From: Paul Moore Date: Tue, 18 Feb 2025 22:22:31 +0000 (-0500) Subject: smack: move initcalls to the LSM framework X-Git-Tag: v6.19-rc1~191^2~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=06643d5584f9efa19804d17435169a63412b4eae;p=thirdparty%2Fkernel%2Flinux.git smack: move initcalls to the LSM framework As the LSM framework only supports one LSM initcall callback for each initcall type, the init_smk_fs() and smack_nf_ip_init() functions were wrapped with a new function, smack_initcall() that is registered with the LSM framework. Acked-by: Casey Schaufler Reviewed-by: John Johansen Signed-off-by: Paul Moore --- diff --git a/security/smack/smack.h b/security/smack/smack.h index bf6a6ed3946ce..c56e1e876f7c0 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -275,6 +275,20 @@ struct smk_audit_info { #endif }; +/* + * Initialization + */ +#if defined(CONFIG_SECURITY_SMACK_NETFILTER) +int smack_nf_ip_init(void); +#else +static inline int smack_nf_ip_init(void) +{ + return 0; +} +#endif +int init_smk_fs(void); +int smack_initcall(void); + /* * These functions are in smack_access.c */ diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 392698e411201..23ee1c0c07b79 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -5275,6 +5275,14 @@ static __init int smack_init(void) return 0; } +int __init smack_initcall(void) +{ + int rc_fs = init_smk_fs(); + int rc_nf = smack_nf_ip_init(); + + return rc_fs ? rc_fs : rc_nf; +} + /* * Smack requires early initialization in order to label * all processes and objects when they are created. @@ -5284,4 +5292,5 @@ DEFINE_LSM(smack) = { .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .blobs = &smack_blob_sizes, .init = smack_init, + .initcall_device = smack_initcall, }; diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c index 8fd747b3653ac..17ba578b13088 100644 --- a/security/smack/smack_netfilter.c +++ b/security/smack/smack_netfilter.c @@ -68,7 +68,7 @@ static struct pernet_operations smack_net_ops = { .exit = smack_nf_unregister, }; -static int __init smack_nf_ip_init(void) +int __init smack_nf_ip_init(void) { if (smack_enabled == 0) return 0; @@ -76,5 +76,3 @@ static int __init smack_nf_ip_init(void) printk(KERN_DEBUG "Smack: Registering netfilter hooks\n"); return register_pernet_subsys(&smack_net_ops); } - -__initcall(smack_nf_ip_init); diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index b1e5e62f5cbd1..405ace6db1090 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -2978,7 +2978,7 @@ static struct vfsmount *smackfs_mount; * Returns true if we were not chosen on boot or if * we were chosen and filesystem registration succeeded. */ -static int __init init_smk_fs(void) +int __init init_smk_fs(void) { int err; int rc; @@ -3021,5 +3021,3 @@ static int __init init_smk_fs(void) return err; } - -__initcall(init_smk_fs);