diff options
| author | Kees Cook <keescook@chromium.org> | 2018-10-09 17:42:57 -0400 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2019-01-08 16:18:42 -0500 |
| commit | a8027fb0d188599ccdb2096f49f708bae04d86c4 (patch) | |
| tree | fdef774e00b724d4ecf2eb0b997dc2ce773c8663 /security/security.c | |
| parent | 79f7865d844c7703e3dc0e2f5b9ed2f3a4f412e5 (diff) | |
LSM: Tie enabling logic to presence in ordered list
Until now, any LSM without an enable storage variable was considered
enabled. This inverts the logic and sets defaults to true only if the
LSM gets added to the ordered initialization list. (And an exception
continues for the major LSMs until they are integrated into the ordered
initialization in a later patch.)
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/security/security.c b/security/security.c index 2e1f48e8a6f2..b6d3456978a4 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -63,10 +63,10 @@ static __initdata bool debug; | |||
| 63 | 63 | ||
| 64 | static bool __init is_enabled(struct lsm_info *lsm) | 64 | static bool __init is_enabled(struct lsm_info *lsm) |
| 65 | { | 65 | { |
| 66 | if (!lsm->enabled || *lsm->enabled) | 66 | if (!lsm->enabled) |
| 67 | return true; | 67 | return false; |
| 68 | 68 | ||
| 69 | return false; | 69 | return *lsm->enabled; |
| 70 | } | 70 | } |
| 71 | 71 | ||
| 72 | /* Mark an LSM's enabled flag. */ | 72 | /* Mark an LSM's enabled flag. */ |
| @@ -117,7 +117,11 @@ static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from) | |||
| 117 | if (WARN(last_lsm == LSM_COUNT, "%s: out of LSM slots!?\n", from)) | 117 | if (WARN(last_lsm == LSM_COUNT, "%s: out of LSM slots!?\n", from)) |
| 118 | return; | 118 | return; |
| 119 | 119 | ||
| 120 | /* Enable this LSM, if it is not already set. */ | ||
| 121 | if (!lsm->enabled) | ||
| 122 | lsm->enabled = &lsm_enabled_true; | ||
| 120 | ordered_lsms[last_lsm++] = lsm; | 123 | ordered_lsms[last_lsm++] = lsm; |
| 124 | |||
| 121 | init_debug("%s ordering: %s (%sabled)\n", from, lsm->name, | 125 | init_debug("%s ordering: %s (%sabled)\n", from, lsm->name, |
| 122 | is_enabled(lsm) ? "en" : "dis"); | 126 | is_enabled(lsm) ? "en" : "dis"); |
| 123 | } | 127 | } |
| @@ -210,6 +214,10 @@ static void __init major_lsm_init(void) | |||
| 210 | if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) | 214 | if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) |
| 211 | continue; | 215 | continue; |
| 212 | 216 | ||
| 217 | /* Enable this LSM, if it is not already set. */ | ||
| 218 | if (!lsm->enabled) | ||
| 219 | lsm->enabled = &lsm_enabled_true; | ||
| 220 | |||
| 213 | maybe_initialize_lsm(lsm); | 221 | maybe_initialize_lsm(lsm); |
| 214 | } | 222 | } |
| 215 | } | 223 | } |