LSM: Introduce "lsm=" for boottime LSM selection

Provide a way to explicitly choose LSM initialization order via the new "lsm=" comma-separated list of LSMs. Signed-off-by: Kees Cook <keescook@chromium.org>
author: Kees Cook <keescook@chromium.org> 2018-09-19 20:30:09 -0400
committer: Kees Cook <keescook@chromium.org> 2019-01-08 16:18:42 -0500
commit: 79f7865d844c7703e3dc0e2f5b9ed2f3a4f412e5 (patch)
tree: 0e4804064ab81e886d5b9d0836abe27af5f155ed
parent: 13e735c0e953246bd531d342bb86acb5b1bf664a (diff)
3 files changed, 19 insertions, 2 deletions
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index b799bcf67d7b..e59e1471d4db 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2319,6 +2319,10 @@
        lsm.debug       [SECURITY] Enable LSM initialization debugging output.
+        lsm=lsm1,...,lsmN
+                        [SECURITY] Choose order of LSM initialization. This
+                        overrides CONFIG_LSM.
        machvec=        [IA-64] Force the use of a particular machine-vector
                        (machvec) in a generic kernel.
                        Example: machvec=hpzx1_swiotlb
diff --git a/security/Kconfig b/security/Kconfig
index 7f21190cb677..cedf69e8a22c 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -281,7 +281,8 @@ config LSM
        default "integrity"
        help
          A comma-separated list of LSMs, in initialization order.
-          Any LSMs left off this list will be ignored.
+          Any LSMs left off this list will be ignored. This can be
+          controlled at boot with the "lsm=" parameter.
          If unsure, leave this as the default.
diff --git a/security/security.c b/security/security.c
index 11a42cd313c5..2e1f48e8a6f2 100644
--- a/security/security.c
+++ b/security/security.c
@@ -47,6 +47,7 @@ char *lsm_names;
 /* Boot-time LSM user choice */
 static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
        CONFIG_DEFAULT_SECURITY;
+static __initdata const char *chosen_lsm_order;
 static __initconst const char * const builtin_lsm_order = CONFIG_LSM;
@@ -190,7 +191,10 @@ static void __init ordered_lsm_init(void)
        ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms),
                                GFP_KERNEL);
-        ordered_lsm_parse(builtin_lsm_order, "builtin");
+        if (chosen_lsm_order)
+                ordered_lsm_parse(chosen_lsm_order, "cmdline");
+        else
+                ordered_lsm_parse(builtin_lsm_order, "builtin");
        for (lsm = ordered_lsms; *lsm; lsm++)
                maybe_initialize_lsm(*lsm);
@@ -252,6 +256,14 @@ static int __init choose_lsm(char *str)
 }
 __setup("security=", choose_lsm);
+/* Explicitly choose LSM initialization order. */
+static int __init choose_lsm_order(char *str)
+{
+        chosen_lsm_order = str;
+        return 1;
+}
+__setup("lsm=", choose_lsm_order);
 /* Enable LSM order debugging. */
 static int __init enable_debug(char *str)
 {
author	Kees Cook <keescook@chromium.org>	2018-09-19 20:30:09 -0400
committer	Kees Cook <keescook@chromium.org>	2019-01-08 16:18:42 -0500
commit	79f7865d844c7703e3dc0e2f5b9ed2f3a4f412e5 (patch)
tree	0e4804064ab81e886d5b9d0836abe27af5f155ed
parent	13e735c0e953246bd531d342bb86acb5b1bf664a (diff)