lsm: split the notifier code out into lsm_notifier.c

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In an effort to decompose security/security.c somewhat to make it less
twisted and unwieldy, pull out the LSM notifier code into a new file
as it is fairly well self-contained.

No code changes.

Reviewed-by: Kees Cook <kees@kernel.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

Paul Moore 5 months ago a5e7c17c 211ddde0

+32 -24

3 changed files

expand all

security

Makefile

lsm_notifier.c

security.c

+1 -1

security/Makefile

··· 11 11 obj-$(CONFIG_MMU) += min_addr.o 12 12 13 13 # Object file lists 14 - obj-$(CONFIG_SECURITY) += security.o 14 + obj-$(CONFIG_SECURITY) += security.o lsm_notifier.o 15 15 obj-$(CONFIG_SECURITYFS) += inode.o 16 16 obj-$(CONFIG_SECURITY_SELINUX) += selinux/ 17 17 obj-$(CONFIG_SECURITY_SMACK) += smack/

+31

security/lsm_notifier.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-or-later 2 + /* 3 + * LSM notifier functions 4 + * 5 + */ 6 + 7 + #include <linux/notifier.h> 8 + #include <linux/security.h> 9 + 10 + static BLOCKING_NOTIFIER_HEAD(blocking_lsm_notifier_chain); 11 + 12 + int call_blocking_lsm_notifier(enum lsm_event event, void *data) 13 + { 14 + return blocking_notifier_call_chain(&blocking_lsm_notifier_chain, 15 + event, data); 16 + } 17 + EXPORT_SYMBOL(call_blocking_lsm_notifier); 18 + 19 + int register_blocking_lsm_notifier(struct notifier_block *nb) 20 + { 21 + return blocking_notifier_chain_register(&blocking_lsm_notifier_chain, 22 + nb); 23 + } 24 + EXPORT_SYMBOL(register_blocking_lsm_notifier); 25 + 26 + int unregister_blocking_lsm_notifier(struct notifier_block *nb) 27 + { 28 + return blocking_notifier_chain_unregister(&blocking_lsm_notifier_chain, 29 + nb); 30 + } 31 + EXPORT_SYMBOL(unregister_blocking_lsm_notifier);

-23

security/security.c

··· 90 90 [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", 91 91 }; 92 92 93 - static BLOCKING_NOTIFIER_HEAD(blocking_lsm_notifier_chain); 94 - 95 93 static struct kmem_cache *lsm_file_cache; 96 94 static struct kmem_cache *lsm_inode_cache; 97 95 ··· 646 648 panic("%s - Cannot get early memory.\n", __func__); 647 649 } 648 650 } 649 - 650 - int call_blocking_lsm_notifier(enum lsm_event event, void *data) 651 - { 652 - return blocking_notifier_call_chain(&blocking_lsm_notifier_chain, 653 - event, data); 654 - } 655 - EXPORT_SYMBOL(call_blocking_lsm_notifier); 656 - 657 - int register_blocking_lsm_notifier(struct notifier_block *nb) 658 - { 659 - return blocking_notifier_chain_register(&blocking_lsm_notifier_chain, 660 - nb); 661 - } 662 - EXPORT_SYMBOL(register_blocking_lsm_notifier); 663 - 664 - int unregister_blocking_lsm_notifier(struct notifier_block *nb) 665 - { 666 - return blocking_notifier_chain_unregister(&blocking_lsm_notifier_chain, 667 - nb); 668 - } 669 - EXPORT_SYMBOL(unregister_blocking_lsm_notifier); 670 651 671 652 /** 672 653 * lsm_blob_alloc - allocate a composite blob