lsm: split the notifier code out into lsm_notifier.c

In an effort to decompose security/security.c somewhat to make it less twisted and unwieldy, pull out the LSM notifier code into a new file as it is fairly well self-contained. No code changes. Reviewed-by: Kees Cook <kees@kernel.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
2025-02-10 19:20:58 -05:00 · 2025-02-10 19:20:58 -05:00 · a5e7c17c81
parent 211ddde082
commit a5e7c17c81
3 changed files with 32 additions and 24 deletions
--- a/security/Makefile
+++ b/security/Makefile
@ -11,7 +11,7 @@ obj-$(CONFIG_SECURITY) 			+= lsm_syscalls.o
 obj-$(CONFIG_MMU)			+= min_addr.o
 # Object file lists
-obj-$(CONFIG_SECURITY)			+= security.o
+obj-$(CONFIG_SECURITY)			+= security.o lsm_notifier.o
 obj-$(CONFIG_SECURITYFS)		+= inode.o
 obj-$(CONFIG_SECURITY_SELINUX)		+= selinux/
 obj-$(CONFIG_SECURITY_SMACK)		+= smack/
--- a/security/lsm_notifier.c
+++ b/security/lsm_notifier.c
@ -0,0 +1,31 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /*
 * LSM notifier functions
 *
 */
 #include <linux/notifier.h>
 #include <linux/security.h>
 static BLOCKING_NOTIFIER_HEAD(blocking_lsm_notifier_chain);
 int call_blocking_lsm_notifier(enum lsm_event event, void *data)
 {
 	return blocking_notifier_call_chain(&blocking_lsm_notifier_chain,
 					    event, data);
 }
 EXPORT_SYMBOL(call_blocking_lsm_notifier);
 int register_blocking_lsm_notifier(struct notifier_block *nb)
 {
 	return blocking_notifier_chain_register(&blocking_lsm_notifier_chain,
 						nb);
 }
 EXPORT_SYMBOL(register_blocking_lsm_notifier);
 int unregister_blocking_lsm_notifier(struct notifier_block *nb)
 {
 	return blocking_notifier_chain_unregister(&blocking_lsm_notifier_chain,
 						  nb);
 }
 EXPORT_SYMBOL(unregister_blocking_lsm_notifier);
--- a/security/security.c
+++ b/security/security.c
@ -90,8 +90,6 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX + 1] = {
 	[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
 };
 static BLOCKING_NOTIFIER_HEAD(blocking_lsm_notifier_chain);
 static struct kmem_cache *lsm_file_cache;
 static struct kmem_cache *lsm_inode_cache;
@ -649,27 +647,6 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
 	}
 }
 int call_blocking_lsm_notifier(enum lsm_event event, void *data)
 {
 	return blocking_notifier_call_chain(&blocking_lsm_notifier_chain,
 					    event, data);
 }
 EXPORT_SYMBOL(call_blocking_lsm_notifier);
 int register_blocking_lsm_notifier(struct notifier_block *nb)
 {
 	return blocking_notifier_chain_register(&blocking_lsm_notifier_chain,
 						nb);
 }
 EXPORT_SYMBOL(register_blocking_lsm_notifier);
 int unregister_blocking_lsm_notifier(struct notifier_block *nb)
 {
 	return blocking_notifier_chain_unregister(&blocking_lsm_notifier_chain,
 						  nb);
 }
 EXPORT_SYMBOL(unregister_blocking_lsm_notifier);
 /**
 * lsm_blob_alloc - allocate a composite blob
 * @dest: the destination for the blob