From patchwork Mon Nov 26 23:39:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10699413 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DB7EB13BB for ; Mon, 26 Nov 2018 23:39:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CA769290D8 for ; Mon, 26 Nov 2018 23:39:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BC24E2A660; Mon, 26 Nov 2018 23:39:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3A890290D8 for ; Mon, 26 Nov 2018 23:39:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727580AbeK0Kfm (ORCPT ); Tue, 27 Nov 2018 05:35:42 -0500 Received: from sonic315-27.consmr.mail.ne1.yahoo.com ([66.163.190.153]:42647 "EHLO sonic315-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727536AbeK0Kfm (ORCPT ); Tue, 27 Nov 2018 05:35:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1543275593; bh=9sjMSXF/Q8aciNYYUwWXS/TtIz39HJVSzkpXcl3Y2K4=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=a165ELMkQDT6aRadPiTh839vqQ3XE0l4syX8GsHaF0Ayzl73mUoJYlc6ZUCt9LNS3gF5ACavPbiCH2JgnHWBg/ysenm1eqQFfn8b/ZJ7RFBhpMs6cJQsrTO6/BVyQMPwlsWng/5daWbunVhy6uZCDAIKWaXiG+HZC3O0kOf+Ib3MNjcd9HqhKMiibtkxKjULO0R4B5sHZd4oIsOsI8fhZ6GMEeG1GK6vhfZKm8d5LVK8nYWuI4obbmr3jsX5rtc7OQdWXkcSpi8R5GRQ1ds/buBgn7JXcmF2ZT2Nx6IBP3lEc4Rax+TAc9EHJQUznPXqr7uPL4BOJR/oQGeHCYYYVA== X-YMail-OSG: inKkXdQVM1mA9w5UvB1feFSFI19Te9Jhbt1JWAbwlWLWrSUt3q36IP84CJ2Zh6s xU8wEHCg3Z_OG3guoW8d9it2r9Ydu54ROtYNMzW9GEVv5JfAT9GkFqxiM2cP6uw_Tmal.jzh_clW YqczbyKAlkf94PYxF9TbhpbXzbafD1TMMUspqZ7_PwY..EGwPXFPh_MuNheYGwiv_GREwZaVPH_Y YJLljgxHaXSQHvi0pyS3y5fQlZHLXsB7o.Dmx0BcDN0TN2VHIi0Q7rRQBlPLZV390533Ho4Axs_x VCdMyy5VRlgCJ6AcoZy8ZoFzRvEAsnlL6Mx.mqEfdTxbNG3uMWzNjEhPQsajRmxuaoMijYQ78Qiz b_mtHcivFNY4v91Qh6kdBKbwI290SPjWalPNhiJoDF6vPCc5KdwRbrov9LAg59yZvtrUz0KAu3bT Yn4YnQXy6f59HDQCqobycOwPQf0UFQHvyyKRulVgfQmns9b0SYoX1gs8fW38KvaVBo7QGNO093YL 8kUIGLclFvsgonZ78sM9EDOBmjNlCJOZX4r8XHRgnHXsFbCUbSor3h2XFaJomAxm_gaAxzfDDvcq zLOAVXBJ48Y7_.4iVqVItIfy5ZMAiDceNYDIlOmyDHrtLbe1DWWIjlTgmZSoUD96QAf3rjhfLki5 kc1W28IS7okIssodfI8yXgAznMZAVsFfyGcdpYqg_p5XNsL0CBhX2yQlZl12ZwSu9QsKDNE2DPhy hNCzaBacG1uP7QZZawrCI5NRIqJeG4I4vLVWPs40J61bf4gkRLOyjab_qRigYZ3DBl8RYqMwuYbH O1ysQR.RohtxpVF.Rw4Oa.vz.hR7_C8dsKPfbANM41nVOL.hSLk8JuYSo6l5b0A9UFVqXnMfWjDc u1o.RvHa4Z6TmqEWSwfipRyzZiqXEMkyqRdkWvYtAYsQk9dFF2UU_X2j5EK.UUUcDkQL.gA5vlPy efATQm68LsG.R5lvxXT.2JusKKUSVSFqFHCtaUb2uFwiJWg1ucmaODXiwLYm8i5H4rSlEdaIFzc9 p.bDGbjJizdq2zJeCrpnncRzLS5kAk4WW3wbX3qe2hYxIdSBKp0_YWhH8eX3HrXOYmAJ5eSOybyb mewaTRsDkhXLzUY574xNbtwMEmk3G9ZwhwuqUKKJW3OI- Received: from sonic.gate.mail.ne1.yahoo.com by sonic315.consmr.mail.ne1.yahoo.com with HTTP; Mon, 26 Nov 2018 23:39:53 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.105]) ([67.169.65.224]) by smtp422.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 4ba474287b3debb52399a04543db9a59; Mon, 26 Nov 2018 23:39:48 +0000 (UTC) Subject: [PATCH v5 17/38] Yama: Initialize as ordered LSM To: James Morris , LSM , LKLM , SE Linux Cc: John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , "linux-fsdevel@vger.kernel.org" , Stephen Smalley , Alexey Dobriyan , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Salvatore Mesoraca References: <50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com> From: Casey Schaufler Message-ID: Date: Mon, 26 Nov 2018 15:39:45 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com> Content-Language: en-US Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This converts Yama from being a direct "minor" LSM into an ordered LSM. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- include/linux/lsm_hooks.h | 5 ----- security/Kconfig | 2 +- security/security.c | 1 - security/yama/yama_lsm.c | 8 +++++++- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index b565c0c10269..6cfbd7d78a89 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2087,10 +2087,5 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ extern void __init capability_add_hooks(void); -#ifdef CONFIG_SECURITY_YAMA -extern void __init yama_add_hooks(void); -#else -static inline void __init yama_add_hooks(void) { } -#endif #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/Kconfig b/security/Kconfig index 566d54215cbe..94a71e022b79 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -241,7 +241,7 @@ source security/integrity/Kconfig config LSM string "Ordered list of enabled LSMs" - default "loadpin,integrity,selinux,smack,tomoyo,apparmor" + default "yama,loadpin,integrity,selinux,smack,tomoyo,apparmor" help A comma-separated list of LSMs, in initialization order. Any LSMs left off this list will be ignored. This can be diff --git a/security/security.c b/security/security.c index 0c092d62cc47..0c3c66dbf51c 100644 --- a/security/security.c +++ b/security/security.c @@ -274,7 +274,6 @@ int __init security_init(void) * Load minor LSMs, with the capability module always first. */ capability_add_hooks(); - yama_add_hooks(); /* Load LSMs in specified order. */ ordered_lsm_init(); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index ffda91a4a1aa..eb1da1303d2e 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -477,9 +477,15 @@ static void __init yama_init_sysctl(void) static inline void yama_init_sysctl(void) { } #endif /* CONFIG_SYSCTL */ -void __init yama_add_hooks(void) +static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); yama_init_sysctl(); + return 0; } + +DEFINE_LSM(yama) = { + .name = "yama", + .init = yama_init, +};