diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-07-11 23:42:44 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-07-11 23:42:44 +0200 |
commit | c079512aad9718c12c6bb1b661880b15a73dfd69 (patch) | |
tree | b8cb70b4d40102bb806287fe7592b713e032a16c /security | |
parent | Merge tag 'pstore-v5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/... (diff) | |
parent | security/loadpin: Allow to exclude specific file types (diff) | |
download | linux-c079512aad9718c12c6bb1b661880b15a73dfd69.tar.xz linux-c079512aad9718c12c6bb1b661880b15a73dfd69.zip |
Merge tag 'loadpin-v5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull security/loadpin updates from Kees Cook:
- Allow exclusion of specific file types (Ke Wu)
* tag 'loadpin-v5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
security/loadpin: Allow to exclude specific file types
Diffstat (limited to 'security')
-rw-r--r-- | security/loadpin/loadpin.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index 79131efa9634..81519c804888 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -37,6 +37,8 @@ static void report_load(const char *origin, struct file *file, char *operation) } static int enforce = IS_ENABLED(CONFIG_SECURITY_LOADPIN_ENFORCE); +static char *exclude_read_files[READING_MAX_ID]; +static int ignore_read_file_id[READING_MAX_ID] __ro_after_init; static struct super_block *pinned_root; static DEFINE_SPINLOCK(pinned_root_spinlock); @@ -121,6 +123,13 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id) struct super_block *load_root; const char *origin = kernel_read_file_id_str(id); + /* If the file id is excluded, ignore the pinning. */ + if ((unsigned int)id < ARRAY_SIZE(ignore_read_file_id) && + ignore_read_file_id[id]) { + report_load(origin, file, "pinning-excluded"); + return 0; + } + /* This handles the older init_module API that has a NULL file. */ if (!file) { if (!enforce) { @@ -179,10 +188,47 @@ static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(kernel_load_data, loadpin_load_data), }; +static void __init parse_exclude(void) +{ + int i, j; + char *cur; + + /* + * Make sure all the arrays stay within expected sizes. This + * is slightly weird because kernel_read_file_str[] includes + * READING_MAX_ID, which isn't actually meaningful here. + */ + BUILD_BUG_ON(ARRAY_SIZE(exclude_read_files) != + ARRAY_SIZE(ignore_read_file_id)); + BUILD_BUG_ON(ARRAY_SIZE(kernel_read_file_str) < + ARRAY_SIZE(ignore_read_file_id)); + + for (i = 0; i < ARRAY_SIZE(exclude_read_files); i++) { + cur = exclude_read_files[i]; + if (!cur) + break; + if (*cur == '\0') + continue; + + for (j = 0; j < ARRAY_SIZE(ignore_read_file_id); j++) { + if (strcmp(cur, kernel_read_file_str[j]) == 0) { + pr_info("excluding: %s\n", + kernel_read_file_str[j]); + ignore_read_file_id[j] = 1; + /* + * Can not break, because one read_file_str + * may map to more than on read_file_id. + */ + } + } + } +} + static int __init loadpin_init(void) { pr_info("ready to pin (currently %senforcing)\n", enforce ? "" : "not "); + parse_exclude(); security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); return 0; } @@ -195,3 +241,5 @@ DEFINE_LSM(loadpin) = { /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */ module_param(enforce, int, 0); MODULE_PARM_DESC(enforce, "Enforce module/firmware pinning"); +module_param_array_named(exclude, exclude_read_files, charp, NULL, 0); +MODULE_PARM_DESC(exclude, "Exclude pinning specific read file types"); |