tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

lsm: rename/rework ordered_lsm_parse() to lsm_order_parse()

Rename ordered_lsm_parse() to lsm_order_parse() for the sake of
consistency with the other LSM initialization routines, and also
do some minor rework of the function. Aside from some minor style
decisions, the majority of the rework involved shuffling the order
of the LSM_FLAG_LEGACY and LSM_ORDER_FIRST code so that the
LSM_FLAG_LEGACY checks are handled first; it is important to note
that this doesn't affect the order in which the LSMs are registered.

Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

Paul Moore 752db065 24a9c589

+37 -45
+37 -45
security/lsm_init.c
··· 228 228 } 229 229 } 230 230 231 - /* Populate ordered LSMs list from comma-separated LSM name list. */ 232 - static void __init ordered_lsm_parse(const char *order, const char *origin) 231 + /** 232 + * lsm_order_parse - Parse the comma delimited LSM list 233 + * @list: LSM list 234 + * @src: source of the list 235 + */ 236 + static void __init lsm_order_parse(const char *list, const char *src) 233 237 { 234 238 struct lsm_info *lsm; 235 239 char *sep, *name, *next; 236 240 237 - /* LSM_ORDER_FIRST is always first. */ 238 - lsm_for_each_raw(lsm) { 239 - if (lsm->order == LSM_ORDER_FIRST) 240 - lsm_order_append(lsm, " first"); 241 - } 242 - 243 - /* Process "security=", if given. */ 241 + /* Handle any Legacy LSM exclusions if one was specified. */ 244 242 if (lsm_order_legacy) { 245 - struct lsm_info *major; 246 - 247 243 /* 248 - * To match the original "security=" behavior, this 249 - * explicitly does NOT fallback to another Legacy Major 250 - * if the selected one was separately disabled: disable 251 - * all non-matching Legacy Major LSMs. 244 + * To match the original "security=" behavior, this explicitly 245 + * does NOT fallback to another Legacy Major if the selected 246 + * one was separately disabled: disable all non-matching 247 + * Legacy Major LSMs. 252 248 */ 253 - lsm_for_each_raw(major) { 254 - if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && 255 - strcmp(major->id->name, lsm_order_legacy) != 0) { 256 - lsm_enabled_set(major, false); 249 + lsm_for_each_raw(lsm) { 250 + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) && 251 + strcmp(lsm->id->name, lsm_order_legacy)) { 252 + lsm_enabled_set(lsm, false); 257 253 init_debug("security=%s disabled: %s (only one legacy major LSM)\n", 258 - lsm_order_legacy, major->id->name); 254 + lsm_order_legacy, lsm->id->name); 259 255 } 260 256 } 261 257 } 262 258 263 - sep = kstrdup(order, GFP_KERNEL); 259 + /* LSM_ORDER_FIRST */ 260 + lsm_for_each_raw(lsm) { 261 + if (lsm->order == LSM_ORDER_FIRST) 262 + lsm_order_append(lsm, "first"); 263 + } 264 + 265 + /* Normal or "mutable" LSMs */ 266 + sep = kstrdup(list, GFP_KERNEL); 264 267 next = sep; 265 268 /* Walk the list, looking for matching LSMs. */ 266 269 while ((name = strsep(&next, ",")) != NULL) { 267 - bool found = false; 268 - 269 270 lsm_for_each_raw(lsm) { 270 - if (strcmp(lsm->id->name, name) == 0) { 271 - if (lsm->order == LSM_ORDER_MUTABLE) 272 - lsm_order_append(lsm, origin); 273 - found = true; 274 - } 271 + if (!strcmp(lsm->id->name, name) && 272 + lsm->order == LSM_ORDER_MUTABLE) 273 + lsm_order_append(lsm, src); 275 274 } 276 - 277 - if (!found) 278 - init_debug("%s ignored: %s (not built into kernel)\n", 279 - origin, name); 280 275 } 276 + kfree(sep); 281 277 282 - /* Process "security=", if given. */ 278 + /* Legacy LSM if specified. */ 283 279 if (lsm_order_legacy) { 284 280 lsm_for_each_raw(lsm) { 285 - if (lsm_order_exists(lsm)) 286 - continue; 287 - if (strcmp(lsm->id->name, lsm_order_legacy) == 0) 288 - lsm_order_append(lsm, "security="); 281 + if (!strcmp(lsm->id->name, lsm_order_legacy)) 282 + lsm_order_append(lsm, src); 289 283 } 290 284 } 291 285 292 - /* LSM_ORDER_LAST is always last. */ 286 + /* LSM_ORDER_LAST */ 293 287 lsm_for_each_raw(lsm) { 294 288 if (lsm->order == LSM_ORDER_LAST) 295 - lsm_order_append(lsm, " last"); 289 + lsm_order_append(lsm, "last"); 296 290 } 297 291 298 - /* Disable all LSMs not in the ordered list. */ 292 + /* Disable all LSMs not previously enabled. */ 299 293 lsm_for_each_raw(lsm) { 300 294 if (lsm_order_exists(lsm)) 301 295 continue; 302 296 lsm_enabled_set(lsm, false); 303 297 init_debug("%s skipped: %s (not in requested order)\n", 304 - origin, lsm->id->name); 298 + src, lsm->id->name); 305 299 } 306 - 307 - kfree(sep); 308 300 } 309 301 310 302 /** ··· 314 322 lsm_order_legacy, lsm_order_cmdline); 315 323 lsm_order_legacy = NULL; 316 324 } 317 - ordered_lsm_parse(lsm_order_cmdline, "cmdline"); 325 + lsm_order_parse(lsm_order_cmdline, "cmdline"); 318 326 } else 319 - ordered_lsm_parse(lsm_order_builtin, "builtin"); 327 + lsm_order_parse(lsm_order_builtin, "builtin"); 320 328 321 329 lsm_order_for_each(lsm) { 322 330 lsm_prepare(*lsm);