dc68054305
- Restore 29 recipe symlinks (libdrm, qtbase, dbus, sddm, pipewire, etc.) - Restore 33 patches (KDE, libdrm, mesa, pipewire, sddm, wireplumber) - Restore 20+ local/scripts (audit, lint, test, build helpers) - Restore src/cook/scheduler.rs, status.rs, gnu-config/ - Restore scripts/patch-inclusion-gate.sh, run_mini1.sh, validate-collision-log.sh - Recover TLC source from HEAD (was overwritten by 0.2.3 checkout) - Recover 11 local/docs plans from HEAD (were overwritten) - Recover qt6-wayland-smoke symlink from HEAD - Fix MOTD: remove garbled ASCII art, use clean text - Update version: 0.2.0 -> 0.2.4 in os-release, motd, config - Reduce filesystem_size: 1536 -> 512 MiB - Add ABSOLUTE RULE to AGENTS.md: never delete/ignore packages - Reduce pcid scheme log verbosity: info -> debug
136 lines
2.4 KiB
C
136 lines
2.4 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
/*
|
|
* Copyright (C) 2023 Google LLC.
|
|
*/
|
|
|
|
#ifndef __LINUX_LSM_COUNT_H
|
|
#define __LINUX_LSM_COUNT_H
|
|
|
|
#include <linux/args.h>
|
|
|
|
#ifdef CONFIG_SECURITY
|
|
|
|
/*
|
|
* Macros to count the number of LSMs enabled in the kernel at compile time.
|
|
*/
|
|
|
|
/*
|
|
* Capabilities is enabled when CONFIG_SECURITY is enabled.
|
|
*/
|
|
#if IS_ENABLED(CONFIG_SECURITY)
|
|
#define CAPABILITIES_ENABLED 1,
|
|
#else
|
|
#define CAPABILITIES_ENABLED
|
|
#endif
|
|
|
|
#if IS_ENABLED(CONFIG_SECURITY_SELINUX)
|
|
#define SELINUX_ENABLED 1,
|
|
#else
|
|
#define SELINUX_ENABLED
|
|
#endif
|
|
|
|
#if IS_ENABLED(CONFIG_SECURITY_SMACK)
|
|
#define SMACK_ENABLED 1,
|
|
#else
|
|
#define SMACK_ENABLED
|
|
#endif
|
|
|
|
#if IS_ENABLED(CONFIG_SECURITY_APPARMOR)
|
|
#define APPARMOR_ENABLED 1,
|
|
#else
|
|
#define APPARMOR_ENABLED
|
|
#endif
|
|
|
|
#if IS_ENABLED(CONFIG_SECURITY_TOMOYO)
|
|
#define TOMOYO_ENABLED 1,
|
|
#else
|
|
#define TOMOYO_ENABLED
|
|
#endif
|
|
|
|
#if IS_ENABLED(CONFIG_SECURITY_YAMA)
|
|
#define YAMA_ENABLED 1,
|
|
#else
|
|
#define YAMA_ENABLED
|
|
#endif
|
|
|
|
#if IS_ENABLED(CONFIG_SECURITY_LOADPIN)
|
|
#define LOADPIN_ENABLED 1,
|
|
#else
|
|
#define LOADPIN_ENABLED
|
|
#endif
|
|
|
|
#if IS_ENABLED(CONFIG_SECURITY_LOCKDOWN_LSM)
|
|
#define LOCKDOWN_ENABLED 1,
|
|
#else
|
|
#define LOCKDOWN_ENABLED
|
|
#endif
|
|
|
|
#if IS_ENABLED(CONFIG_SECURITY_SAFESETID)
|
|
#define SAFESETID_ENABLED 1,
|
|
#else
|
|
#define SAFESETID_ENABLED
|
|
#endif
|
|
|
|
#if IS_ENABLED(CONFIG_BPF_LSM)
|
|
#define BPF_LSM_ENABLED 1,
|
|
#else
|
|
#define BPF_LSM_ENABLED
|
|
#endif
|
|
|
|
#if IS_ENABLED(CONFIG_SECURITY_LANDLOCK)
|
|
#define LANDLOCK_ENABLED 1,
|
|
#else
|
|
#define LANDLOCK_ENABLED
|
|
#endif
|
|
|
|
#if IS_ENABLED(CONFIG_IMA)
|
|
#define IMA_ENABLED 1,
|
|
#else
|
|
#define IMA_ENABLED
|
|
#endif
|
|
|
|
#if IS_ENABLED(CONFIG_EVM)
|
|
#define EVM_ENABLED 1,
|
|
#else
|
|
#define EVM_ENABLED
|
|
#endif
|
|
|
|
#if IS_ENABLED(CONFIG_SECURITY_IPE)
|
|
#define IPE_ENABLED 1,
|
|
#else
|
|
#define IPE_ENABLED
|
|
#endif
|
|
|
|
/*
|
|
* There is a trailing comma that we need to be accounted for. This is done by
|
|
* using a skipped argument in __COUNT_LSMS
|
|
*/
|
|
#define __COUNT_LSMS(skipped_arg, args...) COUNT_ARGS(args...)
|
|
#define COUNT_LSMS(args...) __COUNT_LSMS(args)
|
|
|
|
#define MAX_LSM_COUNT \
|
|
COUNT_LSMS( \
|
|
CAPABILITIES_ENABLED \
|
|
SELINUX_ENABLED \
|
|
SMACK_ENABLED \
|
|
APPARMOR_ENABLED \
|
|
TOMOYO_ENABLED \
|
|
YAMA_ENABLED \
|
|
LOADPIN_ENABLED \
|
|
LOCKDOWN_ENABLED \
|
|
SAFESETID_ENABLED \
|
|
BPF_LSM_ENABLED \
|
|
LANDLOCK_ENABLED \
|
|
IMA_ENABLED \
|
|
EVM_ENABLED \
|
|
IPE_ENABLED)
|
|
|
|
#else
|
|
|
|
#define MAX_LSM_COUNT 0
|
|
|
|
#endif /* CONFIG_SECURITY */
|
|
|
|
#endif /* __LINUX_LSM_COUNT_H */
|