diff options
| author | Kees Cook <keescook@chromium.org> | 2018-10-09 23:27:46 +0200 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2019-01-08 22:18:42 +0100 |
| commit | 13e735c0e953246bd531d342bb86acb5b1bf664a (patch) | |
| tree | 83ec689b7a7a22f71f7f35c0cdf2be1a8a67fcbe /security/security.c | |
| parent | LSM: Build ordered list of LSMs to initialize (diff) | |
| download | linux-13e735c0e953246bd531d342bb86acb5b1bf664a.tar.xz linux-13e735c0e953246bd531d342bb86acb5b1bf664a.zip | |
LSM: Introduce CONFIG_LSM
This provides a way to declare LSM initialization order via the new
CONFIG_LSM. Currently only non-major LSMs are recognized. This will
be expanded in future patches.
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to '')
| -rw-r--r-- | security/security.c | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/security/security.c b/security/security.c index 3a277fbf6023..11a42cd313c5 100644 --- a/security/security.c +++ b/security/security.c @@ -48,6 +48,8 @@ char *lsm_names; static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; +static __initconst const char * const builtin_lsm_order = CONFIG_LSM; + /* Ordered list of LSMs to initialize. */ static __initdata struct lsm_info **ordered_lsms; @@ -155,15 +157,30 @@ static void __init maybe_initialize_lsm(struct lsm_info *lsm) } } -/* Populate ordered LSMs list from single LSM name. */ +/* Populate ordered LSMs list from comma-separated LSM name list. */ static void __init ordered_lsm_parse(const char *order, const char *origin) { struct lsm_info *lsm; + char *sep, *name, *next; + + sep = kstrdup(order, GFP_KERNEL); + next = sep; + /* Walk the list, looking for matching LSMs. */ + while ((name = strsep(&next, ",")) != NULL) { + bool found = false; + + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0 && + strcmp(lsm->name, name) == 0) { + append_ordered_lsm(lsm, origin); + found = true; + } + } - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (strcmp(lsm->name, order) == 0) - append_ordered_lsm(lsm, origin); + if (!found) + init_debug("%s ignored: %s\n", origin, name); } + kfree(sep); } static void __init ordered_lsm_init(void) @@ -173,7 +190,7 @@ static void __init ordered_lsm_init(void) ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), GFP_KERNEL); - ordered_lsm_parse("integrity", "builtin"); + ordered_lsm_parse(builtin_lsm_order, "builtin"); for (lsm = ordered_lsms; *lsm; lsm++) maybe_initialize_lsm(*lsm); |