apparmor: move initcalls to the LSM framework

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Reviewed-by: Kees Cook <kees@kernel.org>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

Paul Moore 5 months ago 7cbe1135 d3ba8f80

+13 -6

5 changed files

expand all

security

apparmor

apparmorfs.c

crypto.c

include

apparmorfs.h

crypto.h

lsm.c

+1 -3

security/apparmor/apparmorfs.c

··· 2649 2649 * 2650 2650 * Returns: error on failure 2651 2651 */ 2652 - static int __init aa_create_aafs(void) 2652 + int __init aa_create_aafs(void) 2653 2653 { 2654 2654 struct dentry *dent; 2655 2655 int error; ··· 2728 2728 AA_ERROR("Error creating AppArmor securityfs\n"); 2729 2729 return error; 2730 2730 } 2731 - 2732 - fs_initcall(aa_create_aafs);

+1 -2

security/apparmor/crypto.c

··· 53 53 return 0; 54 54 } 55 55 56 - static int __init init_profile_hash(void) 56 + int __init init_profile_hash(void) 57 57 { 58 58 if (apparmor_initialized) 59 59 aa_info_message("AppArmor sha256 policy hashing enabled"); 60 60 return 0; 61 61 } 62 - late_initcall(init_profile_hash);

security/apparmor/include/apparmorfs.h

··· 104 104 #define prof_dir(X) ((X)->dents[AAFS_PROF_DIR]) 105 105 #define prof_child_dir(X) ((X)->dents[AAFS_PROF_PROFS]) 106 106 107 + int aa_create_aafs(void); 108 + 107 109 void __aa_bump_ns_revision(struct aa_ns *ns); 108 110 void __aafs_profile_rmdir(struct aa_profile *profile); 109 111 void __aafs_profile_migrate_dents(struct aa_profile *old,

security/apparmor/include/crypto.h

··· 13 13 #include "policy.h" 14 14 15 15 #ifdef CONFIG_SECURITY_APPARMOR_HASH 16 + int init_profile_hash(void); 16 17 unsigned int aa_hash_size(void); 17 18 char *aa_calc_hash(void *data, size_t len); 18 19 int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,

+8 -1

security/apparmor/lsm.c

··· 32 32 #include "include/audit.h" 33 33 #include "include/capability.h" 34 34 #include "include/cred.h" 35 + #include "include/crypto.h" 35 36 #include "include/file.h" 36 37 #include "include/ipc.h" 37 38 #include "include/net.h" ··· 2427 2426 2428 2427 return 0; 2429 2428 } 2430 - __initcall(apparmor_nf_ip_init); 2431 2429 #endif 2432 2430 2433 2431 static char nulldfa_src[] __aligned(8) = { ··· 2560 2560 .enabled = &apparmor_enabled, 2561 2561 .blobs = &apparmor_blob_sizes, 2562 2562 .init = apparmor_init, 2563 + .initcall_fs = aa_create_aafs, 2564 + #if defined(CONFIG_NETFILTER) && defined(CONFIG_NETWORK_SECMARK) 2565 + .initcall_device = apparmor_nf_ip_init, 2566 + #endif 2567 + #ifdef CONFIG_SECURITY_APPARMOR_HASH 2568 + .initcall_late = init_profile_hash, 2569 + #endif 2563 2570 };