smack: move initcalls to the LSM framework

As the LSM framework only supports one LSM initcall callback for each
initcall type, the init_smk_fs() and smack_nf_ip_init() functions were
wrapped with a new function, smack_initcall() that is registered with
the LSM framework.

Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/smack/smack.h b/security/smack/smack.h
index bf6a6ed3946cecd9c6db00987d0eb45ff0601434..c56e1e876f7c06fe28e29745773b6c25d7de3ba9 100644 (file)
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -275,6 +275,20 @@ struct smk_audit_info {
 #endif
 };
 
+/*
+ * Initialization
+ */
+#if defined(CONFIG_SECURITY_SMACK_NETFILTER)
+int smack_nf_ip_init(void);
+#else
+static inline int smack_nf_ip_init(void)
+{
+       return 0;
+}
+#endif
+int init_smk_fs(void);
+int smack_initcall(void);
+
 /*
  * These functions are in smack_access.c
  */

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 392698e411201713ab84b856958c3168dd6d237a..23ee1c0c07b79462aebe761b894f343dbe60de18 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -5275,6 +5275,14 @@ static __init int smack_init(void)
        return 0;
 }
 
+int __init smack_initcall(void)
+{
+       int rc_fs = init_smk_fs();
+       int rc_nf = smack_nf_ip_init();
+
+       return rc_fs ? rc_fs : rc_nf;
+}
+
 /*
  * Smack requires early initialization in order to label
  * all processes and objects when they are created.
@@ -5284,4 +5292,5 @@ DEFINE_LSM(smack) = {
        .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
        .blobs = &smack_blob_sizes,
        .init = smack_init,
+       .initcall_device = smack_initcall,
 };

diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c
index 8fd747b3653acb7994d70f5754b9aa6679da05df..17ba578b130887f22cf499069ca01b155bbed664 100644 (file)
--- a/security/smack/smack_netfilter.c
+++ b/security/smack/smack_netfilter.c
@@ -68,7 +68,7 @@ static struct pernet_operations smack_net_ops = {
        .exit = smack_nf_unregister,
 };
 
-static int __init smack_nf_ip_init(void)
+int __init smack_nf_ip_init(void)
 {
        if (smack_enabled == 0)
                return 0;
@@ -76,5 +76,3 @@ static int __init smack_nf_ip_init(void)
        printk(KERN_DEBUG "Smack: Registering netfilter hooks\n");
        return register_pernet_subsys(&smack_net_ops);
 }
-
-__initcall(smack_nf_ip_init);

diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index b1e5e62f5cbd1ffebbe55e72c04197f908ff4a91..405ace6db1090347b091366997434099d8cea717 100644 (file)
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -2978,7 +2978,7 @@ static struct vfsmount *smackfs_mount;
  * Returns true if we were not chosen on boot or if
  * we were chosen and filesystem registration succeeded.
  */
-static int __init init_smk_fs(void)
+int __init init_smk_fs(void)
 {
        int err;
        int rc;
@@ -3021,5 +3021,3 @@ static int __init init_smk_fs(void)
 
        return err;
 }
-
-__initcall(init_smk_fs);