1 /* SPDX-License-Identifier: GPL-2.0 */ 2 3 /* 4 * Copyright (C) 2023 Google LLC. 5 */ 6 7 #ifndef __LINUX_LSM_COUNT_H 8 #define __LINUX_LSM_COUNT_H 9 10 #include <linux/args.h> 11 12 #ifdef CONFIG_SECURITY 13 14 /* 15 * Macros to count the number of LSMs enabled in the kernel at compile time. 16 */ 17 18 /* 19 * Capabilities is enabled when CONFIG_SECURITY is enabled. 20 */ 21 #if IS_ENABLED(CONFIG_SECURITY) 22 #define CAPABILITIES_ENABLED 1, 23 #else 24 #define CAPABILITIES_ENABLED 25 #endif 26 27 #if IS_ENABLED(CONFIG_SECURITY_SELINUX) 28 #define SELINUX_ENABLED 1, 29 #else 30 #define SELINUX_ENABLED 31 #endif 32 33 #if IS_ENABLED(CONFIG_SECURITY_SMACK) 34 #define SMACK_ENABLED 1, 35 #else 36 #define SMACK_ENABLED 37 #endif 38 39 #if IS_ENABLED(CONFIG_SECURITY_APPARMOR) 40 #define APPARMOR_ENABLED 1, 41 #else 42 #define APPARMOR_ENABLED 43 #endif 44 45 #if IS_ENABLED(CONFIG_SECURITY_TOMOYO) 46 #define TOMOYO_ENABLED 1, 47 #else 48 #define TOMOYO_ENABLED 49 #endif 50 51 #if IS_ENABLED(CONFIG_SECURITY_YAMA) 52 #define YAMA_ENABLED 1, 53 #else 54 #define YAMA_ENABLED 55 #endif 56 57 #if IS_ENABLED(CONFIG_SECURITY_LOADPIN) 58 #define LOADPIN_ENABLED 1, 59 #else 60 #define LOADPIN_ENABLED 61 #endif 62 63 #if IS_ENABLED(CONFIG_SECURITY_LOCKDOWN_LSM) 64 #define LOCKDOWN_ENABLED 1, 65 #else 66 #define LOCKDOWN_ENABLED 67 #endif 68 69 #if IS_ENABLED(CONFIG_SECURITY_SAFESETID) 70 #define SAFESETID_ENABLED 1, 71 #else 72 #define SAFESETID_ENABLED 73 #endif 74 75 #if IS_ENABLED(CONFIG_BPF_LSM) 76 #define BPF_LSM_ENABLED 1, 77 #else 78 #define BPF_LSM_ENABLED 79 #endif 80 81 #if IS_ENABLED(CONFIG_SECURITY_LANDLOCK) 82 #define LANDLOCK_ENABLED 1, 83 #else 84 #define LANDLOCK_ENABLED 85 #endif 86 87 #if IS_ENABLED(CONFIG_IMA) 88 #define IMA_ENABLED 1, 89 #else 90 #define IMA_ENABLED 91 #endif 92 93 #if IS_ENABLED(CONFIG_EVM) 94 #define EVM_ENABLED 1, 95 #else 96 #define EVM_ENABLED 97 #endif 98 99 #if IS_ENABLED(CONFIG_SECURITY_IPE) 100 #define IPE_ENABLED 1, 101 #else 102 #define IPE_ENABLED 103 #endif 104 105 /* 106 * There is a trailing comma that we need to be accounted for. This is done by 107 * using a skipped argument in __COUNT_LSMS 108 */ 109 #define __COUNT_LSMS(skipped_arg, args...) COUNT_ARGS(args...) 110 #define COUNT_LSMS(args...) __COUNT_LSMS(args) 111 112 #define MAX_LSM_COUNT \ 113 COUNT_LSMS( \ 114 CAPABILITIES_ENABLED \ 115 SELINUX_ENABLED \ 116 SMACK_ENABLED \ 117 APPARMOR_ENABLED \ 118 TOMOYO_ENABLED \ 119 YAMA_ENABLED \ 120 LOADPIN_ENABLED \ 121 LOCKDOWN_ENABLED \ 122 SAFESETID_ENABLED \ 123 BPF_LSM_ENABLED \ 124 LANDLOCK_ENABLED \ 125 IMA_ENABLED \ 126 EVM_ENABLED \ 127 IPE_ENABLED) 128 129 #else 130 131 #define MAX_LSM_COUNT 0 132 133 #endif /* CONFIG_SECURITY */ 134 135 #endif /* __LINUX_LSM_COUNT_H */ 136