Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'lsm-pr-20251201' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm
Pull LSM updates from Paul Moore:
- Rework the LSM initialization code
What started as a "quick" patch to enable a notification event once
all of the individual LSMs were initialized, snowballed a bit into a
30+ patch patchset when everything was done. Most of the patches, and
diffstat, is due to splitting out the initialization code into
security/lsm_init.c and cleaning up some of the mess that was there.
While not strictly necessary, it does cleanup the code signficantly,
and hopefully makes the upkeep a bit easier in the future.
Aside from the new LSM_STARTED_ALL notification, these changes also
ensure that individual LSM initcalls are only called when the LSM is
enabled at boot time. There should be a minor reduction in boot times
for those who build multiple LSMs into their kernels, but only enable
a subset at boot.
It is worth mentioning that nothing at present makes use of the
LSM_STARTED_ALL notification, but there is work in progress which is
dependent upon LSM_STARTED_ALL.
- Make better use of the seq_put*() helpers in device_cgroup
* tag 'lsm-pr-20251201' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm: (36 commits)
lsm: use unrcu_pointer() for current->cred in security_init()
device_cgroup: Refactor devcgroup_seq_show to use seq_put* helpers
lsm: add a LSM_STARTED_ALL notification event
lsm: consolidate all of the LSM framework initcalls
selinux: move initcalls to the LSM framework
ima,evm: move initcalls to the LSM framework
lockdown: move initcalls to the LSM framework
apparmor: move initcalls to the LSM framework
safesetid: move initcalls to the LSM framework
tomoyo: move initcalls to the LSM framework
smack: move initcalls to the LSM framework
ipe: move initcalls to the LSM framework
loadpin: move initcalls to the LSM framework
lsm: introduce an initcall mechanism into the LSM framework
lsm: group lsm_order_parse() with the other lsm_order_*() functions
lsm: output available LSMs when debugging
lsm: cleanup the debug and console output in lsm_init.c
lsm: add/tweak function header comment blocks in lsm_init.c
lsm: fold lsm_init_ordered() into security_init()
lsm: cleanup initialize_lsm() and rename to lsm_init_single()
...
+1026
-743
+47
-26
include/linux/lsm_hooks.h
+47
-26
include/linux/lsm_hooks.h
···
102
102
* Security blob size or offset data.
103
103
*/
104
104
struct lsm_blob_sizes {
105
-
int lbs_cred;
106
-
int lbs_file;
107
-
int lbs_ib;
108
-
int lbs_inode;
109
-
int lbs_sock;
110
-
int lbs_superblock;
111
-
int lbs_ipc;
112
-
int lbs_key;
113
-
int lbs_msg_msg;
114
-
int lbs_perf_event;
115
-
int lbs_task;
116
-
int lbs_xattr_count; /* number of xattr slots in new_xattrs array */
117
-
int lbs_tun_dev;
118
-
int lbs_bdev;
119
-
int lbs_bpf_map;
120
-
int lbs_bpf_prog;
121
-
int lbs_bpf_token;
105
+
unsigned int lbs_cred;
106
+
unsigned int lbs_file;
107
+
unsigned int lbs_ib;
108
+
unsigned int lbs_inode;
109
+
unsigned int lbs_sock;
110
+
unsigned int lbs_superblock;
111
+
unsigned int lbs_ipc;
112
+
unsigned int lbs_key;
113
+
unsigned int lbs_msg_msg;
114
+
unsigned int lbs_perf_event;
115
+
unsigned int lbs_task;
116
+
unsigned int lbs_xattr_count; /* num xattr slots in new_xattrs array */
117
+
unsigned int lbs_tun_dev;
118
+
unsigned int lbs_bdev;
119
+
unsigned int lbs_bpf_map;
120
+
unsigned int lbs_bpf_prog;
121
+
unsigned int lbs_bpf_token;
122
122
};
123
123
124
124
/*
···
151
151
LSM_ORDER_LAST = 1, /* This is only for integrity. */
152
152
};
153
153
154
+
/**
155
+
* struct lsm_info - Define an individual LSM for the LSM framework.
156
+
* @id: LSM name/ID info
157
+
* @order: ordering with respect to other LSMs, optional
158
+
* @flags: descriptive flags, optional
159
+
* @blobs: LSM blob sharing, optional
160
+
* @enabled: controlled by CONFIG_LSM, optional
161
+
* @init: LSM specific initialization routine
162
+
* @initcall_pure: LSM callback for initcall_pure() setup, optional
163
+
* @initcall_early: LSM callback for early_initcall setup, optional
164
+
* @initcall_core: LSM callback for core_initcall() setup, optional
165
+
* @initcall_subsys: LSM callback for subsys_initcall() setup, optional
166
+
* @initcall_fs: LSM callback for fs_initcall setup, optional
167
+
* @nitcall_device: LSM callback for device_initcall() setup, optional
168
+
* @initcall_late: LSM callback for late_initcall() setup, optional
169
+
*/
154
170
struct lsm_info {
155
-
const char *name; /* Required. */
156
-
enum lsm_order order; /* Optional: default is LSM_ORDER_MUTABLE */
157
-
unsigned long flags; /* Optional: flags describing LSM */
158
-
int *enabled; /* Optional: controlled by CONFIG_LSM */
159
-
int (*init)(void); /* Required. */
160
-
struct lsm_blob_sizes *blobs; /* Optional: for blob sharing. */
171
+
const struct lsm_id *id;
172
+
enum lsm_order order;
173
+
unsigned long flags;
174
+
struct lsm_blob_sizes *blobs;
175
+
int *enabled;
176
+
int (*init)(void);
177
+
int (*initcall_pure)(void);
178
+
int (*initcall_early)(void);
179
+
int (*initcall_core)(void);
180
+
int (*initcall_subsys)(void);
181
+
int (*initcall_fs)(void);
182
+
int (*initcall_device)(void);
183
+
int (*initcall_late)(void);
161
184
};
162
185
163
186
#define DEFINE_LSM(lsm) \
···
193
170
__used __section(".early_lsm_info.init") \
194
171
__aligned(sizeof(unsigned long))
195
172
173
+
196
174
/* DO NOT tamper with these variables outside of the LSM framework */
197
-
extern char *lsm_names;
198
175
extern struct lsm_static_calls_table static_calls_table __ro_after_init;
199
-
extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
200
-
extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
201
176
202
177
/**
203
178
* lsm_get_xattr_slot - Return the next available slot and increment the index
+1
-2
include/linux/security.h
+1
-2
include/linux/security.h
···
85
85
86
86
enum lsm_event {
87
87
LSM_POLICY_CHANGE,
88
+
LSM_STARTED_ALL,
88
89
};
89
90
90
91
struct dm_verity_digest {
···
168
167
};
169
168
170
169
extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
171
-
extern u32 lsm_active_cnt;
172
-
extern const struct lsm_id *lsm_idlist[];
173
170
174
171
/* These functions are in security/commoncap.c */
175
172
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
+1
-1
security/Makefile
+1
-1
security/Makefile
···
11
11
obj-$(CONFIG_MMU) += min_addr.o
12
12
13
13
# Object file lists
14
-
obj-$(CONFIG_SECURITY) += security.o
14
+
obj-$(CONFIG_SECURITY) += security.o lsm_notifier.o lsm_init.o
15
15
obj-$(CONFIG_SECURITYFS) += inode.o
16
16
obj-$(CONFIG_SECURITY_SELINUX) += selinux/
17
17
obj-$(CONFIG_SECURITY_SMACK) += smack/
+1
-3
security/apparmor/apparmorfs.c
+1
-3
security/apparmor/apparmorfs.c
···
2649
2649
*
2650
2650
* Returns: error on failure
2651
2651
*/
2652
-
static int __init aa_create_aafs(void)
2652
+
int __init aa_create_aafs(void)
2653
2653
{
2654
2654
struct dentry *dent;
2655
2655
int error;
···
2728
2728
AA_ERROR("Error creating AppArmor securityfs\n");
2729
2729
return error;
2730
2730
}
2731
-
2732
-
fs_initcall(aa_create_aafs);
+1
-2
security/apparmor/crypto.c
+1
-2
security/apparmor/crypto.c
+2
security/apparmor/include/apparmorfs.h
+2
security/apparmor/include/apparmorfs.h
···
104
104
#define prof_dir(X) ((X)->dents[AAFS_PROF_DIR])
105
105
#define prof_child_dir(X) ((X)->dents[AAFS_PROF_PROFS])
106
106
107
+
int aa_create_aafs(void);
108
+
107
109
void __aa_bump_ns_revision(struct aa_ns *ns);
108
110
void __aafs_profile_rmdir(struct aa_profile *profile);
109
111
void __aafs_profile_migrate_dents(struct aa_profile *old,
+1
security/apparmor/include/crypto.h
+1
security/apparmor/include/crypto.h
+9
-2
security/apparmor/lsm.c
+9
-2
security/apparmor/lsm.c
···
32
32
#include "include/audit.h"
33
33
#include "include/capability.h"
34
34
#include "include/cred.h"
35
+
#include "include/crypto.h"
35
36
#include "include/file.h"
36
37
#include "include/ipc.h"
37
38
#include "include/net.h"
···
2427
2426
2428
2427
return 0;
2429
2428
}
2430
-
__initcall(apparmor_nf_ip_init);
2431
2429
#endif
2432
2430
2433
2431
static char nulldfa_src[] __aligned(8) = {
···
2555
2555
}
2556
2556
2557
2557
DEFINE_LSM(apparmor) = {
2558
-
.name = "apparmor",
2558
+
.id = &apparmor_lsmid,
2559
2559
.flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
2560
2560
.enabled = &apparmor_enabled,
2561
2561
.blobs = &apparmor_blob_sizes,
2562
2562
.init = apparmor_init,
2563
+
.initcall_fs = aa_create_aafs,
2564
+
#if defined(CONFIG_NETFILTER) && defined(CONFIG_NETWORK_SECMARK)
2565
+
.initcall_device = apparmor_nf_ip_init,
2566
+
#endif
2567
+
#ifdef CONFIG_SECURITY_APPARMOR_HASH
2568
+
.initcall_late = init_profile_hash,
2569
+
#endif
2563
2570
};
+1
-1
security/bpf/hooks.c
+1
-1
security/bpf/hooks.c
+1
-1
security/commoncap.c
+1
-1
security/commoncap.c
+25
-31
security/device_cgroup.c
+25
-31
security/device_cgroup.c
···
244
244
#define DEVCG_DENY 2
245
245
#define DEVCG_LIST 3
246
246
247
-
#define MAJMINLEN 13
248
-
#define ACCLEN 4
249
-
250
-
static void set_access(char *acc, short access)
247
+
static void seq_putaccess(struct seq_file *m, short access)
251
248
{
252
-
int idx = 0;
253
-
memset(acc, 0, ACCLEN);
254
249
if (access & DEVCG_ACC_READ)
255
-
acc[idx++] = 'r';
250
+
seq_putc(m, 'r');
256
251
if (access & DEVCG_ACC_WRITE)
257
-
acc[idx++] = 'w';
252
+
seq_putc(m, 'w');
258
253
if (access & DEVCG_ACC_MKNOD)
259
-
acc[idx++] = 'm';
254
+
seq_putc(m, 'm');
260
255
}
261
256
262
-
static char type_to_char(short type)
257
+
static void seq_puttype(struct seq_file *m, short type)
263
258
{
264
259
if (type == DEVCG_DEV_ALL)
265
-
return 'a';
266
-
if (type == DEVCG_DEV_CHAR)
267
-
return 'c';
268
-
if (type == DEVCG_DEV_BLOCK)
269
-
return 'b';
270
-
return 'X';
260
+
seq_putc(m, 'a');
261
+
else if (type == DEVCG_DEV_CHAR)
262
+
seq_putc(m, 'c');
263
+
else if (type == DEVCG_DEV_BLOCK)
264
+
seq_putc(m, 'b');
265
+
else
266
+
seq_putc(m, 'X');
271
267
}
272
268
273
-
static void set_majmin(char *str, unsigned m)
269
+
static void seq_putversion(struct seq_file *m, unsigned int version)
274
270
{
275
-
if (m == ~0)
276
-
strcpy(str, "*");
271
+
if (version == ~0)
272
+
seq_putc(m, '*');
277
273
else
278
-
sprintf(str, "%u", m);
274
+
seq_printf(m, "%u", version);
279
275
}
280
276
281
277
static int devcgroup_seq_show(struct seq_file *m, void *v)
282
278
{
283
279
struct dev_cgroup *devcgroup = css_to_devcgroup(seq_css(m));
284
280
struct dev_exception_item *ex;
285
-
char maj[MAJMINLEN], min[MAJMINLEN], acc[ACCLEN];
286
281
287
282
rcu_read_lock();
288
283
/*
···
287
292
* This way, the file remains as a "whitelist of devices"
288
293
*/
289
294
if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) {
290
-
set_access(acc, DEVCG_ACC_MASK);
291
-
set_majmin(maj, ~0);
292
-
set_majmin(min, ~0);
293
-
seq_printf(m, "%c %s:%s %s\n", type_to_char(DEVCG_DEV_ALL),
294
-
maj, min, acc);
295
+
seq_puts(m, "a *:* rwm\n");
295
296
} else {
296
297
list_for_each_entry_rcu(ex, &devcgroup->exceptions, list) {
297
-
set_access(acc, ex->access);
298
-
set_majmin(maj, ex->major);
299
-
set_majmin(min, ex->minor);
300
-
seq_printf(m, "%c %s:%s %s\n", type_to_char(ex->type),
301
-
maj, min, acc);
298
+
seq_puttype(m, ex->type);
299
+
seq_putc(m, ' ');
300
+
seq_putversion(m, ex->major);
301
+
seq_putc(m, ':');
302
+
seq_putversion(m, ex->minor);
303
+
seq_putc(m, ' ');
304
+
seq_putaccess(m, ex->access);
305
+
seq_putc(m, '\n');
302
306
}
303
307
}
304
308
rcu_read_unlock();
+42
-4
security/inode.c
+42
-4
security/inode.c
···
22
22
#include <linux/lsm_hooks.h>
23
23
#include <linux/magic.h>
24
24
25
+
#include "lsm.h"
26
+
25
27
static struct vfsmount *mount;
26
28
static int mount_count;
27
29
···
317
315
EXPORT_SYMBOL_GPL(securityfs_remove);
318
316
319
317
#ifdef CONFIG_SECURITY
318
+
#include <linux/spinlock.h>
319
+
320
320
static struct dentry *lsm_dentry;
321
+
321
322
static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count,
322
323
loff_t *ppos)
323
324
{
324
-
return simple_read_from_buffer(buf, count, ppos, lsm_names,
325
-
strlen(lsm_names));
325
+
int i;
326
+
static char *str;
327
+
static size_t len;
328
+
static DEFINE_SPINLOCK(lock);
329
+
330
+
/* NOTE: we never free or modify the string once it is set */
331
+
332
+
if (unlikely(!str || !len)) {
333
+
char *str_tmp;
334
+
size_t len_tmp = 0;
335
+
336
+
for (i = 0; i < lsm_active_cnt; i++)
337
+
/* the '+ 1' accounts for either a comma or a NUL */
338
+
len_tmp += strlen(lsm_idlist[i]->name) + 1;
339
+
340
+
str_tmp = kmalloc(len_tmp, GFP_KERNEL);
341
+
if (!str_tmp)
342
+
return -ENOMEM;
343
+
str_tmp[0] = '\0';
344
+
345
+
for (i = 0; i < lsm_active_cnt; i++) {
346
+
if (i > 0)
347
+
strcat(str_tmp, ",");
348
+
strcat(str_tmp, lsm_idlist[i]->name);
349
+
}
350
+
351
+
spin_lock(&lock);
352
+
if (!str) {
353
+
str = str_tmp;
354
+
len = len_tmp - 1;
355
+
} else
356
+
kfree(str_tmp);
357
+
spin_unlock(&lock);
358
+
}
359
+
360
+
return simple_read_from_buffer(buf, count, ppos, str, len);
326
361
}
327
362
328
363
static const struct file_operations lsm_ops = {
···
368
329
};
369
330
#endif
370
331
371
-
static int __init securityfs_init(void)
332
+
int __init securityfs_init(void)
372
333
{
373
334
int retval;
374
335
···
387
348
#endif
388
349
return 0;
389
350
}
390
-
core_initcall(securityfs_init);
+2
-3
security/integrity/evm/evm_main.c
+2
-3
security/integrity/evm/evm_main.c
+9
-2
security/integrity/evm/evm_secfs.c
+9
-2
security/integrity/evm/evm_secfs.c
···
302
302
int error = 0;
303
303
struct dentry *dentry;
304
304
305
-
evm_dir = securityfs_create_dir("evm", integrity_dir);
306
-
if (IS_ERR(evm_dir))
305
+
error = integrity_fs_init();
306
+
if (error < 0)
307
307
return -EFAULT;
308
+
309
+
evm_dir = securityfs_create_dir("evm", integrity_dir);
310
+
if (IS_ERR(evm_dir)) {
311
+
error = -EFAULT;
312
+
goto out;
313
+
}
308
314
309
315
dentry = securityfs_create_file("evm", 0660,
310
316
evm_dir, NULL, &evm_key_ops);
···
335
329
out:
336
330
securityfs_remove(evm_symlink);
337
331
securityfs_remove(evm_dir);
332
+
integrity_fs_fini();
338
333
return error;
339
334
}
+12
-2
security/integrity/iint.c
+12
-2
security/integrity/iint.c
···
42
42
evm_load_x509();
43
43
}
44
44
45
-
static int __init integrity_fs_init(void)
45
+
int __init integrity_fs_init(void)
46
46
{
47
+
if (integrity_dir)
48
+
return 0;
49
+
47
50
integrity_dir = securityfs_create_dir("integrity", NULL);
48
51
if (IS_ERR(integrity_dir)) {
49
52
int ret = PTR_ERR(integrity_dir);
···
61
58
return 0;
62
59
}
63
60
64
-
late_initcall(integrity_fs_init)
61
+
void __init integrity_fs_fini(void)
62
+
{
63
+
if (!integrity_dir || !simple_empty(integrity_dir))
64
+
return;
65
+
66
+
securityfs_remove(integrity_dir);
67
+
integrity_dir = NULL;
68
+
}
+9
-2
security/integrity/ima/ima_fs.c
+9
-2
security/integrity/ima/ima_fs.c
···
499
499
struct dentry *dentry;
500
500
int ret;
501
501
502
+
ret = integrity_fs_init();
503
+
if (ret < 0)
504
+
return ret;
505
+
502
506
ima_dir = securityfs_create_dir("ima", integrity_dir);
503
-
if (IS_ERR(ima_dir))
504
-
return PTR_ERR(ima_dir);
507
+
if (IS_ERR(ima_dir)) {
508
+
ret = PTR_ERR(ima_dir);
509
+
goto out;
510
+
}
505
511
506
512
ima_symlink = securityfs_create_symlink("ima", NULL, "integrity/ima",
507
513
NULL);
···
561
555
out:
562
556
securityfs_remove(ima_symlink);
563
557
securityfs_remove(ima_dir);
558
+
integrity_fs_fini();
564
559
565
560
return ret;
566
561
}
+3
-3
security/integrity/ima/ima_main.c
+3
-3
security/integrity/ima/ima_main.c
···
1279
1279
};
1280
1280
1281
1281
DEFINE_LSM(ima) = {
1282
-
.name = "ima",
1282
+
.id = &ima_lsmid,
1283
1283
.init = init_ima_lsm,
1284
1284
.order = LSM_ORDER_LAST,
1285
1285
.blobs = &ima_blob_sizes,
1286
+
/* Start IMA after the TPM is available */
1287
+
.initcall_late = init_ima,
1286
1288
};
1287
-
1288
-
late_initcall(init_ima); /* Start IMA after the TPM is available */
+2
security/integrity/integrity.h
+2
security/integrity/integrity.h
+1
-3
security/ipe/fs.c
+1
-3
security/ipe/fs.c
···
193
193
* Return: %0 on success. If an error occurs, the function will return
194
194
* the -errno.
195
195
*/
196
-
static int __init ipe_init_securityfs(void)
196
+
int __init ipe_init_securityfs(void)
197
197
{
198
198
int rc = 0;
199
199
struct ipe_policy *ap;
···
244
244
securityfs_remove(root);
245
245
return rc;
246
246
}
247
-
248
-
fs_initcall(ipe_init_securityfs);
+2
-1
security/ipe/ipe.c
+2
-1
security/ipe/ipe.c
+2
security/ipe/ipe.h
+2
security/ipe/ipe.h
+1
-1
security/landlock/setup.c
+1
-1
security/landlock/setup.c
+8
-7
security/loadpin/loadpin.c
+8
-7
security/loadpin/loadpin.c
···
270
270
return 0;
271
271
}
272
272
273
-
DEFINE_LSM(loadpin) = {
274
-
.name = "loadpin",
275
-
.init = loadpin_init,
276
-
};
277
-
278
273
#ifdef CONFIG_SECURITY_LOADPIN_VERITY
279
274
280
275
enum loadpin_securityfs_interface_index {
···
429
434
return 0;
430
435
}
431
436
432
-
fs_initcall(init_loadpin_securityfs);
433
-
434
437
#endif /* CONFIG_SECURITY_LOADPIN_VERITY */
438
+
439
+
DEFINE_LSM(loadpin) = {
440
+
.id = &loadpin_lsmid,
441
+
.init = loadpin_init,
442
+
#ifdef CONFIG_SECURITY_LOADPIN_VERITY
443
+
.initcall_fs = init_loadpin_securityfs,
444
+
#endif /* CONFIG_SECURITY_LOADPIN_VERITY */
445
+
};
435
446
436
447
/* Should not be mutable after boot, so not listed in sysfs (perm == 0). */
437
448
module_param(enforce, int, 0);
+2
-3
security/lockdown/lockdown.c
+2
-3
security/lockdown/lockdown.c
···
161
161
return PTR_ERR_OR_ZERO(dentry);
162
162
}
163
163
164
-
core_initcall(lockdown_secfs_init);
165
-
166
164
#ifdef CONFIG_SECURITY_LOCKDOWN_LSM_EARLY
167
165
DEFINE_EARLY_LSM(lockdown) = {
168
166
#else
169
167
DEFINE_LSM(lockdown) = {
170
168
#endif
171
-
.name = "lockdown",
169
+
.id = &lockdown_lsmid,
172
170
.init = lockdown_lsm_init,
171
+
.initcall_core = lockdown_secfs_init,
173
172
};
+58
security/lsm.h
+58
security/lsm.h
···
1
+
// SPDX-License-Identifier: GPL-2.0-or-later
2
+
/*
3
+
* LSM functions
4
+
*/
5
+
6
+
#ifndef _LSM_H_
7
+
#define _LSM_H_
8
+
9
+
#include <linux/printk.h>
10
+
#include <linux/lsm_hooks.h>
11
+
#include <linux/lsm_count.h>
12
+
13
+
/* LSM debugging */
14
+
extern bool lsm_debug;
15
+
#define lsm_pr(...) pr_info(__VA_ARGS__)
16
+
#define lsm_pr_cont(...) pr_cont(__VA_ARGS__)
17
+
#define lsm_pr_dbg(...) \
18
+
do { \
19
+
if (lsm_debug) \
20
+
pr_info(__VA_ARGS__); \
21
+
} while (0)
22
+
23
+
/* List of configured LSMs */
24
+
extern unsigned int lsm_active_cnt;
25
+
extern const struct lsm_id *lsm_idlist[];
26
+
27
+
/* LSM blob configuration */
28
+
extern struct lsm_blob_sizes blob_sizes;
29
+
30
+
/* LSM blob caches */
31
+
extern struct kmem_cache *lsm_file_cache;
32
+
extern struct kmem_cache *lsm_inode_cache;
33
+
34
+
/* LSM blob allocators */
35
+
int lsm_cred_alloc(struct cred *cred, gfp_t gfp);
36
+
int lsm_task_alloc(struct task_struct *task);
37
+
38
+
/* LSM framework initializers */
39
+
40
+
#ifdef CONFIG_MMU
41
+
int min_addr_init(void);
42
+
#else
43
+
static inline int min_addr_init(void)
44
+
{
45
+
return 0;
46
+
}
47
+
#endif /* CONFIG_MMU */
48
+
49
+
#ifdef CONFIG_SECURITYFS
50
+
int securityfs_init(void);
51
+
#else
52
+
static inline int securityfs_init(void)
53
+
{
54
+
return 0;
55
+
}
56
+
#endif /* CONFIG_SECURITYFS */
57
+
58
+
#endif /* _LSM_H_ */
+564
security/lsm_init.c
+564
security/lsm_init.c
···
1
+
// SPDX-License-Identifier: GPL-2.0-or-later
2
+
/*
3
+
* LSM initialization functions
4
+
*/
5
+
6
+
#define pr_fmt(fmt) "LSM: " fmt
7
+
8
+
#include <linux/init.h>
9
+
#include <linux/lsm_hooks.h>
10
+
11
+
#include "lsm.h"
12
+
13
+
/* LSM enabled constants. */
14
+
static __initdata int lsm_enabled_true = 1;
15
+
static __initdata int lsm_enabled_false = 0;
16
+
17
+
/* Pointers to LSM sections defined in include/asm-generic/vmlinux.lds.h */
18
+
extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
19
+
extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
20
+
21
+
/* Number of "early" LSMs */
22
+
static __initdata unsigned int lsm_count_early;
23
+
24
+
/* Build and boot-time LSM ordering. */
25
+
static __initconst const char *const lsm_order_builtin = CONFIG_LSM;
26
+
static __initdata const char *lsm_order_cmdline;
27
+
static __initdata const char *lsm_order_legacy;
28
+
29
+
/* Ordered list of LSMs to initialize. */
30
+
static __initdata struct lsm_info *lsm_order[MAX_LSM_COUNT + 1];
31
+
static __initdata struct lsm_info *lsm_exclusive;
32
+
33
+
#define lsm_order_for_each(iter) \
34
+
for ((iter) = lsm_order; *(iter); (iter)++)
35
+
#define lsm_for_each_raw(iter) \
36
+
for ((iter) = __start_lsm_info; \
37
+
(iter) < __end_lsm_info; (iter)++)
38
+
#define lsm_early_for_each_raw(iter) \
39
+
for ((iter) = __start_early_lsm_info; \
40
+
(iter) < __end_early_lsm_info; (iter)++)
41
+
42
+
#define lsm_initcall(level) \
43
+
({ \
44
+
int _r, _rc = 0; \
45
+
struct lsm_info **_lp, *_l; \
46
+
lsm_order_for_each(_lp) { \
47
+
_l = *_lp; \
48
+
if (!_l->initcall_##level) \
49
+
continue; \
50
+
lsm_pr_dbg("running %s %s initcall", \
51
+
_l->id->name, #level); \
52
+
_r = _l->initcall_##level(); \
53
+
if (_r) { \
54
+
pr_warn("failed LSM %s %s initcall with errno %d\n", \
55
+
_l->id->name, #level, _r); \
56
+
if (!_rc) \
57
+
_rc = _r; \
58
+
} \
59
+
} \
60
+
_rc; \
61
+
})
62
+
63
+
/**
64
+
* lsm_choose_security - Legacy "major" LSM selection
65
+
* @str: kernel command line parameter
66
+
*/
67
+
static int __init lsm_choose_security(char *str)
68
+
{
69
+
lsm_order_legacy = str;
70
+
return 1;
71
+
}
72
+
__setup("security=", lsm_choose_security);
73
+
74
+
/**
75
+
* lsm_choose_lsm - Modern LSM selection
76
+
* @str: kernel command line parameter
77
+
*/
78
+
static int __init lsm_choose_lsm(char *str)
79
+
{
80
+
lsm_order_cmdline = str;
81
+
return 1;
82
+
}
83
+
__setup("lsm=", lsm_choose_lsm);
84
+
85
+
/**
86
+
* lsm_debug_enable - Enable LSM framework debugging
87
+
* @str: kernel command line parameter
88
+
*
89
+
* Currently we only provide debug info during LSM initialization, but we may
90
+
* want to expand this in the future.
91
+
*/
92
+
static int __init lsm_debug_enable(char *str)
93
+
{
94
+
lsm_debug = true;
95
+
return 1;
96
+
}
97
+
__setup("lsm.debug", lsm_debug_enable);
98
+
99
+
/**
100
+
* lsm_enabled_set - Mark a LSM as enabled
101
+
* @lsm: LSM definition
102
+
* @enabled: enabled flag
103
+
*/
104
+
static void __init lsm_enabled_set(struct lsm_info *lsm, bool enabled)
105
+
{
106
+
/*
107
+
* When an LSM hasn't configured an enable variable, we can use
108
+
* a hard-coded location for storing the default enabled state.
109
+
*/
110
+
if (!lsm->enabled ||
111
+
lsm->enabled == &lsm_enabled_true ||
112
+
lsm->enabled == &lsm_enabled_false) {
113
+
lsm->enabled = enabled ? &lsm_enabled_true : &lsm_enabled_false;
114
+
} else {
115
+
*lsm->enabled = enabled;
116
+
}
117
+
}
118
+
119
+
/**
120
+
* lsm_is_enabled - Determine if a LSM is enabled
121
+
* @lsm: LSM definition
122
+
*/
123
+
static inline bool lsm_is_enabled(struct lsm_info *lsm)
124
+
{
125
+
return (lsm->enabled ? *lsm->enabled : false);
126
+
}
127
+
128
+
/**
129
+
* lsm_order_exists - Determine if a LSM exists in the ordered list
130
+
* @lsm: LSM definition
131
+
*/
132
+
static bool __init lsm_order_exists(struct lsm_info *lsm)
133
+
{
134
+
struct lsm_info **check;
135
+
136
+
lsm_order_for_each(check) {
137
+
if (*check == lsm)
138
+
return true;
139
+
}
140
+
141
+
return false;
142
+
}
143
+
144
+
/**
145
+
* lsm_order_append - Append a LSM to the ordered list
146
+
* @lsm: LSM definition
147
+
* @src: source of the addition
148
+
*
149
+
* Append @lsm to the enabled LSM array after ensuring that it hasn't been
150
+
* explicitly disabled, is a duplicate entry, or would run afoul of the
151
+
* LSM_FLAG_EXCLUSIVE logic.
152
+
*/
153
+
static void __init lsm_order_append(struct lsm_info *lsm, const char *src)
154
+
{
155
+
/* Ignore duplicate selections. */
156
+
if (lsm_order_exists(lsm))
157
+
return;
158
+
159
+
/* Skip explicitly disabled LSMs. */
160
+
if (lsm->enabled && !lsm_is_enabled(lsm)) {
161
+
lsm_pr_dbg("skip previously disabled LSM %s:%s\n",
162
+
src, lsm->id->name);
163
+
return;
164
+
}
165
+
166
+
if (lsm_active_cnt == MAX_LSM_COUNT) {
167
+
pr_warn("exceeded maximum LSM count on %s:%s\n",
168
+
src, lsm->id->name);
169
+
lsm_enabled_set(lsm, false);
170
+
return;
171
+
}
172
+
173
+
if (lsm->flags & LSM_FLAG_EXCLUSIVE) {
174
+
if (lsm_exclusive) {
175
+
lsm_pr_dbg("skip exclusive LSM conflict %s:%s\n",
176
+
src, lsm->id->name);
177
+
lsm_enabled_set(lsm, false);
178
+
return;
179
+
} else {
180
+
lsm_pr_dbg("select exclusive LSM %s:%s\n",
181
+
src, lsm->id->name);
182
+
lsm_exclusive = lsm;
183
+
}
184
+
}
185
+
186
+
lsm_enabled_set(lsm, true);
187
+
lsm_order[lsm_active_cnt] = lsm;
188
+
lsm_idlist[lsm_active_cnt++] = lsm->id;
189
+
190
+
lsm_pr_dbg("enabling LSM %s:%s\n", src, lsm->id->name);
191
+
}
192
+
193
+
/**
194
+
* lsm_order_parse - Parse the comma delimited LSM list
195
+
* @list: LSM list
196
+
* @src: source of the list
197
+
*/
198
+
static void __init lsm_order_parse(const char *list, const char *src)
199
+
{
200
+
struct lsm_info *lsm;
201
+
char *sep, *name, *next;
202
+
203
+
/* Handle any Legacy LSM exclusions if one was specified. */
204
+
if (lsm_order_legacy) {
205
+
/*
206
+
* To match the original "security=" behavior, this explicitly
207
+
* does NOT fallback to another Legacy Major if the selected
208
+
* one was separately disabled: disable all non-matching
209
+
* Legacy Major LSMs.
210
+
*/
211
+
lsm_for_each_raw(lsm) {
212
+
if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) &&
213
+
strcmp(lsm->id->name, lsm_order_legacy)) {
214
+
lsm_enabled_set(lsm, false);
215
+
lsm_pr_dbg("skip legacy LSM conflict %s:%s\n",
216
+
src, lsm->id->name);
217
+
}
218
+
}
219
+
}
220
+
221
+
/* LSM_ORDER_FIRST */
222
+
lsm_for_each_raw(lsm) {
223
+
if (lsm->order == LSM_ORDER_FIRST)
224
+
lsm_order_append(lsm, "first");
225
+
}
226
+
227
+
/* Normal or "mutable" LSMs */
228
+
sep = kstrdup(list, GFP_KERNEL);
229
+
next = sep;
230
+
/* Walk the list, looking for matching LSMs. */
231
+
while ((name = strsep(&next, ",")) != NULL) {
232
+
lsm_for_each_raw(lsm) {
233
+
if (!strcmp(lsm->id->name, name) &&
234
+
lsm->order == LSM_ORDER_MUTABLE)
235
+
lsm_order_append(lsm, src);
236
+
}
237
+
}
238
+
kfree(sep);
239
+
240
+
/* Legacy LSM if specified. */
241
+
if (lsm_order_legacy) {
242
+
lsm_for_each_raw(lsm) {
243
+
if (!strcmp(lsm->id->name, lsm_order_legacy))
244
+
lsm_order_append(lsm, src);
245
+
}
246
+
}
247
+
248
+
/* LSM_ORDER_LAST */
249
+
lsm_for_each_raw(lsm) {
250
+
if (lsm->order == LSM_ORDER_LAST)
251
+
lsm_order_append(lsm, "last");
252
+
}
253
+
254
+
/* Disable all LSMs not previously enabled. */
255
+
lsm_for_each_raw(lsm) {
256
+
if (lsm_order_exists(lsm))
257
+
continue;
258
+
lsm_enabled_set(lsm, false);
259
+
lsm_pr_dbg("skip disabled LSM %s:%s\n", src, lsm->id->name);
260
+
}
261
+
}
262
+
263
+
/**
264
+
* lsm_blob_size_update - Update the LSM blob size and offset information
265
+
* @sz_req: the requested additional blob size
266
+
* @sz_cur: the existing blob size
267
+
*/
268
+
static void __init lsm_blob_size_update(unsigned int *sz_req,
269
+
unsigned int *sz_cur)
270
+
{
271
+
unsigned int offset;
272
+
273
+
if (*sz_req == 0)
274
+
return;
275
+
276
+
offset = ALIGN(*sz_cur, sizeof(void *));
277
+
*sz_cur = offset + *sz_req;
278
+
*sz_req = offset;
279
+
}
280
+
281
+
/**
282
+
* lsm_prepare - Prepare the LSM framework for a new LSM
283
+
* @lsm: LSM definition
284
+
*/
285
+
static void __init lsm_prepare(struct lsm_info *lsm)
286
+
{
287
+
struct lsm_blob_sizes *blobs = lsm->blobs;
288
+
289
+
if (!blobs)
290
+
return;
291
+
292
+
/* Register the LSM blob sizes. */
293
+
blobs = lsm->blobs;
294
+
lsm_blob_size_update(&blobs->lbs_cred, &blob_sizes.lbs_cred);
295
+
lsm_blob_size_update(&blobs->lbs_file, &blob_sizes.lbs_file);
296
+
lsm_blob_size_update(&blobs->lbs_ib, &blob_sizes.lbs_ib);
297
+
/* inode blob gets an rcu_head in addition to LSM blobs. */
298
+
if (blobs->lbs_inode && blob_sizes.lbs_inode == 0)
299
+
blob_sizes.lbs_inode = sizeof(struct rcu_head);
300
+
lsm_blob_size_update(&blobs->lbs_inode, &blob_sizes.lbs_inode);
301
+
lsm_blob_size_update(&blobs->lbs_ipc, &blob_sizes.lbs_ipc);
302
+
lsm_blob_size_update(&blobs->lbs_key, &blob_sizes.lbs_key);
303
+
lsm_blob_size_update(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
304
+
lsm_blob_size_update(&blobs->lbs_perf_event,
305
+
&blob_sizes.lbs_perf_event);
306
+
lsm_blob_size_update(&blobs->lbs_sock, &blob_sizes.lbs_sock);
307
+
lsm_blob_size_update(&blobs->lbs_superblock,
308
+
&blob_sizes.lbs_superblock);
309
+
lsm_blob_size_update(&blobs->lbs_task, &blob_sizes.lbs_task);
310
+
lsm_blob_size_update(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
311
+
lsm_blob_size_update(&blobs->lbs_xattr_count,
312
+
&blob_sizes.lbs_xattr_count);
313
+
lsm_blob_size_update(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
314
+
lsm_blob_size_update(&blobs->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
315
+
lsm_blob_size_update(&blobs->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
316
+
lsm_blob_size_update(&blobs->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
317
+
}
318
+
319
+
/**
320
+
* lsm_init_single - Initialize a given LSM
321
+
* @lsm: LSM definition
322
+
*/
323
+
static void __init lsm_init_single(struct lsm_info *lsm)
324
+
{
325
+
int ret;
326
+
327
+
if (!lsm_is_enabled(lsm))
328
+
return;
329
+
330
+
lsm_pr_dbg("initializing %s\n", lsm->id->name);
331
+
ret = lsm->init();
332
+
WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret);
333
+
}
334
+
335
+
/**
336
+
* lsm_static_call_init - Initialize a LSM's static calls
337
+
* @hl: LSM hook list
338
+
*/
339
+
static int __init lsm_static_call_init(struct security_hook_list *hl)
340
+
{
341
+
struct lsm_static_call *scall = hl->scalls;
342
+
int i;
343
+
344
+
for (i = 0; i < MAX_LSM_COUNT; i++) {
345
+
/* Update the first static call that is not used yet */
346
+
if (!scall->hl) {
347
+
__static_call_update(scall->key, scall->trampoline,
348
+
hl->hook.lsm_func_addr);
349
+
scall->hl = hl;
350
+
static_branch_enable(scall->active);
351
+
return 0;
352
+
}
353
+
scall++;
354
+
}
355
+
356
+
return -ENOSPC;
357
+
}
358
+
359
+
/**
360
+
* security_add_hooks - Add a LSM's hooks to the LSM framework's hook lists
361
+
* @hooks: LSM hooks to add
362
+
* @count: number of hooks to add
363
+
* @lsmid: identification information for the LSM
364
+
*
365
+
* Each LSM has to register its hooks with the LSM framework.
366
+
*/
367
+
void __init security_add_hooks(struct security_hook_list *hooks, int count,
368
+
const struct lsm_id *lsmid)
369
+
{
370
+
int i;
371
+
372
+
for (i = 0; i < count; i++) {
373
+
hooks[i].lsmid = lsmid;
374
+
if (lsm_static_call_init(&hooks[i]))
375
+
panic("exhausted LSM callback slots with LSM %s\n",
376
+
lsmid->name);
377
+
}
378
+
}
379
+
380
+
/**
381
+
* early_security_init - Initialize the early LSMs
382
+
*/
383
+
int __init early_security_init(void)
384
+
{
385
+
struct lsm_info *lsm;
386
+
387
+
/* NOTE: lsm_pr_dbg() doesn't work here as lsm_debug is not yet set */
388
+
389
+
lsm_early_for_each_raw(lsm) {
390
+
lsm_enabled_set(lsm, true);
391
+
lsm_order_append(lsm, "early");
392
+
lsm_prepare(lsm);
393
+
lsm_init_single(lsm);
394
+
lsm_count_early++;
395
+
}
396
+
397
+
return 0;
398
+
}
399
+
400
+
/**
401
+
* security_init - Initializes the LSM framework
402
+
*
403
+
* This should be called early in the kernel initialization sequence.
404
+
*/
405
+
int __init security_init(void)
406
+
{
407
+
unsigned int cnt;
408
+
struct lsm_info **lsm;
409
+
410
+
if (lsm_debug) {
411
+
struct lsm_info *i;
412
+
413
+
cnt = 0;
414
+
lsm_pr("available LSMs: ");
415
+
lsm_early_for_each_raw(i)
416
+
lsm_pr_cont("%s%s(E)", (cnt++ ? "," : ""), i->id->name);
417
+
lsm_for_each_raw(i)
418
+
lsm_pr_cont("%s%s", (cnt++ ? "," : ""), i->id->name);
419
+
lsm_pr_cont("\n");
420
+
421
+
lsm_pr("built-in LSM config: %s\n", lsm_order_builtin);
422
+
423
+
lsm_pr("legacy LSM parameter: %s\n", lsm_order_legacy);
424
+
lsm_pr("boot LSM parameter: %s\n", lsm_order_cmdline);
425
+
426
+
/* see the note about lsm_pr_dbg() in early_security_init() */
427
+
lsm_early_for_each_raw(i)
428
+
lsm_pr("enabled LSM early:%s\n", i->id->name);
429
+
}
430
+
431
+
if (lsm_order_cmdline) {
432
+
if (lsm_order_legacy)
433
+
lsm_order_legacy = NULL;
434
+
lsm_order_parse(lsm_order_cmdline, "cmdline");
435
+
} else
436
+
lsm_order_parse(lsm_order_builtin, "builtin");
437
+
438
+
lsm_order_for_each(lsm)
439
+
lsm_prepare(*lsm);
440
+
441
+
if (lsm_debug) {
442
+
lsm_pr("blob(cred) size %d\n", blob_sizes.lbs_cred);
443
+
lsm_pr("blob(file) size %d\n", blob_sizes.lbs_file);
444
+
lsm_pr("blob(ib) size %d\n", blob_sizes.lbs_ib);
445
+
lsm_pr("blob(inode) size %d\n", blob_sizes.lbs_inode);
446
+
lsm_pr("blob(ipc) size %d\n", blob_sizes.lbs_ipc);
447
+
lsm_pr("blob(key) size %d\n", blob_sizes.lbs_key);
448
+
lsm_pr("blob(msg_msg)_size %d\n", blob_sizes.lbs_msg_msg);
449
+
lsm_pr("blob(sock) size %d\n", blob_sizes.lbs_sock);
450
+
lsm_pr("blob(superblock) size %d\n", blob_sizes.lbs_superblock);
451
+
lsm_pr("blob(perf_event) size %d\n", blob_sizes.lbs_perf_event);
452
+
lsm_pr("blob(task) size %d\n", blob_sizes.lbs_task);
453
+
lsm_pr("blob(tun_dev) size %d\n", blob_sizes.lbs_tun_dev);
454
+
lsm_pr("blob(xattr) count %d\n", blob_sizes.lbs_xattr_count);
455
+
lsm_pr("blob(bdev) size %d\n", blob_sizes.lbs_bdev);
456
+
lsm_pr("blob(bpf_map) size %d\n", blob_sizes.lbs_bpf_map);
457
+
lsm_pr("blob(bpf_prog) size %d\n", blob_sizes.lbs_bpf_prog);
458
+
lsm_pr("blob(bpf_token) size %d\n", blob_sizes.lbs_bpf_token);
459
+
}
460
+
461
+
if (blob_sizes.lbs_file)
462
+
lsm_file_cache = kmem_cache_create("lsm_file_cache",
463
+
blob_sizes.lbs_file, 0,
464
+
SLAB_PANIC, NULL);
465
+
if (blob_sizes.lbs_inode)
466
+
lsm_inode_cache = kmem_cache_create("lsm_inode_cache",
467
+
blob_sizes.lbs_inode, 0,
468
+
SLAB_PANIC, NULL);
469
+
470
+
if (lsm_cred_alloc((struct cred *)unrcu_pointer(current->cred),
471
+
GFP_KERNEL))
472
+
panic("early LSM cred alloc failed\n");
473
+
if (lsm_task_alloc(current))
474
+
panic("early LSM task alloc failed\n");
475
+
476
+
cnt = 0;
477
+
lsm_order_for_each(lsm) {
478
+
/* skip the "early" LSMs as they have already been setup */
479
+
if (cnt++ < lsm_count_early)
480
+
continue;
481
+
lsm_init_single(*lsm);
482
+
}
483
+
484
+
return 0;
485
+
}
486
+
487
+
/**
488
+
* security_initcall_pure - Run the LSM pure initcalls
489
+
*/
490
+
static int __init security_initcall_pure(void)
491
+
{
492
+
int rc_adr, rc_lsm;
493
+
494
+
rc_adr = min_addr_init();
495
+
rc_lsm = lsm_initcall(pure);
496
+
497
+
return (rc_adr ? rc_adr : rc_lsm);
498
+
}
499
+
pure_initcall(security_initcall_pure);
500
+
501
+
/**
502
+
* security_initcall_early - Run the LSM early initcalls
503
+
*/
504
+
static int __init security_initcall_early(void)
505
+
{
506
+
return lsm_initcall(early);
507
+
}
508
+
early_initcall(security_initcall_early);
509
+
510
+
/**
511
+
* security_initcall_core - Run the LSM core initcalls
512
+
*/
513
+
static int __init security_initcall_core(void)
514
+
{
515
+
int rc_sfs, rc_lsm;
516
+
517
+
rc_sfs = securityfs_init();
518
+
rc_lsm = lsm_initcall(core);
519
+
520
+
return (rc_sfs ? rc_sfs : rc_lsm);
521
+
}
522
+
core_initcall(security_initcall_core);
523
+
524
+
/**
525
+
* security_initcall_subsys - Run the LSM subsys initcalls
526
+
*/
527
+
static int __init security_initcall_subsys(void)
528
+
{
529
+
return lsm_initcall(subsys);
530
+
}
531
+
subsys_initcall(security_initcall_subsys);
532
+
533
+
/**
534
+
* security_initcall_fs - Run the LSM fs initcalls
535
+
*/
536
+
static int __init security_initcall_fs(void)
537
+
{
538
+
return lsm_initcall(fs);
539
+
}
540
+
fs_initcall(security_initcall_fs);
541
+
542
+
/**
543
+
* security_initcall_device - Run the LSM device initcalls
544
+
*/
545
+
static int __init security_initcall_device(void)
546
+
{
547
+
return lsm_initcall(device);
548
+
}
549
+
device_initcall(security_initcall_device);
550
+
551
+
/**
552
+
* security_initcall_late - Run the LSM late initcalls
553
+
*/
554
+
static int __init security_initcall_late(void)
555
+
{
556
+
int rc;
557
+
558
+
rc = lsm_initcall(late);
559
+
lsm_pr_dbg("all enabled LSMs fully activated\n");
560
+
call_blocking_lsm_notifier(LSM_STARTED_ALL, NULL);
561
+
562
+
return rc;
563
+
}
564
+
late_initcall(security_initcall_late);
+31
security/lsm_notifier.c
+31
security/lsm_notifier.c
···
1
+
// SPDX-License-Identifier: GPL-2.0-or-later
2
+
/*
3
+
* LSM notifier functions
4
+
*
5
+
*/
6
+
7
+
#include <linux/notifier.h>
8
+
#include <linux/security.h>
9
+
10
+
static BLOCKING_NOTIFIER_HEAD(blocking_lsm_notifier_chain);
11
+
12
+
int call_blocking_lsm_notifier(enum lsm_event event, void *data)
13
+
{
14
+
return blocking_notifier_call_chain(&blocking_lsm_notifier_chain,
15
+
event, data);
16
+
}
17
+
EXPORT_SYMBOL(call_blocking_lsm_notifier);
18
+
19
+
int register_blocking_lsm_notifier(struct notifier_block *nb)
20
+
{
21
+
return blocking_notifier_chain_register(&blocking_lsm_notifier_chain,
22
+
nb);
23
+
}
24
+
EXPORT_SYMBOL(register_blocking_lsm_notifier);
25
+
26
+
int unregister_blocking_lsm_notifier(struct notifier_block *nb)
27
+
{
28
+
return blocking_notifier_chain_unregister(&blocking_lsm_notifier_chain,
29
+
nb);
30
+
}
31
+
EXPORT_SYMBOL(unregister_blocking_lsm_notifier);
+2
security/lsm_syscalls.c
+2
security/lsm_syscalls.c
+3
-2
security/min_addr.c
+3
-2
security/min_addr.c
···
5
5
#include <linux/sysctl.h>
6
6
#include <linux/minmax.h>
7
7
8
+
#include "lsm.h"
9
+
8
10
/* amount of vm to protect from userspace access by both DAC and the LSM*/
9
11
unsigned long mmap_min_addr;
10
12
/* amount of vm to protect from userspace using CAP_SYS_RAWIO (DAC) */
···
54
52
},
55
53
};
56
54
57
-
static int __init init_mmap_min_addr(void)
55
+
int __init min_addr_init(void)
58
56
{
59
57
register_sysctl_init("vm", min_addr_sysctl_table);
60
58
update_mmap_min_addr();
61
59
62
60
return 0;
63
61
}
64
-
pure_initcall(init_mmap_min_addr);
+2
-1
security/safesetid/lsm.c
+2
-1
security/safesetid/lsm.c
+2
security/safesetid/lsm.h
+2
security/safesetid/lsm.h
+1
-2
security/safesetid/securityfs.c
+1
-2
security/safesetid/securityfs.c
···
308
308
.write = safesetid_gid_file_write,
309
309
};
310
310
311
-
static int __init safesetid_init_securityfs(void)
311
+
int __init safesetid_init_securityfs(void)
312
312
{
313
313
int ret;
314
314
struct dentry *policy_dir;
···
345
345
securityfs_remove(policy_dir);
346
346
return ret;
347
347
}
348
-
fs_initcall(safesetid_init_securityfs);
+38
-585
security/security.c
+38
-585
security/security.c
···
32
32
#include <net/flow.h>
33
33
#include <net/sock.h>
34
34
35
-
#define SECURITY_HOOK_ACTIVE_KEY(HOOK, IDX) security_hook_active_##HOOK##_##IDX
36
-
37
-
/*
38
-
* Identifier for the LSM static calls.
39
-
* HOOK is an LSM hook as defined in linux/lsm_hookdefs.h
40
-
* IDX is the index of the static call. 0 <= NUM < MAX_LSM_COUNT
41
-
*/
42
-
#define LSM_STATIC_CALL(HOOK, IDX) lsm_static_call_##HOOK##_##IDX
43
-
44
-
/*
45
-
* Call the macro M for each LSM hook MAX_LSM_COUNT times.
46
-
*/
47
-
#define LSM_LOOP_UNROLL(M, ...) \
48
-
do { \
49
-
UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__) \
50
-
} while (0)
51
-
52
-
#define LSM_DEFINE_UNROLL(M, ...) UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__)
35
+
#include "lsm.h"
53
36
54
37
/*
55
38
* These are descriptions of the reasons that can be passed to the
···
73
90
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
74
91
};
75
92
76
-
static BLOCKING_NOTIFIER_HEAD(blocking_lsm_notifier_chain);
93
+
bool lsm_debug __ro_after_init;
77
94
78
-
static struct kmem_cache *lsm_file_cache;
79
-
static struct kmem_cache *lsm_inode_cache;
95
+
unsigned int lsm_active_cnt __ro_after_init;
96
+
const struct lsm_id *lsm_idlist[MAX_LSM_COUNT];
80
97
81
-
char *lsm_names;
82
-
static struct lsm_blob_sizes blob_sizes __ro_after_init;
98
+
struct lsm_blob_sizes blob_sizes;
83
99
84
-
/* Boot-time LSM user choice */
85
-
static __initdata const char *chosen_lsm_order;
86
-
static __initdata const char *chosen_major_lsm;
100
+
struct kmem_cache *lsm_file_cache;
101
+
struct kmem_cache *lsm_inode_cache;
87
102
88
-
static __initconst const char *const builtin_lsm_order = CONFIG_LSM;
103
+
#define SECURITY_HOOK_ACTIVE_KEY(HOOK, IDX) security_hook_active_##HOOK##_##IDX
89
104
90
-
/* Ordered list of LSMs to initialize. */
91
-
static __initdata struct lsm_info *ordered_lsms[MAX_LSM_COUNT + 1];
92
-
static __initdata struct lsm_info *exclusive;
105
+
/*
106
+
* Identifier for the LSM static calls.
107
+
* HOOK is an LSM hook as defined in linux/lsm_hookdefs.h
108
+
* IDX is the index of the static call. 0 <= NUM < MAX_LSM_COUNT
109
+
*/
110
+
#define LSM_STATIC_CALL(HOOK, IDX) lsm_static_call_##HOOK##_##IDX
111
+
112
+
/*
113
+
* Call the macro M for each LSM hook MAX_LSM_COUNT times.
114
+
*/
115
+
#define LSM_LOOP_UNROLL(M, ...) \
116
+
do { \
117
+
UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__) \
118
+
} while (0)
119
+
120
+
#define LSM_DEFINE_UNROLL(M, ...) UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__)
93
121
94
122
#ifdef CONFIG_HAVE_STATIC_CALL
95
123
#define LSM_HOOK_TRAMP(NAME, NUM) \
···
151
157
#undef INIT_LSM_STATIC_CALL
152
158
};
153
159
154
-
static __initdata bool debug;
155
-
#define init_debug(...) \
156
-
do { \
157
-
if (debug) \
158
-
pr_info(__VA_ARGS__); \
159
-
} while (0)
160
-
161
-
static bool __init is_enabled(struct lsm_info *lsm)
162
-
{
163
-
if (!lsm->enabled)
164
-
return false;
165
-
166
-
return *lsm->enabled;
167
-
}
168
-
169
-
/* Mark an LSM's enabled flag. */
170
-
static int lsm_enabled_true __initdata = 1;
171
-
static int lsm_enabled_false __initdata = 0;
172
-
static void __init set_enabled(struct lsm_info *lsm, bool enabled)
173
-
{
174
-
/*
175
-
* When an LSM hasn't configured an enable variable, we can use
176
-
* a hard-coded location for storing the default enabled state.
177
-
*/
178
-
if (!lsm->enabled) {
179
-
if (enabled)
180
-
lsm->enabled = &lsm_enabled_true;
181
-
else
182
-
lsm->enabled = &lsm_enabled_false;
183
-
} else if (lsm->enabled == &lsm_enabled_true) {
184
-
if (!enabled)
185
-
lsm->enabled = &lsm_enabled_false;
186
-
} else if (lsm->enabled == &lsm_enabled_false) {
187
-
if (enabled)
188
-
lsm->enabled = &lsm_enabled_true;
189
-
} else {
190
-
*lsm->enabled = enabled;
191
-
}
192
-
}
193
-
194
-
/* Is an LSM already listed in the ordered LSMs list? */
195
-
static bool __init exists_ordered_lsm(struct lsm_info *lsm)
196
-
{
197
-
struct lsm_info **check;
198
-
199
-
for (check = ordered_lsms; *check; check++)
200
-
if (*check == lsm)
201
-
return true;
202
-
203
-
return false;
204
-
}
205
-
206
-
/* Append an LSM to the list of ordered LSMs to initialize. */
207
-
static int last_lsm __initdata;
208
-
static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
209
-
{
210
-
/* Ignore duplicate selections. */
211
-
if (exists_ordered_lsm(lsm))
212
-
return;
213
-
214
-
if (WARN(last_lsm == MAX_LSM_COUNT, "%s: out of LSM static calls!?\n", from))
215
-
return;
216
-
217
-
/* Enable this LSM, if it is not already set. */
218
-
if (!lsm->enabled)
219
-
lsm->enabled = &lsm_enabled_true;
220
-
ordered_lsms[last_lsm++] = lsm;
221
-
222
-
init_debug("%s ordered: %s (%s)\n", from, lsm->name,
223
-
is_enabled(lsm) ? "enabled" : "disabled");
224
-
}
225
-
226
-
/* Is an LSM allowed to be initialized? */
227
-
static bool __init lsm_allowed(struct lsm_info *lsm)
228
-
{
229
-
/* Skip if the LSM is disabled. */
230
-
if (!is_enabled(lsm))
231
-
return false;
232
-
233
-
/* Not allowed if another exclusive LSM already initialized. */
234
-
if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) {
235
-
init_debug("exclusive disabled: %s\n", lsm->name);
236
-
return false;
237
-
}
238
-
239
-
return true;
240
-
}
241
-
242
-
static void __init lsm_set_blob_size(int *need, int *lbs)
243
-
{
244
-
int offset;
245
-
246
-
if (*need <= 0)
247
-
return;
248
-
249
-
offset = ALIGN(*lbs, sizeof(void *));
250
-
*lbs = offset + *need;
251
-
*need = offset;
252
-
}
253
-
254
-
static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
255
-
{
256
-
if (!needed)
257
-
return;
258
-
259
-
lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred);
260
-
lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file);
261
-
lsm_set_blob_size(&needed->lbs_ib, &blob_sizes.lbs_ib);
262
-
/*
263
-
* The inode blob gets an rcu_head in addition to
264
-
* what the modules might need.
265
-
*/
266
-
if (needed->lbs_inode && blob_sizes.lbs_inode == 0)
267
-
blob_sizes.lbs_inode = sizeof(struct rcu_head);
268
-
lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode);
269
-
lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc);
270
-
lsm_set_blob_size(&needed->lbs_key, &blob_sizes.lbs_key);
271
-
lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
272
-
lsm_set_blob_size(&needed->lbs_perf_event, &blob_sizes.lbs_perf_event);
273
-
lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock);
274
-
lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock);
275
-
lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task);
276
-
lsm_set_blob_size(&needed->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
277
-
lsm_set_blob_size(&needed->lbs_xattr_count,
278
-
&blob_sizes.lbs_xattr_count);
279
-
lsm_set_blob_size(&needed->lbs_bdev, &blob_sizes.lbs_bdev);
280
-
lsm_set_blob_size(&needed->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
281
-
lsm_set_blob_size(&needed->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
282
-
lsm_set_blob_size(&needed->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
283
-
}
284
-
285
-
/* Prepare LSM for initialization. */
286
-
static void __init prepare_lsm(struct lsm_info *lsm)
287
-
{
288
-
int enabled = lsm_allowed(lsm);
289
-
290
-
/* Record enablement (to handle any following exclusive LSMs). */
291
-
set_enabled(lsm, enabled);
292
-
293
-
/* If enabled, do pre-initialization work. */
294
-
if (enabled) {
295
-
if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {
296
-
exclusive = lsm;
297
-
init_debug("exclusive chosen: %s\n", lsm->name);
298
-
}
299
-
300
-
lsm_set_blob_sizes(lsm->blobs);
301
-
}
302
-
}
303
-
304
-
/* Initialize a given LSM, if it is enabled. */
305
-
static void __init initialize_lsm(struct lsm_info *lsm)
306
-
{
307
-
if (is_enabled(lsm)) {
308
-
int ret;
309
-
310
-
init_debug("initializing %s\n", lsm->name);
311
-
ret = lsm->init();
312
-
WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
313
-
}
314
-
}
315
-
316
-
/*
317
-
* Current index to use while initializing the lsm id list.
318
-
*/
319
-
u32 lsm_active_cnt __ro_after_init;
320
-
const struct lsm_id *lsm_idlist[MAX_LSM_COUNT];
321
-
322
-
/* Populate ordered LSMs list from comma-separated LSM name list. */
323
-
static void __init ordered_lsm_parse(const char *order, const char *origin)
324
-
{
325
-
struct lsm_info *lsm;
326
-
char *sep, *name, *next;
327
-
328
-
/* LSM_ORDER_FIRST is always first. */
329
-
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
330
-
if (lsm->order == LSM_ORDER_FIRST)
331
-
append_ordered_lsm(lsm, " first");
332
-
}
333
-
334
-
/* Process "security=", if given. */
335
-
if (chosen_major_lsm) {
336
-
struct lsm_info *major;
337
-
338
-
/*
339
-
* To match the original "security=" behavior, this
340
-
* explicitly does NOT fallback to another Legacy Major
341
-
* if the selected one was separately disabled: disable
342
-
* all non-matching Legacy Major LSMs.
343
-
*/
344
-
for (major = __start_lsm_info; major < __end_lsm_info;
345
-
major++) {
346
-
if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
347
-
strcmp(major->name, chosen_major_lsm) != 0) {
348
-
set_enabled(major, false);
349
-
init_debug("security=%s disabled: %s (only one legacy major LSM)\n",
350
-
chosen_major_lsm, major->name);
351
-
}
352
-
}
353
-
}
354
-
355
-
sep = kstrdup(order, GFP_KERNEL);
356
-
next = sep;
357
-
/* Walk the list, looking for matching LSMs. */
358
-
while ((name = strsep(&next, ",")) != NULL) {
359
-
bool found = false;
360
-
361
-
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
362
-
if (strcmp(lsm->name, name) == 0) {
363
-
if (lsm->order == LSM_ORDER_MUTABLE)
364
-
append_ordered_lsm(lsm, origin);
365
-
found = true;
366
-
}
367
-
}
368
-
369
-
if (!found)
370
-
init_debug("%s ignored: %s (not built into kernel)\n",
371
-
origin, name);
372
-
}
373
-
374
-
/* Process "security=", if given. */
375
-
if (chosen_major_lsm) {
376
-
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
377
-
if (exists_ordered_lsm(lsm))
378
-
continue;
379
-
if (strcmp(lsm->name, chosen_major_lsm) == 0)
380
-
append_ordered_lsm(lsm, "security=");
381
-
}
382
-
}
383
-
384
-
/* LSM_ORDER_LAST is always last. */
385
-
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
386
-
if (lsm->order == LSM_ORDER_LAST)
387
-
append_ordered_lsm(lsm, " last");
388
-
}
389
-
390
-
/* Disable all LSMs not in the ordered list. */
391
-
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
392
-
if (exists_ordered_lsm(lsm))
393
-
continue;
394
-
set_enabled(lsm, false);
395
-
init_debug("%s skipped: %s (not in requested order)\n",
396
-
origin, lsm->name);
397
-
}
398
-
399
-
kfree(sep);
400
-
}
401
-
402
-
static void __init lsm_static_call_init(struct security_hook_list *hl)
403
-
{
404
-
struct lsm_static_call *scall = hl->scalls;
405
-
int i;
406
-
407
-
for (i = 0; i < MAX_LSM_COUNT; i++) {
408
-
/* Update the first static call that is not used yet */
409
-
if (!scall->hl) {
410
-
__static_call_update(scall->key, scall->trampoline,
411
-
hl->hook.lsm_func_addr);
412
-
scall->hl = hl;
413
-
static_branch_enable(scall->active);
414
-
return;
415
-
}
416
-
scall++;
417
-
}
418
-
panic("%s - Ran out of static slots.\n", __func__);
419
-
}
420
-
421
-
static void __init lsm_early_cred(struct cred *cred);
422
-
static void __init lsm_early_task(struct task_struct *task);
423
-
424
-
static int lsm_append(const char *new, char **result);
425
-
426
-
static void __init report_lsm_order(void)
427
-
{
428
-
struct lsm_info **lsm, *early;
429
-
int first = 0;
430
-
431
-
pr_info("initializing lsm=");
432
-
433
-
/* Report each enabled LSM name, comma separated. */
434
-
for (early = __start_early_lsm_info;
435
-
early < __end_early_lsm_info; early++)
436
-
if (is_enabled(early))
437
-
pr_cont("%s%s", first++ == 0 ? "" : ",", early->name);
438
-
for (lsm = ordered_lsms; *lsm; lsm++)
439
-
if (is_enabled(*lsm))
440
-
pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name);
441
-
442
-
pr_cont("\n");
443
-
}
444
-
445
-
static void __init ordered_lsm_init(void)
446
-
{
447
-
struct lsm_info **lsm;
448
-
449
-
if (chosen_lsm_order) {
450
-
if (chosen_major_lsm) {
451
-
pr_warn("security=%s is ignored because it is superseded by lsm=%s\n",
452
-
chosen_major_lsm, chosen_lsm_order);
453
-
chosen_major_lsm = NULL;
454
-
}
455
-
ordered_lsm_parse(chosen_lsm_order, "cmdline");
456
-
} else
457
-
ordered_lsm_parse(builtin_lsm_order, "builtin");
458
-
459
-
for (lsm = ordered_lsms; *lsm; lsm++)
460
-
prepare_lsm(*lsm);
461
-
462
-
report_lsm_order();
463
-
464
-
init_debug("cred blob size = %d\n", blob_sizes.lbs_cred);
465
-
init_debug("file blob size = %d\n", blob_sizes.lbs_file);
466
-
init_debug("ib blob size = %d\n", blob_sizes.lbs_ib);
467
-
init_debug("inode blob size = %d\n", blob_sizes.lbs_inode);
468
-
init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc);
469
-
#ifdef CONFIG_KEYS
470
-
init_debug("key blob size = %d\n", blob_sizes.lbs_key);
471
-
#endif /* CONFIG_KEYS */
472
-
init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg);
473
-
init_debug("sock blob size = %d\n", blob_sizes.lbs_sock);
474
-
init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock);
475
-
init_debug("perf event blob size = %d\n", blob_sizes.lbs_perf_event);
476
-
init_debug("task blob size = %d\n", blob_sizes.lbs_task);
477
-
init_debug("tun device blob size = %d\n", blob_sizes.lbs_tun_dev);
478
-
init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count);
479
-
init_debug("bdev blob size = %d\n", blob_sizes.lbs_bdev);
480
-
init_debug("bpf map blob size = %d\n", blob_sizes.lbs_bpf_map);
481
-
init_debug("bpf prog blob size = %d\n", blob_sizes.lbs_bpf_prog);
482
-
init_debug("bpf token blob size = %d\n", blob_sizes.lbs_bpf_token);
483
-
484
-
/*
485
-
* Create any kmem_caches needed for blobs
486
-
*/
487
-
if (blob_sizes.lbs_file)
488
-
lsm_file_cache = kmem_cache_create("lsm_file_cache",
489
-
blob_sizes.lbs_file, 0,
490
-
SLAB_PANIC, NULL);
491
-
if (blob_sizes.lbs_inode)
492
-
lsm_inode_cache = kmem_cache_create("lsm_inode_cache",
493
-
blob_sizes.lbs_inode, 0,
494
-
SLAB_PANIC, NULL);
495
-
496
-
lsm_early_cred((struct cred *) current->cred);
497
-
lsm_early_task(current);
498
-
for (lsm = ordered_lsms; *lsm; lsm++)
499
-
initialize_lsm(*lsm);
500
-
}
501
-
502
-
int __init early_security_init(void)
503
-
{
504
-
struct lsm_info *lsm;
505
-
506
-
for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
507
-
if (!lsm->enabled)
508
-
lsm->enabled = &lsm_enabled_true;
509
-
prepare_lsm(lsm);
510
-
initialize_lsm(lsm);
511
-
}
512
-
513
-
return 0;
514
-
}
515
-
516
160
/**
517
-
* security_init - initializes the security framework
161
+
* lsm_file_alloc - allocate a composite file blob
162
+
* @file: the file that needs a blob
518
163
*
519
-
* This should be called early in the kernel initialization sequence.
164
+
* Allocate the file blob for all the modules
165
+
*
166
+
* Returns 0, or -ENOMEM if memory can't be allocated.
520
167
*/
521
-
int __init security_init(void)
168
+
static int lsm_file_alloc(struct file *file)
522
169
{
523
-
struct lsm_info *lsm;
524
-
525
-
init_debug("legacy security=%s\n", chosen_major_lsm ? : " *unspecified*");
526
-
init_debug(" CONFIG_LSM=%s\n", builtin_lsm_order);
527
-
init_debug("boot arg lsm=%s\n", chosen_lsm_order ? : " *unspecified*");
528
-
529
-
/*
530
-
* Append the names of the early LSM modules now that kmalloc() is
531
-
* available
532
-
*/
533
-
for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
534
-
init_debug(" early started: %s (%s)\n", lsm->name,
535
-
is_enabled(lsm) ? "enabled" : "disabled");
536
-
if (lsm->enabled)
537
-
lsm_append(lsm->name, &lsm_names);
170
+
if (!lsm_file_cache) {
171
+
file->f_security = NULL;
172
+
return 0;
538
173
}
539
174
540
-
/* Load LSMs in specified order. */
541
-
ordered_lsm_init();
542
-
175
+
file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL);
176
+
if (file->f_security == NULL)
177
+
return -ENOMEM;
543
178
return 0;
544
179
}
545
-
546
-
/* Save user chosen LSM */
547
-
static int __init choose_major_lsm(char *str)
548
-
{
549
-
chosen_major_lsm = str;
550
-
return 1;
551
-
}
552
-
__setup("security=", choose_major_lsm);
553
-
554
-
/* Explicitly choose LSM initialization order. */
555
-
static int __init choose_lsm_order(char *str)
556
-
{
557
-
chosen_lsm_order = str;
558
-
return 1;
559
-
}
560
-
__setup("lsm=", choose_lsm_order);
561
-
562
-
/* Enable LSM order debugging. */
563
-
static int __init enable_debug(char *str)
564
-
{
565
-
debug = true;
566
-
return 1;
567
-
}
568
-
__setup("lsm.debug", enable_debug);
569
-
570
-
static bool match_last_lsm(const char *list, const char *lsm)
571
-
{
572
-
const char *last;
573
-
574
-
if (WARN_ON(!list || !lsm))
575
-
return false;
576
-
last = strrchr(list, ',');
577
-
if (last)
578
-
/* Pass the comma, strcmp() will check for '\0' */
579
-
last++;
580
-
else
581
-
last = list;
582
-
return !strcmp(last, lsm);
583
-
}
584
-
585
-
static int lsm_append(const char *new, char **result)
586
-
{
587
-
char *cp;
588
-
589
-
if (*result == NULL) {
590
-
*result = kstrdup(new, GFP_KERNEL);
591
-
if (*result == NULL)
592
-
return -ENOMEM;
593
-
} else {
594
-
/* Check if it is the last registered name */
595
-
if (match_last_lsm(*result, new))
596
-
return 0;
597
-
cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new);
598
-
if (cp == NULL)
599
-
return -ENOMEM;
600
-
kfree(*result);
601
-
*result = cp;
602
-
}
603
-
return 0;
604
-
}
605
-
606
-
/**
607
-
* security_add_hooks - Add a modules hooks to the hook lists.
608
-
* @hooks: the hooks to add
609
-
* @count: the number of hooks to add
610
-
* @lsmid: the identification information for the security module
611
-
*
612
-
* Each LSM has to register its hooks with the infrastructure.
613
-
*/
614
-
void __init security_add_hooks(struct security_hook_list *hooks, int count,
615
-
const struct lsm_id *lsmid)
616
-
{
617
-
int i;
618
-
619
-
/*
620
-
* A security module may call security_add_hooks() more
621
-
* than once during initialization, and LSM initialization
622
-
* is serialized. Landlock is one such case.
623
-
* Look at the previous entry, if there is one, for duplication.
624
-
*/
625
-
if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt - 1] != lsmid) {
626
-
if (lsm_active_cnt >= MAX_LSM_COUNT)
627
-
panic("%s Too many LSMs registered.\n", __func__);
628
-
lsm_idlist[lsm_active_cnt++] = lsmid;
629
-
}
630
-
631
-
for (i = 0; i < count; i++) {
632
-
hooks[i].lsmid = lsmid;
633
-
lsm_static_call_init(&hooks[i]);
634
-
}
635
-
636
-
/*
637
-
* Don't try to append during early_security_init(), we'll come back
638
-
* and fix this up afterwards.
639
-
*/
640
-
if (slab_is_available()) {
641
-
if (lsm_append(lsmid->name, &lsm_names) < 0)
642
-
panic("%s - Cannot get early memory.\n", __func__);
643
-
}
644
-
}
645
-
646
-
int call_blocking_lsm_notifier(enum lsm_event event, void *data)
647
-
{
648
-
return blocking_notifier_call_chain(&blocking_lsm_notifier_chain,
649
-
event, data);
650
-
}
651
-
EXPORT_SYMBOL(call_blocking_lsm_notifier);
652
-
653
-
int register_blocking_lsm_notifier(struct notifier_block *nb)
654
-
{
655
-
return blocking_notifier_chain_register(&blocking_lsm_notifier_chain,
656
-
nb);
657
-
}
658
-
EXPORT_SYMBOL(register_blocking_lsm_notifier);
659
-
660
-
int unregister_blocking_lsm_notifier(struct notifier_block *nb)
661
-
{
662
-
return blocking_notifier_chain_unregister(&blocking_lsm_notifier_chain,
663
-
nb);
664
-
}
665
-
EXPORT_SYMBOL(unregister_blocking_lsm_notifier);
666
180
667
181
/**
668
182
* lsm_blob_alloc - allocate a composite blob
···
204
702
*
205
703
* Returns 0, or -ENOMEM if memory can't be allocated.
206
704
*/
207
-
static int lsm_cred_alloc(struct cred *cred, gfp_t gfp)
705
+
int lsm_cred_alloc(struct cred *cred, gfp_t gfp)
208
706
{
209
707
return lsm_blob_alloc(&cred->security, blob_sizes.lbs_cred, gfp);
210
-
}
211
-
212
-
/**
213
-
* lsm_early_cred - during initialization allocate a composite cred blob
214
-
* @cred: the cred that needs a blob
215
-
*
216
-
* Allocate the cred blob for all the modules
217
-
*/
218
-
static void __init lsm_early_cred(struct cred *cred)
219
-
{
220
-
int rc = lsm_cred_alloc(cred, GFP_KERNEL);
221
-
222
-
if (rc)
223
-
panic("%s: Early cred alloc failed.\n", __func__);
224
-
}
225
-
226
-
/**
227
-
* lsm_file_alloc - allocate a composite file blob
228
-
* @file: the file that needs a blob
229
-
*
230
-
* Allocate the file blob for all the modules
231
-
*
232
-
* Returns 0, or -ENOMEM if memory can't be allocated.
233
-
*/
234
-
static int lsm_file_alloc(struct file *file)
235
-
{
236
-
if (!lsm_file_cache) {
237
-
file->f_security = NULL;
238
-
return 0;
239
-
}
240
-
241
-
file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL);
242
-
if (file->f_security == NULL)
243
-
return -ENOMEM;
244
-
return 0;
245
708
}
246
709
247
710
/**
···
239
772
*
240
773
* Returns 0, or -ENOMEM if memory can't be allocated.
241
774
*/
242
-
static int lsm_task_alloc(struct task_struct *task)
775
+
int lsm_task_alloc(struct task_struct *task)
243
776
{
244
777
return lsm_blob_alloc(&task->security, blob_sizes.lbs_task, GFP_KERNEL);
245
778
}
···
340
873
return lsm_blob_alloc(&token->security, blob_sizes.lbs_bpf_token, GFP_KERNEL);
341
874
}
342
875
#endif /* CONFIG_BPF_SYSCALL */
343
-
344
-
/**
345
-
* lsm_early_task - during initialization allocate a composite task blob
346
-
* @task: the task that needs a blob
347
-
*
348
-
* Allocate the task blob for all the modules
349
-
*/
350
-
static void __init lsm_early_task(struct task_struct *task)
351
-
{
352
-
int rc = lsm_task_alloc(task);
353
-
354
-
if (rc)
355
-
panic("%s: Early task alloc failed.\n", __func__);
356
-
}
357
876
358
877
/**
359
878
* lsm_superblock_alloc - allocate a composite superblock blob
+1
-1
security/selinux/Makefile
+1
-1
security/selinux/Makefile
···
15
15
ccflags-$(CONFIG_SECURITY_SELINUX_DEBUG) += -DDEBUG
16
16
17
17
selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \
18
-
netnode.o netport.o status.o \
18
+
netnode.o netport.o status.o initcalls.o \
19
19
ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
20
20
ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/context.o
21
21
+8
-3
security/selinux/hooks.c
+8
-3
security/selinux/hooks.c
···
94
94
#include <linux/io_uring/cmd.h>
95
95
#include <uapi/linux/lsm.h>
96
96
97
+
#include "initcalls.h"
97
98
#include "avc.h"
98
99
#include "objsec.h"
99
100
#include "netif.h"
···
7618
7617
if (avc_add_callback(selinux_lsm_notifier_avc_callback, AVC_CALLBACK_RESET))
7619
7618
panic("SELinux: Unable to register AVC LSM notifier callback\n");
7620
7619
7620
+
if (avc_add_callback(selinux_audit_rule_avc_callback,
7621
+
AVC_CALLBACK_RESET))
7622
+
panic("SELinux: Unable to register AVC audit callback\n");
7623
+
7621
7624
if (selinux_enforcing_boot)
7622
7625
pr_debug("SELinux: Starting in enforcing mode\n");
7623
7626
else
···
7649
7644
/* SELinux requires early initialization in order to label
7650
7645
all processes and objects when they are created. */
7651
7646
DEFINE_LSM(selinux) = {
7652
-
.name = "selinux",
7647
+
.id = &selinux_lsmid,
7653
7648
.flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
7654
7649
.enabled = &selinux_enabled_boot,
7655
7650
.blobs = &selinux_blob_sizes,
7656
7651
.init = selinux_init,
7652
+
.initcall_device = selinux_initcall,
7657
7653
};
7658
7654
7659
7655
#if defined(CONFIG_NETFILTER)
···
7716
7710
.exit = selinux_nf_unregister,
7717
7711
};
7718
7712
7719
-
static int __init selinux_nf_ip_init(void)
7713
+
int __init selinux_nf_ip_init(void)
7720
7714
{
7721
7715
int err;
7722
7716
···
7731
7725
7732
7726
return 0;
7733
7727
}
7734
-
__initcall(selinux_nf_ip_init);
7735
7728
#endif /* CONFIG_NETFILTER */
+2
-3
security/selinux/ibpkey.c
+2
-3
security/selinux/ibpkey.c
···
23
23
#include <linux/list.h>
24
24
#include <linux/spinlock.h>
25
25
26
+
#include "initcalls.h"
26
27
#include "ibpkey.h"
27
28
#include "objsec.h"
28
29
···
219
218
spin_unlock_irqrestore(&sel_ib_pkey_lock, flags);
220
219
}
221
220
222
-
static __init int sel_ib_pkey_init(void)
221
+
int __init sel_ib_pkey_init(void)
223
222
{
224
223
int iter;
225
224
···
233
232
234
233
return 0;
235
234
}
236
-
237
-
subsys_initcall(sel_ib_pkey_init);
+9
security/selinux/include/audit.h
+9
security/selinux/include/audit.h
···
16
16
#include <linux/types.h>
17
17
18
18
/**
19
+
* selinux_audit_rule_avc_callback - update the audit LSM rules on AVC events.
20
+
* @event: the AVC event
21
+
*
22
+
* Update any audit LSM rules based on the AVC event specified in @event.
23
+
* Returns 0 on success, negative values otherwise.
24
+
*/
25
+
int selinux_audit_rule_avc_callback(u32 event);
26
+
27
+
/**
19
28
* selinux_audit_rule_init - alloc/init an selinux audit rule structure.
20
29
* @field: the field this rule refers to
21
30
* @op: the operator the rule uses
+19
security/selinux/include/initcalls.h
+19
security/selinux/include/initcalls.h
···
1
+
// SPDX-License-Identifier: GPL-2.0-only
2
+
/*
3
+
* SELinux initcalls
4
+
*/
5
+
6
+
#ifndef _SELINUX_INITCALLS_H
7
+
#define _SELINUX_INITCALLS_H
8
+
9
+
int init_sel_fs(void);
10
+
int sel_netport_init(void);
11
+
int sel_netnode_init(void);
12
+
int sel_netif_init(void);
13
+
int sel_netlink_init(void);
14
+
int sel_ib_pkey_init(void);
15
+
int selinux_nf_ip_init(void);
16
+
17
+
int selinux_initcall(void);
18
+
19
+
#endif
+52
security/selinux/initcalls.c
+52
security/selinux/initcalls.c
···
1
+
// SPDX-License-Identifier: GPL-2.0-only
2
+
/*
3
+
* SELinux initcalls
4
+
*/
5
+
6
+
#include <linux/init.h>
7
+
8
+
#include "initcalls.h"
9
+
10
+
/**
11
+
* selinux_initcall - Perform the SELinux initcalls
12
+
*
13
+
* Used as a device initcall in the SELinux LSM definition.
14
+
*/
15
+
int __init selinux_initcall(void)
16
+
{
17
+
int rc = 0, rc_tmp = 0;
18
+
19
+
rc_tmp = init_sel_fs();
20
+
if (!rc && rc_tmp)
21
+
rc = rc_tmp;
22
+
23
+
rc_tmp = sel_netport_init();
24
+
if (!rc && rc_tmp)
25
+
rc = rc_tmp;
26
+
27
+
rc_tmp = sel_netnode_init();
28
+
if (!rc && rc_tmp)
29
+
rc = rc_tmp;
30
+
31
+
rc_tmp = sel_netif_init();
32
+
if (!rc && rc_tmp)
33
+
rc = rc_tmp;
34
+
35
+
rc_tmp = sel_netlink_init();
36
+
if (!rc && rc_tmp)
37
+
rc = rc_tmp;
38
+
39
+
#if defined(CONFIG_SECURITY_INFINIBAND)
40
+
rc_tmp = sel_ib_pkey_init();
41
+
if (!rc && rc_tmp)
42
+
rc = rc_tmp;
43
+
#endif
44
+
45
+
#if defined(CONFIG_NETFILTER)
46
+
rc_tmp = selinux_nf_ip_init();
47
+
if (!rc && rc_tmp)
48
+
rc = rc_tmp;
49
+
#endif
50
+
51
+
return rc;
52
+
}
+2
-3
security/selinux/netif.c
+2
-3
security/selinux/netif.c
···
22
22
#include <linux/rcupdate.h>
23
23
#include <net/net_namespace.h>
24
24
25
+
#include "initcalls.h"
25
26
#include "security.h"
26
27
#include "objsec.h"
27
28
#include "netif.h"
···
266
265
.notifier_call = sel_netif_netdev_notifier_handler,
267
266
};
268
267
269
-
static __init int sel_netif_init(void)
268
+
int __init sel_netif_init(void)
270
269
{
271
270
int i;
272
271
···
280
279
281
280
return 0;
282
281
}
283
-
284
-
__initcall(sel_netif_init);
285
282
+2
-3
security/selinux/netlink.c
+2
-3
security/selinux/netlink.c
···
17
17
#include <net/net_namespace.h>
18
18
#include <net/netlink.h>
19
19
20
+
#include "initcalls.h"
20
21
#include "security.h"
21
22
22
23
static struct sock *selnl __ro_after_init;
···
106
105
selnl_notify(SELNL_MSG_POLICYLOAD, &seqno);
107
106
}
108
107
109
-
static int __init selnl_init(void)
108
+
int __init sel_netlink_init(void)
110
109
{
111
110
struct netlink_kernel_cfg cfg = {
112
111
.groups = SELNLGRP_MAX,
···
118
117
panic("SELinux: Cannot create netlink socket.");
119
118
return 0;
120
119
}
121
-
122
-
__initcall(selnl_init);
+2
-3
security/selinux/netnode.c
+2
-3
security/selinux/netnode.c
···
30
30
#include <net/ip.h>
31
31
#include <net/ipv6.h>
32
32
33
+
#include "initcalls.h"
33
34
#include "netnode.h"
34
35
#include "objsec.h"
35
36
···
291
290
spin_unlock_bh(&sel_netnode_lock);
292
291
}
293
292
294
-
static __init int sel_netnode_init(void)
293
+
int __init sel_netnode_init(void)
295
294
{
296
295
int iter;
297
296
···
305
304
306
305
return 0;
307
306
}
308
-
309
-
__initcall(sel_netnode_init);
+2
-3
security/selinux/netport.c
+2
-3
security/selinux/netport.c
···
29
29
#include <net/ip.h>
30
30
#include <net/ipv6.h>
31
31
32
+
#include "initcalls.h"
32
33
#include "netport.h"
33
34
#include "objsec.h"
34
35
···
219
218
spin_unlock_bh(&sel_netport_lock);
220
219
}
221
220
222
-
static __init int sel_netport_init(void)
221
+
int __init sel_netport_init(void)
223
222
{
224
223
int iter;
225
224
···
233
232
234
233
return 0;
235
234
}
236
-
237
-
__initcall(sel_netport_init);
+2
-3
security/selinux/selinuxfs.c
+2
-3
security/selinux/selinuxfs.c
···
35
35
/* selinuxfs pseudo filesystem for exporting the security policy API.
36
36
Based on the proc code and the fs/nfsd/nfsctl.c code. */
37
37
38
+
#include "initcalls.h"
38
39
#include "flask.h"
39
40
#include "avc.h"
40
41
#include "avc_ss.h"
···
2134
2133
2135
2134
struct path selinux_null __ro_after_init;
2136
2135
2137
-
static int __init init_sel_fs(void)
2136
+
int __init init_sel_fs(void)
2138
2137
{
2139
2138
struct qstr null_name = QSTR_INIT(NULL_FILE_NAME,
2140
2139
sizeof(NULL_FILE_NAME)-1);
···
2178
2177
2179
2178
return err;
2180
2179
}
2181
-
2182
-
__initcall(init_sel_fs);
+7
-19
security/selinux/ss/services.c
+7
-19
security/selinux/ss/services.c
···
3570
3570
struct context au_ctxt;
3571
3571
};
3572
3572
3573
+
int selinux_audit_rule_avc_callback(u32 event)
3574
+
{
3575
+
if (event == AVC_CALLBACK_RESET)
3576
+
return audit_update_lsm_rules();
3577
+
return 0;
3578
+
}
3579
+
3573
3580
void selinux_audit_rule_free(void *vrule)
3574
3581
{
3575
3582
struct selinux_audit_rule *rule = vrule;
···
3826
3819
rcu_read_unlock();
3827
3820
return match;
3828
3821
}
3829
-
3830
-
static int aurule_avc_callback(u32 event)
3831
-
{
3832
-
if (event == AVC_CALLBACK_RESET)
3833
-
return audit_update_lsm_rules();
3834
-
return 0;
3835
-
}
3836
-
3837
-
static int __init aurule_init(void)
3838
-
{
3839
-
int err;
3840
-
3841
-
err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET);
3842
-
if (err)
3843
-
panic("avc_add_callback() failed, error %d\n", err);
3844
-
3845
-
return err;
3846
-
}
3847
-
__initcall(aurule_init);
3848
3822
3849
3823
#ifdef CONFIG_NETLABEL
3850
3824
/**
+14
security/smack/smack.h
+14
security/smack/smack.h
···
276
276
};
277
277
278
278
/*
279
+
* Initialization
280
+
*/
281
+
#if defined(CONFIG_SECURITY_SMACK_NETFILTER)
282
+
int smack_nf_ip_init(void);
283
+
#else
284
+
static inline int smack_nf_ip_init(void)
285
+
{
286
+
return 0;
287
+
}
288
+
#endif
289
+
int init_smk_fs(void);
290
+
int smack_initcall(void);
291
+
292
+
/*
279
293
* These functions are in smack_access.c
280
294
*/
281
295
int smk_access_entry(char *, char *, struct list_head *);
+10
-1
security/smack/smack_lsm.c
+10
-1
security/smack/smack_lsm.c
···
5275
5275
return 0;
5276
5276
}
5277
5277
5278
+
int __init smack_initcall(void)
5279
+
{
5280
+
int rc_fs = init_smk_fs();
5281
+
int rc_nf = smack_nf_ip_init();
5282
+
5283
+
return rc_fs ? rc_fs : rc_nf;
5284
+
}
5285
+
5278
5286
/*
5279
5287
* Smack requires early initialization in order to label
5280
5288
* all processes and objects when they are created.
5281
5289
*/
5282
5290
DEFINE_LSM(smack) = {
5283
-
.name = "smack",
5291
+
.id = &smack_lsmid,
5284
5292
.flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
5285
5293
.blobs = &smack_blob_sizes,
5286
5294
.init = smack_init,
5295
+
.initcall_device = smack_initcall,
5287
5296
};
+1
-3
security/smack/smack_netfilter.c
+1
-3
security/smack/smack_netfilter.c
···
68
68
.exit = smack_nf_unregister,
69
69
};
70
70
71
-
static int __init smack_nf_ip_init(void)
71
+
int __init smack_nf_ip_init(void)
72
72
{
73
73
if (smack_enabled == 0)
74
74
return 0;
···
76
76
printk(KERN_DEBUG "Smack: Registering netfilter hooks\n");
77
77
return register_pernet_subsys(&smack_net_ops);
78
78
}
79
-
80
-
__initcall(smack_nf_ip_init);
+1
-3
security/smack/smackfs.c
+1
-3
security/smack/smackfs.c
···
2978
2978
* Returns true if we were not chosen on boot or if
2979
2979
* we were chosen and filesystem registration succeeded.
2980
2980
*/
2981
-
static int __init init_smk_fs(void)
2981
+
int __init init_smk_fs(void)
2982
2982
{
2983
2983
int err;
2984
2984
int rc;
···
3021
3021
3022
3022
return err;
3023
3023
}
3024
-
3025
-
__initcall(init_smk_fs);
+2
security/tomoyo/common.h
+2
security/tomoyo/common.h
···
924
924
925
925
/********** Function prototypes. **********/
926
926
927
+
int tomoyo_interface_init(void);
928
+
927
929
bool tomoyo_address_matches_group(const bool is_ipv6, const __be32 *address,
928
930
const struct tomoyo_group *group);
929
931
bool tomoyo_compare_number_union(const unsigned long value,
+1
-3
security/tomoyo/securityfs_if.c
+1
-3
security/tomoyo/securityfs_if.c
···
233
233
*
234
234
* Returns 0.
235
235
*/
236
-
static int __init tomoyo_interface_init(void)
236
+
int __init tomoyo_interface_init(void)
237
237
{
238
238
struct tomoyo_domain_info *domain;
239
239
struct dentry *tomoyo_dir;
···
269
269
tomoyo_load_builtin_policy();
270
270
return 0;
271
271
}
272
-
273
-
fs_initcall(tomoyo_interface_init);
+2
-1
security/tomoyo/tomoyo.c
+2
-1
security/tomoyo/tomoyo.c
···
612
612
}
613
613
614
614
DEFINE_LSM(tomoyo) = {
615
-
.name = "tomoyo",
615
+
.id = &tomoyo_lsmid,
616
616
.enabled = &tomoyo_enabled,
617
617
.flags = LSM_FLAG_LEGACY_MAJOR,
618
618
.blobs = &tomoyo_blob_sizes,
619
619
.init = tomoyo_init,
620
+
.initcall_fs = tomoyo_interface_init,
620
621
};