From patchwork Tue Oct 2 00:54:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10622955 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CD04D16B1 for ; Tue, 2 Oct 2018 01:04:35 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B6A0E286D1 for ; Tue, 2 Oct 2018 01:04:35 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AAB3C286D4; Tue, 2 Oct 2018 01:04:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 44577286D1 for ; Tue, 2 Oct 2018 01:04:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726946AbeJBHpE (ORCPT ); Tue, 2 Oct 2018 03:45:04 -0400 Received: from mail-io1-f68.google.com ([209.85.166.68]:39496 "EHLO mail-io1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726871AbeJBHpE (ORCPT ); Tue, 2 Oct 2018 03:45:04 -0400 Received: by mail-io1-f68.google.com with SMTP id z16-v6so284766iol.6 for ; Mon, 01 Oct 2018 18:04:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=W/qQzlLdHC3pOVrMYLSbt8GYIcGt6njlsLirLySrxEA=; b=Y7Tdip1y9DwjAKK6x8Y+GHfJCWkEXS3Aw7euEhxbEiDtK6KfdYnw6gwb5IT16cRlOR ISlTHU748v3IdC/VJdzbHQA5J6rxccFfp3yCZ3J/6w9GJXQ+hCK5ws2b0T6qoXssy4wc EjM77V+6IofPdUj3X/Gebf/zpXt/ZCfP0VSY8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=W/qQzlLdHC3pOVrMYLSbt8GYIcGt6njlsLirLySrxEA=; b=hiWGpHJtk6yQSSetWPGKItSA+sV9JyuDE1MLN/t2iTZC4i7niTXR6pPxk0Pb7Iz5+I acflQfNwbL48E81Xm7UXRS6EhL1f3akJ3PIZU6zQ+DXW9MkJjBRFe/C2+Hx5R49udsuL n1/K8HR4ncAzk91btWGuy1lNDcf19QFuFPq9/GmKWZUajFX+HZzd/Ju5xt2C/MIygG52 xgjExXYlDU6v49K90jDAObauqdI+SbFLD/BH6hIjgCA7uO3yUCZiBeRh3dsX3CrzBUCO 8zuz8SbUWDIlmqUEAJHT5C2lA4oScKGgP4DtMch4vVrekEWmoSGPAYB3pCOrdoobxrsX 8hnQ== X-Gm-Message-State: ABuFfogGXsmFhZKlB6TGlmNrtGwabjmcFHy07MDgJOcSq9GsRGOBBMAL jPPjSFEbPHS/6S2u4Q+LfgdicA== X-Google-Smtp-Source: ACcGV63Cykas03Y9txiaHpl+hTXVURFzAvX/91GaddzbP8yzCAh5DVaH6ZWfP7OiVOI6H7XcoIdJ1w== X-Received: by 2002:a17:902:d90e:: with SMTP id c14-v6mr8773333plz.61.1538442272202; Mon, 01 Oct 2018 18:04:32 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id h77-v6sm18554060pfh.13.2018.10.01.18.04.26 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 01 Oct 2018 18:04:29 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , Jonathan Corbet , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v4 23/32] selinux: Remove boot parameter Date: Mon, 1 Oct 2018 17:54:56 -0700 Message-Id: <20181002005505.6112-24-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181002005505.6112-1-keescook@chromium.org> References: <20181002005505.6112-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Since LSM enabling is now centralized with CONFIG_LSM_ENABLE and "lsm.enable=...", this removes the LSM-specific enabling logic from SELinux. Signed-off-by: Kees Cook --- .../admin-guide/kernel-parameters.txt | 9 ------ security/selinux/Kconfig | 29 ------------------- security/selinux/hooks.c | 15 +--------- 3 files changed, 1 insertion(+), 52 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index cf963febebb0..0d10ab3d020e 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -4045,15 +4045,6 @@ loaded. An invalid security module name will be treated as if no module has been chosen. - selinux= [SELINUX] Disable or enable SELinux at boot time. - Format: { "0" | "1" } - See security/selinux/Kconfig help text. - 0 -- disable. - 1 -- enable. - Default value is set via kernel config option. - If enabled at boot time, /selinux/disable can be used - later to disable prior to initial policy load. - serialnumber [BUGS=X86-32] shapers= [NET] diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig index 8af7a690eb40..86936528a0bb 100644 --- a/security/selinux/Kconfig +++ b/security/selinux/Kconfig @@ -8,35 +8,6 @@ config SECURITY_SELINUX You will also need a policy configuration and a labeled filesystem. If you are unsure how to answer this question, answer N. -config SECURITY_SELINUX_BOOTPARAM - bool "NSA SELinux boot parameter" - depends on SECURITY_SELINUX - default n - help - This option adds a kernel parameter 'selinux', which allows SELinux - to be disabled at boot. If this option is selected, SELinux - functionality can be disabled with selinux=0 on the kernel - command line. The purpose of this option is to allow a single - kernel image to be distributed with SELinux built in, but not - necessarily enabled. - - If you are unsure how to answer this question, answer N. - -config SECURITY_SELINUX_BOOTPARAM_VALUE - int "NSA SELinux boot parameter default value" - depends on SECURITY_SELINUX_BOOTPARAM - range 0 1 - default 1 - help - This option sets the default value for the kernel parameter - 'selinux', which allows SELinux to be disabled at boot. If this - option is set to 0 (zero), the SELinux kernel parameter will - default to 0, disabling SELinux at bootup. If this option is - set to 1 (one), the SELinux kernel parameter will default to 1, - enabling SELinux at bootup. - - If you are unsure how to answer this question, answer 1. - config SECURITY_SELINUX_DISABLE bool "NSA SELinux runtime disable" depends on SECURITY_SELINUX diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 71a10fedecb3..8f5eea097612 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -120,20 +120,7 @@ __setup("enforcing=", enforcing_setup); #define selinux_enforcing_boot 1 #endif -#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM -int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE; - -static int __init selinux_enabled_setup(char *str) -{ - unsigned long enabled; - if (!kstrtoul(str, 0, &enabled)) - selinux_enabled = enabled ? 1 : 0; - return 1; -} -__setup("selinux=", selinux_enabled_setup); -#else -int selinux_enabled = 1; -#endif +int selinux_enabled __lsm_ro_after_init; static unsigned int selinux_checkreqprot_boot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;