diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2017-01-18 20:09:05 -0500 |
|---|---|---|
| committer | James Morris <james.l.morris@oracle.com> | 2017-01-18 21:18:29 -0500 |
| commit | d69dece5f5b6bc7a5e39d2b6136ddc69469331fe (patch) | |
| tree | b4c23177baf246a1f64b83442fc3359cbc0d8f38 /security/security.c | |
| parent | 3ccb76c5dfe0d25c1d0168d5b726d0b43d19a485 (diff) | |
LSM: Add /sys/kernel/security/lsm
I am still tired of having to find indirect ways to determine
what security modules are active on a system. I have added
/sys/kernel/security/lsm, which contains a comma separated
list of the active security modules. No more groping around
in /proc/filesystems or other clever hacks.
Unchanged from previous versions except for being updated
to the latest security next branch.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c index f825304f04a7..f0a802ee29b6 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -32,6 +32,7 @@ | |||
| 32 | /* Maximum number of letters for an LSM name string */ | 32 | /* Maximum number of letters for an LSM name string */ |
| 33 | #define SECURITY_NAME_MAX 10 | 33 | #define SECURITY_NAME_MAX 10 |
| 34 | 34 | ||
| 35 | char *lsm_names; | ||
| 35 | /* Boot-time LSM user choice */ | 36 | /* Boot-time LSM user choice */ |
| 36 | static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = | 37 | static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = |
| 37 | CONFIG_DEFAULT_SECURITY; | 38 | CONFIG_DEFAULT_SECURITY; |
| @@ -78,6 +79,22 @@ static int __init choose_lsm(char *str) | |||
| 78 | } | 79 | } |
| 79 | __setup("security=", choose_lsm); | 80 | __setup("security=", choose_lsm); |
| 80 | 81 | ||
| 82 | static int lsm_append(char *new, char **result) | ||
| 83 | { | ||
| 84 | char *cp; | ||
| 85 | |||
| 86 | if (*result == NULL) { | ||
| 87 | *result = kstrdup(new, GFP_KERNEL); | ||
| 88 | } else { | ||
| 89 | cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new); | ||
| 90 | if (cp == NULL) | ||
| 91 | return -ENOMEM; | ||
| 92 | kfree(*result); | ||
| 93 | *result = cp; | ||
| 94 | } | ||
| 95 | return 0; | ||
| 96 | } | ||
| 97 | |||
| 81 | /** | 98 | /** |
| 82 | * security_module_enable - Load given security module on boot ? | 99 | * security_module_enable - Load given security module on boot ? |
| 83 | * @module: the name of the module | 100 | * @module: the name of the module |
| @@ -97,6 +114,27 @@ int __init security_module_enable(const char *module) | |||
| 97 | return !strcmp(module, chosen_lsm); | 114 | return !strcmp(module, chosen_lsm); |
| 98 | } | 115 | } |
| 99 | 116 | ||
| 117 | /** | ||
| 118 | * security_add_hooks - Add a modules hooks to the hook lists. | ||
| 119 | * @hooks: the hooks to add | ||
| 120 | * @count: the number of hooks to add | ||
| 121 | * @lsm: the name of the security module | ||
| 122 | * | ||
| 123 | * Each LSM has to register its hooks with the infrastructure. | ||
| 124 | */ | ||
| 125 | void __init security_add_hooks(struct security_hook_list *hooks, int count, | ||
| 126 | char *lsm) | ||
| 127 | { | ||
| 128 | int i; | ||
| 129 | |||
| 130 | for (i = 0; i < count; i++) { | ||
| 131 | hooks[i].lsm = lsm; | ||
| 132 | list_add_tail_rcu(&hooks[i].list, hooks[i].head); | ||
| 133 | } | ||
| 134 | if (lsm_append(lsm, &lsm_names) < 0) | ||
| 135 | panic("%s - Cannot get early memory.\n", __func__); | ||
| 136 | } | ||
| 137 | |||
| 100 | /* | 138 | /* |
| 101 | * Hook list operation macros. | 139 | * Hook list operation macros. |
| 102 | * | 140 | * |