Skip to content

Commit 37f788f

Browse files
pcmoorepcmoore
committed
lsm: introduce looping macros for the initialization code
There are three common for loop patterns in the LSM initialization code to loop through the ordered LSM list and the registered "early" LSMs. This patch implements these loop patterns as macros to help simplify the code and reduce the chance for errors. Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: John Johansen <john.johhansen@canonical.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
1 parent e025785 commit 37f788f

File tree

1 file changed

+27
-15
lines changed

1 file changed

+27
-15
lines changed

security/lsm_init.c

Lines changed: 27 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,15 @@ static __initdata bool debug;
3232
pr_info(__VA_ARGS__); \
3333
} while (0)
3434

35+
#define lsm_order_for_each(iter) \
36+
for ((iter) = ordered_lsms; *(iter); (iter)++)
37+
#define lsm_for_each_raw(iter) \
38+
for ((iter) = __start_lsm_info; \
39+
(iter) < __end_lsm_info; (iter)++)
40+
#define lsm_early_for_each_raw(iter) \
41+
for ((iter) = __start_early_lsm_info; \
42+
(iter) < __end_early_lsm_info; (iter)++)
43+
3544
static int lsm_append(const char *new, char **result);
3645

3746
/* Save user chosen LSM */
@@ -96,9 +105,10 @@ static bool __init exists_ordered_lsm(struct lsm_info *lsm)
96105
{
97106
struct lsm_info **check;
98107

99-
for (check = ordered_lsms; *check; check++)
108+
lsm_order_for_each(check) {
100109
if (*check == lsm)
101110
return true;
111+
}
102112

103113
return false;
104114
}
@@ -209,7 +219,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
209219
char *sep, *name, *next;
210220

211221
/* LSM_ORDER_FIRST is always first. */
212-
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
222+
lsm_for_each_raw(lsm) {
213223
if (lsm->order == LSM_ORDER_FIRST)
214224
append_ordered_lsm(lsm, " first");
215225
}
@@ -224,8 +234,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
224234
* if the selected one was separately disabled: disable
225235
* all non-matching Legacy Major LSMs.
226236
*/
227-
for (major = __start_lsm_info; major < __end_lsm_info;
228-
major++) {
237+
lsm_for_each_raw(major) {
229238
if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
230239
strcmp(major->name, chosen_major_lsm) != 0) {
231240
set_enabled(major, false);
@@ -241,7 +250,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
241250
while ((name = strsep(&next, ",")) != NULL) {
242251
bool found = false;
243252

244-
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
253+
lsm_for_each_raw(lsm) {
245254
if (strcmp(lsm->name, name) == 0) {
246255
if (lsm->order == LSM_ORDER_MUTABLE)
247256
append_ordered_lsm(lsm, origin);
@@ -256,7 +265,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
256265

257266
/* Process "security=", if given. */
258267
if (chosen_major_lsm) {
259-
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
268+
lsm_for_each_raw(lsm) {
260269
if (exists_ordered_lsm(lsm))
261270
continue;
262271
if (strcmp(lsm->name, chosen_major_lsm) == 0)
@@ -265,13 +274,13 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
265274
}
266275

267276
/* LSM_ORDER_LAST is always last. */
268-
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
277+
lsm_for_each_raw(lsm) {
269278
if (lsm->order == LSM_ORDER_LAST)
270279
append_ordered_lsm(lsm, " last");
271280
}
272281

273282
/* Disable all LSMs not in the ordered list. */
274-
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
283+
lsm_for_each_raw(lsm) {
275284
if (exists_ordered_lsm(lsm))
276285
continue;
277286
set_enabled(lsm, false);
@@ -290,13 +299,14 @@ static void __init report_lsm_order(void)
290299
pr_info("initializing lsm=");
291300

292301
/* Report each enabled LSM name, comma separated. */
293-
for (early = __start_early_lsm_info;
294-
early < __end_early_lsm_info; early++)
302+
lsm_early_for_each_raw(early) {
295303
if (is_enabled(early))
296304
pr_cont("%s%s", first++ == 0 ? "" : ",", early->name);
297-
for (lsm = ordered_lsms; *lsm; lsm++)
305+
}
306+
lsm_order_for_each(lsm) {
298307
if (is_enabled(*lsm))
299308
pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name);
309+
}
300310

301311
pr_cont("\n");
302312
}
@@ -343,8 +353,9 @@ static void __init ordered_lsm_init(void)
343353
} else
344354
ordered_lsm_parse(builtin_lsm_order, "builtin");
345355

346-
for (lsm = ordered_lsms; *lsm; lsm++)
356+
lsm_order_for_each(lsm) {
347357
lsm_prepare(*lsm);
358+
}
348359

349360
report_lsm_order();
350361

@@ -382,8 +393,9 @@ static void __init ordered_lsm_init(void)
382393

383394
lsm_early_cred((struct cred *) current->cred);
384395
lsm_early_task(current);
385-
for (lsm = ordered_lsms; *lsm; lsm++)
396+
lsm_order_for_each(lsm) {
386397
initialize_lsm(*lsm);
398+
}
387399
}
388400

389401
static bool match_last_lsm(const char *list, const char *lsm)
@@ -485,7 +497,7 @@ int __init early_security_init(void)
485497
{
486498
struct lsm_info *lsm;
487499

488-
for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
500+
lsm_early_for_each_raw(lsm) {
489501
if (!lsm->enabled)
490502
lsm->enabled = &lsm_enabled_true;
491503
lsm_prepare(lsm);
@@ -512,7 +524,7 @@ int __init security_init(void)
512524
* Append the names of the early LSM modules now that kmalloc() is
513525
* available
514526
*/
515-
for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
527+
lsm_early_for_each_raw(lsm) {
516528
init_debug(" early started: %s (%s)\n", lsm->name,
517529
is_enabled(lsm) ? "enabled" : "disabled");
518530
if (lsm->enabled)

0 commit comments

Comments
 (0)