tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
lsm: rework lsm_active_cnt and lsm_idlist[]
Move the LSM active count and lsm_id list declarations out of a header
that is visible across the kernel and into a header that is limited to
the LSM framework. This not only helps keep the include/linux headers
smaller and cleaner, it helps prevent misuse of these variables.
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
+10
-8
-2
include/linux/security.h
-2
include/linux/security.h
···
167
167
};
168
168
169
169
extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
170
-
extern u32 lsm_active_cnt;
171
-
extern const struct lsm_id *lsm_idlist[];
172
170
173
171
/* These functions are in security/commoncap.c */
174
172
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
+5
security/lsm.h
+5
security/lsm.h
···
7
7
#define _LSM_H_
8
8
9
9
#include <linux/lsm_hooks.h>
10
+
#include <linux/lsm_count.h>
11
+
12
+
/* List of configured LSMs */
13
+
extern unsigned int lsm_active_cnt;
14
+
extern const struct lsm_id *lsm_idlist[];
10
15
11
16
/* LSM blob configuration */
12
17
extern struct lsm_blob_sizes blob_sizes;
-6
security/lsm_init.c
-6
security/lsm_init.c
···
217
217
}
218
218
}
219
219
220
-
/*
221
-
* Current index to use while initializing the lsm id list.
222
-
*/
223
-
u32 lsm_active_cnt __ro_after_init;
224
-
const struct lsm_id *lsm_idlist[MAX_LSM_COUNT];
225
-
226
220
/* Populate ordered LSMs list from comma-separated LSM name list. */
227
221
static void __init ordered_lsm_parse(const char *order, const char *origin)
228
222
{
+2
security/lsm_syscalls.c
+2
security/lsm_syscalls.c