LSM: Introduce enum lsm_order

In preparation for distinguishing the "capability" LSM from other LSMs, it must be ordered first. This introduces LSM_ORDER_MUTABLE for the general LSMs and LSM_ORDER_FIRST for capability. In the future LSM_ORDER_LAST for could be added for anything that must run last (e.g. Landlock may use this). Signed-off-by: Kees Cook <keescook@chromium.org>
author: Kees Cook <keescook@chromium.org> 2018-09-20 03:48:21 +0300
committer: Kees Cook <keescook@chromium.org> 2019-01-09 00:18:43 +0300
commit: e2bc445b66cad25b0627391df8138a83d0e48f97 (patch)
tree: b078f987045e8723a6c9d80049d8c78bbdf2181d /include
parent: d6aed64b74b73b64278c059eacd59d87167aa968 (diff)
download: linux-e2bc445b66cad25b0627391df8138a83d0e48f97.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 2849e9b2c01d..27d4db9588bb 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -2045,8 +2045,14 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count,
 #define LSM_FLAG_LEGACY_MAJOR	BIT(0)
 #define LSM_FLAG_EXCLUSIVE	BIT(1)
 
+enum lsm_order {
+	LSM_ORDER_FIRST = -1,	/* This is only for capabilities. */
+	LSM_ORDER_MUTABLE = 0,
+};
+
 struct lsm_info {
 	const char *name;	/* Required. */
+	enum lsm_order order;	/* Optional: default is LSM_ORDER_MUTABLE */
 	unsigned long flags;	/* Optional: flags describing LSM */
 	int *enabled;		/* Optional: controlled by CONFIG_LSM */
 	int (*init)(void);	/* Required. */
author	Kees Cook <keescook@chromium.org>	2018-09-20 03:48:21 +0300
committer	Kees Cook <keescook@chromium.org>	2019-01-09 00:18:43 +0300
commit	e2bc445b66cad25b0627391df8138a83d0e48f97 (patch)
tree	b078f987045e8723a6c9d80049d8c78bbdf2181d /include
parent	d6aed64b74b73b64278c059eacd59d87167aa968 (diff)
download	linux-e2bc445b66cad25b0627391df8138a83d0e48f97.tar.xz