Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

lsm: rework lsm_active_cnt and lsm_idlist[] 

Move the LSM active count and lsm_id list declarations out of a header
that is visible across the kernel and into a header that is limited to
the LSM framework.  This not only helps keep the include/linux headers
smaller and cleaner, it helps prevent misuse of these variables.

Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Paul Moore 2025-02-12 15:36:51 -05:00
parent 592b104f9b
commit 250898ca33
5 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/linux/security.h
View File

@ -167,8 +167,6 @@ struct lsm_prop {
}; };
extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
extern u32 lsm_active_cnt;
extern const struct lsm_id *lsm_idlist[];
/* These functions are in security/commoncap.c */ /* These functions are in security/commoncap.c */
extern int cap_capable(const struct cred *cred, struct user_namespace *ns, extern int cap_capable(const struct cred *cred, struct user_namespace *ns,

5
security/lsm.h
View File

@ -7,6 +7,11 @@
#define _LSM_H_ #define _LSM_H_
#include <linux/lsm_hooks.h> #include <linux/lsm_hooks.h>
#include <linux/lsm_count.h>
/* List of configured LSMs */
extern unsigned int lsm_active_cnt;
extern const struct lsm_id *lsm_idlist[];
/* LSM blob configuration */ /* LSM blob configuration */
extern struct lsm_blob_sizes blob_sizes; extern struct lsm_blob_sizes blob_sizes;

6
security/lsm_init.c
View File

@ -217,12 +217,6 @@ static void __init initialize_lsm(struct lsm_info *lsm)
} }
} }
/*
* Current index to use while initializing the lsm id list.
*/
u32 lsm_active_cnt __ro_after_init;
const struct lsm_id *lsm_idlist[MAX_LSM_COUNT];
/* Populate ordered LSMs list from comma-separated LSM name list. */ /* Populate ordered LSMs list from comma-separated LSM name list. */
static void __init ordered_lsm_parse(const char *order, const char *origin) static void __init ordered_lsm_parse(const char *order, const char *origin)
{ {

2
security/lsm_syscalls.c
View File

@ -17,6 +17,8 @@
#include <linux/lsm_hooks.h> #include <linux/lsm_hooks.h>
#include <uapi/linux/lsm.h> #include <uapi/linux/lsm.h>
#include "lsm.h"
/** /**
* lsm_name_to_attr - map an LSM attribute name to its ID * lsm_name_to_attr - map an LSM attribute name to its ID
* @name: name of the attribute * @name: name of the attribute

3
security/security.c
View File

@ -73,6 +73,9 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX + 1] = {
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
}; };
unsigned int lsm_active_cnt __ro_after_init;
const struct lsm_id *lsm_idlist[MAX_LSM_COUNT];
struct lsm_blob_sizes blob_sizes; struct lsm_blob_sizes blob_sizes;
struct kmem_cache *lsm_file_cache; struct kmem_cache *lsm_file_cache;