__con_initcall_end = .;
}
+ . = ALIGN(8);
+ SECURITY_INIT
+
. = ALIGN(64);
__per_cpu_start = .;
.data.percpu : { *(.data.percpu) }
__con_initcall_start = .;
*(.con_initcall.init)
__con_initcall_end = .;
+ SECURITY_INIT
. = ALIGN(32768);
__init_end = .;
}
__con_initcall_start = .;
*(.con_initcall.init)
__con_initcall_end = .;
+ SECURITY_INIT
. = ALIGN(32);
__initramfs_start = .;
usr/built-in.o(.init.ramfs)
__con_initcall_start = .;
*(.con_initcall.init)
__con_initcall_end = .;
-
+ }
+ .security_initcall.init : {
+ __security_initcall_start = .;
+ *(.security_initcall.init)
+ __security_initcall_end = .;
+
/* We fill to the next page, so we can discard all init
pages without needing to consider what payload might be
appended to the kernel image. */
___con_initcall_start = .;
*(.con_initcall.init)
___con_initcall_end = .;
+ SECURITY_INIT
. = ALIGN(4);
___initramfs_start = .;
*(.init.ramfs)
__con_initcall_start = .;
.con_initcall.init : { *(.con_initcall.init) }
__con_initcall_end = .;
+ SECURITY_INIT
. = ALIGN(4);
__alt_instructions = .;
.altinstructions : { *(.altinstructions) }
.con_initcall.init : AT(ADDR(.con_initcall.init) - PAGE_OFFSET)
{ *(.con_initcall.init) }
__con_initcall_end = .;
+ __security_initcall_start = .;
+ .security_initcall.init : AT(ADDR(.security_initcall.init) - PAGE_OFFSET)
+ { *(.security_initcall.init) }
+ __security_initcall_end = .;
. = ALIGN(PAGE_SIZE);
__init_end = .;
__con_initcall_start = .;
.con_initcall.init : { *(.con_initcall.init) }
__con_initcall_end = .;
+ SECURITY_INIT
. = ALIGN(8192);
__initramfs_start = .;
.init.ramfs : { *(.init.ramfs) }
__con_initcall_start = .;
.con_initcall.init : { *(.con_initcall.init) }
__con_initcall_end = .;
+ SECURITY_INIT
. = ALIGN(8192);
__initramfs_start = .;
.init.ramfs : { *(.init.ramfs) }
__con_initcall_start = .;
*(.con_initcall.init)
__con_initcall_end = .;
- __security_initcall_start = .;
- *(.security_initcall.init)
- __security_initcall_end = .;
+ SECURITY_INIT
. = ALIGN(4);
__initramfs_start = .;
*(.init.ramfs)
__con_initcall_start = .;
.con_initcall.init : { *(.con_initcall.init) }
__con_initcall_end = .;
+ SECURITY_INIT
. = ALIGN(4096); /* Align double page for init_task_union */
__init_end = .;
__con_initcall_start = .;
.con_initcall.init : { *(.con_initcall.init) }
__con_initcall_end = .;
+ SECURITY_INIT
. = ALIGN(4096); /* Align double page for init_task_union */
__init_end = .;
__con_initcall_start = .;
.con_initcall.init : { *(.con_initcall.init) }
__con_initcall_end = .;
+ SECURITY_INIT
. = ALIGN(4096);
__initramfs_start = .;
.init.ramfs : { *(.init.ramfs) }
.con_initcall.init : { *(.con_initcall.init) }
__con_initcall_end = .;
+ SECURITY_INIT
+
__start___ftr_fixup = .;
__ftr_fixup : { *(__ftr_fixup) }
__stop___ftr_fixup = .;
__con_initcall_start = .;
.con_initcall.init : { *(.con_initcall.init) }
__con_initcall_end = .;
+ SECURITY_INIT
. = ALIGN(4096);
__initramfs_start = .;
.init.ramfs : { *(.init.ramfs) }
__con_initcall_start = .;
.con_initcall.init : { *(.con_initcall.init) }
__con_initcall_end = .;
+ SECURITY_INIT
. = ALIGN(256);
__initramfs_start = .;
.init.ramfs : { *(.init.initramfs) }
__con_initcall_start = .;
.con_initcall.init : { *(.con_initcall.init) }
__con_initcall_end = .;
+ SECURITY_INIT
__machvec_start = .;
.machvec.init : { *(.machvec.init) }
__machvec_end = .;
__con_initcall_start = .;
.con_initcall.init : { *(.con_initcall.init) }
__con_initcall_end = .;
+ SECURITY_INIT
. = ALIGN(4096);
__initramfs_start = .;
.init.ramfs : { *(.init.ramfs) }
__con_initcall_start = .;
.con_initcall.init : { *(.con_initcall.init) }
__con_initcall_end = .;
+ SECURITY_INIT
. = ALIGN(8192);
__initramfs_start = .;
.init.ramfs : { *(.init.ramfs) }
__con_initcall_start = .;
.con_initcall.init : { *(.con_initcall.init) }
__con_initcall_end = .;
+ SECURITY_INIT
. = ALIGN(4096);
__initramfs_start = .;
.init.ramfs : { *(.init.ramfs) }
*(__ksymtab_strings) \
}
+#define SECURITY_INIT \
+ .security_initcall.init : { \
+ __security_initcall_start = .; \
+ *(.security_initcall.init) \
+ __security_initcall_end = .; \
+ }
typedef void (*exitcall_t)(void);
extern initcall_t __con_initcall_start, __con_initcall_end;
+extern initcall_t __security_initcall_start, __security_initcall_end;
#endif
#ifndef MODULE
#define console_initcall(fn) \
static initcall_t __initcall_##fn __attribute__ ((unused,__section__ (".con_initcall.init")))=fn
+#define security_initcall(fn) \
+ static initcall_t __initcall_##fn __attribute__ ((unused,__section__ (".security_initcall.init"))) = fn
+
struct obs_kernel_param {
const char *str;
int (*setup_func)(char *);
#define device_initcall(fn) module_init(fn)
#define late_initcall(fn) module_init(fn)
+#define security_initcall(fn) module_init(fn)
+
/* These macros create a dummy inline: gcc 2.9x does not count alias
as usage, hence the `unused function' warning when __init functions
are declared static. We use the dummy __*_module_inline functions
pte_chain_init();
fork_init(num_physpages);
proc_caches_init();
- security_scaffolding_startup();
buffer_init();
+ security_scaffolding_startup();
vfs_caches_init(num_physpages);
radix_tree_init();
signals_init();
}
}
-module_init (capability_init);
+security_initcall (capability_init);
module_exit (capability_exit);
MODULE_DESCRIPTION("Standard Linux Capabilities Security Module");
printk (KERN_INFO "Root Plug module removed\n");
}
-module_init (rootplug_init);
+security_initcall (rootplug_init);
module_exit (rootplug_exit);
MODULE_DESCRIPTION("Root Plug sample LSM module, written for Linux Journal article");
return 0;
}
+static void __init do_security_initcalls(void)
+{
+ initcall_t *call;
+ call = &__security_initcall_start;
+ while (call < &__security_initcall_end) {
+ (*call)();
+ call++;
+ }
+}
+
/**
* security_scaffolding_startup - initialzes the security scaffolding framework
*
* This should be called early in the kernel initialization sequence.
*/
-int security_scaffolding_startup (void)
+int __init security_scaffolding_startup (void)
{
printk (KERN_INFO "Security Scaffold v" SECURITY_SCAFFOLD_VERSION
" initialized\n");
}
security_ops = &dummy_security_ops;
+ do_security_initcalls();
return 0;
}
projects / linux / commitdiff