| Message ID | 20190726233923.2570-25-casey@schaufler-ca.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | LSM: Module stacking for AppArmor | expand |
On Fri, Jul 26, 2019 at 04:39:20PM -0700, Casey Schaufler wrote: > Create /sys/kernel/security/lsm_display_default which contains > the name of the security module used when no display value > has been set. > > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> -Kees > --- > security/inode.c | 22 ++++++++++++++++++++-- > 1 file changed, 20 insertions(+), 2 deletions(-) > > diff --git a/security/inode.c b/security/inode.c > index b7772a9b315e..538a4d6796da 100644 > --- a/security/inode.c > +++ b/security/inode.c > @@ -321,6 +321,22 @@ static const struct file_operations lsm_ops = { > .read = lsm_read, > .llseek = generic_file_llseek, > }; > + > +static struct dentry *lsm_display_default_dentry; > +static ssize_t lsm_display_default_read(struct file *filp, char __user *buf, > + size_t count, loff_t *ppos) > +{ > + const char *name = security_lsm_slot_name(0); > + > + if (name == NULL) > + return 0; > + return simple_read_from_buffer(buf, count, ppos, name, strlen(name)); > +} > + > +static const struct file_operations lsm_display_default_ops = { > + .read = lsm_display_default_read, > + .llseek = generic_file_llseek, > +}; > #endif > > static int __init securityfs_init(void) > @@ -337,8 +353,10 @@ static int __init securityfs_init(void) > return retval; > } > #ifdef CONFIG_SECURITY > - lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL, > - &lsm_ops); > + lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL, &lsm_ops); > + lsm_display_default_dentry = securityfs_create_file( > + "lsm_display_default", 0444, NULL, > + NULL, &lsm_display_default_ops); > #endif > return 0; > } > -- > 2.20.1 >
diff --git a/security/inode.c b/security/inode.c index b7772a9b315e..538a4d6796da 100644 --- a/security/inode.c +++ b/security/inode.c @@ -321,6 +321,22 @@ static const struct file_operations lsm_ops = { .read = lsm_read, .llseek = generic_file_llseek, }; + +static struct dentry *lsm_display_default_dentry; +static ssize_t lsm_display_default_read(struct file *filp, char __user *buf, + size_t count, loff_t *ppos) +{ + const char *name = security_lsm_slot_name(0); + + if (name == NULL) + return 0; + return simple_read_from_buffer(buf, count, ppos, name, strlen(name)); +} + +static const struct file_operations lsm_display_default_ops = { + .read = lsm_display_default_read, + .llseek = generic_file_llseek, +}; #endif static int __init securityfs_init(void) @@ -337,8 +353,10 @@ static int __init securityfs_init(void) return retval; } #ifdef CONFIG_SECURITY - lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL, - &lsm_ops); + lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL, &lsm_ops); + lsm_display_default_dentry = securityfs_create_file( + "lsm_display_default", 0444, NULL, + NULL, &lsm_display_default_ops); #endif return 0; }
Create /sys/kernel/security/lsm_display_default which contains the name of the security module used when no display value has been set. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> --- security/inode.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-)