LSM: Provide separate ordered initialization
This provides a place for ordered LSMs to be initialized, separate from the "major" LSMs. This is mainly a copy/paste from major_lsm_init() to ordered_lsm_init(), but it will change drastically in later patches. What is not obvious in the patch is that this change moves the integrity LSM from major_lsm_init() into ordered_lsm_init(), since it is not marked with the LSM_FLAG_LEGACY_MAJOR. As it is the only LSM in the "ordered" list, there is no reordering yet created. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
parent
47008e5161
commit
657d910b52
|
@ -52,12 +52,30 @@ static __initdata bool debug;
|
||||||
pr_info(__VA_ARGS__); \
|
pr_info(__VA_ARGS__); \
|
||||||
} while (0)
|
} while (0)
|
||||||
|
|
||||||
|
static void __init ordered_lsm_init(void)
|
||||||
|
{
|
||||||
|
struct lsm_info *lsm;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
|
||||||
|
if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) != 0)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
init_debug("initializing %s\n", lsm->name);
|
||||||
|
ret = lsm->init();
|
||||||
|
WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static void __init major_lsm_init(void)
|
static void __init major_lsm_init(void)
|
||||||
{
|
{
|
||||||
struct lsm_info *lsm;
|
struct lsm_info *lsm;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
|
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
|
||||||
|
if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0)
|
||||||
|
continue;
|
||||||
|
|
||||||
init_debug("initializing %s\n", lsm->name);
|
init_debug("initializing %s\n", lsm->name);
|
||||||
ret = lsm->init();
|
ret = lsm->init();
|
||||||
WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
|
WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
|
||||||
|
@ -87,6 +105,9 @@ int __init security_init(void)
|
||||||
yama_add_hooks();
|
yama_add_hooks();
|
||||||
loadpin_add_hooks();
|
loadpin_add_hooks();
|
||||||
|
|
||||||
|
/* Load LSMs in specified order. */
|
||||||
|
ordered_lsm_init();
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Load all the remaining security modules.
|
* Load all the remaining security modules.
|
||||||
*/
|
*/
|
||||||
|
|
Loading…
Reference in New Issue