LSM: Provide separate ordered initialization
This provides a place for ordered LSMs to be initialized, separate from the "major" LSMs. This is mainly a copy/paste from major_lsm_init() to ordered_lsm_init(), but it will change drastically in later patches. What is not obvious in the patch is that this change moves the integrity LSM from major_lsm_init() into ordered_lsm_init(), since it is not marked with the LSM_FLAG_LEGACY_MAJOR. As it is the only LSM in the "ordered" list, there is no reordering yet created. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
parent
47008e5161
commit
657d910b52
@ -52,12 +52,30 @@ static __initdata bool debug;
|
||||
pr_info(__VA_ARGS__); \
|
||||
} while (0)
|
||||
|
||||
static void __init ordered_lsm_init(void)
|
||||
{
|
||||
struct lsm_info *lsm;
|
||||
int ret;
|
||||
|
||||
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
|
||||
if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) != 0)
|
||||
continue;
|
||||
|
||||
init_debug("initializing %s\n", lsm->name);
|
||||
ret = lsm->init();
|
||||
WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
|
||||
}
|
||||
}
|
||||
|
||||
static void __init major_lsm_init(void)
|
||||
{
|
||||
struct lsm_info *lsm;
|
||||
int ret;
|
||||
|
||||
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
|
||||
if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0)
|
||||
continue;
|
||||
|
||||
init_debug("initializing %s\n", lsm->name);
|
||||
ret = lsm->init();
|
||||
WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
|
||||
@ -87,6 +105,9 @@ int __init security_init(void)
|
||||
yama_add_hooks();
|
||||
loadpin_add_hooks();
|
||||
|
||||
/* Load LSMs in specified order. */
|
||||
ordered_lsm_init();
|
||||
|
||||
/*
|
||||
* Load all the remaining security modules.
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user