setup.c 1.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * Landlock LSM - Security framework setup
  4. *
  5. * Copyright © 2016-2020 Mickaël Salaün <mic@digikod.net>
  6. * Copyright © 2018-2020 ANSSI
  7. */
  8. #include <linux/bits.h>
  9. #include <linux/init.h>
  10. #include <linux/lsm_hooks.h>
  11. #include <uapi/linux/lsm.h>
  12. #include "common.h"
  13. #include "cred.h"
  14. #include "errata.h"
  15. #include "fs.h"
  16. #include "id.h"
  17. #include "net.h"
  18. #include "setup.h"
  19. #include "task.h"
  20. bool landlock_initialized __ro_after_init = false;
  21. const struct lsm_id landlock_lsmid = {
  22. .name = LANDLOCK_NAME,
  23. .id = LSM_ID_LANDLOCK,
  24. };
  25. struct lsm_blob_sizes landlock_blob_sizes __ro_after_init = {
  26. .lbs_cred = sizeof(struct landlock_cred_security),
  27. .lbs_file = sizeof(struct landlock_file_security),
  28. .lbs_inode = sizeof(struct landlock_inode_security),
  29. .lbs_superblock = sizeof(struct landlock_superblock_security),
  30. };
  31. int landlock_errata __ro_after_init;
  32. static void __init compute_errata(void)
  33. {
  34. size_t i;
  35. #ifndef __has_include
  36. /*
  37. * This is a safeguard to make sure the compiler implements
  38. * __has_include (see errata.h).
  39. */
  40. WARN_ON_ONCE(1);
  41. return;
  42. #endif
  43. for (i = 0; landlock_errata_init[i].number; i++) {
  44. const int prev_errata = landlock_errata;
  45. if (WARN_ON_ONCE(landlock_errata_init[i].abi >
  46. landlock_abi_version))
  47. continue;
  48. landlock_errata |= BIT(landlock_errata_init[i].number - 1);
  49. WARN_ON_ONCE(prev_errata == landlock_errata);
  50. }
  51. }
  52. static int __init landlock_init(void)
  53. {
  54. compute_errata();
  55. landlock_add_cred_hooks();
  56. landlock_add_task_hooks();
  57. landlock_add_fs_hooks();
  58. landlock_add_net_hooks();
  59. landlock_init_id();
  60. landlock_initialized = true;
  61. pr_info("Up and running.\n");
  62. return 0;
  63. }
  64. DEFINE_LSM(LANDLOCK_NAME) = {
  65. .id = &landlock_lsmid,
  66. .init = landlock_init,
  67. .blobs = &landlock_blob_sizes,
  68. };