From patchwork Sun Sep 16 00:30:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601613 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AAE8814DB for ; Sun, 16 Sep 2018 00:31:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9918F2A647 for ; Sun, 16 Sep 2018 00:31:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8D65A2A649; Sun, 16 Sep 2018 00:31:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3424F2A647 for ; Sun, 16 Sep 2018 00:31:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728281AbeIPFwK (ORCPT ); Sun, 16 Sep 2018 01:52:10 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:39061 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727324AbeIPFwK (ORCPT ); Sun, 16 Sep 2018 01:52:10 -0400 Received: by mail-pg1-f194.google.com with SMTP id i190-v6so6023916pgc.6 for ; Sat, 15 Sep 2018 17:31:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=wkRtHeHTFBnAc/sv4IK8rqFQ9+Szak4hW2PMgxRCo6c=; b=MCZYnAHZCfAfy2e+wYykDRQND5+7AhMr94F3SmaLMhlWbPXth2yNb1FpiFGzs3LyLt YtDqU4a1dYHCwtz78vDOeg4rd8fCh9W8E31aAqmUFItuxx09UsfZIm49KKyqxwNFWVoD DoPuItoMWmNL0FwMkQnAFx8CF3fCx/CLDbzOo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=wkRtHeHTFBnAc/sv4IK8rqFQ9+Szak4hW2PMgxRCo6c=; b=H6cn6s5I/ZPulGUH1x91gsD+Oc8ymFY8B4BhN25oFWT6zbl3MyTJB82JrKEKHy1jjh YZf1XPYzvCKcyPwnG1i0iaF6Zy/YPhehSY0IRTJL9zpgfzKdJxheU4UVuetN8mbloEAK 1rD7eBxWV8+5Gtt+Dbq1UE+/wDmldQ554uA/Dr/w23HETPntBzRJSOQerZZSXr1a10GG m/KpFRFFgn+nxhCzIMC+qTneZsaKdvb7M6dB95AQdwKDhp2dSk/GUiE98HJx0RN8Gbtq iNMOuA1J05DKfOKia7i30ZfkITazVvYMWVplrfI6kiGFxay6cIGf5GlqDkLAwVOlhPMZ l6Qg== X-Gm-Message-State: APzg51D0TXzT3oA2IfKjUvPtYoZMCJxTHMf83J2/xlSOO2iXCCHm14ZO ot9Tx9v84+QKJf4oloi+Gq2zmeK0F+I= X-Google-Smtp-Source: ANB0VdaIkx6Stype9deRlghvpX02gJfWtwbzQk5UDnxD3I9SIL9vVYIqLDEI23WufUrhTeWZqUBPjA== X-Received: by 2002:a62:aa02:: with SMTP id e2-v6mr19128516pff.211.1537057873828; Sat, 15 Sep 2018 17:31:13 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id f4-v6sm20045424pfj.46.2018.09.15.17.31.06 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:08 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 10/18] LSM: Plumb visibility into optional "enabled" state Date: Sat, 15 Sep 2018 17:30:51 -0700 Message-Id: <20180916003059.1046-11-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In preparation for lifting the "is this LSM enabled?" logic out of the individual LSMs, pass in any special enabled state tracking (as needed for SELinux, AppArmor, and LoadPin). This must be an "int" to include handling cases where "enabled" is exposed via sysctl which has no "bool" type (i.e. LoadPin's use). LoadPin's "enabled" tracking will be added later when it is marked as LSM_TYPE_MINOR. Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 1 + security/apparmor/lsm.c | 5 +++-- security/selinux/hooks.c | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index a7833193e9e9..8a3a6cd26f03 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2046,6 +2046,7 @@ enum lsm_type { struct lsm_info { const char *name; /* Populated automatically. */ + int *enabled; /* Optional: NULL means enabled. */ enum lsm_type type; /* Optional: default is LSM_TYPE_EXCLUSIVE */ int (*init)(void); }; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 7fa7b4464cf4..6cd630b34c3b 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1303,8 +1303,8 @@ bool aa_g_paranoid_load = true; module_param_named(paranoid_load, aa_g_paranoid_load, aabool, S_IRUGO); /* Boot time disable flag */ -static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; -module_param_named(enabled, apparmor_enabled, bool, S_IRUGO); +static int apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; +module_param_named(enabled, apparmor_enabled, int, 0444); static int __init apparmor_enabled_setup(char *str) { @@ -1607,5 +1607,6 @@ static int __init apparmor_init(void) } DEFINE_LSM(apparmor) + .enabled = &apparmor_enabled, .init = apparmor_init, END_LSM; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 469a90806bc6..78b5afc188f3 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7203,6 +7203,7 @@ void selinux_complete_init(void) /* SELinux requires early initialization in order to label all processes and objects when they are created. */ DEFINE_LSM(selinux) + .enabled = &selinux_enabled, .init = selinux_init, END_LSM;