tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

lsm: rename/rework append_ordered_lsm() into lsm_order_append()

Rename append_ordered_lsm() to lsm_order_append() to better match
convention and do some rework. The rework includes moving the
LSM_FLAG_EXCLUSIVE logic from lsm_prepare() to lsm_order_append()
in order to consolidate the individual LSM append/activation code,
and adding logic to skip appending explicitly disabled LSMs to the
active LSM list.

Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

Paul Moore 24a9c589 a748372a

+43 -33
+43 -33
security/lsm_init.c
··· 124 124 return false; 125 125 } 126 126 127 - /* Append an LSM to the list of ordered LSMs to initialize. */ 128 - static int last_lsm __initdata; 129 - static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from) 127 + /** 128 + * lsm_order_append - Append a LSM to the ordered list 129 + * @lsm: LSM definition 130 + * @src: source of the addition 131 + * 132 + * Append @lsm to the enabled LSM array after ensuring that it hasn't been 133 + * explicitly disabled, is a duplicate entry, or would run afoul of the 134 + * LSM_FLAG_EXCLUSIVE logic. 135 + */ 136 + static void __init lsm_order_append(struct lsm_info *lsm, const char *src) 130 137 { 131 138 /* Ignore duplicate selections. */ 132 139 if (lsm_order_exists(lsm)) 133 140 return; 134 141 135 - if (WARN(last_lsm == MAX_LSM_COUNT, "%s: out of LSM static calls!?\n", from)) 136 - return; 142 + /* Skip explicitly disabled LSMs. */ 143 + if (lsm->enabled && !lsm_is_enabled(lsm)) 144 + goto out; 137 145 138 - /* Enable this LSM, if it is not already set. */ 139 - if (!lsm->enabled) 140 - lsm->enabled = &lsm_enabled_true; 141 - lsm_order[last_lsm] = lsm; 142 - lsm_idlist[last_lsm++] = lsm->id; 146 + if (WARN(lsm_active_cnt == MAX_LSM_COUNT, 147 + "%s: out of LSM static calls!?\n", src)) { 148 + lsm_enabled_set(lsm, false); 149 + goto out; 150 + } 143 151 144 - init_debug("%s ordered: %s (%s)\n", from, lsm->id->name, 152 + if (lsm->flags & LSM_FLAG_EXCLUSIVE) { 153 + if (lsm_exclusive) { 154 + init_debug("exclusive disabled: %s\n", lsm->id->name); 155 + lsm_enabled_set(lsm, false); 156 + goto out; 157 + } else { 158 + init_debug("exclusive chosen: %s\n", lsm->id->name); 159 + lsm_exclusive = lsm; 160 + } 161 + } 162 + 163 + lsm_enabled_set(lsm, true); 164 + lsm_order[lsm_active_cnt] = lsm; 165 + lsm_idlist[lsm_active_cnt++] = lsm->id; 166 + 167 + out: 168 + init_debug("%s ordered: %s (%s)\n", src, lsm->id->name, 145 169 lsm_is_enabled(lsm) ? "enabled" : "disabled"); 146 170 } 147 171 ··· 187 163 */ 188 164 static void __init lsm_prepare(struct lsm_info *lsm) 189 165 { 190 - struct lsm_blob_sizes *blobs; 166 + struct lsm_blob_sizes *blobs = lsm->blobs; 191 167 192 - if (!lsm_is_enabled(lsm)) { 193 - lsm_enabled_set(lsm, false); 168 + if (!blobs) 194 169 return; 195 - } else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && lsm_exclusive) { 196 - init_debug("exclusive disabled: %s\n", lsm->id->name); 197 - lsm_enabled_set(lsm, false); 198 - return; 199 - } 200 - 201 - /* Mark the LSM as enabled. */ 202 - lsm_enabled_set(lsm, true); 203 - if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !lsm_exclusive) { 204 - init_debug("exclusive chosen: %s\n", lsm->id->name); 205 - lsm_exclusive = lsm; 206 - } 207 170 208 171 /* Register the LSM blob sizes. */ 209 - blobs = lsm->blobs; 210 172 lsm_set_blob_size(&blobs->lbs_cred, &blob_sizes.lbs_cred); 211 173 lsm_set_blob_size(&blobs->lbs_file, &blob_sizes.lbs_file); 212 174 lsm_set_blob_size(&blobs->lbs_ib, &blob_sizes.lbs_ib); ··· 237 227 /* LSM_ORDER_FIRST is always first. */ 238 228 lsm_for_each_raw(lsm) { 239 229 if (lsm->order == LSM_ORDER_FIRST) 240 - append_ordered_lsm(lsm, " first"); 230 + lsm_order_append(lsm, " first"); 241 231 } 242 232 243 233 /* Process "security=", if given. */ ··· 269 259 lsm_for_each_raw(lsm) { 270 260 if (strcmp(lsm->id->name, name) == 0) { 271 261 if (lsm->order == LSM_ORDER_MUTABLE) 272 - append_ordered_lsm(lsm, origin); 262 + lsm_order_append(lsm, origin); 273 263 found = true; 274 264 } 275 265 } ··· 285 275 if (lsm_order_exists(lsm)) 286 276 continue; 287 277 if (strcmp(lsm->id->name, lsm_order_legacy) == 0) 288 - append_ordered_lsm(lsm, "security="); 278 + lsm_order_append(lsm, "security="); 289 279 } 290 280 } 291 281 292 282 /* LSM_ORDER_LAST is always last. */ 293 283 lsm_for_each_raw(lsm) { 294 284 if (lsm->order == LSM_ORDER_LAST) 295 - append_ordered_lsm(lsm, " last"); 285 + lsm_order_append(lsm, " last"); 296 286 } 297 287 298 288 /* Disable all LSMs not in the ordered list. */ ··· 425 415 struct lsm_info *lsm; 426 416 427 417 lsm_early_for_each_raw(lsm) { 428 - if (!lsm->enabled) 429 - lsm->enabled = &lsm_enabled_true; 418 + lsm_enabled_set(lsm, true); 419 + lsm_order_append(lsm, "early"); 430 420 lsm_prepare(lsm); 431 421 initialize_lsm(lsm); 432 422 }