diff options
| author | Kees Cook <keescook@chromium.org> | 2018-09-19 16:32:15 -0400 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2019-01-08 16:18:43 -0500 |
| commit | 7e611486d905f435faf80969deed68a615019e6b (patch) | |
| tree | 2454816badf417db4dd7f5005d3c180d0771b4ae /security/security.c | |
| parent | 5ef4e41918b2dffffa445d8d3a45f3dc257920dc (diff) | |
LSM: Refactor "security=" in terms of enable/disable
For what are marked as the Legacy Major LSMs, make them effectively
exclusive when selected on the "security=" boot parameter, to handle
the future case of when a previously major LSMs become non-exclusive
(e.g. when TOMOYO starts blob-sharing).
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/security/security.c b/security/security.c index 1e1f34285e96..88de6b073246 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -129,14 +129,6 @@ static bool __init lsm_allowed(struct lsm_info *lsm) | |||
| 129 | if (!is_enabled(lsm)) | 129 | if (!is_enabled(lsm)) |
| 130 | return false; | 130 | return false; |
| 131 | 131 | ||
| 132 | /* Skip major-specific checks if not a major LSM. */ | ||
| 133 | if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) | ||
| 134 | return true; | ||
| 135 | |||
| 136 | /* Disabled if this LSM isn't the chosen one. */ | ||
| 137 | if (strcmp(lsm->name, chosen_major_lsm) != 0) | ||
| 138 | return false; | ||
| 139 | |||
| 140 | return true; | 132 | return true; |
| 141 | } | 133 | } |
| 142 | 134 | ||
| @@ -164,8 +156,28 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) | |||
| 164 | struct lsm_info *lsm; | 156 | struct lsm_info *lsm; |
| 165 | char *sep, *name, *next; | 157 | char *sep, *name, *next; |
| 166 | 158 | ||
| 159 | /* Process "security=", if given. */ | ||
| 167 | if (!chosen_major_lsm) | 160 | if (!chosen_major_lsm) |
| 168 | chosen_major_lsm = CONFIG_DEFAULT_SECURITY; | 161 | chosen_major_lsm = CONFIG_DEFAULT_SECURITY; |
| 162 | if (chosen_major_lsm) { | ||
| 163 | struct lsm_info *major; | ||
| 164 | |||
| 165 | /* | ||
| 166 | * To match the original "security=" behavior, this | ||
| 167 | * explicitly does NOT fallback to another Legacy Major | ||
| 168 | * if the selected one was separately disabled: disable | ||
| 169 | * all non-matching Legacy Major LSMs. | ||
| 170 | */ | ||
| 171 | for (major = __start_lsm_info; major < __end_lsm_info; | ||
| 172 | major++) { | ||
| 173 | if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && | ||
| 174 | strcmp(major->name, chosen_major_lsm) != 0) { | ||
| 175 | set_enabled(major, false); | ||
| 176 | init_debug("security=%s disabled: %s\n", | ||
| 177 | chosen_major_lsm, major->name); | ||
| 178 | } | ||
| 179 | } | ||
| 180 | } | ||
| 169 | 181 | ||
| 170 | sep = kstrdup(order, GFP_KERNEL); | 182 | sep = kstrdup(order, GFP_KERNEL); |
| 171 | next = sep; | 183 | next = sep; |