Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
lsm: consolidate lsm_allowed() and prepare_lsm() into lsm_prepare()
Simplify and consolidate the lsm_allowed() and prepare_lsm() functions
into a new function, lsm_prepare().
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
+46
-63
+46
-63
security/lsm_init.c
+46
-63
security/lsm_init.c
···
123
123
is_enabled(lsm) ? "enabled" : "disabled");
124
124
}
125
125
126
-
/* Is an LSM allowed to be initialized? */
127
-
static bool __init lsm_allowed(struct lsm_info *lsm)
128
-
{
129
-
/* Skip if the LSM is disabled. */
130
-
if (!is_enabled(lsm))
131
-
return false;
132
-
133
-
/* Not allowed if another exclusive LSM already initialized. */
134
-
if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) {
135
-
init_debug("exclusive disabled: %s\n", lsm->name);
136
-
return false;
137
-
}
138
-
139
-
return true;
140
-
}
141
-
142
126
static void __init lsm_set_blob_size(int *need, int *lbs)
143
127
{
144
128
int offset;
···
135
151
*need = offset;
136
152
}
137
153
138
-
static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
154
+
/**
155
+
* lsm_prepare - Prepare the LSM framework for a new LSM
156
+
* @lsm: LSM definition
157
+
*/
158
+
static void __init lsm_prepare(struct lsm_info *lsm)
139
159
{
140
-
if (!needed)
160
+
struct lsm_blob_sizes *blobs;
161
+
162
+
if (!is_enabled(lsm)) {
163
+
set_enabled(lsm, false);
141
164
return;
142
-
143
-
lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred);
144
-
lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file);
145
-
lsm_set_blob_size(&needed->lbs_ib, &blob_sizes.lbs_ib);
146
-
/*
147
-
* The inode blob gets an rcu_head in addition to
148
-
* what the modules might need.
149
-
*/
150
-
if (needed->lbs_inode && blob_sizes.lbs_inode == 0)
151
-
blob_sizes.lbs_inode = sizeof(struct rcu_head);
152
-
lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode);
153
-
lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc);
154
-
lsm_set_blob_size(&needed->lbs_key, &blob_sizes.lbs_key);
155
-
lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
156
-
lsm_set_blob_size(&needed->lbs_perf_event, &blob_sizes.lbs_perf_event);
157
-
lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock);
158
-
lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock);
159
-
lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task);
160
-
lsm_set_blob_size(&needed->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
161
-
lsm_set_blob_size(&needed->lbs_xattr_count,
162
-
&blob_sizes.lbs_xattr_count);
163
-
lsm_set_blob_size(&needed->lbs_bdev, &blob_sizes.lbs_bdev);
164
-
lsm_set_blob_size(&needed->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
165
-
lsm_set_blob_size(&needed->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
166
-
lsm_set_blob_size(&needed->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
167
-
}
168
-
169
-
/* Prepare LSM for initialization. */
170
-
static void __init prepare_lsm(struct lsm_info *lsm)
171
-
{
172
-
int enabled = lsm_allowed(lsm);
173
-
174
-
/* Record enablement (to handle any following exclusive LSMs). */
175
-
set_enabled(lsm, enabled);
176
-
177
-
/* If enabled, do pre-initialization work. */
178
-
if (enabled) {
179
-
if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {
180
-
exclusive = lsm;
181
-
init_debug("exclusive chosen: %s\n", lsm->name);
182
-
}
183
-
184
-
lsm_set_blob_sizes(lsm->blobs);
165
+
} else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) {
166
+
init_debug("exclusive disabled: %s\n", lsm->name);
167
+
set_enabled(lsm, false);
168
+
return;
185
169
}
170
+
171
+
/* Mark the LSM as enabled. */
172
+
set_enabled(lsm, true);
173
+
if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {
174
+
init_debug("exclusive chosen: %s\n", lsm->name);
175
+
exclusive = lsm;
176
+
}
177
+
178
+
/* Register the LSM blob sizes. */
179
+
blobs = lsm->blobs;
180
+
lsm_set_blob_size(&blobs->lbs_cred, &blob_sizes.lbs_cred);
181
+
lsm_set_blob_size(&blobs->lbs_file, &blob_sizes.lbs_file);
182
+
lsm_set_blob_size(&blobs->lbs_ib, &blob_sizes.lbs_ib);
183
+
/* inode blob gets an rcu_head in addition to LSM blobs. */
184
+
if (blobs->lbs_inode && blob_sizes.lbs_inode == 0)
185
+
blob_sizes.lbs_inode = sizeof(struct rcu_head);
186
+
lsm_set_blob_size(&blobs->lbs_inode, &blob_sizes.lbs_inode);
187
+
lsm_set_blob_size(&blobs->lbs_ipc, &blob_sizes.lbs_ipc);
188
+
lsm_set_blob_size(&blobs->lbs_key, &blob_sizes.lbs_key);
189
+
lsm_set_blob_size(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
190
+
lsm_set_blob_size(&blobs->lbs_perf_event, &blob_sizes.lbs_perf_event);
191
+
lsm_set_blob_size(&blobs->lbs_sock, &blob_sizes.lbs_sock);
192
+
lsm_set_blob_size(&blobs->lbs_superblock, &blob_sizes.lbs_superblock);
193
+
lsm_set_blob_size(&blobs->lbs_task, &blob_sizes.lbs_task);
194
+
lsm_set_blob_size(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
195
+
lsm_set_blob_size(&blobs->lbs_xattr_count,
196
+
&blob_sizes.lbs_xattr_count);
197
+
lsm_set_blob_size(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
198
+
lsm_set_blob_size(&blobs->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
199
+
lsm_set_blob_size(&blobs->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
200
+
lsm_set_blob_size(&blobs->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
186
201
}
187
202
188
203
/* Initialize a given LSM, if it is enabled. */
···
344
361
ordered_lsm_parse(builtin_lsm_order, "builtin");
345
362
346
363
for (lsm = ordered_lsms; *lsm; lsm++)
347
-
prepare_lsm(*lsm);
364
+
lsm_prepare(*lsm);
348
365
349
366
report_lsm_order();
350
367
···
488
505
for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
489
506
if (!lsm->enabled)
490
507
lsm->enabled = &lsm_enabled_true;
491
-
prepare_lsm(lsm);
508
+
lsm_prepare(lsm);
492
509
initialize_lsm(lsm);
493
510
}
494
511