UBUNTU: SAUCE: LSM stacking: keep an index for each registered LSM

BugLink: http://bugs.launchpad.net/bugs/1763062
Keep an index of the registered LSMs so that it can be used in table
lookups and ordering comparisons.

pulled from the full LSM stacking patch

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 5905d88e9d28fa1e3414a01c294ba72cf8c67253..7ddfb6e999f95295bd3830313b46b77d8e12b6e7 100644 (file)
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1966,6 +1966,7 @@ struct security_hook_list {
        struct list_head                *head;
        union security_list_options     hook;
        char                            *lsm;
+       int                             lsm_index;
 } __randomize_layout;
 
 /*

diff --git a/security/security.c b/security/security.c
index 5439dc346539bb90288eade50b93330bcb0c60f6..4c1fec9f8bc055ce223c510abe830391f416b6ba 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -245,6 +245,11 @@ bool __init security_module_enable(const char *lsm, const bool stacked)
 #endif
 }
 
+/*
+ * Keep the order of major modules for mapping secids.
+ */
+static int lsm_next_major;
+
 /**
  * security_add_hooks - Add a modules hooks to the hook lists.
  * @hooks: the hooks to add
@@ -257,8 +262,14 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
                                char *lsm)
 {
        int i;
+       int lsm_index = lsm_next_major++;
+
+#ifdef CONFIG_SECURITY_LSM_DEBUG
+       pr_info("LSM: Security module %s gets index %d\n", lsm, lsm_index);
+#endif
        for (i = 0; i < count; i++) {
                hooks[i].lsm = lsm;
+               hooks[i].lsm_index = lsm_index;
                list_add_tail_rcu(&hooks[i].list, hooks[i].head);
        }
        if (lsm_append(lsm, &lsm_names) < 0)