diff options
| author | Kees Cook <keescook@chromium.org> | 2018-09-19 19:16:55 -0400 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2019-01-08 16:18:42 -0500 |
| commit | 657d910b52a38c5e0d753c2a5448c6ae26ec85d0 (patch) | |
| tree | 16ff3ff6052bf1264301cf27164690e5df7e672c | |
| parent | 47008e5161fa097ce9b848dee194b43262b743a5 (diff) | |
LSM: Provide separate ordered initialization
This provides a place for ordered LSMs to be initialized, separate from
the "major" LSMs. This is mainly a copy/paste from major_lsm_init() to
ordered_lsm_init(), but it will change drastically in later patches.
What is not obvious in the patch is that this change moves the integrity
LSM from major_lsm_init() into ordered_lsm_init(), since it is not marked
with the LSM_FLAG_LEGACY_MAJOR. As it is the only LSM in the "ordered"
list, there is no reordering yet created.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johansen@canonical.com>
| -rw-r--r-- | security/security.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c index f1b8d2587639..6bc591f77b1a 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -52,12 +52,30 @@ static __initdata bool debug; | |||
| 52 | pr_info(__VA_ARGS__); \ | 52 | pr_info(__VA_ARGS__); \ |
| 53 | } while (0) | 53 | } while (0) |
| 54 | 54 | ||
| 55 | static void __init ordered_lsm_init(void) | ||
| 56 | { | ||
| 57 | struct lsm_info *lsm; | ||
| 58 | int ret; | ||
| 59 | |||
| 60 | for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { | ||
| 61 | if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) != 0) | ||
| 62 | continue; | ||
| 63 | |||
| 64 | init_debug("initializing %s\n", lsm->name); | ||
| 65 | ret = lsm->init(); | ||
| 66 | WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); | ||
| 67 | } | ||
| 68 | } | ||
| 69 | |||
| 55 | static void __init major_lsm_init(void) | 70 | static void __init major_lsm_init(void) |
| 56 | { | 71 | { |
| 57 | struct lsm_info *lsm; | 72 | struct lsm_info *lsm; |
| 58 | int ret; | 73 | int ret; |
| 59 | 74 | ||
| 60 | for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { | 75 | for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { |
| 76 | if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) | ||
| 77 | continue; | ||
| 78 | |||
| 61 | init_debug("initializing %s\n", lsm->name); | 79 | init_debug("initializing %s\n", lsm->name); |
| 62 | ret = lsm->init(); | 80 | ret = lsm->init(); |
| 63 | WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); | 81 | WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); |
| @@ -87,6 +105,9 @@ int __init security_init(void) | |||
| 87 | yama_add_hooks(); | 105 | yama_add_hooks(); |
| 88 | loadpin_add_hooks(); | 106 | loadpin_add_hooks(); |
| 89 | 107 | ||
| 108 | /* Load LSMs in specified order. */ | ||
| 109 | ordered_lsm_init(); | ||
| 110 | |||
| 90 | /* | 111 | /* |
| 91 | * Load all the remaining security modules. | 112 | * Load all the remaining security modules. |
| 92 | */ | 113 | */ |