• Mickaël Salaün's avatar
    LSM: Enable multiple calls to security_add_hooks() for the same LSM · 3bb857e4
    Mickaël Salaün authored
    The commit d69dece5 ("LSM: Add /sys/kernel/security/lsm") extend
    security_add_hooks() with a new parameter to register the LSM name,
    which may be useful to make the list of currently loaded LSM available
    to userspace. However, there is no clean way for an LSM to split its
    hook declarations into multiple files, which may reduce the mess with
    all the included files (needed for LSM hook argument types) and make the
    source code easier to review and maintain.
    This change allows an LSM to register multiple times its hook while
    keeping a consistent list of LSM names as described in
    Documentation/security/LSM.txt . The list reflects the order in which
    checks are made. This patch only check for the last registered LSM. If
    an LSM register multiple times its hooks, interleaved with other LSM
    registrations (which should not happen), its name will still appear in
    the same order that the hooks are called, hence multiple times.
    To sum up, "capability,selinux,foo,foo" will be replaced with
    "capability,selinux,foo", however "capability,foo,selinux,foo" will
    remain as is.
    Signed-off-by: default avatarMickaël Salaün <mic@digikod.net>
    Acked-by: default avatarKees Cook <keescook@chromium.org>
    Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
    Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
security.c 41.5 KB