LSM: Provide separate ordered initialization

author Kees Cook <keescook@chromium.org>

Wed, 19 Sep 2018 23:16:55 +0000 (16:16 -0700)

committer Kees Cook <keescook@chromium.org>

Tue, 8 Jan 2019 21:18:42 +0000 (13:18 -0800)
author Kees Cook <keescook@chromium.org>
Wed, 19 Sep 2018 23:16:55 +0000 (16:16 -0700)
committer Kees Cook <keescook@chromium.org>
Tue, 8 Jan 2019 21:18:42 +0000 (13:18 -0800)
diff --git a/security/security.c b/security/security.c

index f1b8d25..6bc591f 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -52,12 +52,30 @@ static __initdata bool debug;
                         pr_info(__VA_ARGS__);                   \
         } while (0)
  
+static void __init ordered_lsm_init(void)
+{
+       struct lsm_info *lsm;
+       int ret;
+
+       for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+               if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) != 0)
+                       continue;
+
+               init_debug("initializing %s\n", lsm->name);
+               ret = lsm->init();
+               WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
+       }
+}
+
  static void __init major_lsm_init(void)
  {
         struct lsm_info *lsm;
         int ret;
  
         for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+               if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0)
+                       continue;
+
                 init_debug("initializing %s\n", lsm->name);
                 ret = lsm->init();
                 WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
@@ -87,6 +105,9 @@ int __init security_init(void)
         yama_add_hooks();
         loadpin_add_hooks();
  
+       /* Load LSMs in specified order. */
+       ordered_lsm_init();
+
         /*
          * Load all the remaining security modules.
          */
author	Kees Cook <keescook@chromium.org>
	Wed, 19 Sep 2018 23:16:55 +0000 (16:16 -0700)
committer	Kees Cook <keescook@chromium.org>
	Tue, 8 Jan 2019 21:18:42 +0000 (13:18 -0800)