include/linux/lsm_count.h at master · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / include / linux / lsm_count.h
at master 2.4 kB view raw
  1/* SPDX-License-Identifier: GPL-2.0 */
  2
  3/*
  4 * Copyright (C) 2023 Google LLC.
  5 */
  6
  7#ifndef __LINUX_LSM_COUNT_H
  8#define __LINUX_LSM_COUNT_H
  9
 10#include <linux/args.h>
 11
 12#ifdef CONFIG_SECURITY
 13
 14/*
 15 * Macros to count the number of LSMs enabled in the kernel at compile time.
 16 */
 17
 18/*
 19 * Capabilities is enabled when CONFIG_SECURITY is enabled.
 20 */
 21#if IS_ENABLED(CONFIG_SECURITY)
 22#define CAPABILITIES_ENABLED 1,
 23#else
 24#define CAPABILITIES_ENABLED
 25#endif
 26
 27#if IS_ENABLED(CONFIG_SECURITY_SELINUX)
 28#define SELINUX_ENABLED 1,
 29#else
 30#define SELINUX_ENABLED
 31#endif
 32
 33#if IS_ENABLED(CONFIG_SECURITY_SMACK)
 34#define SMACK_ENABLED 1,
 35#else
 36#define SMACK_ENABLED
 37#endif
 38
 39#if IS_ENABLED(CONFIG_SECURITY_APPARMOR)
 40#define APPARMOR_ENABLED 1,
 41#else
 42#define APPARMOR_ENABLED
 43#endif
 44
 45#if IS_ENABLED(CONFIG_SECURITY_TOMOYO)
 46#define TOMOYO_ENABLED 1,
 47#else
 48#define TOMOYO_ENABLED
 49#endif
 50
 51#if IS_ENABLED(CONFIG_SECURITY_YAMA)
 52#define YAMA_ENABLED 1,
 53#else
 54#define YAMA_ENABLED
 55#endif
 56
 57#if IS_ENABLED(CONFIG_SECURITY_LOADPIN)
 58#define LOADPIN_ENABLED 1,
 59#else
 60#define LOADPIN_ENABLED
 61#endif
 62
 63#if IS_ENABLED(CONFIG_SECURITY_LOCKDOWN_LSM)
 64#define LOCKDOWN_ENABLED 1,
 65#else
 66#define LOCKDOWN_ENABLED
 67#endif
 68
 69#if IS_ENABLED(CONFIG_SECURITY_SAFESETID)
 70#define SAFESETID_ENABLED 1,
 71#else
 72#define SAFESETID_ENABLED
 73#endif
 74
 75#if IS_ENABLED(CONFIG_BPF_LSM)
 76#define BPF_LSM_ENABLED 1,
 77#else
 78#define BPF_LSM_ENABLED
 79#endif
 80
 81#if IS_ENABLED(CONFIG_SECURITY_LANDLOCK)
 82#define LANDLOCK_ENABLED 1,
 83#else
 84#define LANDLOCK_ENABLED
 85#endif
 86
 87#if IS_ENABLED(CONFIG_IMA)
 88#define IMA_ENABLED 1,
 89#else
 90#define IMA_ENABLED
 91#endif
 92
 93#if IS_ENABLED(CONFIG_EVM)
 94#define EVM_ENABLED 1,
 95#else
 96#define EVM_ENABLED
 97#endif
 98
 99#if IS_ENABLED(CONFIG_SECURITY_IPE)
100#define IPE_ENABLED 1,
101#else
102#define IPE_ENABLED
103#endif
104
105/*
106 *  There is a trailing comma that we need to be accounted for. This is done by
107 *  using a skipped argument in __COUNT_LSMS
108 */
109#define __COUNT_LSMS(skipped_arg, args...) COUNT_ARGS(args...)
110#define COUNT_LSMS(args...) __COUNT_LSMS(args)
111
112#define MAX_LSM_COUNT			\
113	COUNT_LSMS(			\
114		CAPABILITIES_ENABLED	\
115		SELINUX_ENABLED		\
116		SMACK_ENABLED		\
117		APPARMOR_ENABLED	\
118		TOMOYO_ENABLED		\
119		YAMA_ENABLED		\
120		LOADPIN_ENABLED		\
121		LOCKDOWN_ENABLED	\
122		SAFESETID_ENABLED	\
123		BPF_LSM_ENABLED		\
124		LANDLOCK_ENABLED	\
125		IMA_ENABLED		\
126		EVM_ENABLED		\
127		IPE_ENABLED)
128
129#else
130
131#define MAX_LSM_COUNT 0
132
133#endif /* CONFIG_SECURITY */
134
135#endif  /* __LINUX_LSM_COUNT_H */