UBUNTU: SAUCE: LSM stacking: keep an index for each registered LSM

Keep an index of the registered LSMs so that it can be used in table
lookups and ordering comparisons.

pulled from the full LSM stacking patch

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index bd5d36930d3e69ae16eb09b0114183156fe0ba61..fbc95945d03729858e1e2fc8c75efaba6eac05ec 100644 (file)
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1923,6 +1923,7 @@ struct security_hook_list {
        struct list_head                *head;
        union security_list_options     hook;
        char                            *lsm;
+       int                             lsm_index;
 } __randomize_layout;
 
 /*

diff --git a/security/security.c b/security/security.c
index 72f38cbadbb7da6bc352a395c5c97f6c747032a4..7728910cd5ac307fa5f391bf87accf9f46821d68 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -230,6 +230,11 @@ bool __init security_module_enable(const char *lsm, const bool stacked)
 #endif
 }
 
+/*
+ * Keep the order of major modules for mapping secids.
+ */
+static int lsm_next_major;
+
 /**
  * security_add_hooks - Add a modules hooks to the hook lists.
  * @hooks: the hooks to add
@@ -242,8 +247,14 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
                                char *lsm)
 {
        int i;
+       int lsm_index = lsm_next_major++;
+
+#ifdef CONFIG_SECURITY_LSM_DEBUG
+       pr_info("LSM: Security module %s gets index %d\n", lsm, lsm_index);
+#endif
        for (i = 0; i < count; i++) {
                hooks[i].lsm = lsm;
+               hooks[i].lsm_index = lsm_index;
                list_add_tail_rcu(&hooks[i].list, hooks[i].head);
        }
        if (lsm_append(lsm, &lsm_names) < 0)