diff options
| author | Kees Cook <keescook@chromium.org> | 2018-10-09 17:27:46 -0400 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2019-01-08 16:18:42 -0500 |
| commit | 13e735c0e953246bd531d342bb86acb5b1bf664a (patch) | |
| tree | 83ec689b7a7a22f71f7f35c0cdf2be1a8a67fcbe /security/security.c | |
| parent | 2d4d51198c730adbbc5e071b18c84e5d0d2d65df (diff) | |
LSM: Introduce CONFIG_LSM
This provides a way to declare LSM initialization order via the new
CONFIG_LSM. Currently only non-major LSMs are recognized. This will
be expanded in future patches.
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/security/security.c b/security/security.c index 3a277fbf6023..11a42cd313c5 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -48,6 +48,8 @@ char *lsm_names; | |||
| 48 | static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = | 48 | static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = |
| 49 | CONFIG_DEFAULT_SECURITY; | 49 | CONFIG_DEFAULT_SECURITY; |
| 50 | 50 | ||
| 51 | static __initconst const char * const builtin_lsm_order = CONFIG_LSM; | ||
| 52 | |||
| 51 | /* Ordered list of LSMs to initialize. */ | 53 | /* Ordered list of LSMs to initialize. */ |
| 52 | static __initdata struct lsm_info **ordered_lsms; | 54 | static __initdata struct lsm_info **ordered_lsms; |
| 53 | 55 | ||
| @@ -155,15 +157,30 @@ static void __init maybe_initialize_lsm(struct lsm_info *lsm) | |||
| 155 | } | 157 | } |
| 156 | } | 158 | } |
| 157 | 159 | ||
| 158 | /* Populate ordered LSMs list from single LSM name. */ | 160 | /* Populate ordered LSMs list from comma-separated LSM name list. */ |
| 159 | static void __init ordered_lsm_parse(const char *order, const char *origin) | 161 | static void __init ordered_lsm_parse(const char *order, const char *origin) |
| 160 | { | 162 | { |
| 161 | struct lsm_info *lsm; | 163 | struct lsm_info *lsm; |
| 164 | char *sep, *name, *next; | ||
| 165 | |||
| 166 | sep = kstrdup(order, GFP_KERNEL); | ||
| 167 | next = sep; | ||
| 168 | /* Walk the list, looking for matching LSMs. */ | ||
| 169 | while ((name = strsep(&next, ",")) != NULL) { | ||
| 170 | bool found = false; | ||
| 171 | |||
| 172 | for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { | ||
| 173 | if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0 && | ||
| 174 | strcmp(lsm->name, name) == 0) { | ||
| 175 | append_ordered_lsm(lsm, origin); | ||
| 176 | found = true; | ||
| 177 | } | ||
| 178 | } | ||
| 162 | 179 | ||
| 163 | for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { | 180 | if (!found) |
| 164 | if (strcmp(lsm->name, order) == 0) | 181 | init_debug("%s ignored: %s\n", origin, name); |
| 165 | append_ordered_lsm(lsm, origin); | ||
| 166 | } | 182 | } |
| 183 | kfree(sep); | ||
| 167 | } | 184 | } |
| 168 | 185 | ||
| 169 | static void __init ordered_lsm_init(void) | 186 | static void __init ordered_lsm_init(void) |
| @@ -173,7 +190,7 @@ static void __init ordered_lsm_init(void) | |||
| 173 | ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), | 190 | ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), |
| 174 | GFP_KERNEL); | 191 | GFP_KERNEL); |
| 175 | 192 | ||
| 176 | ordered_lsm_parse("integrity", "builtin"); | 193 | ordered_lsm_parse(builtin_lsm_order, "builtin"); |
| 177 | 194 | ||
| 178 | for (lsm = ordered_lsms; *lsm; lsm++) | 195 | for (lsm = ordered_lsms; *lsm; lsm++) |
| 179 | maybe_initialize_lsm(*lsm); | 196 | maybe_initialize_lsm(*lsm); |