LSM: Introduce LSM_FLAG_LEGACY_MAJOR

This adds a flag for the current "major" LSMs to distinguish them when
we have a universal method for ordering all LSMs. It's called "legacy"
since the distinction of "major" will go away in the blob-sharing world.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johansen@canonical.com>

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 9a0bdf91e6467bc1c4dae2629b9608a4047533ef..318d93f918c3d1ef685cd739170481e7148beaad 100644 (file)
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -2042,8 +2042,11 @@ extern char *lsm_names;
 extern void security_add_hooks(struct security_hook_list *hooks, int count,
                                char *lsm);
 
+#define LSM_FLAG_LEGACY_MAJOR  BIT(0)
+
 struct lsm_info {
        const char *name;       /* Required. */
+       unsigned long flags;    /* Optional: flags describing LSM */
        int (*init)(void);      /* Required. */
 };
 

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 2c010874329f997559d5c2e786b2bc5031d85a41..e49c50e0d5ab424a21a62095e6216ad7016aae5a 100644 (file)
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1729,5 +1729,6 @@ static int __init apparmor_init(void)
 
 DEFINE_LSM(apparmor) = {
        .name = "apparmor",
+       .flags = LSM_FLAG_LEGACY_MAJOR,
        .init = apparmor_init,
 };

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f0e36c3492baee41642fbd232625c94720ac31a4..41908d2d61490f7aac16fc3614eee7b43d35177c 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6999,6 +6999,7 @@ void selinux_complete_init(void)
    all processes and objects when they are created. */
 DEFINE_LSM(selinux) = {
        .name = "selinux",
+       .flags = LSM_FLAG_LEGACY_MAJOR,
        .init = selinux_init,
 };
 

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 430d4f35e55c0f2a77cfd81c3f3685b8c8390500..d72d215d7fdedbff59756b5ecc903a0bfb7a10a1 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4812,5 +4812,6 @@ static __init int smack_init(void)
  */
 DEFINE_LSM(smack) = {
        .name = "smack",
+       .flags = LSM_FLAG_LEGACY_MAJOR,
        .init = smack_init,
 };

diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 1b5b5097efd77a5ca12376f5066123125e20824e..09f7af130d3a1b1ba1f9cbcb9b160493fcd63630 100644 (file)
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -552,5 +552,6 @@ static int __init tomoyo_init(void)
 
 DEFINE_LSM(tomoyo) = {
        .name = "tomoyo",
+       .flags = LSM_FLAG_LEGACY_MAJOR,
        .init = tomoyo_init,
 };