From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kees Cook Subject: [PATCH security-next v5 21/30] LSM: Refactor "security=" in terms of enable/disable Date: Wed, 10 Oct 2018 17:18:37 -0700 Message-ID: <20181011001846.30964-22-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Return-path: In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> Sender: linux-kernel-owner@vger.kernel.org To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org List-Id: linux-arch.vger.kernel.org For what are marked as the Legacy Major LSMs, make them effectively exclusive when selected on the "security=" boot parameter, to handle the future case of when a previously major LSMs become non-exclusive (e.g. when TOMOYO starts blob-sharing). Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- security/security.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/security/security.c b/security/security.c index 1b1ee823457c..2c754968f98b 100644 --- a/security/security.c +++ b/security/security.c @@ -129,14 +129,6 @@ static bool __init lsm_allowed(struct lsm_info *lsm) if (!is_enabled(lsm)) return false; - /* Skip major-specific checks if not a major LSM. */ - if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) - return true; - - /* Disabled if this LSM isn't the chosen one. */ - if (strcmp(lsm->name, chosen_major_lsm) != 0) - return false; - return true; } @@ -191,8 +183,28 @@ static void __init ordered_lsm_init(void) ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), GFP_KERNEL); + /* Process "security=", if given. */ if (!chosen_major_lsm) chosen_major_lsm = CONFIG_DEFAULT_SECURITY; + if (chosen_major_lsm) { + struct lsm_info *major; + + /* + * To match the original "security=" behavior, this + * explicitly does NOT fallback to another Legacy Major + * if the selected one was separately disabled: disable + * all non-matching Legacy Major LSMs. + */ + for (major = __start_lsm_info; major < __end_lsm_info; + major++) { + if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && + strcmp(major->name, chosen_major_lsm) != 0) { + set_enabled(major, false); + init_debug("security=%s disabled: %s\n", + chosen_major_lsm, major->name); + } + } + } if (chosen_lsm_order) ordered_lsm_parse(chosen_lsm_order, "cmdline"); -- 2.17.1 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg1-f193.google.com ([209.85.215.193]:35187 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727417AbeJKHnq (ORCPT ); Thu, 11 Oct 2018 03:43:46 -0400 Received: by mail-pg1-f193.google.com with SMTP id v133-v6so3280344pgb.2 for ; Wed, 10 Oct 2018 17:19:12 -0700 (PDT) From: Kees Cook Subject: [PATCH security-next v5 21/30] LSM: Refactor "security=" in terms of enable/disable Date: Wed, 10 Oct 2018 17:18:37 -0700 Message-ID: <20181011001846.30964-22-keescook@chromium.org> In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: linux-arch-owner@vger.kernel.org List-ID: To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Message-ID: <20181011001837.wk18RMinKwfZ8dAXxFO0ZcycOhTBDph--4VjGZpOqbY@z> For what are marked as the Legacy Major LSMs, make them effectively exclusive when selected on the "security=" boot parameter, to handle the future case of when a previously major LSMs become non-exclusive (e.g. when TOMOYO starts blob-sharing). Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- security/security.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/security/security.c b/security/security.c index 1b1ee823457c..2c754968f98b 100644 --- a/security/security.c +++ b/security/security.c @@ -129,14 +129,6 @@ static bool __init lsm_allowed(struct lsm_info *lsm) if (!is_enabled(lsm)) return false; - /* Skip major-specific checks if not a major LSM. */ - if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) - return true; - - /* Disabled if this LSM isn't the chosen one. */ - if (strcmp(lsm->name, chosen_major_lsm) != 0) - return false; - return true; } @@ -191,8 +183,28 @@ static void __init ordered_lsm_init(void) ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), GFP_KERNEL); + /* Process "security=", if given. */ if (!chosen_major_lsm) chosen_major_lsm = CONFIG_DEFAULT_SECURITY; + if (chosen_major_lsm) { + struct lsm_info *major; + + /* + * To match the original "security=" behavior, this + * explicitly does NOT fallback to another Legacy Major + * if the selected one was separately disabled: disable + * all non-matching Legacy Major LSMs. + */ + for (major = __start_lsm_info; major < __end_lsm_info; + major++) { + if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && + strcmp(major->name, chosen_major_lsm) != 0) { + set_enabled(major, false); + init_debug("security=%s disabled: %s\n", + chosen_major_lsm, major->name); + } + } + } if (chosen_lsm_order) ordered_lsm_parse(chosen_lsm_order, "cmdline"); -- 2.17.1