Re: [PATCH 24/27] LSM: Provide an user space interface for the default display

[Kees Cook <keescook@chromium.org>]

On Fri, Jul 26, 2019 at 04:39:20PM -0700, Casey Schaufler wrote:
> Create /sys/kernel/security/lsm_display_default which contains
> the name of the security module used when no display value
> has been set.
> 
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

Reviewed-by: Kees Cook <keescook@chromium.org>

-Kees

> ---
>  security/inode.c | 22 ++++++++++++++++++++--
>  1 file changed, 20 insertions(+), 2 deletions(-)
> 
> diff --git a/security/inode.c b/security/inode.c
> index b7772a9b315e..538a4d6796da 100644
> --- a/security/inode.c
> +++ b/security/inode.c
> @@ -321,6 +321,22 @@ static const struct file_operations lsm_ops = {
>  	.read = lsm_read,
>  	.llseek = generic_file_llseek,
>  };
> +
> +static struct dentry *lsm_display_default_dentry;
> +static ssize_t lsm_display_default_read(struct file *filp, char __user *buf,
> +					size_t count, loff_t *ppos)
> +{
> +	const char *name = security_lsm_slot_name(0);
> +
> +	if (name == NULL)
> +		return 0;
> +	return simple_read_from_buffer(buf, count, ppos, name, strlen(name));
> +}
> +
> +static const struct file_operations lsm_display_default_ops = {
> +	.read = lsm_display_default_read,
> +	.llseek = generic_file_llseek,
> +};
>  #endif
>  
>  static int __init securityfs_init(void)
> @@ -337,8 +353,10 @@ static int __init securityfs_init(void)
>  		return retval;
>  	}
>  #ifdef CONFIG_SECURITY
> -	lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL,
> -						&lsm_ops);
> +	lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL, &lsm_ops);
> +	lsm_display_default_dentry = securityfs_create_file(
> +					"lsm_display_default", 0444, NULL,
> +					NULL, &lsm_display_default_ops);
>  #endif
>  	return 0;
>  }
> -- 
> 2.20.1
> 

-- 
Kees Cook