tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

LSM: Switch to lists of hooks

Instead of using a vector of security operations
with explicit, special case stacking of the capability
and yama hooks use lists of hooks with capability and
yama hooks included as appropriate.

The security_operations structure is no longer required.
Instead, there is a union of the function pointers that
allows all the hooks lists to use a common mechanism for
list management while retaining typing. Each module
supplies an array describing the hooks it provides instead
of a sparsely populated security_operations structure.
The description includes the element that gets put on
the hook list, avoiding the issues surrounding individual
element allocation.

The method for registering security modules is changed to
reflect the information available. The method for removing
a module, currently only used by SELinux, has also changed.
It should be generic now, however if there are potential
race conditions based on ordering of hook removal that needs
to be addressed by the calling module.

The security hooks are called from the lists and the first
failure is returned.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.l.morris@oracle.com>

authored by

Casey Schaufler and committed by
James Morris b1d9e6b0 e20b043a

+628 -388
+53 -24
include/linux/lsm_hooks.h
··· 25 25 #define __LINUX_LSM_HOOKS_H 26 26 27 27 #include <linux/security.h> 28 - 29 - /* Maximum number of letters for an LSM name string */ 30 - #define SECURITY_NAME_MAX 10 31 - 32 - #ifdef CONFIG_SECURITY 28 + #include <linux/init.h> 29 + #include <linux/rculist.h> 33 30 34 31 /** 35 - * struct security_operations - main security structure 36 - * 37 - * Security module identifier. 38 - * 39 - * @name: 40 - * A string that acts as a unique identifier for the LSM with max number 41 - * of characters = SECURITY_NAME_MAX. 42 - * 43 32 * Security hooks for program execution operations. 44 33 * 45 34 * @bprm_set_creds: ··· 1299 1310 * This is the main security structure. 1300 1311 */ 1301 1312 1302 - struct security_operations { 1303 - char name[SECURITY_NAME_MAX + 1]; 1304 - 1313 + union security_list_options { 1305 1314 int (*binder_set_context_mgr)(struct task_struct *mgr); 1306 1315 int (*binder_transaction)(struct task_struct *from, 1307 1316 struct task_struct *to); ··· 1825 1838 }; 1826 1839 1827 1840 /* 1841 + * Security module hook list structure. 1842 + * For use with generic list macros for common operations. 1843 + */ 1844 + struct security_hook_list { 1845 + struct list_head list; 1846 + struct list_head *head; 1847 + union security_list_options hook; 1848 + }; 1849 + 1850 + /* 1828 1851 * Initializing a security_hook_list structure takes 1829 1852 * up a lot of space in a source file. This macro takes 1830 1853 * care of the common case and reduces the amount of 1831 1854 * text involved. 1832 - * Casey says: Comment is true in the next patch. 1833 1855 */ 1834 - #define LSM_HOOK_INIT(HEAD, HOOK) .HEAD = HOOK 1856 + #define LSM_HOOK_INIT(HEAD, HOOK) \ 1857 + { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } } 1835 1858 1836 - /* prototypes */ 1837 - extern int security_module_enable(struct security_operations *ops); 1838 - extern int register_security(struct security_operations *ops); 1839 - extern void __init security_fixup_ops(struct security_operations *ops); 1840 - extern void reset_security_ops(void); 1859 + extern struct security_hook_heads security_hook_heads; 1841 1860 1842 - #endif /* CONFIG_SECURITY */ 1861 + static inline void security_add_hooks(struct security_hook_list *hooks, 1862 + int count) 1863 + { 1864 + int i; 1865 + 1866 + for (i = 0; i < count; i++) 1867 + list_add_tail_rcu(&hooks[i].list, hooks[i].head); 1868 + } 1869 + 1870 + #ifdef CONFIG_SECURITY_SELINUX_DISABLE 1871 + /* 1872 + * Assuring the safety of deleting a security module is up to 1873 + * the security module involved. This may entail ordering the 1874 + * module's hook list in a particular way, refusing to disable 1875 + * the module once a policy is loaded or any number of other 1876 + * actions better imagined than described. 1877 + * 1878 + * The name of the configuration option reflects the only module 1879 + * that currently uses the mechanism. Any developer who thinks 1880 + * disabling their module is a good idea needs to be at least as 1881 + * careful as the SELinux team. 1882 + */ 1883 + static inline void security_delete_hooks(struct security_hook_list *hooks, 1884 + int count) 1885 + { 1886 + int i; 1887 + 1888 + for (i = 0; i < count; i++) 1889 + list_del_rcu(&hooks[i].list); 1890 + } 1891 + #endif /* CONFIG_SECURITY_SELINUX_DISABLE */ 1892 + 1893 + extern int __init security_module_enable(const char *module); 1894 + extern void __init capability_add_hooks(void); 1895 + #ifdef CONFIG_SECURITY_YAMA_STACKED 1896 + void __init yama_add_hooks(void); 1897 + #endif 1843 1898 1844 1899 #endif /* ! __LINUX_LSM_HOOKS_H */
+4 -42
include/linux/security.h
··· 27 27 #include <linux/slab.h> 28 28 #include <linux/err.h> 29 29 #include <linux/string.h> 30 + #include <linux/mm.h> 30 31 31 32 struct linux_binprm; 32 33 struct cred; ··· 55 54 struct xfrm_sec_ctx; 56 55 struct mm_struct; 57 56 58 - /* Maximum number of letters for an LSM name string */ 59 - #define SECURITY_NAME_MAX 10 60 - 61 57 /* If capable should audit the security request */ 62 58 #define SECURITY_CAP_NOAUDIT 0 63 59 #define SECURITY_CAP_AUDIT 1 ··· 67 69 struct user_namespace; 68 70 struct timezone; 69 71 70 - /* 71 - * These functions are in security/capability.c and are used 72 - * as the default capabilities functions 73 - */ 72 + /* These functions are in security/commoncap.c */ 74 73 extern int cap_capable(const struct cred *cred, struct user_namespace *ns, 75 74 int cap, int audit); 76 75 extern int cap_settime(const struct timespec *ts, const struct timezone *tz); ··· 108 113 struct xfrm_state; 109 114 struct xfrm_user_sec_ctx; 110 115 struct seq_file; 111 - 112 - extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); 113 116 114 117 #ifdef CONFIG_MMU 115 118 extern unsigned long mmap_min_addr; ··· 465 472 466 473 static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) 467 474 { 468 - return cap_vm_enough_memory(mm, pages); 475 + return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages)); 469 476 } 470 477 471 478 static inline int security_bprm_set_creds(struct linux_binprm *bprm) ··· 1068 1075 1069 1076 static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb) 1070 1077 { 1071 - return cap_netlink_send(sk, skb); 1078 + return 0; 1072 1079 } 1073 1080 1074 1081 static inline int security_ismaclabel(const char *name) ··· 1635 1642 static inline void free_secdata(void *secdata) 1636 1643 { } 1637 1644 #endif /* CONFIG_SECURITY */ 1638 - 1639 - #ifdef CONFIG_SECURITY_YAMA 1640 - extern int yama_ptrace_access_check(struct task_struct *child, 1641 - unsigned int mode); 1642 - extern int yama_ptrace_traceme(struct task_struct *parent); 1643 - extern void yama_task_free(struct task_struct *task); 1644 - extern int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3, 1645 - unsigned long arg4, unsigned long arg5); 1646 - #else 1647 - static inline int yama_ptrace_access_check(struct task_struct *child, 1648 - unsigned int mode) 1649 - { 1650 - return 0; 1651 - } 1652 - 1653 - static inline int yama_ptrace_traceme(struct task_struct *parent) 1654 - { 1655 - return 0; 1656 - } 1657 - 1658 - static inline void yama_task_free(struct task_struct *task) 1659 - { 1660 - } 1661 - 1662 - static inline int yama_task_prctl(int option, unsigned long arg2, 1663 - unsigned long arg3, unsigned long arg4, 1664 - unsigned long arg5) 1665 - { 1666 - return -ENOSYS; 1667 - } 1668 - #endif /* CONFIG_SECURITY_YAMA */ 1669 1645 1670 1646 #endif /* ! __LINUX_SECURITY_H */ 1671 1647
+1 -1
security/Makefile
··· 14 14 obj-$(CONFIG_MMU) += min_addr.o 15 15 16 16 # Object file lists 17 - obj-$(CONFIG_SECURITY) += security.o capability.o 17 + obj-$(CONFIG_SECURITY) += security.o 18 18 obj-$(CONFIG_SECURITYFS) += inode.o 19 19 obj-$(CONFIG_SECURITY_SELINUX) += selinux/ 20 20 obj-$(CONFIG_SECURITY_SMACK) += smack/
+4 -8
security/apparmor/domain.c
··· 347 347 file_inode(bprm->file)->i_mode 348 348 }; 349 349 const char *name = NULL, *target = NULL, *info = NULL; 350 - int error = cap_bprm_set_creds(bprm); 351 - if (error) 352 - return error; 350 + int error = 0; 353 351 354 352 if (bprm->cred_prepared) 355 353 return 0; ··· 529 531 */ 530 532 int apparmor_bprm_secureexec(struct linux_binprm *bprm) 531 533 { 532 - int ret = cap_bprm_secureexec(bprm); 533 - 534 534 /* the decision to use secure exec is computed in set_creds 535 535 * and stored in bprm->unsafe. 536 536 */ 537 - if (!ret && (bprm->unsafe & AA_SECURE_X_NEEDED)) 538 - ret = 1; 537 + if (bprm->unsafe & AA_SECURE_X_NEEDED) 538 + return 1; 539 539 540 - return ret; 540 + return 0; 541 541 } 542 542 543 543 /**
+14 -37
security/apparmor/lsm.c
··· 96 96 static int apparmor_ptrace_access_check(struct task_struct *child, 97 97 unsigned int mode) 98 98 { 99 - int error = cap_ptrace_access_check(child, mode); 100 - if (error) 101 - return error; 102 - 103 99 return aa_ptrace(current, child, mode); 104 100 } 105 101 106 102 static int apparmor_ptrace_traceme(struct task_struct *parent) 107 103 { 108 - int error = cap_ptrace_traceme(parent); 109 - if (error) 110 - return error; 111 - 112 104 return aa_ptrace(parent, current, PTRACE_MODE_ATTACH); 113 105 } 114 106 ··· 115 123 cred = __task_cred(target); 116 124 profile = aa_cred_profile(cred); 117 125 118 - *effective = cred->cap_effective; 119 - *inheritable = cred->cap_inheritable; 120 - *permitted = cred->cap_permitted; 121 - 126 + /* 127 + * cap_capget is stacked ahead of this and will 128 + * initialize effective and permitted. 129 + */ 122 130 if (!unconfined(profile) && !COMPLAIN_MODE(profile)) { 123 131 *effective = cap_intersect(*effective, profile->caps.allow); 124 132 *permitted = cap_intersect(*permitted, profile->caps.allow); ··· 132 140 int cap, int audit) 133 141 { 134 142 struct aa_profile *profile; 135 - /* cap_capable returns 0 on success, else -EPERM */ 136 - int error = cap_capable(cred, ns, cap, audit); 137 - if (!error) { 138 - profile = aa_cred_profile(cred); 139 - if (!unconfined(profile)) 140 - error = aa_capable(profile, cap, audit); 141 - } 143 + int error = 0; 144 + 145 + profile = aa_cred_profile(cred); 146 + if (!unconfined(profile)) 147 + error = aa_capable(profile, cap, audit); 142 148 return error; 143 149 } 144 150 ··· 605 615 return error; 606 616 } 607 617 608 - static struct security_operations apparmor_ops = { 609 - LSM_HOOK_INIT(name, "apparmor"), 610 - 618 + static struct security_hook_list apparmor_hooks[] = { 611 619 LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), 612 620 LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), 613 621 LSM_HOOK_INIT(capget, apparmor_capget), ··· 628 640 LSM_HOOK_INIT(file_alloc_security, apparmor_file_alloc_security), 629 641 LSM_HOOK_INIT(file_free_security, apparmor_file_free_security), 630 642 LSM_HOOK_INIT(mmap_file, apparmor_mmap_file), 631 - LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 632 643 LSM_HOOK_INIT(file_mprotect, apparmor_file_mprotect), 633 644 LSM_HOOK_INIT(file_lock, apparmor_file_lock), 634 645 ··· 885 898 { 886 899 int error; 887 900 888 - if (!apparmor_enabled || !security_module_enable(&apparmor_ops)) { 901 + if (!apparmor_enabled || !security_module_enable("apparmor")) { 889 902 aa_info_message("AppArmor disabled by boot time parameter"); 890 903 apparmor_enabled = 0; 891 904 return 0; ··· 900 913 error = set_init_cxt(); 901 914 if (error) { 902 915 AA_ERROR("Failed to set context on init task\n"); 903 - goto register_security_out; 916 + aa_free_root_ns(); 917 + goto alloc_out; 904 918 } 905 - 906 - error = register_security(&apparmor_ops); 907 - if (error) { 908 - struct cred *cred = (struct cred *)current->real_cred; 909 - aa_free_task_context(cred_cxt(cred)); 910 - cred_cxt(cred) = NULL; 911 - AA_ERROR("Unable to register AppArmor\n"); 912 - goto register_security_out; 913 - } 919 + security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks)); 914 920 915 921 /* Report that AppArmor successfully initialized */ 916 922 apparmor_initialized = 1; ··· 915 935 aa_info_message("AppArmor initialized"); 916 936 917 937 return error; 918 - 919 - register_security_out: 920 - aa_free_root_ns(); 921 938 922 939 alloc_out: 923 940 aa_destroy_aafs();
+33 -8
security/commoncap.c
··· 12 12 #include <linux/module.h> 13 13 #include <linux/init.h> 14 14 #include <linux/kernel.h> 15 - #include <linux/security.h> 15 + #include <linux/lsm_hooks.h> 16 16 #include <linux/file.h> 17 17 #include <linux/mm.h> 18 18 #include <linux/mman.h> ··· 51 51 " capabilities.\n", fname); 52 52 warned = 1; 53 53 } 54 - } 55 - 56 - int cap_netlink_send(struct sock *sk, struct sk_buff *skb) 57 - { 58 - return 0; 59 54 } 60 55 61 56 /** ··· 936 941 * @pages: The size of the mapping 937 942 * 938 943 * Determine whether the allocation of a new virtual mapping by the current 939 - * task is permitted, returning 0 if permission is granted, -ve if not. 944 + * task is permitted, returning 1 if permission is granted, 0 if not. 940 945 */ 941 946 int cap_vm_enough_memory(struct mm_struct *mm, long pages) 942 947 { ··· 945 950 if (cap_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN, 946 951 SECURITY_CAP_NOAUDIT) == 0) 947 952 cap_sys_admin = 1; 948 - return __vm_enough_memory(mm, pages, cap_sys_admin); 953 + return cap_sys_admin; 949 954 } 950 955 951 956 /* ··· 976 981 { 977 982 return 0; 978 983 } 984 + 985 + #ifdef CONFIG_SECURITY 986 + 987 + struct security_hook_list capability_hooks[] = { 988 + LSM_HOOK_INIT(capable, cap_capable), 989 + LSM_HOOK_INIT(settime, cap_settime), 990 + LSM_HOOK_INIT(ptrace_access_check, cap_ptrace_access_check), 991 + LSM_HOOK_INIT(ptrace_traceme, cap_ptrace_traceme), 992 + LSM_HOOK_INIT(capget, cap_capget), 993 + LSM_HOOK_INIT(capset, cap_capset), 994 + LSM_HOOK_INIT(bprm_set_creds, cap_bprm_set_creds), 995 + LSM_HOOK_INIT(bprm_secureexec, cap_bprm_secureexec), 996 + LSM_HOOK_INIT(inode_need_killpriv, cap_inode_need_killpriv), 997 + LSM_HOOK_INIT(inode_killpriv, cap_inode_killpriv), 998 + LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), 999 + LSM_HOOK_INIT(mmap_file, cap_mmap_file), 1000 + LSM_HOOK_INIT(task_fix_setuid, cap_task_fix_setuid), 1001 + LSM_HOOK_INIT(task_prctl, cap_task_prctl), 1002 + LSM_HOOK_INIT(task_setscheduler, cap_task_setscheduler), 1003 + LSM_HOOK_INIT(task_setioprio, cap_task_setioprio), 1004 + LSM_HOOK_INIT(task_setnice, cap_task_setnice), 1005 + LSM_HOOK_INIT(vm_enough_memory, cap_vm_enough_memory), 1006 + }; 1007 + 1008 + void __init capability_add_hooks(void) 1009 + { 1010 + security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks)); 1011 + } 1012 + 1013 + #endif /* CONFIG_SECURITY */
+475 -97
security/security.c
··· 29 29 30 30 #define MAX_LSM_EVM_XATTR 2 31 31 32 + /* Maximum number of letters for an LSM name string */ 33 + #define SECURITY_NAME_MAX 10 34 + 32 35 /* Boot-time LSM user choice */ 33 36 static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = 34 37 CONFIG_DEFAULT_SECURITY; 35 - 36 - static struct security_operations *security_ops; 37 - static struct security_operations default_security_ops = { 38 - .name = "default", 39 - }; 40 - 41 - static inline int __init verify(struct security_operations *ops) 42 - { 43 - /* verify the security_operations structure exists */ 44 - if (!ops) 45 - return -EINVAL; 46 - security_fixup_ops(ops); 47 - return 0; 48 - } 49 38 50 39 static void __init do_security_initcalls(void) 51 40 { ··· 53 64 */ 54 65 int __init security_init(void) 55 66 { 56 - printk(KERN_INFO "Security Framework initialized\n"); 67 + pr_info("Security Framework initialized\n"); 57 68 58 - security_fixup_ops(&default_security_ops); 59 - security_ops = &default_security_ops; 69 + /* 70 + * Always load the capability module. 71 + */ 72 + capability_add_hooks(); 73 + #ifdef CONFIG_SECURITY_YAMA_STACKED 74 + /* 75 + * If Yama is configured for stacking load it next. 76 + */ 77 + yama_add_hooks(); 78 + #endif 79 + /* 80 + * Load the chosen module if there is one. 81 + * This will also find yama if it is stacking 82 + */ 60 83 do_security_initcalls(); 61 84 62 85 return 0; 63 - } 64 - 65 - void reset_security_ops(void) 66 - { 67 - security_ops = &default_security_ops; 68 86 } 69 87 70 88 /* Save user chosen LSM */ ··· 84 88 85 89 /** 86 90 * security_module_enable - Load given security module on boot ? 87 - * @ops: a pointer to the struct security_operations that is to be checked. 91 + * @module: the name of the module 88 92 * 89 93 * Each LSM must pass this method before registering its own operations 90 94 * to avoid security registration races. This method may also be used ··· 96 100 * choose an alternate LSM at boot time. 97 101 * Otherwise, return false. 98 102 */ 99 - int __init security_module_enable(struct security_operations *ops) 103 + int __init security_module_enable(const char *module) 100 104 { 101 - return !strcmp(ops->name, chosen_lsm); 102 - } 103 - 104 - /** 105 - * register_security - registers a security framework with the kernel 106 - * @ops: a pointer to the struct security_options that is to be registered 107 - * 108 - * This function allows a security module to register itself with the 109 - * kernel security subsystem. Some rudimentary checking is done on the @ops 110 - * value passed to this function. You'll need to check first if your LSM 111 - * is allowed to register its @ops by calling security_module_enable(@ops). 112 - * 113 - * If there is already a security module registered with the kernel, 114 - * an error will be returned. Otherwise %0 is returned on success. 115 - */ 116 - int __init register_security(struct security_operations *ops) 117 - { 118 - if (verify(ops)) { 119 - printk(KERN_DEBUG "%s could not verify " 120 - "security_operations structure.\n", __func__); 121 - return -EINVAL; 122 - } 123 - 124 - if (security_ops != &default_security_ops) 125 - return -EAGAIN; 126 - 127 - security_ops = ops; 128 - 129 - return 0; 105 + return !strcmp(module, chosen_lsm); 130 106 } 131 107 132 108 /* 133 - * Hook operation macros. 109 + * Hook list operation macros. 134 110 * 135 111 * call_void_hook: 136 112 * This is a hook that does not return a value. ··· 111 143 * This is a hook that returns a value. 112 144 */ 113 145 114 - #define call_void_hook(FUNC, ...) security_ops->FUNC(__VA_ARGS__) 115 - #define call_int_hook(FUNC, IRC, ...) security_ops->FUNC(__VA_ARGS__) 146 + #define call_void_hook(FUNC, ...) \ 147 + do { \ 148 + struct security_hook_list *P; \ 149 + \ 150 + list_for_each_entry(P, &security_hook_heads.FUNC, list) \ 151 + P->hook.FUNC(__VA_ARGS__); \ 152 + } while (0) 153 + 154 + #define call_int_hook(FUNC, IRC, ...) ({ \ 155 + int RC = IRC; \ 156 + do { \ 157 + struct security_hook_list *P; \ 158 + \ 159 + list_for_each_entry(P, &security_hook_heads.FUNC, list) { \ 160 + RC = P->hook.FUNC(__VA_ARGS__); \ 161 + if (RC != 0) \ 162 + break; \ 163 + } \ 164 + } while (0); \ 165 + RC; \ 166 + }) 116 167 117 168 /* Security operations */ 118 169 ··· 160 173 161 174 int security_ptrace_access_check(struct task_struct *child, unsigned int mode) 162 175 { 163 - #ifdef CONFIG_SECURITY_YAMA_STACKED 164 - int rc; 165 - rc = yama_ptrace_access_check(child, mode); 166 - if (rc) 167 - return rc; 168 - #endif 169 176 return call_int_hook(ptrace_access_check, 0, child, mode); 170 177 } 171 178 172 179 int security_ptrace_traceme(struct task_struct *parent) 173 180 { 174 - #ifdef CONFIG_SECURITY_YAMA_STACKED 175 - int rc; 176 - rc = yama_ptrace_traceme(parent); 177 - if (rc) 178 - return rc; 179 - #endif 180 181 return call_int_hook(ptrace_traceme, 0, parent); 181 182 } 182 183 ··· 220 245 221 246 int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) 222 247 { 223 - return call_int_hook(vm_enough_memory, 0, mm, pages); 248 + struct security_hook_list *hp; 249 + int cap_sys_admin = 1; 250 + int rc; 251 + 252 + /* 253 + * The module will respond with a positive value if 254 + * it thinks the __vm_enough_memory() call should be 255 + * made with the cap_sys_admin set. If all of the modules 256 + * agree that it should be set it will. If any module 257 + * thinks it should not be set it won't. 258 + */ 259 + list_for_each_entry(hp, &security_hook_heads.vm_enough_memory, list) { 260 + rc = hp->hook.vm_enough_memory(mm, pages); 261 + if (rc <= 0) { 262 + cap_sys_admin = 0; 263 + break; 264 + } 265 + } 266 + return __vm_enough_memory(mm, pages, cap_sys_admin); 224 267 } 225 268 226 269 int security_bprm_set_creds(struct linux_binprm *bprm) ··· 328 335 unsigned long kern_flags, 329 336 unsigned long *set_kern_flags) 330 337 { 331 - return call_int_hook(sb_set_mnt_opts, 0, sb, opts, kern_flags, 332 - set_kern_flags); 338 + return call_int_hook(sb_set_mnt_opts, 339 + opts->num_mnt_opts ? -EOPNOTSUPP : 0, sb, 340 + opts, kern_flags, set_kern_flags); 333 341 } 334 342 EXPORT_SYMBOL(security_sb_set_mnt_opts); 335 343 ··· 363 369 struct qstr *name, void **ctx, 364 370 u32 *ctxlen) 365 371 { 366 - return call_int_hook(dentry_init_security, 0, dentry, mode, name, 367 - ctx, ctxlen); 372 + return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode, 373 + name, ctx, ctxlen); 368 374 } 369 375 EXPORT_SYMBOL(security_dentry_init_security); 370 376 ··· 384 390 NULL, NULL, NULL); 385 391 memset(new_xattrs, 0, sizeof(new_xattrs)); 386 392 lsm_xattr = new_xattrs; 387 - ret = call_int_hook(inode_init_security, 0, inode, dir, qstr, 393 + ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, 388 394 &lsm_xattr->name, 389 395 &lsm_xattr->value, 390 396 &lsm_xattr->value_len); ··· 630 636 631 637 if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 632 638 return 0; 633 - ret = call_int_hook(inode_setxattr, 0, dentry, name, value, size, 639 + /* 640 + * SELinux and Smack integrate the cap call, 641 + * so assume that all LSMs supplying this call do so. 642 + */ 643 + ret = call_int_hook(inode_setxattr, 1, dentry, name, value, size, 634 644 flags); 645 + 646 + if (ret == 1) 647 + ret = cap_inode_setxattr(dentry, name, value, size, flags); 635 648 if (ret) 636 649 return ret; 637 650 ret = ima_inode_setxattr(dentry, name, value, size); ··· 676 675 677 676 if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 678 677 return 0; 679 - ret = call_int_hook(inode_removexattr, 0, dentry, name); 678 + /* 679 + * SELinux and Smack integrate the cap call, 680 + * so assume that all LSMs supplying this call do so. 681 + */ 682 + ret = call_int_hook(inode_removexattr, 1, dentry, name); 683 + if (ret == 1) 684 + ret = cap_inode_removexattr(dentry, name); 680 685 if (ret) 681 686 return ret; 682 687 ret = ima_inode_removexattr(dentry, name); ··· 705 698 { 706 699 if (unlikely(IS_PRIVATE(inode))) 707 700 return -EOPNOTSUPP; 708 - return call_int_hook(inode_getsecurity, 0, inode, name, buffer, alloc); 701 + return call_int_hook(inode_getsecurity, -EOPNOTSUPP, inode, name, 702 + buffer, alloc); 709 703 } 710 704 711 705 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) 712 706 { 713 707 if (unlikely(IS_PRIVATE(inode))) 714 708 return -EOPNOTSUPP; 715 - return call_int_hook(inode_setsecurity, 0, inode, name, value, size, 716 - flags); 709 + return call_int_hook(inode_setsecurity, -EOPNOTSUPP, inode, name, 710 + value, size, flags); 717 711 } 718 712 719 713 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) ··· 855 847 856 848 void security_task_free(struct task_struct *task) 857 849 { 858 - #ifdef CONFIG_SECURITY_YAMA_STACKED 859 - yama_task_free(task); 860 - #endif 861 850 call_void_hook(task_free, task); 862 851 } 863 852 ··· 937 932 938 933 void security_task_getsecid(struct task_struct *p, u32 *secid) 939 934 { 935 + *secid = 0; 940 936 call_void_hook(task_getsecid, p, secid); 941 937 } 942 938 EXPORT_SYMBOL(security_task_getsecid); ··· 992 986 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, 993 987 unsigned long arg4, unsigned long arg5) 994 988 { 995 - #ifdef CONFIG_SECURITY_YAMA_STACKED 996 - int rc; 997 - rc = yama_task_prctl(option, arg2, arg3, arg4, arg5); 998 - if (rc != -ENOSYS) 999 - return rc; 1000 - #endif 1001 - return call_int_hook(task_prctl, 0, option, arg2, arg3, arg4, arg5); 989 + int thisrc; 990 + int rc = -ENOSYS; 991 + struct security_hook_list *hp; 992 + 993 + list_for_each_entry(hp, &security_hook_heads.task_prctl, list) { 994 + thisrc = hp->hook.task_prctl(option, arg2, arg3, arg4, arg5); 995 + if (thisrc != -ENOSYS) { 996 + rc = thisrc; 997 + if (thisrc != 0) 998 + break; 999 + } 1000 + } 1001 + return rc; 1002 1002 } 1003 1003 1004 1004 void security_task_to_inode(struct task_struct *p, struct inode *inode) ··· 1019 1007 1020 1008 void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) 1021 1009 { 1010 + *secid = 0; 1022 1011 call_void_hook(ipc_getsecid, ipcp, secid); 1023 1012 } 1024 1013 ··· 1126 1113 1127 1114 int security_getprocattr(struct task_struct *p, char *name, char **value) 1128 1115 { 1129 - return call_int_hook(getprocattr, 0, p, name, value); 1116 + return call_int_hook(getprocattr, -EINVAL, p, name, value); 1130 1117 } 1131 1118 1132 1119 int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size) 1133 1120 { 1134 - return call_int_hook(setprocattr, 0, p, name, value, size); 1121 + return call_int_hook(setprocattr, -EINVAL, p, name, value, size); 1135 1122 } 1136 1123 1137 1124 int security_netlink_send(struct sock *sk, struct sk_buff *skb) ··· 1147 1134 1148 1135 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 1149 1136 { 1150 - return call_int_hook(secid_to_secctx, 0, secid, secdata, seclen); 1137 + return call_int_hook(secid_to_secctx, -EOPNOTSUPP, secid, secdata, 1138 + seclen); 1151 1139 } 1152 1140 EXPORT_SYMBOL(security_secid_to_secctx); 1153 1141 1154 1142 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 1155 1143 { 1144 + *secid = 0; 1156 1145 return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid); 1157 1146 } 1158 1147 EXPORT_SYMBOL(security_secctx_to_secid); ··· 1179 1164 1180 1165 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 1181 1166 { 1182 - return call_int_hook(inode_getsecctx, 0, inode, ctx, ctxlen); 1167 + return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen); 1183 1168 } 1184 1169 EXPORT_SYMBOL(security_inode_getsecctx); 1185 1170 ··· 1274 1259 int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 1275 1260 int __user *optlen, unsigned len) 1276 1261 { 1277 - return call_int_hook(socket_getpeersec_stream, 0, sock, optval, 1278 - optlen, len); 1262 + return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, 1263 + optval, optlen, len); 1279 1264 } 1280 1265 1281 1266 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) ··· 1453 1438 struct xfrm_policy *xp, 1454 1439 const struct flowi *fl) 1455 1440 { 1456 - return call_int_hook(xfrm_state_pol_flow_match, 0, x, xp, fl); 1441 + struct security_hook_list *hp; 1442 + int rc = 1; 1443 + 1444 + /* 1445 + * Since this function is expected to return 0 or 1, the judgment 1446 + * becomes difficult if multiple LSMs supply this call. Fortunately, 1447 + * we can use the first LSM's judgment because currently only SELinux 1448 + * supplies this call. 1449 + * 1450 + * For speed optimization, we explicitly break the loop rather than 1451 + * using the macro 1452 + */ 1453 + list_for_each_entry(hp, &security_hook_heads.xfrm_state_pol_flow_match, 1454 + list) { 1455 + rc = hp->hook.xfrm_state_pol_flow_match(x, xp, fl); 1456 + break; 1457 + } 1458 + return rc; 1457 1459 } 1458 1460 1459 1461 int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) ··· 1510 1478 1511 1479 int security_key_getsecurity(struct key *key, char **_buffer) 1512 1480 { 1481 + *_buffer = NULL; 1513 1482 return call_int_hook(key_getsecurity, 0, key, _buffer); 1514 1483 } 1515 1484 ··· 1539 1506 return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule, 1540 1507 actx); 1541 1508 } 1542 - 1543 1509 #endif /* CONFIG_AUDIT */ 1510 + 1511 + struct security_hook_heads security_hook_heads = { 1512 + .binder_set_context_mgr = 1513 + LIST_HEAD_INIT(security_hook_heads.binder_set_context_mgr), 1514 + .binder_transaction = 1515 + LIST_HEAD_INIT(security_hook_heads.binder_transaction), 1516 + .binder_transfer_binder = 1517 + LIST_HEAD_INIT(security_hook_heads.binder_transfer_binder), 1518 + .binder_transfer_file = 1519 + LIST_HEAD_INIT(security_hook_heads.binder_transfer_file), 1520 + 1521 + .ptrace_access_check = 1522 + LIST_HEAD_INIT(security_hook_heads.ptrace_access_check), 1523 + .ptrace_traceme = 1524 + LIST_HEAD_INIT(security_hook_heads.ptrace_traceme), 1525 + .capget = LIST_HEAD_INIT(security_hook_heads.capget), 1526 + .capset = LIST_HEAD_INIT(security_hook_heads.capset), 1527 + .capable = LIST_HEAD_INIT(security_hook_heads.capable), 1528 + .quotactl = LIST_HEAD_INIT(security_hook_heads.quotactl), 1529 + .quota_on = LIST_HEAD_INIT(security_hook_heads.quota_on), 1530 + .syslog = LIST_HEAD_INIT(security_hook_heads.syslog), 1531 + .settime = LIST_HEAD_INIT(security_hook_heads.settime), 1532 + .vm_enough_memory = 1533 + LIST_HEAD_INIT(security_hook_heads.vm_enough_memory), 1534 + .bprm_set_creds = 1535 + LIST_HEAD_INIT(security_hook_heads.bprm_set_creds), 1536 + .bprm_check_security = 1537 + LIST_HEAD_INIT(security_hook_heads.bprm_check_security), 1538 + .bprm_secureexec = 1539 + LIST_HEAD_INIT(security_hook_heads.bprm_secureexec), 1540 + .bprm_committing_creds = 1541 + LIST_HEAD_INIT(security_hook_heads.bprm_committing_creds), 1542 + .bprm_committed_creds = 1543 + LIST_HEAD_INIT(security_hook_heads.bprm_committed_creds), 1544 + .sb_alloc_security = 1545 + LIST_HEAD_INIT(security_hook_heads.sb_alloc_security), 1546 + .sb_free_security = 1547 + LIST_HEAD_INIT(security_hook_heads.sb_free_security), 1548 + .sb_copy_data = LIST_HEAD_INIT(security_hook_heads.sb_copy_data), 1549 + .sb_remount = LIST_HEAD_INIT(security_hook_heads.sb_remount), 1550 + .sb_kern_mount = 1551 + LIST_HEAD_INIT(security_hook_heads.sb_kern_mount), 1552 + .sb_show_options = 1553 + LIST_HEAD_INIT(security_hook_heads.sb_show_options), 1554 + .sb_statfs = LIST_HEAD_INIT(security_hook_heads.sb_statfs), 1555 + .sb_mount = LIST_HEAD_INIT(security_hook_heads.sb_mount), 1556 + .sb_umount = LIST_HEAD_INIT(security_hook_heads.sb_umount), 1557 + .sb_pivotroot = LIST_HEAD_INIT(security_hook_heads.sb_pivotroot), 1558 + .sb_set_mnt_opts = 1559 + LIST_HEAD_INIT(security_hook_heads.sb_set_mnt_opts), 1560 + .sb_clone_mnt_opts = 1561 + LIST_HEAD_INIT(security_hook_heads.sb_clone_mnt_opts), 1562 + .sb_parse_opts_str = 1563 + LIST_HEAD_INIT(security_hook_heads.sb_parse_opts_str), 1564 + .dentry_init_security = 1565 + LIST_HEAD_INIT(security_hook_heads.dentry_init_security), 1566 + #ifdef CONFIG_SECURITY_PATH 1567 + .path_unlink = LIST_HEAD_INIT(security_hook_heads.path_unlink), 1568 + .path_mkdir = LIST_HEAD_INIT(security_hook_heads.path_mkdir), 1569 + .path_rmdir = LIST_HEAD_INIT(security_hook_heads.path_rmdir), 1570 + .path_mknod = LIST_HEAD_INIT(security_hook_heads.path_mknod), 1571 + .path_truncate = 1572 + LIST_HEAD_INIT(security_hook_heads.path_truncate), 1573 + .path_symlink = LIST_HEAD_INIT(security_hook_heads.path_symlink), 1574 + .path_link = LIST_HEAD_INIT(security_hook_heads.path_link), 1575 + .path_rename = LIST_HEAD_INIT(security_hook_heads.path_rename), 1576 + .path_chmod = LIST_HEAD_INIT(security_hook_heads.path_chmod), 1577 + .path_chown = LIST_HEAD_INIT(security_hook_heads.path_chown), 1578 + .path_chroot = LIST_HEAD_INIT(security_hook_heads.path_chroot), 1579 + #endif 1580 + .inode_alloc_security = 1581 + LIST_HEAD_INIT(security_hook_heads.inode_alloc_security), 1582 + .inode_free_security = 1583 + LIST_HEAD_INIT(security_hook_heads.inode_free_security), 1584 + .inode_init_security = 1585 + LIST_HEAD_INIT(security_hook_heads.inode_init_security), 1586 + .inode_create = LIST_HEAD_INIT(security_hook_heads.inode_create), 1587 + .inode_link = LIST_HEAD_INIT(security_hook_heads.inode_link), 1588 + .inode_unlink = LIST_HEAD_INIT(security_hook_heads.inode_unlink), 1589 + .inode_symlink = 1590 + LIST_HEAD_INIT(security_hook_heads.inode_symlink), 1591 + .inode_mkdir = LIST_HEAD_INIT(security_hook_heads.inode_mkdir), 1592 + .inode_rmdir = LIST_HEAD_INIT(security_hook_heads.inode_rmdir), 1593 + .inode_mknod = LIST_HEAD_INIT(security_hook_heads.inode_mknod), 1594 + .inode_rename = LIST_HEAD_INIT(security_hook_heads.inode_rename), 1595 + .inode_readlink = 1596 + LIST_HEAD_INIT(security_hook_heads.inode_readlink), 1597 + .inode_follow_link = 1598 + LIST_HEAD_INIT(security_hook_heads.inode_follow_link), 1599 + .inode_permission = 1600 + LIST_HEAD_INIT(security_hook_heads.inode_permission), 1601 + .inode_setattr = 1602 + LIST_HEAD_INIT(security_hook_heads.inode_setattr), 1603 + .inode_getattr = 1604 + LIST_HEAD_INIT(security_hook_heads.inode_getattr), 1605 + .inode_setxattr = 1606 + LIST_HEAD_INIT(security_hook_heads.inode_setxattr), 1607 + .inode_post_setxattr = 1608 + LIST_HEAD_INIT(security_hook_heads.inode_post_setxattr), 1609 + .inode_getxattr = 1610 + LIST_HEAD_INIT(security_hook_heads.inode_getxattr), 1611 + .inode_listxattr = 1612 + LIST_HEAD_INIT(security_hook_heads.inode_listxattr), 1613 + .inode_removexattr = 1614 + LIST_HEAD_INIT(security_hook_heads.inode_removexattr), 1615 + .inode_need_killpriv = 1616 + LIST_HEAD_INIT(security_hook_heads.inode_need_killpriv), 1617 + .inode_killpriv = 1618 + LIST_HEAD_INIT(security_hook_heads.inode_killpriv), 1619 + .inode_getsecurity = 1620 + LIST_HEAD_INIT(security_hook_heads.inode_getsecurity), 1621 + .inode_setsecurity = 1622 + LIST_HEAD_INIT(security_hook_heads.inode_setsecurity), 1623 + .inode_listsecurity = 1624 + LIST_HEAD_INIT(security_hook_heads.inode_listsecurity), 1625 + .inode_getsecid = 1626 + LIST_HEAD_INIT(security_hook_heads.inode_getsecid), 1627 + .file_permission = 1628 + LIST_HEAD_INIT(security_hook_heads.file_permission), 1629 + .file_alloc_security = 1630 + LIST_HEAD_INIT(security_hook_heads.file_alloc_security), 1631 + .file_free_security = 1632 + LIST_HEAD_INIT(security_hook_heads.file_free_security), 1633 + .file_ioctl = LIST_HEAD_INIT(security_hook_heads.file_ioctl), 1634 + .mmap_addr = LIST_HEAD_INIT(security_hook_heads.mmap_addr), 1635 + .mmap_file = LIST_HEAD_INIT(security_hook_heads.mmap_file), 1636 + .file_mprotect = 1637 + LIST_HEAD_INIT(security_hook_heads.file_mprotect), 1638 + .file_lock = LIST_HEAD_INIT(security_hook_heads.file_lock), 1639 + .file_fcntl = LIST_HEAD_INIT(security_hook_heads.file_fcntl), 1640 + .file_set_fowner = 1641 + LIST_HEAD_INIT(security_hook_heads.file_set_fowner), 1642 + .file_send_sigiotask = 1643 + LIST_HEAD_INIT(security_hook_heads.file_send_sigiotask), 1644 + .file_receive = LIST_HEAD_INIT(security_hook_heads.file_receive), 1645 + .file_open = LIST_HEAD_INIT(security_hook_heads.file_open), 1646 + .task_create = LIST_HEAD_INIT(security_hook_heads.task_create), 1647 + .task_free = LIST_HEAD_INIT(security_hook_heads.task_free), 1648 + .cred_alloc_blank = 1649 + LIST_HEAD_INIT(security_hook_heads.cred_alloc_blank), 1650 + .cred_free = LIST_HEAD_INIT(security_hook_heads.cred_free), 1651 + .cred_prepare = LIST_HEAD_INIT(security_hook_heads.cred_prepare), 1652 + .cred_transfer = 1653 + LIST_HEAD_INIT(security_hook_heads.cred_transfer), 1654 + .kernel_act_as = 1655 + LIST_HEAD_INIT(security_hook_heads.kernel_act_as), 1656 + .kernel_create_files_as = 1657 + LIST_HEAD_INIT(security_hook_heads.kernel_create_files_as), 1658 + .kernel_fw_from_file = 1659 + LIST_HEAD_INIT(security_hook_heads.kernel_fw_from_file), 1660 + .kernel_module_request = 1661 + LIST_HEAD_INIT(security_hook_heads.kernel_module_request), 1662 + .kernel_module_from_file = 1663 + LIST_HEAD_INIT(security_hook_heads.kernel_module_from_file), 1664 + .task_fix_setuid = 1665 + LIST_HEAD_INIT(security_hook_heads.task_fix_setuid), 1666 + .task_setpgid = LIST_HEAD_INIT(security_hook_heads.task_setpgid), 1667 + .task_getpgid = LIST_HEAD_INIT(security_hook_heads.task_getpgid), 1668 + .task_getsid = LIST_HEAD_INIT(security_hook_heads.task_getsid), 1669 + .task_getsecid = 1670 + LIST_HEAD_INIT(security_hook_heads.task_getsecid), 1671 + .task_setnice = LIST_HEAD_INIT(security_hook_heads.task_setnice), 1672 + .task_setioprio = 1673 + LIST_HEAD_INIT(security_hook_heads.task_setioprio), 1674 + .task_getioprio = 1675 + LIST_HEAD_INIT(security_hook_heads.task_getioprio), 1676 + .task_setrlimit = 1677 + LIST_HEAD_INIT(security_hook_heads.task_setrlimit), 1678 + .task_setscheduler = 1679 + LIST_HEAD_INIT(security_hook_heads.task_setscheduler), 1680 + .task_getscheduler = 1681 + LIST_HEAD_INIT(security_hook_heads.task_getscheduler), 1682 + .task_movememory = 1683 + LIST_HEAD_INIT(security_hook_heads.task_movememory), 1684 + .task_kill = LIST_HEAD_INIT(security_hook_heads.task_kill), 1685 + .task_wait = LIST_HEAD_INIT(security_hook_heads.task_wait), 1686 + .task_prctl = LIST_HEAD_INIT(security_hook_heads.task_prctl), 1687 + .task_to_inode = 1688 + LIST_HEAD_INIT(security_hook_heads.task_to_inode), 1689 + .ipc_permission = 1690 + LIST_HEAD_INIT(security_hook_heads.ipc_permission), 1691 + .ipc_getsecid = LIST_HEAD_INIT(security_hook_heads.ipc_getsecid), 1692 + .msg_msg_alloc_security = 1693 + LIST_HEAD_INIT(security_hook_heads.msg_msg_alloc_security), 1694 + .msg_msg_free_security = 1695 + LIST_HEAD_INIT(security_hook_heads.msg_msg_free_security), 1696 + .msg_queue_alloc_security = 1697 + LIST_HEAD_INIT(security_hook_heads.msg_queue_alloc_security), 1698 + .msg_queue_free_security = 1699 + LIST_HEAD_INIT(security_hook_heads.msg_queue_free_security), 1700 + .msg_queue_associate = 1701 + LIST_HEAD_INIT(security_hook_heads.msg_queue_associate), 1702 + .msg_queue_msgctl = 1703 + LIST_HEAD_INIT(security_hook_heads.msg_queue_msgctl), 1704 + .msg_queue_msgsnd = 1705 + LIST_HEAD_INIT(security_hook_heads.msg_queue_msgsnd), 1706 + .msg_queue_msgrcv = 1707 + LIST_HEAD_INIT(security_hook_heads.msg_queue_msgrcv), 1708 + .shm_alloc_security = 1709 + LIST_HEAD_INIT(security_hook_heads.shm_alloc_security), 1710 + .shm_free_security = 1711 + LIST_HEAD_INIT(security_hook_heads.shm_free_security), 1712 + .shm_associate = 1713 + LIST_HEAD_INIT(security_hook_heads.shm_associate), 1714 + .shm_shmctl = LIST_HEAD_INIT(security_hook_heads.shm_shmctl), 1715 + .shm_shmat = LIST_HEAD_INIT(security_hook_heads.shm_shmat), 1716 + .sem_alloc_security = 1717 + LIST_HEAD_INIT(security_hook_heads.sem_alloc_security), 1718 + .sem_free_security = 1719 + LIST_HEAD_INIT(security_hook_heads.sem_free_security), 1720 + .sem_associate = 1721 + LIST_HEAD_INIT(security_hook_heads.sem_associate), 1722 + .sem_semctl = LIST_HEAD_INIT(security_hook_heads.sem_semctl), 1723 + .sem_semop = LIST_HEAD_INIT(security_hook_heads.sem_semop), 1724 + .netlink_send = LIST_HEAD_INIT(security_hook_heads.netlink_send), 1725 + .d_instantiate = 1726 + LIST_HEAD_INIT(security_hook_heads.d_instantiate), 1727 + .getprocattr = LIST_HEAD_INIT(security_hook_heads.getprocattr), 1728 + .setprocattr = LIST_HEAD_INIT(security_hook_heads.setprocattr), 1729 + .ismaclabel = LIST_HEAD_INIT(security_hook_heads.ismaclabel), 1730 + .secid_to_secctx = 1731 + LIST_HEAD_INIT(security_hook_heads.secid_to_secctx), 1732 + .secctx_to_secid = 1733 + LIST_HEAD_INIT(security_hook_heads.secctx_to_secid), 1734 + .release_secctx = 1735 + LIST_HEAD_INIT(security_hook_heads.release_secctx), 1736 + .inode_notifysecctx = 1737 + LIST_HEAD_INIT(security_hook_heads.inode_notifysecctx), 1738 + .inode_setsecctx = 1739 + LIST_HEAD_INIT(security_hook_heads.inode_setsecctx), 1740 + .inode_getsecctx = 1741 + LIST_HEAD_INIT(security_hook_heads.inode_getsecctx), 1742 + #ifdef CONFIG_SECURITY_NETWORK 1743 + .unix_stream_connect = 1744 + LIST_HEAD_INIT(security_hook_heads.unix_stream_connect), 1745 + .unix_may_send = 1746 + LIST_HEAD_INIT(security_hook_heads.unix_may_send), 1747 + .socket_create = 1748 + LIST_HEAD_INIT(security_hook_heads.socket_create), 1749 + .socket_post_create = 1750 + LIST_HEAD_INIT(security_hook_heads.socket_post_create), 1751 + .socket_bind = LIST_HEAD_INIT(security_hook_heads.socket_bind), 1752 + .socket_connect = 1753 + LIST_HEAD_INIT(security_hook_heads.socket_connect), 1754 + .socket_listen = 1755 + LIST_HEAD_INIT(security_hook_heads.socket_listen), 1756 + .socket_accept = 1757 + LIST_HEAD_INIT(security_hook_heads.socket_accept), 1758 + .socket_sendmsg = 1759 + LIST_HEAD_INIT(security_hook_heads.socket_sendmsg), 1760 + .socket_recvmsg = 1761 + LIST_HEAD_INIT(security_hook_heads.socket_recvmsg), 1762 + .socket_getsockname = 1763 + LIST_HEAD_INIT(security_hook_heads.socket_getsockname), 1764 + .socket_getpeername = 1765 + LIST_HEAD_INIT(security_hook_heads.socket_getpeername), 1766 + .socket_getsockopt = 1767 + LIST_HEAD_INIT(security_hook_heads.socket_getsockopt), 1768 + .socket_setsockopt = 1769 + LIST_HEAD_INIT(security_hook_heads.socket_setsockopt), 1770 + .socket_shutdown = 1771 + LIST_HEAD_INIT(security_hook_heads.socket_shutdown), 1772 + .socket_sock_rcv_skb = 1773 + LIST_HEAD_INIT(security_hook_heads.socket_sock_rcv_skb), 1774 + .socket_getpeersec_stream = 1775 + LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_stream), 1776 + .socket_getpeersec_dgram = 1777 + LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_dgram), 1778 + .sk_alloc_security = 1779 + LIST_HEAD_INIT(security_hook_heads.sk_alloc_security), 1780 + .sk_free_security = 1781 + LIST_HEAD_INIT(security_hook_heads.sk_free_security), 1782 + .sk_clone_security = 1783 + LIST_HEAD_INIT(security_hook_heads.sk_clone_security), 1784 + .sk_getsecid = LIST_HEAD_INIT(security_hook_heads.sk_getsecid), 1785 + .sock_graft = LIST_HEAD_INIT(security_hook_heads.sock_graft), 1786 + .inet_conn_request = 1787 + LIST_HEAD_INIT(security_hook_heads.inet_conn_request), 1788 + .inet_csk_clone = 1789 + LIST_HEAD_INIT(security_hook_heads.inet_csk_clone), 1790 + .inet_conn_established = 1791 + LIST_HEAD_INIT(security_hook_heads.inet_conn_established), 1792 + .secmark_relabel_packet = 1793 + LIST_HEAD_INIT(security_hook_heads.secmark_relabel_packet), 1794 + .secmark_refcount_inc = 1795 + LIST_HEAD_INIT(security_hook_heads.secmark_refcount_inc), 1796 + .secmark_refcount_dec = 1797 + LIST_HEAD_INIT(security_hook_heads.secmark_refcount_dec), 1798 + .req_classify_flow = 1799 + LIST_HEAD_INIT(security_hook_heads.req_classify_flow), 1800 + .tun_dev_alloc_security = 1801 + LIST_HEAD_INIT(security_hook_heads.tun_dev_alloc_security), 1802 + .tun_dev_free_security = 1803 + LIST_HEAD_INIT(security_hook_heads.tun_dev_free_security), 1804 + .tun_dev_create = 1805 + LIST_HEAD_INIT(security_hook_heads.tun_dev_create), 1806 + .tun_dev_attach_queue = 1807 + LIST_HEAD_INIT(security_hook_heads.tun_dev_attach_queue), 1808 + .tun_dev_attach = 1809 + LIST_HEAD_INIT(security_hook_heads.tun_dev_attach), 1810 + .tun_dev_open = LIST_HEAD_INIT(security_hook_heads.tun_dev_open), 1811 + .skb_owned_by = LIST_HEAD_INIT(security_hook_heads.skb_owned_by), 1812 + #endif /* CONFIG_SECURITY_NETWORK */ 1813 + #ifdef CONFIG_SECURITY_NETWORK_XFRM 1814 + .xfrm_policy_alloc_security = 1815 + LIST_HEAD_INIT(security_hook_heads.xfrm_policy_alloc_security), 1816 + .xfrm_policy_clone_security = 1817 + LIST_HEAD_INIT(security_hook_heads.xfrm_policy_clone_security), 1818 + .xfrm_policy_free_security = 1819 + LIST_HEAD_INIT(security_hook_heads.xfrm_policy_free_security), 1820 + .xfrm_policy_delete_security = 1821 + LIST_HEAD_INIT(security_hook_heads.xfrm_policy_delete_security), 1822 + .xfrm_state_alloc = 1823 + LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc), 1824 + .xfrm_state_alloc_acquire = 1825 + LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc_acquire), 1826 + .xfrm_state_free_security = 1827 + LIST_HEAD_INIT(security_hook_heads.xfrm_state_free_security), 1828 + .xfrm_state_delete_security = 1829 + LIST_HEAD_INIT(security_hook_heads.xfrm_state_delete_security), 1830 + .xfrm_policy_lookup = 1831 + LIST_HEAD_INIT(security_hook_heads.xfrm_policy_lookup), 1832 + .xfrm_state_pol_flow_match = 1833 + LIST_HEAD_INIT(security_hook_heads.xfrm_state_pol_flow_match), 1834 + .xfrm_decode_session = 1835 + LIST_HEAD_INIT(security_hook_heads.xfrm_decode_session), 1836 + #endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1837 + #ifdef CONFIG_KEYS 1838 + .key_alloc = LIST_HEAD_INIT(security_hook_heads.key_alloc), 1839 + .key_free = LIST_HEAD_INIT(security_hook_heads.key_free), 1840 + .key_permission = 1841 + LIST_HEAD_INIT(security_hook_heads.key_permission), 1842 + .key_getsecurity = 1843 + LIST_HEAD_INIT(security_hook_heads.key_getsecurity), 1844 + #endif /* CONFIG_KEYS */ 1845 + #ifdef CONFIG_AUDIT 1846 + .audit_rule_init = 1847 + LIST_HEAD_INIT(security_hook_heads.audit_rule_init), 1848 + .audit_rule_known = 1849 + LIST_HEAD_INIT(security_hook_heads.audit_rule_known), 1850 + .audit_rule_match = 1851 + LIST_HEAD_INIT(security_hook_heads.audit_rule_match), 1852 + .audit_rule_free = 1853 + LIST_HEAD_INIT(security_hook_heads.audit_rule_free), 1854 + #endif /* CONFIG_AUDIT */ 1855 + };
+15 -79
security/selinux/hooks.c
··· 1990 1990 static int selinux_ptrace_access_check(struct task_struct *child, 1991 1991 unsigned int mode) 1992 1992 { 1993 - int rc; 1994 - 1995 - rc = cap_ptrace_access_check(child, mode); 1996 - if (rc) 1997 - return rc; 1998 - 1999 1993 if (mode & PTRACE_MODE_READ) { 2000 1994 u32 sid = current_sid(); 2001 1995 u32 csid = task_sid(child); ··· 2001 2007 2002 2008 static int selinux_ptrace_traceme(struct task_struct *parent) 2003 2009 { 2004 - int rc; 2005 - 2006 - rc = cap_ptrace_traceme(parent); 2007 - if (rc) 2008 - return rc; 2009 - 2010 2010 return task_has_perm(parent, current, PROCESS__PTRACE); 2011 2011 } 2012 2012 2013 2013 static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, 2014 2014 kernel_cap_t *inheritable, kernel_cap_t *permitted) 2015 2015 { 2016 - int error; 2017 - 2018 - error = current_has_perm(target, PROCESS__GETCAP); 2019 - if (error) 2020 - return error; 2021 - 2022 - return cap_capget(target, effective, inheritable, permitted); 2016 + return current_has_perm(target, PROCESS__GETCAP); 2023 2017 } 2024 2018 2025 2019 static int selinux_capset(struct cred *new, const struct cred *old, ··· 2015 2033 const kernel_cap_t *inheritable, 2016 2034 const kernel_cap_t *permitted) 2017 2035 { 2018 - int error; 2019 - 2020 - error = cap_capset(new, old, 2021 - effective, inheritable, permitted); 2022 - if (error) 2023 - return error; 2024 - 2025 2036 return cred_has_perm(old, new, PROCESS__SETCAP); 2026 2037 } 2027 2038 ··· 2031 2056 static int selinux_capable(const struct cred *cred, struct user_namespace *ns, 2032 2057 int cap, int audit) 2033 2058 { 2034 - int rc; 2035 - 2036 - rc = cap_capable(cred, ns, cap, audit); 2037 - if (rc) 2038 - return rc; 2039 - 2040 2059 return cred_has_capability(cred, cap, audit); 2041 2060 } 2042 2061 ··· 2108 2139 { 2109 2140 int rc, cap_sys_admin = 0; 2110 2141 2111 - rc = selinux_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN, 2112 - SECURITY_CAP_NOAUDIT); 2142 + rc = cred_has_capability(current_cred(), CAP_SYS_ADMIN, 2143 + SECURITY_CAP_NOAUDIT); 2113 2144 if (rc == 0) 2114 2145 cap_sys_admin = 1; 2115 2146 2116 - return __vm_enough_memory(mm, pages, cap_sys_admin); 2147 + return cap_sys_admin; 2117 2148 } 2118 2149 2119 2150 /* binprm security operations */ ··· 2161 2192 struct common_audit_data ad; 2162 2193 struct inode *inode = file_inode(bprm->file); 2163 2194 int rc; 2164 - 2165 - rc = cap_bprm_set_creds(bprm); 2166 - if (rc) 2167 - return rc; 2168 2195 2169 2196 /* SELinux context only depends on initial program or script and not 2170 2197 * the script interpreter */ ··· 2285 2320 PROCESS__NOATSECURE, NULL); 2286 2321 } 2287 2322 2288 - return (atsecure || cap_bprm_secureexec(bprm)); 2323 + return !!atsecure; 2289 2324 } 2290 2325 2291 2326 static int match_file(const void *p, struct file *file, unsigned fd) ··· 3097 3132 * and lack of permission just means that we fall back to the 3098 3133 * in-core context value, not a denial. 3099 3134 */ 3100 - error = selinux_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN, 3101 - SECURITY_CAP_NOAUDIT); 3135 + error = cap_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN, 3136 + SECURITY_CAP_NOAUDIT); 3137 + if (!error) 3138 + error = cred_has_capability(current_cred(), CAP_MAC_ADMIN, 3139 + SECURITY_CAP_NOAUDIT); 3102 3140 if (!error) 3103 3141 error = security_sid_to_context_force(isec->sid, &context, 3104 3142 &size); ··· 3286 3318 3287 3319 static int selinux_mmap_addr(unsigned long addr) 3288 3320 { 3289 - int rc; 3290 - 3291 - /* do DAC check on address space usage */ 3292 - rc = cap_mmap_addr(addr); 3293 - if (rc) 3294 - return rc; 3321 + int rc = 0; 3295 3322 3296 3323 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) { 3297 3324 u32 sid = current_sid(); ··· 3602 3639 3603 3640 static int selinux_task_setnice(struct task_struct *p, int nice) 3604 3641 { 3605 - int rc; 3606 - 3607 - rc = cap_task_setnice(p, nice); 3608 - if (rc) 3609 - return rc; 3610 - 3611 3642 return current_has_perm(p, PROCESS__SETSCHED); 3612 3643 } 3613 3644 3614 3645 static int selinux_task_setioprio(struct task_struct *p, int ioprio) 3615 3646 { 3616 - int rc; 3617 - 3618 - rc = cap_task_setioprio(p, ioprio); 3619 - if (rc) 3620 - return rc; 3621 - 3622 3647 return current_has_perm(p, PROCESS__SETSCHED); 3623 3648 } 3624 3649 ··· 3632 3681 3633 3682 static int selinux_task_setscheduler(struct task_struct *p) 3634 3683 { 3635 - int rc; 3636 - 3637 - rc = cap_task_setscheduler(p); 3638 - if (rc) 3639 - return rc; 3640 - 3641 3684 return current_has_perm(p, PROCESS__SETSCHED); 3642 3685 } 3643 3686 ··· 5042 5097 5043 5098 static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) 5044 5099 { 5045 - int err; 5046 - 5047 - err = cap_netlink_send(sk, skb); 5048 - if (err) 5049 - return err; 5050 - 5051 5100 return selinux_nlmsg_perm(sk, skb); 5052 5101 } 5053 5102 ··· 5779 5840 5780 5841 #endif 5781 5842 5782 - static struct security_operations selinux_ops = { 5783 - LSM_HOOK_INIT(name, "selinux"), 5784 - 5843 + static struct security_hook_list selinux_hooks[] = { 5785 5844 LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr), 5786 5845 LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction), 5787 5846 LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder), ··· 5992 6055 5993 6056 static __init int selinux_init(void) 5994 6057 { 5995 - if (!security_module_enable(&selinux_ops)) { 6058 + if (!security_module_enable("selinux")) { 5996 6059 selinux_enabled = 0; 5997 6060 return 0; 5998 6061 } ··· 6014 6077 0, SLAB_PANIC, NULL); 6015 6078 avc_init(); 6016 6079 6017 - if (register_security(&selinux_ops)) 6018 - panic("SELinux: Unable to register with kernel.\n"); 6080 + security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks)); 6019 6081 6020 6082 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) 6021 6083 panic("SELinux: Unable to register AVC netcache callback\n"); ··· 6142 6206 selinux_disabled = 1; 6143 6207 selinux_enabled = 0; 6144 6208 6145 - reset_security_ops(); 6209 + security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks)); 6146 6210 6147 6211 /* Try to destroy the avc node cache */ 6148 6212 avc_disable();
-2
security/smack/smack.h
··· 276 276 extern struct list_head smack_known_list; 277 277 extern struct list_head smk_netlbladdr_list; 278 278 279 - extern struct security_operations smack_ops; 280 - 281 279 #define SMACK_HASH_SLOTS 16 282 280 extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; 283 281
+10 -43
security/smack/smack_lsm.c
··· 436 436 */ 437 437 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 438 438 { 439 - int rc; 440 439 struct smack_known *skp; 441 - 442 - rc = cap_ptrace_access_check(ctp, mode); 443 - if (rc != 0) 444 - return rc; 445 440 446 441 skp = smk_of_task_struct(ctp); 447 442 448 - rc = smk_ptrace_rule_check(current, skp, mode, __func__); 449 - return rc; 443 + return smk_ptrace_rule_check(current, skp, mode, __func__); 450 444 } 451 445 452 446 /** ··· 455 461 { 456 462 int rc; 457 463 struct smack_known *skp; 458 - 459 - rc = cap_ptrace_traceme(ptp); 460 - if (rc != 0) 461 - return rc; 462 464 463 465 skp = smk_of_task(current_security()); 464 466 ··· 711 721 struct inode_smack *isp; 712 722 int rc; 713 723 714 - rc = cap_bprm_set_creds(bprm); 715 - if (rc != 0) 716 - return rc; 717 - 718 724 if (bprm->cred_prepared) 719 725 return 0; 720 726 ··· 765 779 static int smack_bprm_secureexec(struct linux_binprm *bprm) 766 780 { 767 781 struct task_smack *tsp = current_security(); 768 - int ret = cap_bprm_secureexec(bprm); 769 782 770 - if (!ret && (tsp->smk_task != tsp->smk_forked)) 771 - ret = 1; 783 + if (tsp->smk_task != tsp->smk_forked) 784 + return 1; 772 785 773 - return ret; 786 + return 0; 774 787 } 775 788 776 789 /* ··· 1919 1934 */ 1920 1935 static int smack_task_setnice(struct task_struct *p, int nice) 1921 1936 { 1922 - int rc; 1923 - 1924 - rc = cap_task_setnice(p, nice); 1925 - if (rc == 0) 1926 - rc = smk_curacc_on_task(p, MAY_WRITE, __func__); 1927 - return rc; 1937 + return smk_curacc_on_task(p, MAY_WRITE, __func__); 1928 1938 } 1929 1939 1930 1940 /** ··· 1931 1951 */ 1932 1952 static int smack_task_setioprio(struct task_struct *p, int ioprio) 1933 1953 { 1934 - int rc; 1935 - 1936 - rc = cap_task_setioprio(p, ioprio); 1937 - if (rc == 0) 1938 - rc = smk_curacc_on_task(p, MAY_WRITE, __func__); 1939 - return rc; 1954 + return smk_curacc_on_task(p, MAY_WRITE, __func__); 1940 1955 } 1941 1956 1942 1957 /** ··· 1955 1980 */ 1956 1981 static int smack_task_setscheduler(struct task_struct *p) 1957 1982 { 1958 - int rc; 1959 - 1960 - rc = cap_task_setscheduler(p); 1961 - if (rc == 0) 1962 - rc = smk_curacc_on_task(p, MAY_WRITE, __func__); 1963 - return rc; 1983 + return smk_curacc_on_task(p, MAY_WRITE, __func__); 1964 1984 } 1965 1985 1966 1986 /** ··· 4236 4266 return 0; 4237 4267 } 4238 4268 4239 - struct security_operations smack_ops = { 4240 - LSM_HOOK_INIT(name, "smack"), 4241 - 4269 + struct security_hook_list smack_hooks[] = { 4242 4270 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), 4243 4271 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), 4244 4272 LSM_HOOK_INIT(syslog, smack_syslog), ··· 4419 4451 struct cred *cred; 4420 4452 struct task_smack *tsp; 4421 4453 4422 - if (!security_module_enable(&smack_ops)) 4454 + if (!security_module_enable("smack")) 4423 4455 return 0; 4424 4456 4425 4457 smack_enabled = 1; ··· 4449 4481 /* 4450 4482 * Register with LSM 4451 4483 */ 4452 - if (register_security(&smack_ops)) 4453 - panic("smack: Unable to register with kernel.\n"); 4484 + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks)); 4454 4485 4455 4486 return 0; 4456 4487 }
+1 -1
security/smack/smackfs.c
··· 2547 2547 int err; 2548 2548 int rc; 2549 2549 2550 - if (!security_module_enable(&smack_ops)) 2550 + if (!security_module_enable("smack")) 2551 2551 return 0; 2552 2552 2553 2553 err = smk_init_sysfs();
+3 -11
security/tomoyo/tomoyo.c
··· 72 72 */ 73 73 static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) 74 74 { 75 - int rc; 76 - 77 - rc = cap_bprm_set_creds(bprm); 78 - if (rc) 79 - return rc; 80 - 81 75 /* 82 76 * Do only if this function is called for the first time of an execve 83 77 * operation. ··· 496 502 * tomoyo_security_ops is a "struct security_operations" which is used for 497 503 * registering TOMOYO. 498 504 */ 499 - static struct security_operations tomoyo_security_ops = { 500 - LSM_HOOK_INIT(name, "tomoyo"), 505 + static struct security_hook_list tomoyo_hooks[] = { 501 506 LSM_HOOK_INIT(cred_alloc_blank, tomoyo_cred_alloc_blank), 502 507 LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare), 503 508 LSM_HOOK_INIT(cred_transfer, tomoyo_cred_transfer), ··· 539 546 { 540 547 struct cred *cred = (struct cred *) current_cred(); 541 548 542 - if (!security_module_enable(&tomoyo_security_ops)) 549 + if (!security_module_enable("tomoyo")) 543 550 return 0; 544 551 /* register ourselves with the security framework */ 545 - if (register_security(&tomoyo_security_ops)) 546 - panic("Failure registering TOMOYO Linux"); 552 + security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks)); 547 553 printk(KERN_INFO "TOMOYO Linux initialized\n"); 548 554 cred->security = &tomoyo_kernel_domain; 549 555 tomoyo_mm_init();
+15 -35
security/yama/yama_lsm.c
··· 154 154 int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3, 155 155 unsigned long arg4, unsigned long arg5) 156 156 { 157 - int rc; 157 + int rc = -ENOSYS; 158 158 struct task_struct *myself = current; 159 - 160 - rc = cap_task_prctl(option, arg2, arg3, arg4, arg5); 161 - if (rc != -ENOSYS) 162 - return rc; 163 159 164 160 switch (option) { 165 161 case PR_SET_PTRACER: ··· 275 279 * 276 280 * Returns 0 if following the ptrace is allowed, -ve on error. 277 281 */ 278 - int yama_ptrace_access_check(struct task_struct *child, 282 + static int yama_ptrace_access_check(struct task_struct *child, 279 283 unsigned int mode) 280 284 { 281 - int rc; 282 - 283 - /* If standard caps disallows it, so does Yama. We should 284 - * only tighten restrictions further. 285 - */ 286 - rc = cap_ptrace_access_check(child, mode); 287 - if (rc) 288 - return rc; 285 + int rc = 0; 289 286 290 287 /* require ptrace target be a child of ptracer on attach */ 291 288 if (mode == PTRACE_MODE_ATTACH) { ··· 324 335 */ 325 336 int yama_ptrace_traceme(struct task_struct *parent) 326 337 { 327 - int rc; 328 - 329 - /* If standard caps disallows it, so does Yama. We should 330 - * only tighten restrictions further. 331 - */ 332 - rc = cap_ptrace_traceme(parent); 333 - if (rc) 334 - return rc; 338 + int rc = 0; 335 339 336 340 /* Only disallow PTRACE_TRACEME on more aggressive settings. */ 337 341 switch (ptrace_scope) { ··· 346 364 return rc; 347 365 } 348 366 349 - #ifndef CONFIG_SECURITY_YAMA_STACKED 350 - static struct security_operations yama_ops = { 351 - LSM_HOOK_INIT(name, "yama"), 352 - 367 + static struct security_hook_list yama_hooks[] = { 353 368 LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check), 354 369 LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme), 355 370 LSM_HOOK_INIT(task_prctl, yama_task_prctl), 356 371 LSM_HOOK_INIT(task_free, yama_task_free), 357 372 }; 358 - #endif 373 + 374 + void __init yama_add_hooks(void) 375 + { 376 + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks)); 377 + } 359 378 360 379 #ifdef CONFIG_SYSCTL 361 380 static int yama_dointvec_minmax(struct ctl_table *table, int write, ··· 401 418 static __init int yama_init(void) 402 419 { 403 420 #ifndef CONFIG_SECURITY_YAMA_STACKED 404 - if (!security_module_enable(&yama_ops)) 421 + /* 422 + * If yama is being stacked this is already taken care of. 423 + */ 424 + if (!security_module_enable("yama")) 405 425 return 0; 406 426 #endif 407 - 408 - printk(KERN_INFO "Yama: becoming mindful.\n"); 409 - 410 - #ifndef CONFIG_SECURITY_YAMA_STACKED 411 - if (register_security(&yama_ops)) 412 - panic("Yama: kernel registration failed.\n"); 413 - #endif 427 + pr_info("Yama: becoming mindful.\n"); 414 428 415 429 #ifdef CONFIG_SYSCTL 416 430 if (!register_sysctl_paths(yama_sysctl_path, yama_sysctl_table))