Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp592126imu; Mon, 26 Nov 2018 15:29:00 -0800 (PST) X-Google-Smtp-Source: AFSGD/VI++qMeBzvcwrDy+X37X2vdvXAiM+sgixuWNSICWhaSxyWC3uqsIQbH4M3xl79XYekW3br X-Received: by 2002:a63:e055:: with SMTP id n21mr27198195pgj.397.1543274940142; Mon, 26 Nov 2018 15:29:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543274940; cv=none; d=google.com; s=arc-20160816; b=fjDrKEyf6eLrv1L/wXXLcwV4HpQfMNGlOstdYCLhvtzNTkHY5D9z/l9u1Ng7q16o+8 0GBaUS+O+bqDMme4c4WEKCGFr+D+d5MMjMsnhCQcfQx0KCDG2s98lvpuakLDrGNOcDIy dhs5ocmp7W9yio0QwNsfcR+Ca2L+9AZeubFOHCFyIERUaZeYkdu5VtUhoaDOd4o4qs2u l3PqIRcnzj27fer+YmiKaF+P/fPippz/2UWCjggfO7Ee7xhQeolmlotRe6Aj/8mQO7EB nAKlGbSdEyqGYi9n1apGHhyWqEWrF3Mw8l+Z1S9nYbhCJzA4p+AbUfg29YwNelZWJORG cBmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=uAsv0IIeDWSBnAMhoEuAjy66Q65DNfoetbmf/Y4U8Ws=; b=zZBtGVRMr+dkYu12sMEA//NfSrXkAXz0SSCWld+VBcexSOyhQZPrF1zi7RKN+FN1II 8BU7rkAknh9bzYzi9fFyouEQ5DQrS1kuAukMKfL/t0OdcaMZdnbCdNzSXkktoahLGOhB gY8FYVxg0Te1NC/XIJVMw1+Rw7k/NI8LQOfL8wa+vy1mEN0JXQUuE8hOdXXQ5T50L4Y/ c/6SOrocsrQNO6/LJPlXnDCRmxru3NnmJQDdbBiyJ2J55/bC5mrDm7er9T3XtkbE1VM/ bTRGSA+Wutp24ACbGZv+tGXlNNGTmP/zW1A5k9m1x7VHxzQ8Ke1hgJ+6xsEGXMkMCfWn PXcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=Vv+oDbGt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g13si1719369pgk.165.2018.11.26.15.28.45; Mon, 26 Nov 2018 15:29:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=Vv+oDbGt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727637AbeK0KXm (ORCPT + 99 others); Tue, 27 Nov 2018 05:23:42 -0500 Received: from sonic315-27.consmr.mail.ne1.yahoo.com ([66.163.190.153]:42999 "EHLO sonic315-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727415AbeK0KXm (ORCPT ); Tue, 27 Nov 2018 05:23:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1543274875; bh=uAsv0IIeDWSBnAMhoEuAjy66Q65DNfoetbmf/Y4U8Ws=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=Vv+oDbGt6fv+Z0GzAncTzpPLUgB1s/WrJOkqTVOQ8y7OLpOci6wwLj+NxAOBohmcHgkqqMSmZ7CvD8wYbk0klI9cputrVrf6lHeB7uaAdV1/z6co/RhR+eu3HS1tmEhQo6z4Xs0FjMnUwQsSH1mZxIOxtMV5CPVpV4iOJO4y+7BdeUWcVdV/KlhmvV4Lf8sM9z3304T8wQWu1LyHsF93S9P051gV/AjAAQN6VguKn8FEaQ7STyBK/4GEwgA/tXkovgu38IHGZkHQy6YjsrOlolve6cftPtSrJhLQSOgYHVluT3t9zl4Q4MjZtEV0rXGN8tfaljXQdwOsP+N20bjn0Q== X-YMail-OSG: Nj.aEXIVM1lUXF02v81_KH.zP1WeFBOlEm4HBVY9SelHVnfAuIZvsG78agi8mkd 8zgi8Zqs92zwbuFR_P2b2UxT3GXTXsK3NQn5BeON4BSB8kvc_alDbpbtIrzBBJBy583TRUMXU1eN LRd3y599IVYMK_BJS_EO14Su8OaWXRiaSPv7zC.EJQTeFxZMM6l7nGh4Wn_zbiq.y1fCy4BbIeqF ON5Laoq1euO_M3GEcadMYviaGc8geHLFZvBBqbri4fR91A7y7k4ud1YqOC34Z7dymPm3YeiwCIzj KXaynErXdn.ye5HkJEPh7ZsgK9XtBFAdeXYi1dfRNxemKGD3B2HxgO8EAR1SYgOOLfSTuKolIbCL bNPMpR223fIJfb9o0NaLDphXYgHTw.xQF8E1N4DVjZ00rfuyvA3HdTERpfcv9rzCO65hXtnNhfCn kyFlQNZQo.c1R9_H4a2yOubfHb6vLQtBvjybI9OwU_UcuaN9ZYHU_dRS7vXVDSkxsLy5fmfRUxhu kiSpwr_HMkdVCK6tUSNFM3RMtDBn7PLY4Th35DdGJEpfLX8veRr3GVWqF6hXmiQWnw9kTnnxRBYY aibpGNd0NDKWsqag.2jfDVGVmGtjcCdUrJ_z9ZF4SYxe_zwPiPiV3IXu_29jJu2d0dv_RWWMxJLT 0flmRtYohdY4pDz1jGDLk2oiRx_nRQUIg_wzaaM2ENddTq.n2xcqo39j2CXNY0ErnjCiaCs7RtaB ouEMHLpTub72FYyVNQIE8NTt9WNSHZFx8MZSPbkapePuTneAbCo4pPNK1kxqyW2agtwhBmD7am6f YWUTAbrBTT5O3XMd7eiKxewqYhwTUJ0cRWGE.C2hH3ECdCyOcuS6CmqotlQTZWI63au_vNTwxW95 aZmtXZbPqZb7lgZJ7Dm.iWAMZIfj6hKtCYqaQetLdJDQCwqXokevll1.vXVKo7cCyjLQAT8unuSa OPajpEYYPnIh3CYEQm3k77KY7Ehs89sNCY12Yy7FtUuta293Ym5EaS54W0Hhzbbm2g6aGlJyiBHB z2QHDtHY9MhA6obP3bYn2CFD1nNj0W9yGaaLcyicS_YOS5jhT8zVLHiSnSMF1.u_iNZ6ExqfR6Wq MYclnfJ4Y8px_lp7CbHs30FtwcDVR.rwk2emkaBfq Received: from sonic.gate.mail.ne1.yahoo.com by sonic315.consmr.mail.ne1.yahoo.com with HTTP; Mon, 26 Nov 2018 23:27:55 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.105]) ([67.169.65.224]) by smtp428.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 70cf2dfb53e39d77ff97b153171fb3f4; Mon, 26 Nov 2018 23:27:52 +0000 (UTC) Subject: [PATCH v5 02/38] LSM: Provide separate ordered initialization To: James Morris , LSM , LKLM , SE Linux Cc: John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , "linux-fsdevel@vger.kernel.org" , Stephen Smalley , Alexey Dobriyan , =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , Salvatore Mesoraca References: <50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com> From: Casey Schaufler Message-ID: <163ac5dd-b78f-15d9-79c8-5adbe3fa100c@schaufler-ca.com> Date: Mon, 26 Nov 2018 15:27:49 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This provides a place for ordered LSMs to be initialized, separate from the "major" LSMs. This is mainly a copy/paste from major_lsm_init() to ordered_lsm_init(), but it will change drastically in later patches. What is not obvious in the patch is that this change moves the integrity LSM from major_lsm_init() into ordered_lsm_init(), since it is not marked with the LSM_FLAG_LEGACY_MAJOR. As it is the only LSM in the "ordered" list, there is no reordering yet created. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen --- security/security.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/security/security.c b/security/security.c index 04d173eb93f6..0688dfd57e95 100644 --- a/security/security.c +++ b/security/security.c @@ -52,12 +52,30 @@ static __initdata bool debug; pr_info(__VA_ARGS__); \ } while (0) +static void __init ordered_lsm_init(void) +{ + struct lsm_info *lsm; + int ret; + + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) != 0) + continue; + + init_debug("initializing %s\n", lsm->name); + ret = lsm->init(); + WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); + } +} + static void __init major_lsm_init(void) { struct lsm_info *lsm; int ret; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) + continue; + init_debug("initializing %s\n", lsm->name); ret = lsm->init(); WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); @@ -87,6 +105,9 @@ int __init security_init(void) yama_add_hooks(); loadpin_add_hooks(); + /* Load LSMs in specified order. */ + ordered_lsm_init(); + /* * Load all the remaining security modules. */ -- 2.14.5