Commit d8e9bbd4 authored by Kees Cook's avatar Kees Cook
Browse files

LSM: Split LSM preparation from initialization 



Since we already have to do a pass through the LSMs to figure out if
exclusive LSMs should be disabled after the first one is seen as enabled,
this splits the logic up a bit more cleanly. Now we do a full "prepare"
pass through the LSMs (which also allows for later use by the blob-sharing
code), before starting the LSM initialization pass.

Signed-off-by: default avatarKees Cook <keescook@chromium.org>
parent c91d8106

security/security.c

+15 −6
Original line number Diff line number Diff line
@@ -139,22 +139,28 @@ static bool __init lsm_allowed(struct lsm_info *lsm) 
	return true;

}



/* Check if LSM should be initialized. */

static void __init maybe_initialize_lsm(struct lsm_info *lsm)

/* Prepare LSM for initialization. */

static void __init prepare_lsm(struct lsm_info *lsm)

{

	int enabled = lsm_allowed(lsm);



	/* Record enablement (to handle any following exclusive LSMs). */

	set_enabled(lsm, enabled);



	/* If selected, initialize the LSM. */

	/* If enabled, do pre-initialization work. */

	if (enabled) {

		int ret;



		if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {

			exclusive = lsm;

			init_debug("exclusive chosen: %s\n", lsm->name);

		}

	}

}



/* Initialize a given LSM, if it is enabled. */

static void __init initialize_lsm(struct lsm_info *lsm)

{

	if (is_enabled(lsm)) {

		int ret;



		init_debug("initializing %s\n", lsm->name);

		ret = lsm->init();
@@ -240,7 +246,10 @@ static void __init ordered_lsm_init(void) 
		ordered_lsm_parse(builtin_lsm_order, "builtin");



	for (lsm = ordered_lsms; *lsm; lsm++)

		maybe_initialize_lsm(*lsm);

		prepare_lsm(*lsm);



	for (lsm = ordered_lsms; *lsm; lsm++)

		initialize_lsm(*lsm);



	kfree(ordered_lsms);

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE