heads.inode_mknod),
1716	.inode_rename = LIST_HEAD_INIT(security_hook_heads.inode_rename),
1717	.inode_readlink =
1718	LIST_HEAD_INIT(security_hook_heads.inode_readlink),
1719	.inode_follow_link =
1720	LIST_HEAD_INIT(security_hook_heads.inode_follow_link),
1721	.inode_permission =
1722	LIST_HEAD_INIT(security_hook_heads.inode_permission),
1723	.inode_setattr =
1724	LIST_HEAD_INIT(security_hook_heads.inode_setattr),
1725	.inode_getattr =
1726	LIST_HEAD_INIT(security_hook_heads.inode_getattr),
1727	.inode_setxattr =
1728	LIST_HEAD_INIT(security_hook_heads.inode_setxattr),
1729	.inode_post_setxattr =
1730	LIST_HEAD_INIT(security_hook_heads.inode_post_setxattr),
1731	.inode_getxattr =
1732	LIST_HEAD_INIT(security_hook_heads.inode_getxattr),
1733	.inode_listxattr =
1734	LIST_HEAD_INIT(security_hook_heads.inode_listxattr),
1735	.inode_removexattr =
1736	LIST_HEAD_INIT(security_hook_heads.inode_removexattr),
1737	.inode_need_killpriv =
1738	LIST_HEAD_INIT(security_hook_heads.inode_need_killpriv),
1739	.inode_killpriv =
1740	LIST_HEAD_INIT(security_hook_heads.inode_killpriv),
1741	.inode_getsecurity =
1742	LIST_HEAD_INIT(security_hook_heads.inode_getsecurity),
1743	.inode_setsecurity =
1744	LIST_HEAD_INIT(security_hook_heads.inode_setsecurity),
1745	.inode_listsecurity =
1746	LIST_HEAD_INIT(security_hook_heads.inode_listsecurity),
1747	.inode_getsecid =
1748	LIST_HEAD_INIT(security_hook_heads.inode_getsecid),
1749	.inode_copy_up =
1750	LIST_HEAD_INIT(security_hook_heads.inode_copy_up),
1751	.inode_copy_up_xattr =
1752	LIST_HEAD_INIT(security_hook_heads.inode_copy_up_xattr),
1753	.file_permission =
1754	LIST_HEAD_INIT(security_hook_heads.file_permission),
1755	.file_alloc_security =
1756	LIST_HEAD_INIT(security_hook_heads.file_alloc_security),
1757	.file_free_security =
1758	LIST_HEAD_INIT(security_hook_heads.file_free_security),
1759	.file_ioctl = LIST_HEAD_INIT(security_hook_heads.file_ioctl),
1760	.mmap_addr = LIST_HEAD_INIT(security_hook_heads.mmap_addr),
1761	.mmap_file = LIST_HEAD_INIT(security_hook_heads.mmap_file),
1762	.file_mprotect =
1763	LIST_HEAD_INIT(security_hook_heads.file_mprotect),
1764	.file_lock = LIST_HEAD_INIT(security_hook_heads.file_lock),
1765	.file_fcntl = LIST_HEAD_INIT(security_hook_heads.file_fcntl),
1766	.file_set_fowner =
1767	LIST_HEAD_INIT(security_hook_heads.file_set_fowner),
1768	.file_send_sigiotask =
1769	LIST_HEAD_INIT(security_hook_heads.file_send_sigiotask),
1770	.file_receive = LIST_HEAD_INIT(security_hook_heads.file_receive),
1771	.file_open = LIST_HEAD_INIT(security_hook_heads.file_open),
1772	.task_create = LIST_HEAD_INIT(security_hook_heads.task_create),
1773	.task_free = LIST_HEAD_INIT(security_hook_heads.task_free),
1774	.cred_alloc_blank =
1775	LIST_HEAD_INIT(security_hook_heads.cred_alloc_blank),
1776	.cred_free = LIST_HEAD_INIT(security_hook_heads.cred_free),
1777	.cred_prepare = LIST_HEAD_INIT(security_hook_heads.cred_prepare),
1778	.cred_transfer =
1779	LIST_HEAD_INIT(security_hook_heads.cred_transfer),
1780	.kernel_act_as =
1781	LIST_HEAD_INIT(security_hook_heads.kernel_act_as),
1782	.kernel_create_files_as =
1783	LIST_HEAD_INIT(security_hook_heads.kernel_create_files_as),
1784	.kernel_module_request =
1785	LIST_HEAD_INIT(security_hook_heads.kernel_module_request),
1786	.kernel_read_file =
1787	LIST_HEAD_INIT(security_hook_heads.kernel_read_file),
1788	.kernel_post_read_file =
1789	LIST_HEAD_INIT(security_hook_heads.kernel_post_read_file),
1790	.task_fix_setuid =
1791	LIST_HEAD_INIT(security_hook_heads.task_fix_setuid),
1792	.task_setpgid = LIST_HEAD_INIT(security_hook_heads.task_setpgid),
1793	.task_getpgid = LIST_HEAD_INIT(security_hook_heads.task_getpgid),
1794	.task_getsid = LIST_HEAD_INIT(security_hook_heads.task_getsid),
1795	.task_getsecid =
1796	LIST_HEAD_INIT(security_hook_heads.task_getsecid),
1797	.task_setnice = LIST_HEAD_INIT(security_hook_heads.task_setnice),
1798	.task_setioprio =
1799	LIST_HEAD_INIT(security_hook_heads.task_setioprio),
1800	.task_getioprio =
1801	LIST_HEAD_INIT(security_hook_heads.task_getioprio),
1802	.task_prlimit =
1803	LIST_HEAD_INIT(security_hook_heads.task_prlimit),
1804	.task_setrlimit =
1805	LIST_HEAD_INIT(security_hook_heads.task_setrlimit),
1806	.task_setscheduler =
1807	LIST_HEAD_INIT(security_hook_heads.task_setscheduler),
1808	.task_getscheduler =
1809	LIST_HEAD_INIT(security_hook_heads.task_getscheduler),
1810	.task_movememory =
1811	LIST_HEAD_INIT(security_hook_heads.task_movememory),
1812	.task_kill = LIST_HEAD_INIT(security_hook_heads.task_kill),
1813	.task_prctl = LIST_HEAD_INIT(security_hook_heads.task_prctl),
1814	.task_to_inode =
1815	LIST_HEAD_INIT(security_hook_heads.task_to_inode),
1816	.ipc_permission =
1817	LIST_HEAD_INIT(security_hook_heads.ipc_permission),
1818	.ipc_getsecid = LIST_HEAD_INIT(security_hook_heads.ipc_getsecid),
1819	.msg_msg_alloc_security =
1820	LIST_HEAD_INIT(security_hook_heads.msg_msg_alloc_security),
1821	.msg_msg_free_security =
1822	LIST_HEAD_INIT(security_hook_heads.msg_msg_free_security),
1823	.msg_queue_alloc_security =
1824	LIST_HEAD_INIT(security_hook_heads.msg_queue_alloc_security),
1825	.msg_queue_free_security =
1826	LIST_HEAD_INIT(security_hook_heads.msg_queue_free_security),
1827	.msg_queue_associate =
1828	LIST_HEAD_INIT(security_hook_heads.msg_queue_associate),
1829	.msg_queue_msgctl =
1830	LIST_HEAD_INIT(security_hook_heads.msg_queue_msgctl),
1831	.msg_queue_msgsnd =
1832	LIST_HEAD_INIT(security_hook_heads.msg_queue_msgsnd),
1833	.msg_queue_msgrcv =
1834	LIST_HEAD_INIT(security_hook_heads.msg_queue_msgrcv),
1835	.shm_alloc_security =
1836	LIST_HEAD_INIT(security_hook_heads.shm_alloc_security),
1837	.shm_free_security =
1838	LIST_HEAD_INIT(security_hook_heads.shm_free_security),
1839	.shm_associate =
1840	LIST_HEAD_INIT(security_hook_heads.shm_associate),
1841	.shm_shmctl = LIST_HEAD_INIT(security_hook_heads.shm_shmctl),
1842	.shm_shmat = LIST_HEAD_INIT(security_hook_heads.shm_shmat),
1843	.sem_alloc_security =
1844	LIST_HEAD_INIT(security_hook_heads.sem_alloc_security),
1845	.sem_free_security =
1846	LIST_HEAD_INIT(security_hook_heads.sem_free_security),
1847	.sem_associate =
1848	LIST_HEAD_INIT(security_hook_heads.sem_associate),
1849	.sem_semctl = LIST_HEAD_INIT(security_hook_heads.sem_semctl),
1850	.sem_semop = LIST_HEAD_INIT(security_hook_heads.sem_semop),
1851	.netlink_send = LIST_HEAD_INIT(security_hook_heads.netlink_send),
1852	.d_instantiate =
1853	LIST_HEAD_INIT(security_hook_heads.d_instantiate),
1854	.getprocattr = LIST_HEAD_INIT(security_hook_heads.getprocattr),
1855	.setprocattr = LIST_HEAD_INIT(security_hook_heads.setprocattr),
1856	.ismaclabel = LIST_HEAD_INIT(security_hook_heads.ismaclabel),
1857	.secid_to_secctx =
1858	LIST_HEAD_INIT(security_hook_heads.secid_to_secctx),
1859	.secctx_to_secid =
1860	LIST_HEAD_INIT(security_hook_heads.secctx_to_secid),
1861	.release_secctx =
1862	LIST_HEAD_INIT(security_hook_heads.release_secctx),
1863	.inode_invalidate_secctx =
1864	LIST_HEAD_INIT(security_hook_heads.inode_invalidate_secctx),
1865	.inode_notifysecctx =
1866	LIST_HEAD_INIT(security_hook_heads.inode_notifysecctx),
1867	.inode_setsecctx =
1868	LIST_HEAD_INIT(security_hook_heads.inode_setsecctx),
1869	.inode_getsecctx =
1870	LIST_HEAD_INIT(security_hook_heads.inode_getsecctx),
1871	#ifdef CONFIG_SECURITY_NETWORK
1872	.unix_stream_connect =
1873	LIST_HEAD_INIT(security_hook_heads.unix_stream_connect),
1874	.unix_may_send =
1875	LIST_HEAD_INIT(security_hook_heads.unix_may_send),
1876	.socket_create =
1877	LIST_HEAD_INIT(security_hook_heads.socket_create),
1878	.socket_post_create =
1879	LIST_HEAD_INIT(security_hook_heads.socket_post_create),
1880	.socket_bind = LIST_HEAD_INIT(security_hook_heads.socket_bind),
1881	.socket_connect =
1882	LIST_HEAD_INIT(security_hook_heads.socket_connect),
1883	.socket_listen =
1884	LIST_HEAD_INIT(security_hook_heads.socket_listen),
1885	.socket_accept =
1886	LIST_HEAD_INIT(security_hook_heads.socket_accept),
1887	.socket_sendmsg =
1888	LIST_HEAD_INIT(security_hook_heads.socket_sendmsg),
1889	.socket_recvmsg =
1890	LIST_HEAD_INIT(security_hook_heads.socket_recvmsg),
1891	.socket_getsockname =
1892	LIST_HEAD_INIT(security_hook_heads.socket_getsockname),
1893	.socket_getpeername =
1894	LIST_HEAD_INIT(security_hook_heads.socket_getpeername),
1895	.socket_getsockopt =
1896	LIST_HEAD_INIT(security_hook_heads.socket_getsockopt),
1897	.socket_setsockopt =
1898	LIST_HEAD_INIT(security_hook_heads.socket_setsockopt),
1899	.socket_shutdown =
1900	LIST_HEAD_INIT(security_hook_heads.socket_shutdown),
1901	.socket_sock_rcv_skb =
1902	LIST_HEAD_INIT(security_hook_heads.socket_sock_rcv_skb),
1903	.socket_getpeersec_stream =
1904	LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_stream),
1905	.socket_getpeersec_dgram =
1906	LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_dgram),
1907	.sk_alloc_security =
1908	LIST_HEAD_INIT(security_hook_heads.sk_alloc_security),
1909	.sk_free_security =
1910	LIST_HEAD_INIT(security_hook_heads.sk_free_security),
1911	.sk_clone_security =
1912	LIST_HEAD_INIT(security_hook_heads.sk_clone_security),
1913	.sk_getsecid = LIST_HEAD_INIT(security_hook_heads.sk_getsecid),
1914	.sock_graft = LIST_HEAD_INIT(security_hook_heads.sock_graft),
1915	.inet_conn_request =
1916	LIST_HEAD_INIT(security_hook_heads.inet_conn_request),
1917	.inet_csk_clone =
1918	LIST_HEAD_INIT(security_hook_heads.inet_csk_clone),
1919	.inet_conn_established =
1920	LIST_HEAD_INIT(security_hook_heads.inet_conn_established),
1921	.secmark_relabel_packet =
1922	LIST_HEAD_INIT(security_hook_heads.secmark_relabel_packet),
1923	.secmark_refcount_inc =
1924	LIST_HEAD_INIT(security_hook_heads.secmark_refcount_inc),
1925	.secmark_refcount_dec =
1926	LIST_HEAD_INIT(security_hook_heads.secmark_refcount_dec),
1927	.req_classify_flow =
1928	LIST_HEAD_INIT(security_hook_heads.req_classify_flow),
1929	.tun_dev_alloc_security =
1930	LIST_HEAD_INIT(security_hook_heads.tun_dev_alloc_security),
1931	.tun_dev_free_security =
1932	LIST_HEAD_INIT(security_hook_heads.tun_dev_free_security),
1933	.tun_dev_create =
1934	LIST_HEAD_INIT(security_hook_heads.tun_dev_create),
1935	.tun_dev_attach_queue =
1936	LIST_HEAD_INIT(security_hook_heads.tun_dev_attach_queue),
1937	.tun_dev_attach =
1938	LIST_HEAD_INIT(security_hook_heads.tun_dev_attach),
1939	.tun_dev_open = LIST_HEAD_INIT(security_hook_heads.tun_dev_open),
1940	#endif /* CONFIG_SECURITY_NETWORK */
1941	#ifdef CONFIG_SECURITY_NETWORK_XFRM
1942	.xfrm_policy_alloc_security =
1943	LIST_HEAD_INIT(security_hook_heads.xfrm_policy_alloc_security),
1944	.xfrm_policy_clone_security =
1945	LIST_HEAD_INIT(security_hook_heads.xfrm_policy_clone_security),
1946	.xfrm_policy_free_security =
1947	LIST_HEAD_INIT(security_hook_heads.xfrm_policy_free_security),
1948	.xfrm_policy_delete_security =
1949	LIST_HEAD_INIT(security_hook_heads.xfrm_policy_delete_security),
1950	.xfrm_state_alloc =
1951	LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc),
1952	.xfrm_state_alloc_acquire =
1953	LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc_acquire),
1954	.xfrm_state_free_security =
1955	LIST_HEAD_INIT(security_hook_heads.xfrm_state_free_security),
1956	.xfrm_state_delete_security =
1957	LIST_HEAD_INIT(security_hook_heads.xfrm_state_delete_security),
1958	.xfrm_policy_lookup =
1959	LIST_HEAD_INIT(security_hook_heads.xfrm_policy_lookup),
1960	.xfrm_state_pol_flow_match =
1961	LIST_HEAD_INIT(security_hook_heads.xfrm_state_pol_flow_match),
1962	.xfrm_decode_session =
1963	LIST_HEAD_INIT(security_hook_heads.xfrm_decode_session),
1964	#endif /* CONFIG_SECURITY_NETWORK_XFRM */
1965	#ifdef CONFIG_KEYS
1966	.key_alloc = LIST_HEAD_INIT(security_hook_heads.key_alloc),
1967	.key_free = LIST_HEAD_INIT(security_hook_heads.key_free),
1968	.key_permission =
1969	LIST_HEAD_INIT(security_hook_heads.key_permission),
1970	.key_getsecurity =
1971	LIST_HEAD_INIT(security_hook_heads.key_getsecurity),
1972	#endif /* CONFIG_KEYS */
1973	#ifdef CONFIG_AUDIT
1974	.audit_rule_init =
1975	LIST_HEAD_INIT(security_hook_heads.audit_rule_init),
1976	.audit_rule_known =
1977	LIST_HEAD_INIT(security_hook_heads.audit_rule_known),
1978	.audit_rule_match =
1979	LIST_HEAD_INIT(security_hook_heads.audit_rule_match),
1980	.audit_rule_free =
1981	LIST_HEAD_INIT(security_hook_heads.audit_rule_free),
1982	#endif /* CONFIG_AUDIT */
1983	};