// SPDX-License-Identifier: GPL-2.0 /* Lock down the kernel * * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved. * Written by David Howells ([email protected]) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public Licence * as published by the Free Software Foundation; either version * 2 of the Licence, or (at your option) any later version. */ #include <linux/security.h> #include <linux/export.h> #include <linux/lsm_hooks.h> #include <uapi/linux/lsm.h> static enum lockdown_reason kernel_locked_down; static const enum lockdown_reason lockdown_levels[] = …; /* * Put the kernel into lock-down mode. */ static int lock_kernel_down(const char *where, enum lockdown_reason level) { … } static int __init lockdown_param(char *level) { … } early_param(…); /** * lockdown_is_locked_down - Find out if the kernel is locked down * @what: Tag to use in notice generated if lockdown is in effect */ static int lockdown_is_locked_down(enum lockdown_reason what) { … } static struct security_hook_list lockdown_hooks[] __ro_after_init = …; static const struct lsm_id lockdown_lsmid = …; static int __init lockdown_lsm_init(void) { … } static ssize_t lockdown_read(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { … } static ssize_t lockdown_write(struct file *file, const char __user *buf, size_t n, loff_t *ppos) { … } static const struct file_operations lockdown_ops = …; static int __init lockdown_secfs_init(void) { … } core_initcall(lockdown_secfs_init); #ifdef CONFIG_SECURITY_LOCKDOWN_LSM_EARLY DEFINE_EARLY_LSM(lockdown) = …;
Codebase Browser
linux