archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 03:44:45 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

lsm: fold lsm_init_ordered() into security_init()

Browse source 
With only security_init() calling lsm_init_ordered, it makes little
sense to keep lsm_init_ordered() as a standalone function.  Fold
lsm_init_ordered() into security_init().

Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Paul Moore 2025-02-12 18:10:37 -05:00
parent 27be5600fe
commit 45a41d1394
1 changed files with 73 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

159
security/lsm_init.c
View file

@ -18,6 +18,9 @@ static __initdata int lsm_enabled_false = 0;
extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
/* Number of "early" LSMs */
static __initdata unsigned int lsm_count_early;
/* Build and boot-time LSM ordering. */
static __initconst const char *const lsm_order_builtin = CONFIG_LSM;
static __initdata const char *lsm_order_cmdline;
@ -169,7 +172,6 @@ out:
lsm_is_enabled(lsm) ? "enabled" : "disabled");
}
/**
* lsm_blob_size_update - Update the LSM blob size and offset information
* @sz_req: the requested additional blob size
@ -313,14 +315,74 @@ static void __init lsm_order_parse(const char *list, const char *src)
}
}
/**
* lsm_init_ordered - Initialize the ordered LSMs
*/
static void __init lsm_init_ordered(void)
static void __init lsm_static_call_init(struct security_hook_list *hl)
{
unsigned int first = 0;
struct lsm_static_call *scall = hl->scalls;
int i;
for (i = 0; i < MAX_LSM_COUNT; i++) {
/* Update the first static call that is not used yet */
if (!scall->hl) {
__static_call_update(scall->key, scall->trampoline,
hl->hook.lsm_func_addr);
scall->hl = hl;
static_branch_enable(scall->active);
return;
}
scall++;
}
panic("%s - Ran out of static slots.\n", __func__);
}
/**
* security_add_hooks - Add a modules hooks to the hook lists.
* @hooks: the hooks to add
* @count: the number of hooks to add
* @lsmid: the identification information for the security module
*
* Each LSM has to register its hooks with the infrastructure.
*/
void __init security_add_hooks(struct security_hook_list *hooks, int count,
const struct lsm_id *lsmid)
{
int i;
for (i = 0; i < count; i++) {
hooks[i].lsmid = lsmid;
lsm_static_call_init(&hooks[i]);
}
}
int __init early_security_init(void)
{
struct lsm_info *lsm;
lsm_early_for_each_raw(lsm) {
lsm_enabled_set(lsm, true);
lsm_order_append(lsm, "early");
lsm_prepare(lsm);
lsm_init_single(lsm);
lsm_count_early++;
}
return 0;
}
/**
* security_init - Initializes the LSM framework
*
* This should be called early in the kernel initialization sequence.
*/
int __init security_init(void)
{
unsigned int cnt;
struct lsm_info **lsm;
struct lsm_info *early;
unsigned int first = 0;
init_debug("legacy security=%s\n", lsm_order_legacy ? : " *unspecified*");
init_debug(" CONFIG_LSM=%s\n", lsm_order_builtin);
init_debug("boot arg lsm=%s\n", lsm_order_cmdline ? : " *unspecified*");
if (lsm_order_cmdline) {
if (lsm_order_legacy) {
@ -332,9 +394,8 @@ static void __init lsm_init_ordered(void)
} else
lsm_order_parse(lsm_order_builtin, "builtin");
lsm_order_for_each(lsm) {
lsm_order_for_each(lsm)
lsm_prepare(*lsm);
}
pr_info("initializing lsm=");
lsm_early_for_each_raw(early) {
@ -383,87 +444,13 @@ static void __init lsm_init_ordered(void)
if (lsm_task_alloc(current))
panic("%s: early task alloc failed.\n", __func__);
cnt = 0;
lsm_order_for_each(lsm) {
/* skip the "early" LSMs as they have already been setup */
if (cnt++ < lsm_count_early)
continue;
lsm_init_single(*lsm);
}
}
static void __init lsm_static_call_init(struct security_hook_list *hl)
{
struct lsm_static_call *scall = hl->scalls;
int i;
for (i = 0; i < MAX_LSM_COUNT; i++) {
/* Update the first static call that is not used yet */
if (!scall->hl) {
__static_call_update(scall->key, scall->trampoline,
hl->hook.lsm_func_addr);
scall->hl = hl;
static_branch_enable(scall->active);
return;
}
scall++;
}
panic("%s - Ran out of static slots.\n", __func__);
}
/**
* security_add_hooks - Add a modules hooks to the hook lists.
* @hooks: the hooks to add
* @count: the number of hooks to add
* @lsmid: the identification information for the security module
*
* Each LSM has to register its hooks with the infrastructure.
*/
void __init security_add_hooks(struct security_hook_list *hooks, int count,
const struct lsm_id *lsmid)
{
int i;
for (i = 0; i < count; i++) {
hooks[i].lsmid = lsmid;
lsm_static_call_init(&hooks[i]);
}
}
int __init early_security_init(void)
{
struct lsm_info *lsm;
lsm_early_for_each_raw(lsm) {
lsm_enabled_set(lsm, true);
lsm_order_append(lsm, "early");
lsm_prepare(lsm);
lsm_init_single(lsm);
}
return 0;
}
/**
* security_init - initializes the security framework
*
* This should be called early in the kernel initialization sequence.
*/
int __init security_init(void)
{
struct lsm_info *lsm;
init_debug("legacy security=%s\n", lsm_order_legacy ? : " *unspecified*");
init_debug(" CONFIG_LSM=%s\n", lsm_order_builtin);
init_debug("boot arg lsm=%s\n", lsm_order_cmdline ? : " *unspecified*");
/*
* Append the names of the early LSM modules now that kmalloc() is
* available
*/
lsm_early_for_each_raw(lsm) {
init_debug(" early started: %s (%s)\n", lsm->id->name,
lsm_is_enabled(lsm) ? "enabled" : "disabled");
}
/* Load LSMs in specified order. */
lsm_init_ordered();
return 0;
}