From patchwork Thu Oct 11 00:18:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635525 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 86A8F933 for ; Thu, 11 Oct 2018 00:19:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6BEF62A9EC for ; Thu, 11 Oct 2018 00:19:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5F92C2A9E7; Thu, 11 Oct 2018 00:19:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 025152A9E7 for ; Thu, 11 Oct 2018 00:19:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727460AbeJKHnr (ORCPT ); Thu, 11 Oct 2018 03:43:47 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:39853 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727419AbeJKHnq (ORCPT ); Thu, 11 Oct 2018 03:43:46 -0400 Received: by mail-pg1-f196.google.com with SMTP id r9-v6so3275053pgv.6 for ; Wed, 10 Oct 2018 17:19:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=B2MT6Hr/No4vpDLMQ0LP9i/w9/IFVSU+eSeH5iht8h0=; b=U67kSwydciTfRVqGNMDeIqFUpcBJ162GM2d553kzz5RbZjIjzrSIO1iyYXPh2ZrTc6 gulfyHT5dGoFdrzUFQwLz4na5qDwo2SB/8TYoDVyIzWmruj7V4bdPJVfGjS7PPi3Uiyv Y1m6ianmGcdPdRqoW8DaPRRPqT07RRQ0Yfb4o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=B2MT6Hr/No4vpDLMQ0LP9i/w9/IFVSU+eSeH5iht8h0=; b=n1EpkrTGkj5JZ50N+amy9354htir0vYbX+wgvqYFXdGVbyi52nj0ctW5IFXIAtFTyU MIoaK/XoPpL4Q+doJbr1fFy0D2FJ6bwJmBmRmJyPqNTInk4BzLJnm6MuIZhwBAby9UzQ QHDZ5oaT6Nloybl644DBfRpvSjO141r7LSeGJ+qaNC+l0pibSn5TCANblsA2ZaDtBZM2 f4eC48nbJp0PEfnfsQbht/0S4ZkbIpukzKtOa0S2VsKAXuuLlgNWUZ5O/G6H/J8XXBsf HY+y+7ebAFw9hHycAq7Dwaw/bEx7K7IHeVkpSY7HG5Ol9f0lB+AbP8T4i93v2+nkmX6j 1Tag== X-Gm-Message-State: ABuFfoiIpcB+QlXs0vQtDsMbegDPbWLbO5SiOLdwFPXX7T2YFaY/0/Un mZLe/YkW3zv9socSteV5vZ8KdQ== X-Google-Smtp-Source: ACcGV6310duiuF1CQG4tNR5CeYEJfiN55QHgbhZ8qvhYNs1wQKuAfxlpd4rNTL7ACyGKDtThXGstEw== X-Received: by 2002:a63:2807:: with SMTP id o7-v6mr31367120pgo.155.1539217151797; Wed, 10 Oct 2018 17:19:11 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id k3-v6sm73024896pfk.60.2018.10.10.17.19.02 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:19:06 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 21/30] LSM: Refactor "security=" in terms of enable/disable Date: Wed, 10 Oct 2018 17:18:37 -0700 Message-Id: <20181011001846.30964-22-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP For what are marked as the Legacy Major LSMs, make them effectively exclusive when selected on the "security=" boot parameter, to handle the future case of when a previously major LSMs become non-exclusive (e.g. when TOMOYO starts blob-sharing). Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- security/security.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/security/security.c b/security/security.c index 1b1ee823457c..2c754968f98b 100644 --- a/security/security.c +++ b/security/security.c @@ -129,14 +129,6 @@ static bool __init lsm_allowed(struct lsm_info *lsm) if (!is_enabled(lsm)) return false; - /* Skip major-specific checks if not a major LSM. */ - if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) - return true; - - /* Disabled if this LSM isn't the chosen one. */ - if (strcmp(lsm->name, chosen_major_lsm) != 0) - return false; - return true; } @@ -191,8 +183,28 @@ static void __init ordered_lsm_init(void) ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), GFP_KERNEL); + /* Process "security=", if given. */ if (!chosen_major_lsm) chosen_major_lsm = CONFIG_DEFAULT_SECURITY; + if (chosen_major_lsm) { + struct lsm_info *major; + + /* + * To match the original "security=" behavior, this + * explicitly does NOT fallback to another Legacy Major + * if the selected one was separately disabled: disable + * all non-matching Legacy Major LSMs. + */ + for (major = __start_lsm_info; major < __end_lsm_info; + major++) { + if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && + strcmp(major->name, chosen_major_lsm) != 0) { + set_enabled(major, false); + init_debug("security=%s disabled: %s\n", + chosen_major_lsm, major->name); + } + } + } if (chosen_lsm_order) ordered_lsm_parse(chosen_lsm_order, "cmdline");