lsm: replace the name field with a pointer to the lsm_id struct

Reduce the duplication between the lsm_id struct and the DEFINE_LSM()
definition by linking the lsm_id struct directly into the individual
LSM's DEFINE_LSM() instance.

Linking the lsm_id into the LSM definition also allows us to simplify
the security_add_hooks() function by removing the code which populates
the lsm_idlist[] array and moving it into the normal LSM startup code
where the LSM list is parsed and the individual LSMs are enabled,
making for a cleaner implementation with less overhead at boot.

Reviewed-by: Kees Cook <kees@kernel.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 0112926ed923516398618a06ce8dd53e02dd45ed..7343dd60b1d5f8e7a6e81f1216b8a6011acaf300 100644 (file)
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -152,7 +152,7 @@ enum lsm_order {
 };
 
 struct lsm_info {
-       const char *name;       /* Required. */
+       const struct lsm_id *id;
        enum lsm_order order;   /* Optional: default is LSM_ORDER_MUTABLE */
        unsigned long flags;    /* Optional: flags describing LSM */
        int *enabled;           /* Optional: controlled by CONFIG_LSM */

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index b3f7a3258a2cf79ab37cabacae7c8ec852796995..f6798144234b782cf1863425ba54025014bfe8d1 100644 (file)
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -2555,7 +2555,7 @@ alloc_out:
 }
 
 DEFINE_LSM(apparmor) = {
-       .name = "apparmor",
+       .id = &apparmor_lsmid,
        .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
        .enabled = &apparmor_enabled,
        .blobs = &apparmor_blob_sizes,

diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c
index db759025abe11f295deb96969c536d8d528721a8..40efde233f3ab31c0b81177c2bff9a870eeaa8e3 100644 (file)
--- a/security/bpf/hooks.c
+++ b/security/bpf/hooks.c
@@ -33,7 +33,7 @@ struct lsm_blob_sizes bpf_lsm_blob_sizes __ro_after_init = {
 };
 
 DEFINE_LSM(bpf) = {
-       .name = "bpf",
+       .id = &bpf_lsmid,
        .init = bpf_lsm_init,
        .blobs = &bpf_lsm_blob_sizes
 };

diff --git a/security/commoncap.c b/security/commoncap.c
index 6bd4adeb4795cf7a429a75dd19913c6b310f3b06..b50479bd02869bde5765d250ce9e4c63cbfd7da5 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1505,7 +1505,7 @@ static int __init capability_init(void)
 }
 
 DEFINE_LSM(capability) = {
-       .name = "capability",
+       .id = &capability_lsmid,
        .order = LSM_ORDER_FIRST,
        .init = capability_init,
 };

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 0add782e73ba2d7ec666ddbf354f1eaebb0aa68b..db8e324ed4e6cf75d54b663224c60e5497ca7b09 100644 (file)
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -1175,7 +1175,7 @@ struct lsm_blob_sizes evm_blob_sizes __ro_after_init = {
 };
 
 DEFINE_LSM(evm) = {
-       .name = "evm",
+       .id = &evm_lsmid,
        .init = init_evm_lsm,
        .order = LSM_ORDER_LAST,
        .blobs = &evm_blob_sizes,

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index cdd225f65a629555f6a4aaa518073245492abc78..eade8e1e3cb1f75c528f36950f7c86d8dbcaf6b3 100644 (file)
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -1279,7 +1279,7 @@ struct lsm_blob_sizes ima_blob_sizes __ro_after_init = {
 };
 
 DEFINE_LSM(ima) = {
-       .name = "ima",
+       .id = &ima_lsmid,
        .init = init_ima_lsm,
        .order = LSM_ORDER_LAST,
        .blobs = &ima_blob_sizes,

diff --git a/security/ipe/ipe.c b/security/ipe/ipe.c
index 4317134cb0da1f03a98691f3f613db216a4cc934..2426441181dc988ad3af5ab00008103627843646 100644 (file)
--- a/security/ipe/ipe.c
+++ b/security/ipe/ipe.c
@@ -92,7 +92,7 @@ static int __init ipe_init(void)
 }
 
 DEFINE_LSM(ipe) = {
-       .name = "ipe",
+       .id = &ipe_lsmid,
        .init = ipe_init,
        .blobs = &ipe_blobs,
 };

diff --git a/security/landlock/setup.c b/security/landlock/setup.c
index bd53c7a56ab934651380734edeb982f6a76a0e48..47dac1736f100a8971afec69929a66ced37d6ec6 100644 (file)
--- a/security/landlock/setup.c
+++ b/security/landlock/setup.c
@@ -75,7 +75,7 @@ static int __init landlock_init(void)
 }
 
 DEFINE_LSM(LANDLOCK_NAME) = {
-       .name = LANDLOCK_NAME,
+       .id = &landlock_lsmid,
        .init = landlock_init,
        .blobs = &landlock_blob_sizes,
 };

diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c
index 68252452b66cb913638abbca2adea26219e77d37..b9ddf05c5c16f8d04d4e5a861d418514d58fb42c 100644 (file)
--- a/security/loadpin/loadpin.c
+++ b/security/loadpin/loadpin.c
@@ -271,7 +271,7 @@ static int __init loadpin_init(void)
 }
 
 DEFINE_LSM(loadpin) = {
-       .name = "loadpin",
+       .id = &loadpin_lsmid,
        .init = loadpin_init,
 };
 

diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index cf83afa1d879ad8b557265e915962d82d1c0305e..4813f168ff93a2826de5573871f0d1a154318a2b 100644 (file)
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -168,6 +168,6 @@ DEFINE_EARLY_LSM(lockdown) = {
 #else
 DEFINE_LSM(lockdown) = {
 #endif
-       .name = "lockdown",
+       .id = &lockdown_lsmid,
        .init = lockdown_lsm_init,
 };

diff --git a/security/lsm_init.c b/security/lsm_init.c
index 9249d5f37ae9f6e086ca8ff2b04fcab06784f608..692d61a2ea10a521c9c8f116dd8e435d43b32b71 100644 (file)
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -127,9 +127,10 @@ static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
        /* Enable this LSM, if it is not already set. */
        if (!lsm->enabled)
                lsm->enabled = &lsm_enabled_true;
-       ordered_lsms[last_lsm++] = lsm;
+       ordered_lsms[last_lsm] = lsm;
+       lsm_idlist[last_lsm++] = lsm->id;
 
-       init_debug("%s ordered: %s (%s)\n", from, lsm->name,
+       init_debug("%s ordered: %s (%s)\n", from, lsm->id->name,
                   is_enabled(lsm) ? "enabled" : "disabled");
 }
 
@@ -157,7 +158,7 @@ static void __init lsm_prepare(struct lsm_info *lsm)
                set_enabled(lsm, false);
                return;
        } else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) {
-               init_debug("exclusive disabled: %s\n", lsm->name);
+               init_debug("exclusive disabled: %s\n", lsm->id->name);
                set_enabled(lsm, false);
                return;
        }
@@ -165,7 +166,7 @@ static void __init lsm_prepare(struct lsm_info *lsm)
        /* Mark the LSM as enabled. */
        set_enabled(lsm, true);
        if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {
-               init_debug("exclusive chosen:   %s\n", lsm->name);
+               init_debug("exclusive chosen:   %s\n", lsm->id->name);
                exclusive = lsm;
        }
 
@@ -200,9 +201,9 @@ static void __init initialize_lsm(struct lsm_info *lsm)
        if (is_enabled(lsm)) {
                int ret;
 
-               init_debug("initializing %s\n", lsm->name);
+               init_debug("initializing %s\n", lsm->id->name);
                ret = lsm->init();
-               WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
+               WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret);
        }
 }
 
@@ -236,10 +237,10 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
                 */
                lsm_for_each_raw(major) {
                        if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
-                           strcmp(major->name, chosen_major_lsm) != 0) {
+                           strcmp(major->id->name, chosen_major_lsm) != 0) {
                                set_enabled(major, false);
                                init_debug("security=%s disabled: %s (only one legacy major LSM)\n",
-                                          chosen_major_lsm, major->name);
+                                          chosen_major_lsm, major->id->name);
                        }
                }
        }
@@ -251,7 +252,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
                bool found = false;
 
                lsm_for_each_raw(lsm) {
-                       if (strcmp(lsm->name, name) == 0) {
+                       if (strcmp(lsm->id->name, name) == 0) {
                                if (lsm->order == LSM_ORDER_MUTABLE)
                                        append_ordered_lsm(lsm, origin);
                                found = true;
@@ -268,7 +269,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
                lsm_for_each_raw(lsm) {
                        if (exists_ordered_lsm(lsm))
                                continue;
-                       if (strcmp(lsm->name, chosen_major_lsm) == 0)
+                       if (strcmp(lsm->id->name, chosen_major_lsm) == 0)
                                append_ordered_lsm(lsm, "security=");
                }
        }
@@ -285,7 +286,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
                        continue;
                set_enabled(lsm, false);
                init_debug("%s skipped: %s (not in requested order)\n",
-                          origin, lsm->name);
+                          origin, lsm->id->name);
        }
 
        kfree(sep);
@@ -317,11 +318,13 @@ static void __init lsm_init_ordered(void)
        pr_info("initializing lsm=");
        lsm_early_for_each_raw(early) {
                if (is_enabled(early))
-                       pr_cont("%s%s", first++ == 0 ? "" : ",", early->name);
+                       pr_cont("%s%s",
+                               first++ == 0 ? "" : ",", early->id->name);
        }
        lsm_order_for_each(lsm) {
                if (is_enabled(*lsm))
-                       pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name);
+                       pr_cont("%s%s",
+                               first++ == 0 ? "" : ",", (*lsm)->id->name);
        }
        pr_cont("\n");
 
@@ -432,18 +435,6 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
 {
        int i;
 
-       /*
-        * A security module may call security_add_hooks() more
-        * than once during initialization, and LSM initialization
-        * is serialized. Landlock is one such case.
-        * Look at the previous entry, if there is one, for duplication.
-        */
-       if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt - 1] != lsmid) {
-               if (lsm_active_cnt >= MAX_LSM_COUNT)
-                       panic("%s Too many LSMs registered.\n", __func__);
-               lsm_idlist[lsm_active_cnt++] = lsmid;
-       }
-
        for (i = 0; i < count; i++) {
                hooks[i].lsmid = lsmid;
                lsm_static_call_init(&hooks[i]);
@@ -491,10 +482,10 @@ int __init security_init(void)
         * available
         */
        lsm_early_for_each_raw(lsm) {
-               init_debug("  early started: %s (%s)\n", lsm->name,
+               init_debug("  early started: %s (%s)\n", lsm->id->name,
                           is_enabled(lsm) ? "enabled" : "disabled");
                if (lsm->enabled)
-                       lsm_append(lsm->name, &lsm_names);
+                       lsm_append(lsm->id->name, &lsm_names);
        }
 
        /* Load LSMs in specified order. */

diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c
index 1ba564f097f57da82e360f0acad06749665e43f3..9a7c68d4e64297f600972a41b9ff00b47c0da88c 100644 (file)
--- a/security/safesetid/lsm.c
+++ b/security/safesetid/lsm.c
@@ -287,6 +287,6 @@ static int __init safesetid_security_init(void)
 }
 
 DEFINE_LSM(safesetid_security_init) = {
+       .id = &safesetid_lsmid,
        .init = safesetid_security_init,
-       .name = "safesetid",
 };

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index dfc22da42f307d00ac6a477b833fbdf8bb54e228..299b656ac00777f60a37c9384e36fe458edc0421 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7639,7 +7639,7 @@ void selinux_complete_init(void)
 /* SELinux requires early initialization in order to label
    all processes and objects when they are created. */
 DEFINE_LSM(selinux) = {
-       .name = "selinux",
+       .id = &selinux_lsmid,
        .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
        .enabled = &selinux_enabled_boot,
        .blobs = &selinux_blob_sizes,

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index af986587841d8c3608ba3e0ace1dbad02d8928b5..392698e411201713ab84b856958c3168dd6d237a 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -5280,7 +5280,7 @@ static __init int smack_init(void)
  * all processes and objects when they are created.
  */
 DEFINE_LSM(smack) = {
-       .name = "smack",
+       .id = &smack_lsmid,
        .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
        .blobs = &smack_blob_sizes,
        .init = smack_init,

diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 48fc59d38ab217283beceabb7375642c7db3093a..cb003c460dc2133fc89e70841446f7a6a1d4e2a3 100644 (file)
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -612,7 +612,7 @@ static int __init tomoyo_init(void)
 }
 
 DEFINE_LSM(tomoyo) = {
-       .name = "tomoyo",
+       .id = &tomoyo_lsmid,
        .enabled = &tomoyo_enabled,
        .flags = LSM_FLAG_LEGACY_MAJOR,
        .blobs = &tomoyo_blob_sizes,

diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index 3d064dd4e03f9eaaf5258b37ad05641b35967995..38b21ee0c5600839c00d619c40bd030e3d5341c3 100644 (file)
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -476,6 +476,6 @@ static int __init yama_init(void)
 }
 
 DEFINE_LSM(yama) = {
-       .name = "yama",
+       .id = &yama_lsmid,
        .init = yama_init,
 };