From 4f83d5ea643af8892459d9852c88f3892201b864 Mon Sep 17 00:00:00 2001 From: Paul Gortmaker Date: Sun, 9 Dec 2018 15:36:33 -0500 Subject: security: integrity: make ima_main explicitly non-modular The Makefile/Kconfig entry controlling compilation of this code is: obj-$(CONFIG_IMA) += ima.o ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \ ima_policy.o ima_template.o ima_template_lib.o security/integrity/ima/Kconfig:config IMA security/integrity/ima/Kconfig- bool "Integrity Measurement Architecture(IMA)" ...meaning that it currently is not being built as a module by anyone. Lets remove the couple traces of modular infrastructure use, so that when reading the driver there is no doubt it is builtin-only. We also delete the MODULE_LICENSE tag etc. since all that information is already contained at the top of the file in the comments. Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: James Morris Cc: "Serge E. Hallyn" Cc: linux-ima-devel@lists.sourceforge.net Cc: linux-security-module@vger.kernel.org Signed-off-by: Paul Gortmaker Signed-off-by: James Morris --- security/integrity/ima/ima_main.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'security/integrity') diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 1b88d58e1325..adaf96932237 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -1,4 +1,6 @@ /* + * Integrity Measurement Architecture + * * Copyright (C) 2005,2006,2007,2008 IBM Corporation * * Authors: @@ -19,7 +21,7 @@ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt -#include +#include #include #include #include @@ -560,6 +562,3 @@ static int __init init_ima(void) } late_initcall(init_ima); /* Start IMA after the TPM is available */ - -MODULE_DESCRIPTION("Integrity Measurement Architecture"); -MODULE_LICENSE("GPL"); -- cgit v1.2.3 From 3aafb1fbe654fce86e79e10b3dc496b50cb04284 Mon Sep 17 00:00:00 2001 From: Paul Gortmaker Date: Sun, 9 Dec 2018 15:36:32 -0500 Subject: security: integrity: make evm_main explicitly non-modular The Makefile/Kconfig entry controlling compilation of this code is: obj-$(CONFIG_EVM) += evm.o evm-y := evm_main.o evm_crypto.o evm_secfs.o security/integrity/evm/Kconfig:config EVM security/integrity/evm/Kconfig: bool "EVM support" ...meaning that it currently is not being built as a module by anyone. Lets remove the couple traces of modular infrastructure use, so that when reading the driver there is no doubt it is builtin-only. We also delete the MODULE_LICENSE tag etc. since all that information is already contained at the top of the file in the comments. Cc: Mimi Zohar Cc: James Morris Cc: "Serge E. Hallyn" Cc: linux-ima-devel@lists.sourceforge.net Cc: linux-security-module@vger.kernel.org Signed-off-by: Paul Gortmaker Signed-off-by: James Morris --- security/integrity/evm/evm_main.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'security/integrity') diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 7f3f54d89a6e..5ecaa3d6fe0b 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -16,7 +16,7 @@ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt -#include +#include #include #include #include @@ -592,6 +592,3 @@ error: } late_initcall(init_evm); - -MODULE_DESCRIPTION("Extended Verification Module"); -MODULE_LICENSE("GPL"); -- cgit v1.2.3 From 876979c9308b7228cdaf6785909c57eebc85d911 Mon Sep 17 00:00:00 2001 From: Paul Gortmaker Date: Sun, 9 Dec 2018 15:36:29 -0500 Subject: security: audit and remove any unnecessary uses of module.h Historically a lot of these existed because we did not have a distinction between what was modular code and what was providing support to modules via EXPORT_SYMBOL and friends. That changed when we forked out support for the latter into the export.h file. This means we should be able to reduce the usage of module.h in code that is obj-y Makefile or bool Kconfig. The advantage in removing such instances is that module.h itself sources about 15 other headers; adding significantly to what we feed cpp, and it can obscure what headers we are effectively using. Since module.h might have been the implicit source for init.h (for __init) and for export.h (for EXPORT_SYMBOL) we consider each instance for the presence of either and replace as needed. Cc: James Morris Cc: "Serge E. Hallyn" Cc: John Johansen Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: David Howells Cc: linux-security-module@vger.kernel.org Cc: linux-integrity@vger.kernel.org Cc: keyrings@vger.kernel.org Signed-off-by: Paul Gortmaker Signed-off-by: James Morris --- security/apparmor/apparmorfs.c | 2 +- security/commoncap.c | 1 - security/integrity/evm/evm_crypto.c | 2 +- security/integrity/evm/evm_posix_acl.c | 1 - security/integrity/evm/evm_secfs.c | 2 +- security/integrity/iint.c | 2 +- security/integrity/ima/ima_api.c | 1 - security/integrity/ima/ima_appraise.c | 2 +- security/integrity/ima/ima_fs.c | 2 +- security/integrity/ima/ima_init.c | 2 +- security/integrity/ima/ima_policy.c | 2 +- security/integrity/ima/ima_queue.c | 1 - security/keys/encrypted-keys/masterkey_trusted.c | 1 - security/keys/gc.c | 1 - security/keys/key.c | 2 +- security/keys/keyctl.c | 1 - security/keys/keyring.c | 2 +- security/keys/permission.c | 2 +- security/keys/proc.c | 1 - security/keys/process_keys.c | 1 - security/keys/request_key.c | 2 +- security/keys/request_key_auth.c | 1 - security/keys/user_defined.c | 2 +- security/security.c | 2 +- 24 files changed, 14 insertions(+), 24 deletions(-) (limited to 'security/integrity') diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 8963203319ea..3f80a684c232 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -15,7 +15,7 @@ #include #include #include -#include +#include #include #include #include diff --git a/security/commoncap.c b/security/commoncap.c index 18a4fdf6f6eb..232db019f051 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -9,7 +9,6 @@ #include #include -#include #include #include #include diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index 8c25f949ebdb..77ef210a8a6b 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -15,7 +15,7 @@ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt -#include +#include #include #include #include diff --git a/security/integrity/evm/evm_posix_acl.c b/security/integrity/evm/evm_posix_acl.c index 46408b9e62e8..7faf98c20373 100644 --- a/security/integrity/evm/evm_posix_acl.c +++ b/security/integrity/evm/evm_posix_acl.c @@ -9,7 +9,6 @@ * the Free Software Foundation, version 2 of the License. */ -#include #include #include diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c index 77de71b7794c..015aea8fdf1e 100644 --- a/security/integrity/evm/evm_secfs.c +++ b/security/integrity/evm/evm_secfs.c @@ -17,7 +17,7 @@ #include #include -#include +#include #include #include "evm.h" diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 1ea05da2323d..88f04b3380d4 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -16,7 +16,7 @@ * using a rbtree tree. */ #include -#include +#include #include #include #include diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 99dd1d53fc35..67dfbd1af3ca 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -12,7 +12,6 @@ * Implements must_appraise_or_measure, collect_measurement, * appraise_measurement, store_measurement and store_template. */ -#include #include #include #include diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index deec1804a00a..2e11e750a067 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -8,7 +8,7 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation, version 2 of the License. */ -#include +#include #include #include #include diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index 3183cc23d0f8..0af792833f42 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -20,7 +20,7 @@ #include #include -#include +#include #include #include #include diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 59d834219cd6..6bb42a9c5e47 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -17,7 +17,7 @@ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt -#include +#include #include #include #include diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 8c9499867c91..3778dc396193 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -10,7 +10,7 @@ * - initialize default measure policy rules * */ -#include +#include #include #include #include diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index b186819bd5aa..0e41dc1df1d4 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -21,7 +21,6 @@ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt -#include #include #include #include "ima.h" diff --git a/security/keys/encrypted-keys/masterkey_trusted.c b/security/keys/encrypted-keys/masterkey_trusted.c index cbf0bc127a73..dc3d18cae642 100644 --- a/security/keys/encrypted-keys/masterkey_trusted.c +++ b/security/keys/encrypted-keys/masterkey_trusted.c @@ -15,7 +15,6 @@ */ #include -#include #include #include #include diff --git a/security/keys/gc.c b/security/keys/gc.c index 7207e6094dc1..634e96b380e8 100644 --- a/security/keys/gc.c +++ b/security/keys/gc.c @@ -9,7 +9,6 @@ * 2 of the Licence, or (at your option) any later version. */ -#include #include #include #include diff --git a/security/keys/key.c b/security/keys/key.c index d97c9394b5dd..44a80d6741a1 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -9,7 +9,7 @@ * 2 of the License, or (at your option) any later version. */ -#include +#include #include #include #include diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 18619690ce77..e8093d025966 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -9,7 +9,6 @@ * 2 of the License, or (at your option) any later version. */ -#include #include #include #include diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 41bcf57e96f2..eadebb92986a 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -9,7 +9,7 @@ * 2 of the License, or (at your option) any later version. */ -#include +#include #include #include #include diff --git a/security/keys/permission.c b/security/keys/permission.c index f68dc04d614e..06df9d5e7572 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c @@ -9,7 +9,7 @@ * 2 of the License, or (at your option) any later version. */ -#include +#include #include #include "internal.h" diff --git a/security/keys/proc.c b/security/keys/proc.c index 5af2934965d8..d2b802072693 100644 --- a/security/keys/proc.c +++ b/security/keys/proc.c @@ -9,7 +9,6 @@ * 2 of the License, or (at your option) any later version. */ -#include #include #include #include diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index d5b25e535d3a..8b8994920620 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -9,7 +9,6 @@ * 2 of the License, or (at your option) any later version. */ -#include #include #include #include diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 114f7408feee..301f0e300dbd 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -11,7 +11,7 @@ * See Documentation/security/keys/request-key.rst */ -#include +#include #include #include #include diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index 424e1d90412e..87ea2f54dedc 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c @@ -11,7 +11,6 @@ * See Documentation/security/keys/request-key.rst */ -#include #include #include #include diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index 9f558bedba23..5666fe0352f7 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c @@ -9,7 +9,7 @@ * 2 of the License, or (at your option) any later version. */ -#include +#include #include #include #include diff --git a/security/security.c b/security/security.c index 04d173eb93f6..d670136dda2c 100644 --- a/security/security.c +++ b/security/security.c @@ -17,7 +17,7 @@ #include #include #include -#include +#include #include #include #include -- cgit v1.2.3 From b49d564344f773d8afee982153c8493e5f2eaf38 Mon Sep 17 00:00:00 2001 From: Paul Gortmaker Date: Fri, 14 Dec 2018 16:48:07 -0500 Subject: security: integrity: partial revert of make ima_main explicitly non-modular In commit 4f83d5ea643a ("security: integrity: make ima_main explicitly non-modular") I'd removed after assuming that the function is_module_sig_enforced() was an LSM function and not a core kernel module function. Unfortunately the typical .config selections used in build testing provide an implicit presence, and so normal/typical build testing did not immediately reveal my incorrect assumption. Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: James Morris Cc: "Serge E. Hallyn" Cc: linux-ima-devel@lists.sourceforge.net Cc: linux-security-module@vger.kernel.org Reported-by: Randy Dunlap Signed-off-by: Paul Gortmaker Signed-off-by: James Morris --- security/integrity/ima/ima_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security/integrity') diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index adaf96932237..616a88f95b92 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -21,7 +21,7 @@ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt -#include +#include #include #include #include -- cgit v1.2.3