LSM: Maintain a table of LSM attribute data

As LSMs are registered add their lsm_id pointers to a table.
This will be used later for attribute reporting.

Determine the number of possible security modules based on
their respective CONFIG options. This allows the number to be
known at build time. This allows data structures and tables
to use the constant.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: Mickael Salaun <mic@digikod.net>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/include/linux/security.h b/include/linux/security.h
index 1d1df326c881c7e1a97d748066d046590c4aea72..50c178019a58bad738912144f3096030c7ce1535 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -138,6 +138,8 @@ enum lockdown_reason {
 };
 
 extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
+extern u32 lsm_active_cnt;
+extern const struct lsm_id *lsm_idlist[];
 
 /* These functions are in security/commoncap.c */
 extern int cap_capable(const struct cred *cred, struct user_namespace *ns,

diff --git a/security/security.c b/security/security.c
index 08b1bd9457a9abf398d6ba2274bca54bcf45559d..0952d6bff4da1389264828c23fa0d3e69083d505 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -34,6 +34,25 @@
 /* How many LSMs were built into the kernel? */
 #define LSM_COUNT (__end_lsm_info - __start_lsm_info)
 
+/*
+ * How many LSMs are built into the kernel as determined at
+ * build time. Used to determine fixed array sizes.
+ * The capability module is accounted for by CONFIG_SECURITY
+ */
+#define LSM_CONFIG_COUNT ( \
+       (IS_ENABLED(CONFIG_SECURITY) ? 1 : 0) + \
+       (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \
+       (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \
+       (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \
+       (IS_ENABLED(CONFIG_IMA) ? 1 : 0) + \
+       (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \
+       (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \
+       (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \
+       (IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \
+       (IS_ENABLED(CONFIG_SECURITY_LOCKDOWN_LSM) ? 1 : 0) + \
+       (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \
+       (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0))
+
 /*
  * These are descriptions of the reasons that can be passed to the
  * security_locked_down() LSM hook. Placing this array here allows
@@ -245,6 +264,12 @@ static void __init initialize_lsm(struct lsm_info *lsm)
        }
 }
 
+/*
+ * Current index to use while initializing the lsm id list.
+ */
+u32 lsm_active_cnt __ro_after_init;
+const struct lsm_id *lsm_idlist[LSM_CONFIG_COUNT];
+
 /* Populate ordered LSMs list from comma-separated LSM name list. */
 static void __init ordered_lsm_parse(const char *order, const char *origin)
 {
@@ -522,6 +547,18 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
 {
        int i;
 
+       /*
+        * A security module may call security_add_hooks() more
+        * than once during initialization, and LSM initialization
+        * is serialized. Landlock is one such case.
+        * Look at the previous entry, if there is one, for duplication.
+        */
+       if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt - 1] != lsmid) {
+               if (lsm_active_cnt >= LSM_CONFIG_COUNT)
+                       panic("%s Too many LSMs registered.\n", __func__);
+               lsm_idlist[lsm_active_cnt++] = lsmid;
+       }
+
        for (i = 0; i < count; i++) {
                hooks[i].lsmid = lsmid;
                hlist_add_tail_rcu(&hooks[i].list, hooks[i].head);