tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / security / landlock / setup.c
at master 1.8 kB view raw
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Landlock LSM - Security framework setup 4 * 5 * Copyright © 2016-2020 Mickaël Salaün <mic@digikod.net> 6 * Copyright © 2018-2020 ANSSI 7 */ 8 9#include <linux/bits.h> 10#include <linux/init.h> 11#include <linux/lsm_hooks.h> 12#include <uapi/linux/lsm.h> 13 14#include "common.h" 15#include "cred.h" 16#include "errata.h" 17#include "fs.h" 18#include "id.h" 19#include "net.h" 20#include "setup.h" 21#include "task.h" 22 23bool landlock_initialized __ro_after_init = false; 24 25const struct lsm_id landlock_lsmid = { 26 .name = LANDLOCK_NAME, 27 .id = LSM_ID_LANDLOCK, 28}; 29 30struct lsm_blob_sizes landlock_blob_sizes __ro_after_init = { 31 .lbs_cred = sizeof(struct landlock_cred_security), 32 .lbs_file = sizeof(struct landlock_file_security), 33 .lbs_inode = sizeof(struct landlock_inode_security), 34 .lbs_superblock = sizeof(struct landlock_superblock_security), 35}; 36 37int landlock_errata __ro_after_init; 38 39static void __init compute_errata(void) 40{ 41 size_t i; 42 43#ifndef __has_include 44 /* 45 * This is a safeguard to make sure the compiler implements 46 * __has_include (see errata.h). 47 */ 48 WARN_ON_ONCE(1); 49 return; 50#endif 51 52 for (i = 0; landlock_errata_init[i].number; i++) { 53 const int prev_errata = landlock_errata; 54 55 if (WARN_ON_ONCE(landlock_errata_init[i].abi > 56 landlock_abi_version)) 57 continue; 58 59 landlock_errata |= BIT(landlock_errata_init[i].number - 1); 60 WARN_ON_ONCE(prev_errata == landlock_errata); 61 } 62} 63 64static int __init landlock_init(void) 65{ 66 compute_errata(); 67 landlock_add_cred_hooks(); 68 landlock_add_task_hooks(); 69 landlock_add_fs_hooks(); 70 landlock_add_net_hooks(); 71 landlock_init_id(); 72 landlock_initialized = true; 73 pr_info("Up and running.\n"); 74 return 0; 75} 76 77DEFINE_LSM(LANDLOCK_NAME) = { 78 .id = &landlock_lsmid, 79 .init = landlock_init, 80 .blobs = &landlock_blob_sizes, 81};