xref: /linux-6.15/include/linux/lsm_count.h (revision d51e783c) 
1*d51e783cSKP Singh /* SPDX-License-Identifier: GPL-2.0 */
2*d51e783cSKP Singh 
3*d51e783cSKP Singh /*
4*d51e783cSKP Singh  * Copyright (C) 2023 Google LLC.
5*d51e783cSKP Singh  */
6*d51e783cSKP Singh 
7*d51e783cSKP Singh #ifndef __LINUX_LSM_COUNT_H
8*d51e783cSKP Singh #define __LINUX_LSM_COUNT_H
9*d51e783cSKP Singh 
10*d51e783cSKP Singh #include <linux/args.h>
11*d51e783cSKP Singh 
12*d51e783cSKP Singh #ifdef CONFIG_SECURITY
13*d51e783cSKP Singh 
14*d51e783cSKP Singh /*
15*d51e783cSKP Singh  * Macros to count the number of LSMs enabled in the kernel at compile time.
16*d51e783cSKP Singh  */
17*d51e783cSKP Singh 
18*d51e783cSKP Singh /*
19*d51e783cSKP Singh  * Capabilities is enabled when CONFIG_SECURITY is enabled.
20*d51e783cSKP Singh  */
21*d51e783cSKP Singh #if IS_ENABLED(CONFIG_SECURITY)
22*d51e783cSKP Singh #define CAPABILITIES_ENABLED 1,
23*d51e783cSKP Singh #else
24*d51e783cSKP Singh #define CAPABILITIES_ENABLED
25*d51e783cSKP Singh #endif
26*d51e783cSKP Singh 
27*d51e783cSKP Singh #if IS_ENABLED(CONFIG_SECURITY_SELINUX)
28*d51e783cSKP Singh #define SELINUX_ENABLED 1,
29*d51e783cSKP Singh #else
30*d51e783cSKP Singh #define SELINUX_ENABLED
31*d51e783cSKP Singh #endif
32*d51e783cSKP Singh 
33*d51e783cSKP Singh #if IS_ENABLED(CONFIG_SECURITY_SMACK)
34*d51e783cSKP Singh #define SMACK_ENABLED 1,
35*d51e783cSKP Singh #else
36*d51e783cSKP Singh #define SMACK_ENABLED
37*d51e783cSKP Singh #endif
38*d51e783cSKP Singh 
39*d51e783cSKP Singh #if IS_ENABLED(CONFIG_SECURITY_APPARMOR)
40*d51e783cSKP Singh #define APPARMOR_ENABLED 1,
41*d51e783cSKP Singh #else
42*d51e783cSKP Singh #define APPARMOR_ENABLED
43*d51e783cSKP Singh #endif
44*d51e783cSKP Singh 
45*d51e783cSKP Singh #if IS_ENABLED(CONFIG_SECURITY_TOMOYO)
46*d51e783cSKP Singh #define TOMOYO_ENABLED 1,
47*d51e783cSKP Singh #else
48*d51e783cSKP Singh #define TOMOYO_ENABLED
49*d51e783cSKP Singh #endif
50*d51e783cSKP Singh 
51*d51e783cSKP Singh #if IS_ENABLED(CONFIG_SECURITY_YAMA)
52*d51e783cSKP Singh #define YAMA_ENABLED 1,
53*d51e783cSKP Singh #else
54*d51e783cSKP Singh #define YAMA_ENABLED
55*d51e783cSKP Singh #endif
56*d51e783cSKP Singh 
57*d51e783cSKP Singh #if IS_ENABLED(CONFIG_SECURITY_LOADPIN)
58*d51e783cSKP Singh #define LOADPIN_ENABLED 1,
59*d51e783cSKP Singh #else
60*d51e783cSKP Singh #define LOADPIN_ENABLED
61*d51e783cSKP Singh #endif
62*d51e783cSKP Singh 
63*d51e783cSKP Singh #if IS_ENABLED(CONFIG_SECURITY_LOCKDOWN_LSM)
64*d51e783cSKP Singh #define LOCKDOWN_ENABLED 1,
65*d51e783cSKP Singh #else
66*d51e783cSKP Singh #define LOCKDOWN_ENABLED
67*d51e783cSKP Singh #endif
68*d51e783cSKP Singh 
69*d51e783cSKP Singh #if IS_ENABLED(CONFIG_SECURITY_SAFESETID)
70*d51e783cSKP Singh #define SAFESETID_ENABLED 1,
71*d51e783cSKP Singh #else
72*d51e783cSKP Singh #define SAFESETID_ENABLED
73*d51e783cSKP Singh #endif
74*d51e783cSKP Singh 
75*d51e783cSKP Singh #if IS_ENABLED(CONFIG_BPF_LSM)
76*d51e783cSKP Singh #define BPF_LSM_ENABLED 1,
77*d51e783cSKP Singh #else
78*d51e783cSKP Singh #define BPF_LSM_ENABLED
79*d51e783cSKP Singh #endif
80*d51e783cSKP Singh 
81*d51e783cSKP Singh #if IS_ENABLED(CONFIG_SECURITY_LANDLOCK)
82*d51e783cSKP Singh #define LANDLOCK_ENABLED 1,
83*d51e783cSKP Singh #else
84*d51e783cSKP Singh #define LANDLOCK_ENABLED
85*d51e783cSKP Singh #endif
86*d51e783cSKP Singh 
87*d51e783cSKP Singh #if IS_ENABLED(CONFIG_IMA)
88*d51e783cSKP Singh #define IMA_ENABLED 1,
89*d51e783cSKP Singh #else
90*d51e783cSKP Singh #define IMA_ENABLED
91*d51e783cSKP Singh #endif
92*d51e783cSKP Singh 
93*d51e783cSKP Singh #if IS_ENABLED(CONFIG_EVM)
94*d51e783cSKP Singh #define EVM_ENABLED 1,
95*d51e783cSKP Singh #else
96*d51e783cSKP Singh #define EVM_ENABLED
97*d51e783cSKP Singh #endif
98*d51e783cSKP Singh 
99*d51e783cSKP Singh #if IS_ENABLED(CONFIG_SECURITY_IPE)
100*d51e783cSKP Singh #define IPE_ENABLED 1,
101*d51e783cSKP Singh #else
102*d51e783cSKP Singh #define IPE_ENABLED
103*d51e783cSKP Singh #endif
104*d51e783cSKP Singh 
105*d51e783cSKP Singh /*
106*d51e783cSKP Singh  *  There is a trailing comma that we need to be accounted for. This is done by
107*d51e783cSKP Singh  *  using a skipped argument in __COUNT_LSMS
108*d51e783cSKP Singh  */
109*d51e783cSKP Singh #define __COUNT_LSMS(skipped_arg, args...) COUNT_ARGS(args...)
110*d51e783cSKP Singh #define COUNT_LSMS(args...) __COUNT_LSMS(args)
111*d51e783cSKP Singh 
112*d51e783cSKP Singh #define MAX_LSM_COUNT			\
113*d51e783cSKP Singh 	COUNT_LSMS(			\
114*d51e783cSKP Singh 		CAPABILITIES_ENABLED	\
115*d51e783cSKP Singh 		SELINUX_ENABLED		\
116*d51e783cSKP Singh 		SMACK_ENABLED		\
117*d51e783cSKP Singh 		APPARMOR_ENABLED	\
118*d51e783cSKP Singh 		TOMOYO_ENABLED		\
119*d51e783cSKP Singh 		YAMA_ENABLED		\
120*d51e783cSKP Singh 		LOADPIN_ENABLED		\
121*d51e783cSKP Singh 		LOCKDOWN_ENABLED	\
122*d51e783cSKP Singh 		SAFESETID_ENABLED	\
123*d51e783cSKP Singh 		BPF_LSM_ENABLED		\
124*d51e783cSKP Singh 		LANDLOCK_ENABLED	\
125*d51e783cSKP Singh 		IMA_ENABLED		\
126*d51e783cSKP Singh 		EVM_ENABLED		\
127*d51e783cSKP Singh 		IPE_ENABLED)
128*d51e783cSKP Singh 
129*d51e783cSKP Singh #else
130*d51e783cSKP Singh 
131*d51e783cSKP Singh #define MAX_LSM_COUNT 0
132*d51e783cSKP Singh 
133*d51e783cSKP Singh #endif /* CONFIG_SECURITY */
134*d51e783cSKP Singh 
135*d51e783cSKP Singh #endif  /* __LINUX_LSM_COUNT_H */
136