[24/27] LSM: Provide an user space interface for the default display
diff mbox series

Message ID 20190726233923.2570-25-casey@schaufler-ca.com
State New
Headers show
Series
  • LSM: Module stacking for AppArmor
Related show

Commit Message

Casey Schaufler July 26, 2019, 11:39 p.m. UTC
Create /sys/kernel/security/lsm_display_default which contains
the name of the security module used when no display value
has been set.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/inode.c | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

Comments

Kees Cook July 29, 2019, 5:15 p.m. UTC | #1
On Fri, Jul 26, 2019 at 04:39:20PM -0700, Casey Schaufler wrote:
> Create /sys/kernel/security/lsm_display_default which contains
> the name of the security module used when no display value
> has been set.
> 
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

Reviewed-by: Kees Cook <keescook@chromium.org>

-Kees

> ---
>  security/inode.c | 22 ++++++++++++++++++++--
>  1 file changed, 20 insertions(+), 2 deletions(-)
> 
> diff --git a/security/inode.c b/security/inode.c
> index b7772a9b315e..538a4d6796da 100644
> --- a/security/inode.c
> +++ b/security/inode.c
> @@ -321,6 +321,22 @@ static const struct file_operations lsm_ops = {
>  	.read = lsm_read,
>  	.llseek = generic_file_llseek,
>  };
> +
> +static struct dentry *lsm_display_default_dentry;
> +static ssize_t lsm_display_default_read(struct file *filp, char __user *buf,
> +					size_t count, loff_t *ppos)
> +{
> +	const char *name = security_lsm_slot_name(0);
> +
> +	if (name == NULL)
> +		return 0;
> +	return simple_read_from_buffer(buf, count, ppos, name, strlen(name));
> +}
> +
> +static const struct file_operations lsm_display_default_ops = {
> +	.read = lsm_display_default_read,
> +	.llseek = generic_file_llseek,
> +};
>  #endif
>  
>  static int __init securityfs_init(void)
> @@ -337,8 +353,10 @@ static int __init securityfs_init(void)
>  		return retval;
>  	}
>  #ifdef CONFIG_SECURITY
> -	lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL,
> -						&lsm_ops);
> +	lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL, &lsm_ops);
> +	lsm_display_default_dentry = securityfs_create_file(
> +					"lsm_display_default", 0444, NULL,
> +					NULL, &lsm_display_default_ops);
>  #endif
>  	return 0;
>  }
> -- 
> 2.20.1
>

Patch
diff mbox series

diff --git a/security/inode.c b/security/inode.c
index b7772a9b315e..538a4d6796da 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -321,6 +321,22 @@  static const struct file_operations lsm_ops = {
 	.read = lsm_read,
 	.llseek = generic_file_llseek,
 };
+
+static struct dentry *lsm_display_default_dentry;
+static ssize_t lsm_display_default_read(struct file *filp, char __user *buf,
+					size_t count, loff_t *ppos)
+{
+	const char *name = security_lsm_slot_name(0);
+
+	if (name == NULL)
+		return 0;
+	return simple_read_from_buffer(buf, count, ppos, name, strlen(name));
+}
+
+static const struct file_operations lsm_display_default_ops = {
+	.read = lsm_display_default_read,
+	.llseek = generic_file_llseek,
+};
 #endif
 
 static int __init securityfs_init(void)
@@ -337,8 +353,10 @@  static int __init securityfs_init(void)
 		return retval;
 	}
 #ifdef CONFIG_SECURITY
-	lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL,
-						&lsm_ops);
+	lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL, &lsm_ops);
+	lsm_display_default_dentry = securityfs_create_file(
+					"lsm_display_default", 0444, NULL,
+					NULL, &lsm_display_default_ops);
 #endif
 	return 0;
 }