lsm: consolidate all of the LSM framework initcalls

The LSM framework itself registers a small number of initcalls, this patch converts these initcalls into the new initcall mechanism. Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: John Johansen <john.johhansen@canonical.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2025-02-18 17:25:20 -05:00 · 2025-02-18 17:25:20 -05:00 · 4ab5efcc28
parent 3156bc814f
commit 4ab5efcc28
4 changed files with 36 additions and 6 deletions
--- a/security/inode.c
+++ b/security/inode.c
@ -368,7 +368,7 @@ static const struct file_operations lsm_ops = {
 };
 #endif

-static int __init securityfs_init(void)
+int __init securityfs_init(void)
 {
 	int retval;

@ -387,4 +387,3 @@ static int __init securityfs_init(void)
 #endif
 	return 0;
 }
-core_initcall(securityfs_init);
--- a/security/lsm.h
+++ b/security/lsm.h
@ -35,4 +35,24 @@ extern struct kmem_cache *lsm_inode_cache;
 int lsm_cred_alloc(struct cred *cred, gfp_t gfp);
 int lsm_task_alloc(struct task_struct *task);

+/* LSM framework initializers */
+
+#ifdef CONFIG_MMU
+int min_addr_init(void);
+#else
+static inline int min_addr_init(void)
+{
+	return 0;
+}
+#endif /* CONFIG_MMU */
+
+#ifdef CONFIG_SECURITYFS
+int securityfs_init(void);
+#else
+static inline int securityfs_init(void)
+{
+	return 0;
+}
+#endif /* CONFIG_SECURITYFS */
+
 #endif /* _LSM_H_ */
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@ -488,7 +488,12 @@ int __init security_init(void)
 */
 static int __init security_initcall_pure(void)
 {
-	return lsm_initcall(pure);
+	int rc_adr, rc_lsm;
+
+	rc_adr = min_addr_init();
+	rc_lsm = lsm_initcall(pure);
+
+	return (rc_adr ? rc_adr : rc_lsm);
 }
 pure_initcall(security_initcall_pure);

@ -506,7 +511,12 @@ early_initcall(security_initcall_early);
 */
 static int __init security_initcall_core(void)
 {
-	return lsm_initcall(core);
+	int rc_sfs, rc_lsm;
+
+	rc_sfs = securityfs_init();
+	rc_lsm = lsm_initcall(core);
+
+	return (rc_sfs ? rc_sfs : rc_lsm);
 }
 core_initcall(security_initcall_core);

--- a/security/min_addr.c
+++ b/security/min_addr.c
@ -5,6 +5,8 @@
 #include <linux/sysctl.h>
 #include <linux/minmax.h>

+#include "lsm.h"
+
 /* amount of vm to protect from userspace access by both DAC and the LSM*/
 unsigned long mmap_min_addr;
 /* amount of vm to protect from userspace using CAP_SYS_RAWIO (DAC) */
@ -52,11 +54,10 @@ static const struct ctl_table min_addr_sysctl_table[] = {
 	},
 };

-static int __init init_mmap_min_addr(void)
+int __init min_addr_init(void)
 {
 	register_sysctl_init("vm", min_addr_sysctl_table);
 	update_mmap_min_addr();

 	return 0;
 }
-pure_initcall(init_mmap_min_addr);