summaryrefslogtreecommitdiffstats
path: root/security/security.c
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2018-09-19 16:11:41 -0400
committerKees Cook <keescook@chromium.org>2019-01-08 16:18:42 -0500
commit5ef4e41918b2dffffa445d8d3a45f3dc257920dc (patch)
tree90371b405247d9f12041780cec0be777d2b0610c /security/security.c
parenta8027fb0d188599ccdb2096f49f708bae04d86c4 (diff)
LSM: Prepare for reorganizing "security=" logic
This moves the string handling for "security=" boot parameter into a stored pointer instead of a string duplicate. This will allow easier handling of the string when switching logic to use the coming enable/disable infrastructure. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c17
1 files changed, 8 insertions, 9 deletions
diff --git a/security/security.c b/security/security.c
index b6d3456978a4..1e1f34285e96 100644
--- a/security/security.c
+++ b/security/security.c
@@ -34,9 +34,6 @@
34 34
35#define MAX_LSM_EVM_XATTR 2 35#define MAX_LSM_EVM_XATTR 2
36 36
37/* Maximum number of letters for an LSM name string */
38#define SECURITY_NAME_MAX 10
39
40/* How many LSMs were built into the kernel? */ 37/* How many LSMs were built into the kernel? */
41#define LSM_COUNT (__end_lsm_info - __start_lsm_info) 38#define LSM_COUNT (__end_lsm_info - __start_lsm_info)
42 39
@@ -45,9 +42,8 @@ static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain);
45 42
46char *lsm_names; 43char *lsm_names;
47/* Boot-time LSM user choice */ 44/* Boot-time LSM user choice */
48static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
49 CONFIG_DEFAULT_SECURITY;
50static __initdata const char *chosen_lsm_order; 45static __initdata const char *chosen_lsm_order;
46static __initdata const char *chosen_major_lsm;
51 47
52static __initconst const char * const builtin_lsm_order = CONFIG_LSM; 48static __initconst const char * const builtin_lsm_order = CONFIG_LSM;
53 49
@@ -138,7 +134,7 @@ static bool __init lsm_allowed(struct lsm_info *lsm)
138 return true; 134 return true;
139 135
140 /* Disabled if this LSM isn't the chosen one. */ 136 /* Disabled if this LSM isn't the chosen one. */
141 if (strcmp(lsm->name, chosen_lsm) != 0) 137 if (strcmp(lsm->name, chosen_major_lsm) != 0)
142 return false; 138 return false;
143 139
144 return true; 140 return true;
@@ -168,6 +164,9 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
168 struct lsm_info *lsm; 164 struct lsm_info *lsm;
169 char *sep, *name, *next; 165 char *sep, *name, *next;
170 166
167 if (!chosen_major_lsm)
168 chosen_major_lsm = CONFIG_DEFAULT_SECURITY;
169
171 sep = kstrdup(order, GFP_KERNEL); 170 sep = kstrdup(order, GFP_KERNEL);
172 next = sep; 171 next = sep;
173 /* Walk the list, looking for matching LSMs. */ 172 /* Walk the list, looking for matching LSMs. */
@@ -257,12 +256,12 @@ int __init security_init(void)
257} 256}
258 257
259/* Save user chosen LSM */ 258/* Save user chosen LSM */
260static int __init choose_lsm(char *str) 259static int __init choose_major_lsm(char *str)
261{ 260{
262 strncpy(chosen_lsm, str, SECURITY_NAME_MAX); 261 chosen_major_lsm = str;
263 return 1; 262 return 1;
264} 263}
265__setup("security=", choose_lsm); 264__setup("security=", choose_major_lsm);
266 265
267/* Explicitly choose LSM initialization order. */ 266/* Explicitly choose LSM initialization order. */
268static int __init choose_lsm_order(char *str) 267static int __init choose_lsm_order(char *str)
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-17 08:38:07 -0400