summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/linux/lsm_hooks.h2
-rw-r--r--security/security.c14
2 files changed, 12 insertions, 4 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index be1581d18e3e..e28a3aa639e8 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -2047,7 +2047,7 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count,
struct lsm_info {
const char *name; /* Required. */
unsigned long flags; /* Optional: flags describing LSM */
- int *enabled; /* Optional: NULL means enabled. */
+ int *enabled; /* Optional: controlled by CONFIG_LSM */
int (*init)(void); /* Required. */
};
diff --git a/security/security.c b/security/security.c
index 2e1f48e8a6f2..b6d3456978a4 100644
--- a/security/security.c
+++ b/security/security.c
@@ -63,10 +63,10 @@ static __initdata bool debug;
static bool __init is_enabled(struct lsm_info *lsm)
{
- if (!lsm->enabled || *lsm->enabled)
- return true;
+ if (!lsm->enabled)
+ return false;
- return false;
+ return *lsm->enabled;
}
/* Mark an LSM's enabled flag. */
@@ -117,7 +117,11 @@ static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
if (WARN(last_lsm == LSM_COUNT, "%s: out of LSM slots!?\n", from))
return;
+ /* Enable this LSM, if it is not already set. */
+ if (!lsm->enabled)
+ lsm->enabled = &lsm_enabled_true;
ordered_lsms[last_lsm++] = lsm;
+
init_debug("%s ordering: %s (%sabled)\n", from, lsm->name,
is_enabled(lsm) ? "en" : "dis");
}
@@ -210,6 +214,10 @@ static void __init major_lsm_init(void)
if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0)
continue;
+ /* Enable this LSM, if it is not already set. */
+ if (!lsm->enabled)
+ lsm->enabled = &lsm_enabled_true;
+
maybe_initialize_lsm(lsm);
}
}