include/linux/lsm_count.h

   1 /* SPDX-License-Identifier: GPL-2.0 */
   2
   3 /*
   4  * Copyright (C) 2023 Google LLC.
   5  */
   6
   7 #ifndef __LINUX_LSM_COUNT_H
   8 #define __LINUX_LSM_COUNT_H
   9
  10 #include <linux/args.h>
  11
  12 #ifdef CONFIG_SECURITY
  13
  14 /*
  15  * Macros to count the number of LSMs enabled in the kernel at compile time.
  16  */
  17
  18 /*
  19  * Capabilities is enabled when CONFIG_SECURITY is enabled.
  20  */
  21 #if IS_ENABLED(CONFIG_SECURITY)
  22 #define CAPABILITIES_ENABLED 1,
  23 #else
  24 #define CAPABILITIES_ENABLED
  25 #endif
  26
  27 #if IS_ENABLED(CONFIG_SECURITY_SELINUX)
  28 #define SELINUX_ENABLED 1,
  29 #else
  30 #define SELINUX_ENABLED
  31 #endif
  32
  33 #if IS_ENABLED(CONFIG_SECURITY_SMACK)
  34 #define SMACK_ENABLED 1,
  35 #else
  36 #define SMACK_ENABLED
  37 #endif
  38
  39 #if IS_ENABLED(CONFIG_SECURITY_APPARMOR)
  40 #define APPARMOR_ENABLED 1,
  41 #else
  42 #define APPARMOR_ENABLED
  43 #endif
  44
  45 #if IS_ENABLED(CONFIG_SECURITY_TOMOYO)
  46 #define TOMOYO_ENABLED 1,
  47 #else
  48 #define TOMOYO_ENABLED
  49 #endif
  50
  51 #if IS_ENABLED(CONFIG_SECURITY_YAMA)
  52 #define YAMA_ENABLED 1,
  53 #else
  54 #define YAMA_ENABLED
  55 #endif
  56
  57 #if IS_ENABLED(CONFIG_SECURITY_LOADPIN)
  58 #define LOADPIN_ENABLED 1,
  59 #else
  60 #define LOADPIN_ENABLED
  61 #endif
  62
  63 #if IS_ENABLED(CONFIG_SECURITY_LOCKDOWN_LSM)
  64 #define LOCKDOWN_ENABLED 1,
  65 #else
  66 #define LOCKDOWN_ENABLED
  67 #endif
  68
  69 #if IS_ENABLED(CONFIG_SECURITY_SAFESETID)
  70 #define SAFESETID_ENABLED 1,
  71 #else
  72 #define SAFESETID_ENABLED
  73 #endif
  74
  75 #if IS_ENABLED(CONFIG_BPF_LSM)
  76 #define BPF_LSM_ENABLED 1,
  77 #else
  78 #define BPF_LSM_ENABLED
  79 #endif
  80
  81 #if IS_ENABLED(CONFIG_SECURITY_LANDLOCK)
  82 #define LANDLOCK_ENABLED 1,
  83 #else
  84 #define LANDLOCK_ENABLED
  85 #endif
  86
  87 #if IS_ENABLED(CONFIG_IMA)
  88 #define IMA_ENABLED 1,
  89 #else
  90 #define IMA_ENABLED
  91 #endif
  92
  93 #if IS_ENABLED(CONFIG_EVM)
  94 #define EVM_ENABLED 1,
  95 #else
  96 #define EVM_ENABLED
  97 #endif
  98
  99 #if IS_ENABLED(CONFIG_SECURITY_IPE)
 100 #define IPE_ENABLED 1,
 101 #else
 102 #define IPE_ENABLED
 103 #endif
 104
 105 /*
 106  *  There is a trailing comma that we need to be accounted for. This is done by
 107  *  using a skipped argument in __COUNT_LSMS
 108  */
 109 #define __COUNT_LSMS(skipped_arg, args...) COUNT_ARGS(args...)
 110 #define COUNT_LSMS(args...) __COUNT_LSMS(args)
 111
 112 #define MAX_LSM_COUNT                   \
 113         COUNT_LSMS(                     \
 114                 CAPABILITIES_ENABLED    \
 115                 SELINUX_ENABLED         \
 116                 SMACK_ENABLED           \
 117                 APPARMOR_ENABLED        \
 118                 TOMOYO_ENABLED          \
 119                 YAMA_ENABLED            \
 120                 LOADPIN_ENABLED         \
 121                 LOCKDOWN_ENABLED        \
 122                 SAFESETID_ENABLED       \
 123                 BPF_LSM_ENABLED         \
 124                 LANDLOCK_ENABLED        \
 125                 IMA_ENABLED             \
 126                 EVM_ENABLED             \
 127                 IPE_ENABLED)
 128
 129 #else
 130
 131 #define MAX_LSM_COUNT 0
 132
 133 #endif /* CONFIG_SECURITY */
 134
 135 #endif  /* __LINUX_LSM_COUNT_H */