smack: move initcalls to the LSM framework

pcmoore · pcmoore · commit 06643d5584f9 · 2025-10-22T19:24:25.000-04:00
As the LSM framework only supports one LSM initcall callback for each
initcall type, the init_smk_fs() and smack_nf_ip_init() functions were
wrapped with a new function, smack_initcall() that is registered with
the LSM framework.

Acked-by: Casey Schaufler &lt;casey@schaufler-ca.com&gt;
Reviewed-by: John Johansen &lt;john.johhansen@canonical.com&gt;
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
diff --git a/security/smack/smack.h b/security/smack/smack.h
@@ -275,6 +275,20 @@ struct smk_audit_info {
 #endif
 };
 
+/*
+ * Initialization
+ */
+#if defined(CONFIG_SECURITY_SMACK_NETFILTER)
+int smack_nf_ip_init(void);
+#else
+static inline int smack_nf_ip_init(void)
+{
+	return 0;
+}
+#endif
+int init_smk_fs(void);
+int smack_initcall(void);
+
 /*
  * These functions are in smack_access.c
  */
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
@@ -5275,6 +5275,14 @@ static __init int smack_init(void)
 	return 0;
 }
 
+int __init smack_initcall(void)
+{
+	int rc_fs = init_smk_fs();
+	int rc_nf = smack_nf_ip_init();
+
+	return rc_fs ? rc_fs : rc_nf;
+}
+
 /*
  * Smack requires early initialization in order to label
  * all processes and objects when they are created.
@@ -5284,4 +5292,5 @@ DEFINE_LSM(smack) = {
 	.flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
 	.blobs = &smack_blob_sizes,
 	.init = smack_init,
+	.initcall_device = smack_initcall,
 };
diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c
@@ -68,13 +68,11 @@ static struct pernet_operations smack_net_ops = {
 	.exit = smack_nf_unregister,
 };
 
-static int __init smack_nf_ip_init(void)
+int __init smack_nf_ip_init(void)
 {
 	if (smack_enabled == 0)
 		return 0;
 
 	printk(KERN_DEBUG "Smack: Registering netfilter hooks\n");
 	return register_pernet_subsys(&smack_net_ops);
 }
-
-__initcall(smack_nf_ip_init);
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
@@ -2978,7 +2978,7 @@ static struct vfsmount *smackfs_mount;
  * Returns true if we were not chosen on boot or if
  * we were chosen and filesystem registration succeeded.
  */
-static int __init init_smk_fs(void)
+int __init init_smk_fs(void)
 {
 	int err;
 	int rc;
@@ -3021,5 +3021,3 @@ static int __init init_smk_fs(void)
 
 	return err;
 }
-
-__initcall(init_smk_fs);

Original file line number	Diff line number	Diff line change
`@@ -68,13 +68,11 @@ static struct pernet_operations smack_net_ops = {`
`68`	`68`	`.exit = smack_nf_unregister,`
`69`	`69`	`};`
`70`	`70`
`71`		`-static int __init smack_nf_ip_init(void)`
	`71`	`+int __init smack_nf_ip_init(void)`
`72`	`72`	`{`
`73`	`73`	`if (smack_enabled == 0)`
`74`	`74`	`return 0;`
`75`	`75`
`76`	`76`	`printk(KERN_DEBUG "Smack: Registering netfilter hooks\n");`
`77`	`77`	`return register_pernet_subsys(&smack_net_ops);`
`78`	`78`	`}`
`79`		`-`
`80`		`-__initcall(smack_nf_ip_init);`
Original file line number	Diff line number	Diff line change
`@@ -2978,7 +2978,7 @@ static struct vfsmount *smackfs_mount;`
`2978`	`2978`	`* Returns true if we were not chosen on boot or if`
`2979`	`2979`	`* we were chosen and filesystem registration succeeded.`
`2980`	`2980`	`*/`
`2981`		`-static int __init init_smk_fs(void)`
	`2981`	`+int __init init_smk_fs(void)`
`2982`	`2982`	`{`
`2983`	`2983`	`int err;`
`2984`	`2984`	`int rc;`
`@@ -3021,5 +3021,3 @@ static int __init init_smk_fs(void)`
`3021`	`3021`
`3022`	`3022`	`return err;`
`3023`	`3023`	`}`
`3024`		`-`
`3025`		`-__initcall(init_smk_fs);`