LSM: Separate idea of "major" LSM from "exclusive" LSM

In order to both support old "security=" Legacy Major LSM selection, and handling real exclusivity, this creates LSM_FLAG_EXCLUSIVE and updates the selection logic to handle them. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
author: Kees Cook <keescook@chromium.org> 2018-09-19 19:57:06 -0700
committer: Kees Cook <keescook@chromium.org> 2019-01-08 13:18:43 -0800
commit: 14bd99c821f7ace0e8110a1bfdfaa27e1788e20f (patch)
tree: a5feee1ff6b832eaffef89d1bde995e0574723e2 /include
parent: 7e611486d905f435faf80969deed68a615019e6b (diff)
download: linux-14bd99c821f7ace0e8110a1bfdfaa27e1788e20f.tar.gz
linux-14bd99c821f7ace0e8110a1bfdfaa27e1788e20f.tar.bz2
linux-14bd99c821f7ace0e8110a1bfdfaa27e1788e20f.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index e28a3aa639e8..c3843b33da9e 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -2043,6 +2043,7 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count,
 				char *lsm);
 
 #define LSM_FLAG_LEGACY_MAJOR	BIT(0)
+#define LSM_FLAG_EXCLUSIVE	BIT(1)
 
 struct lsm_info {
 	const char *name;	/* Required. */
author	Kees Cook <keescook@chromium.org>	2018-09-19 19:57:06 -0700
committer	Kees Cook <keescook@chromium.org>	2019-01-08 13:18:43 -0800
commit	14bd99c821f7ace0e8110a1bfdfaa27e1788e20f (patch)
tree	a5feee1ff6b832eaffef89d1bde995e0574723e2 /include
parent	7e611486d905f435faf80969deed68a615019e6b (diff)
download	linux-14bd99c821f7ace0e8110a1bfdfaa27e1788e20f.tar.gz linux-14bd99c821f7ace0e8110a1bfdfaa27e1788e20f.tar.bz2 linux-14bd99c821f7ace0e8110a1bfdfaa27e1788e20f.zip