Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

lsm: consolidate all of the LSM framework initcalls 

The LSM framework itself registers a small number of initcalls, this
patch converts these initcalls into the new initcall mechanism.

Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Paul Moore 2025-02-18 17:25:20 -05:00
parent 3156bc814f
commit 4ab5efcc28
4 changed files with 36 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
security/inode.c
View File

@ -368,7 +368,7 @@ static const struct file_operations lsm_ops = {
}; };
#endif #endif
static int __init securityfs_init(void) int __init securityfs_init(void)
{ {
int retval; int retval;
@ -387,4 +387,3 @@ static int __init securityfs_init(void)
#endif #endif
return 0; return 0;
} }
core_initcall(securityfs_init);

20
security/lsm.h
View File

@ -35,4 +35,24 @@ extern struct kmem_cache *lsm_inode_cache;
int lsm_cred_alloc(struct cred *cred, gfp_t gfp); int lsm_cred_alloc(struct cred *cred, gfp_t gfp);
int lsm_task_alloc(struct task_struct *task); int lsm_task_alloc(struct task_struct *task);
/* LSM framework initializers */
#ifdef CONFIG_MMU
int min_addr_init(void);
#else
static inline int min_addr_init(void)
{
return 0;
}
#endif /* CONFIG_MMU */
#ifdef CONFIG_SECURITYFS
int securityfs_init(void);
#else
static inline int securityfs_init(void)
{
return 0;
}
#endif /* CONFIG_SECURITYFS */
#endif /* _LSM_H_ */ #endif /* _LSM_H_ */

14
security/lsm_init.c
View File

@ -488,7 +488,12 @@ int __init security_init(void)
*/ */
static int __init security_initcall_pure(void) static int __init security_initcall_pure(void)
{ {
return lsm_initcall(pure); int rc_adr, rc_lsm;
rc_adr = min_addr_init();
rc_lsm = lsm_initcall(pure);
return (rc_adr ? rc_adr : rc_lsm);
} }
pure_initcall(security_initcall_pure); pure_initcall(security_initcall_pure);
@ -506,7 +511,12 @@ early_initcall(security_initcall_early);
*/ */
static int __init security_initcall_core(void) static int __init security_initcall_core(void)
{ {
return lsm_initcall(core); int rc_sfs, rc_lsm;
rc_sfs = securityfs_init();
rc_lsm = lsm_initcall(core);
return (rc_sfs ? rc_sfs : rc_lsm);
} }
core_initcall(security_initcall_core); core_initcall(security_initcall_core);

5
security/min_addr.c
View File

@ -5,6 +5,8 @@
#include <linux/sysctl.h> #include <linux/sysctl.h>
#include <linux/minmax.h> #include <linux/minmax.h>
#include "lsm.h"
/* amount of vm to protect from userspace access by both DAC and the LSM*/ /* amount of vm to protect from userspace access by both DAC and the LSM*/
unsigned long mmap_min_addr; unsigned long mmap_min_addr;
/* amount of vm to protect from userspace using CAP_SYS_RAWIO (DAC) */ /* amount of vm to protect from userspace using CAP_SYS_RAWIO (DAC) */
@ -52,11 +54,10 @@ static const struct ctl_table min_addr_sysctl_table[] = {
}, },
}; };
static int __init init_mmap_min_addr(void) int __init min_addr_init(void)
{ {
register_sysctl_init("vm", min_addr_sysctl_table); register_sysctl_init("vm", min_addr_sysctl_table);
update_mmap_min_addr(); update_mmap_min_addr();
return 0; return 0;
} }
pure_initcall(init_mmap_min_addr);