xref: /kernel/linux/linux-5.10/security/security.c

100 static bool __init is_enabled(struct lsm_info *lsm)
102 	if (!lsm->enabled)
105 	return *lsm->enabled;
111 static void __init set_enabled(struct lsm_info *lsm, bool enabled)
117 	if (!lsm->enabled) {
119 			lsm->enabled = &lsm_enabled_true;
121 			lsm->enabled = &lsm_enabled_false;
122 	} else if (lsm->enabled == &lsm_enabled_true) {
124 			lsm->enabled = &lsm_enabled_false;
125 	} else if (lsm->enabled == &lsm_enabled_false) {
127 			lsm->enabled = &lsm_enabled_true;
129 		*lsm->enabled = enabled;
134 static bool __init exists_ordered_lsm(struct lsm_info *lsm)
139 		if (*check == lsm)
147 static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
150 	if (exists_ordered_lsm(lsm))
157 	if (!lsm->enabled)
158 		lsm->enabled = &lsm_enabled_true;
159 	ordered_lsms[last_lsm++] = lsm;
161 	init_debug("%s ordering: %s (%sabled)\n", from, lsm->name,
162 		   is_enabled(lsm) ? "en" : "dis");
166 static bool __init lsm_allowed(struct lsm_info *lsm)
169 	if (!is_enabled(lsm))
173 	if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) {
174 		init_debug("exclusive disabled: %s\n", lsm->name);
212 static void __init prepare_lsm(struct lsm_info *lsm)
214 	int enabled = lsm_allowed(lsm);
217 	set_enabled(lsm, enabled);
221 		if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {
222 			exclusive = lsm;
223 			init_debug("exclusive chosen: %s\n", lsm->name);
226 		lsm_set_blob_sizes(lsm->blobs);
231 static void __init initialize_lsm(struct lsm_info *lsm)
233 	if (is_enabled(lsm)) {
236 		init_debug("initializing %s\n", lsm->name);
237 		ret = lsm->init();
238 		WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
245 	struct lsm_info *lsm;
249 	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
250 		if (lsm->order == LSM_ORDER_FIRST)
251 			append_ordered_lsm(lsm, "first");
281 		for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
282 			if (lsm->order == LSM_ORDER_MUTABLE &&
283 			    strcmp(lsm->name, name) == 0) {
284 				append_ordered_lsm(lsm, origin);
295 		for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
296 			if (exists_ordered_lsm(lsm))
298 			if (strcmp(lsm->name, chosen_major_lsm) == 0)
299 				append_ordered_lsm(lsm, "security=");
304 	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
305 		if (exists_ordered_lsm(lsm))
307 		set_enabled(lsm, false);
308 		init_debug("%s disabled: %s\n", origin, lsm->name);
321 	struct lsm_info **lsm;
328 			pr_info("security= is ignored because it is superseded by lsm=\n");
335 	for (lsm = ordered_lsms; *lsm; lsm++)
336 		prepare_lsm(*lsm);
359 	for (lsm = ordered_lsms; *lsm; lsm++)
360 		initialize_lsm(*lsm);
369 	struct lsm_info *lsm;
375 	for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
376 		if (!lsm->enabled)
377 			lsm->enabled = &lsm_enabled_true;
378 		prepare_lsm(lsm);
379 		initialize_lsm(lsm);
392 	struct lsm_info *lsm;
400 	for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
401 		if (lsm->enabled)
402 			lsm_append(lsm->name, &lsm_names);
425 __setup("lsm=", choose_lsm_order);
433 __setup("lsm.debug", enable_debug);
435 static bool match_last_lsm(const char *list, const char *lsm)
439 	if (WARN_ON(!list || !lsm))
447 	return !strcmp(last, lsm);
475  * @lsm: the name of the security module
480 				char *lsm)
485 		hooks[i].lsm = lsm;
494 		if (lsm_append(lsm, &lsm_names) < 0)
2012 int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
2018 		if (lsm != NULL && strcmp(lsm, hp->lsm))
2025 int security_setprocattr(const char *lsm, const char *name, void *value,
2031 		if (lsm != NULL && strcmp(lsm, hp->lsm))

Indexes created Thu Nov 07 10:32:03 CST 2024