1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
/* SPDX-License-Identifier: GPL-2.0 */
/*
* Copyright (C) 2023 Google LLC.
*/
#ifndef __LINUX_LSM_COUNT_H
#define __LINUX_LSM_COUNT_H
#include <linux/args.h>
#ifdef CONFIG_SECURITY
/*
* Macros to count the number of LSMs enabled in the kernel at compile time.
*/
/*
* Capabilities is enabled when CONFIG_SECURITY is enabled.
*/
#if IS_ENABLED(CONFIG_SECURITY)
#define CAPABILITIES_ENABLED 1,
#else
#define CAPABILITIES_ENABLED
#endif
#if IS_ENABLED(CONFIG_SECURITY_SELINUX)
#define SELINUX_ENABLED 1,
#else
#define SELINUX_ENABLED
#endif
#if IS_ENABLED(CONFIG_SECURITY_SMACK)
#define SMACK_ENABLED 1,
#else
#define SMACK_ENABLED
#endif
#if IS_ENABLED(CONFIG_SECURITY_APPARMOR)
#define APPARMOR_ENABLED 1,
#else
#define APPARMOR_ENABLED
#endif
#if IS_ENABLED(CONFIG_SECURITY_TOMOYO)
#define TOMOYO_ENABLED 1,
#else
#define TOMOYO_ENABLED
#endif
#if IS_ENABLED(CONFIG_SECURITY_YAMA)
#define YAMA_ENABLED 1,
#else
#define YAMA_ENABLED
#endif
#if IS_ENABLED(CONFIG_SECURITY_LOADPIN)
#define LOADPIN_ENABLED 1,
#else
#define LOADPIN_ENABLED
#endif
#if IS_ENABLED(CONFIG_SECURITY_LOCKDOWN_LSM)
#define LOCKDOWN_ENABLED 1,
#else
#define LOCKDOWN_ENABLED
#endif
#if IS_ENABLED(CONFIG_SECURITY_SAFESETID)
#define SAFESETID_ENABLED 1,
#else
#define SAFESETID_ENABLED
#endif
#if IS_ENABLED(CONFIG_BPF_LSM)
#define BPF_LSM_ENABLED 1,
#else
#define BPF_LSM_ENABLED
#endif
#if IS_ENABLED(CONFIG_SECURITY_LANDLOCK)
#define LANDLOCK_ENABLED 1,
#else
#define LANDLOCK_ENABLED
#endif
#if IS_ENABLED(CONFIG_IMA)
#define IMA_ENABLED 1,
#else
#define IMA_ENABLED
#endif
#if IS_ENABLED(CONFIG_EVM)
#define EVM_ENABLED 1,
#else
#define EVM_ENABLED
#endif
#if IS_ENABLED(CONFIG_SECURITY_IPE)
#define IPE_ENABLED 1,
#else
#define IPE_ENABLED
#endif
/*
* There is a trailing comma that we need to be accounted for. This is done by
* using a skipped argument in __COUNT_LSMS
*/
#define __COUNT_LSMS(skipped_arg, args...) COUNT_ARGS(args...)
#define COUNT_LSMS(args...) __COUNT_LSMS(args)
#define MAX_LSM_COUNT \
COUNT_LSMS( \
CAPABILITIES_ENABLED \
SELINUX_ENABLED \
SMACK_ENABLED \
APPARMOR_ENABLED \
TOMOYO_ENABLED \
YAMA_ENABLED \
LOADPIN_ENABLED \
LOCKDOWN_ENABLED \
SAFESETID_ENABLED \
BPF_LSM_ENABLED \
LANDLOCK_ENABLED \
IMA_ENABLED \
EVM_ENABLED \
IPE_ENABLED)
#else
#define MAX_LSM_COUNT 0
#endif /* CONFIG_SECURITY */
#endif /* __LINUX_LSM_COUNT_H */
|
