LSM: Introduce LSM_FLAG_LEGACY_MAJOR

This adds a flag for the current "major" LSMs to distinguish them when
we have a universal method for ordering all LSMs. It's called "legacy"
since the distinction of "major" will go away in the blob-sharing world.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johansen@canonical.com>

4 files changed, 4 insertions, 0 deletions

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 2c010874329f..e49c50e0d5ab 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1729,5 +1729,6 @@ alloc_out:
 
 DEFINE_LSM(apparmor) = {
         .name = "apparmor",
+        .flags = LSM_FLAG_LEGACY_MAJOR,
         .init = apparmor_init,
 };
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f0e36c3492ba..41908d2d6149 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6999,6 +6999,7 @@ void selinux_complete_init(void)
    all processes and objects when they are created. */
 DEFINE_LSM(selinux) = {
         .name = "selinux",
+        .flags = LSM_FLAG_LEGACY_MAJOR,
         .init = selinux_init,
 };
 
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 430d4f35e55c..d72d215d7fde 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4812,5 +4812,6 @@ static __init int smack_init(void)
  */
 DEFINE_LSM(smack) = {
         .name = "smack",
+        .flags = LSM_FLAG_LEGACY_MAJOR,
         .init = smack_init,
 };
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 1b5b5097efd7..09f7af130d3a 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -552,5 +552,6 @@ static int __init tomoyo_init(void)
 
 DEFINE_LSM(tomoyo) = {
         .name = "tomoyo",
+        .flags = LSM_FLAG_LEGACY_MAJOR,
         .init = tomoyo_init,
 };