From patchwork Thu Oct 11 00:18:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635517 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2EF53933 for ; Thu, 11 Oct 2018 00:19:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 17BE42A9E7 for ; Thu, 11 Oct 2018 00:19:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0BC892AAC3; Thu, 11 Oct 2018 00:19:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AD9462A9E7 for ; Thu, 11 Oct 2018 00:18:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726774AbeJKHnb (ORCPT ); Thu, 11 Oct 2018 03:43:31 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:38492 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726758AbeJKHnb (ORCPT ); Thu, 11 Oct 2018 03:43:31 -0400 Received: by mail-pg1-f196.google.com with SMTP id f8-v6so3273525pgq.5 for ; Wed, 10 Oct 2018 17:18:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=IXAQXo8qYO7Phx51B4l5S6pXkNyNEOESCjmeHP9RP9w=; b=Rf67tOqoUk2qHal3un5WTqorj29nz8AyKs5MTTEF8x/ZfGgp9Nevu8RGAZlQ3thhwM RsbieZUz6RIPFR4ToLKiDTjetcZ8NmL0RrCp4Q4IJ0zOxVW40uKTVHXssxD8mWTvosDg wSQUDbSMKBxoKaeExNhjMwZKiiBj1hzae12BY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=IXAQXo8qYO7Phx51B4l5S6pXkNyNEOESCjmeHP9RP9w=; b=ALxuuIf3iLHQCl6kQy8EdGr4dMSPglDOwEdViWss2j3JO+o03d68kxT7v5hBnw4/kU +xhLZSONGuhTZjvj9cnNSMUTejrb6oP5rTGrxqYImdxpEuZK/qwTY49qZ5Zniqabnxkq PqBc3vDbAUu0X206AR2mIGVugqjvrEwn9KzNj4oH/GYXa1mt7ElaU/fZD7fyKsDeeeDU 2Ki9cvtKZP7GQajdDaeJRjeNqIEcRRxn5lhgJ59Xr+U6HNsk8ZxgZX0V4Ei1rmCevqH5 ZLKhLstq1ET8FWh6gJBrCI399/hiLOJJ4JItu4ym38mkiLJHEHSfQq100uF545+N12nl tZZQ== X-Gm-Message-State: ABuFfojCZdgN21gEErq7fPfxLvWaHCb7Q9rHsRdfFR5bITS3As8ssfWN uh5NZdZUtR8iI1t+V/scVlNMtA== X-Google-Smtp-Source: ACcGV62RnoIOY3KKCh95g2kCjaBGDIMamXtAwijS3CkXs2DJ/nhOB3RRG/aRao0uxVeExnhiIBxB7g== X-Received: by 2002:a63:a54f:: with SMTP id r15-v6mr31775160pgu.176.1539217136621; Wed, 10 Oct 2018 17:18:56 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id t85-v6sm33788445pfi.73.2018.10.10.17.18.52 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:18:52 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 01/30] LSM: Correctly announce start of LSM initialization Date: Wed, 10 Oct 2018 17:18:17 -0700 Message-Id: <20181011001846.30964-2-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP For a while now, the LSM core has said it was "initializED", rather than "initializING". This adjust the report to be more accurate (i.e. before this was reported before any LSMs had been initialized.) Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: James Morris Reviewed-by: John Johansen --- security/security.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/security.c b/security/security.c index 736e78da1ab9..4cbcf244a965 100644 --- a/security/security.c +++ b/security/security.c @@ -72,10 +72,11 @@ int __init security_init(void) int i; struct hlist_head *list = (struct hlist_head *) &security_hook_heads; + pr_info("Security Framework initializing\n"); + for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct hlist_head); i++) INIT_HLIST_HEAD(&list[i]); - pr_info("Security Framework initialized\n"); /* * Load minor LSMs, with the capability module always first. From patchwork Thu Oct 11 00:18:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635549 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DD9EA17E1 for ; Thu, 11 Oct 2018 00:20:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C3D3B2AC49 for ; Thu, 11 Oct 2018 00:20:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B83632ACDA; Thu, 11 Oct 2018 00:20:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 61E7B2ACCF for ; Thu, 11 Oct 2018 00:20:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726979AbeJKHpS (ORCPT ); Thu, 11 Oct 2018 03:45:18 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:46356 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726088AbeJKHn3 (ORCPT ); Thu, 11 Oct 2018 03:43:29 -0400 Received: by mail-pf1-f195.google.com with SMTP id r64-v6so3431228pfb.13 for ; Wed, 10 Oct 2018 17:18:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=bDWn21iauCiQfJ3Cfx0b4/V/Z6uec1GQQMOYX0nkvvY=; b=Xwj7zAd7o3O2JcY0kcZZG4H3ZzsBZN2h22etq7KW5DrBAEz2HFkfKtbV3xYAIj+aoy Drhm2j90nYteN293T3dFfQaxzyDgIUEkZRXnG2nT5xu3tGKvV1+m679GQe7WG22M1L3C JLDq2NSIwQnYNCgInmj9vRHK2sP4QYPZx5AB4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=bDWn21iauCiQfJ3Cfx0b4/V/Z6uec1GQQMOYX0nkvvY=; b=mcx7mF186hA3r9TkcUWRslMKVKW3ejiEwv3zKTD5/7jvfzrDkM9fe2s2rDVXQ5VXJZ yzvgAEkqcUqam1WxvGlE6rGqW+w5HfLsDgAcNnRkKpon+HGyiGPenEBhNzO1T5l+CuCq OtZfGa1PdiFjkKo8UOeYc0n2yupuv9WjsPM3Os+Ee45O9rR2Zzs7KQShXqBjuwQ3Tbj6 8Jczw/qU+XtaEekAaGh92SwHuz0Fvm0OKxHieZm3J21MQcmQ8OfUWQK4LFKrUHXeR480 M8nyL0mfRXzus5jm2ZvmpZqf6foSzj1/fOUSFZBgMJaxbEF2+bkeYO+kVl7J4SQERfr7 ebvg== X-Gm-Message-State: ABuFfoiQ6BHjAj1P/L0qonqnm+iTycTqmrnB6r6uiwr0P9cPGD8Y/cV2 RMifL1Ktgv8CF+SL1pJbALJjeg== X-Google-Smtp-Source: ACcGV612ePGWjZSnSVnkJWI72VTdAwSwjkJBr8Clo+EW8R3IaRuKzQIL3VMJ5iIeFtUhLnj2Xs6/VQ== X-Received: by 2002:a63:5f03:: with SMTP id t3-v6mr32042429pgb.68.1539217134774; Wed, 10 Oct 2018 17:18:54 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id a16-v6sm27290397pfi.49.2018.10.10.17.18.52 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:18:52 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 02/30] vmlinux.lds.h: Avoid copy/paste of security_init section Date: Wed, 10 Oct 2018 17:18:18 -0700 Message-Id: <20181011001846.30964-3-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Avoid copy/paste by defining SECURITY_INIT in terms of SECURITY_INITCALL. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: James Morris Reviewed-by: John Johansen --- include/asm-generic/vmlinux.lds.h | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 7b75ff6e2fce..934a45395547 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -473,13 +473,6 @@ #define RODATA RO_DATA_SECTION(4096) #define RO_DATA(align) RO_DATA_SECTION(align) -#define SECURITY_INIT \ - .security_initcall.init : AT(ADDR(.security_initcall.init) - LOAD_OFFSET) { \ - __security_initcall_start = .; \ - KEEP(*(.security_initcall.init)) \ - __security_initcall_end = .; \ - } - /* * .text section. Map to function alignment to avoid address changes * during second ld run in second ld pass when generating System.map @@ -798,6 +791,12 @@ KEEP(*(.security_initcall.init)) \ __security_initcall_end = .; +/* Older linker script style for security init. */ +#define SECURITY_INIT \ + .security_initcall.init : AT(ADDR(.security_initcall.init) - LOAD_OFFSET) { \ + SECURITY_INITCALL \ + } + #ifdef CONFIG_BLK_DEV_INITRD #define INIT_RAM_FS \ . = ALIGN(4); \ From patchwork Thu Oct 11 00:18:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635515 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3869817E1 for ; Thu, 11 Oct 2018 00:18:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1BFC72A9E7 for ; Thu, 11 Oct 2018 00:18:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0FEEB2AAC3; Thu, 11 Oct 2018 00:18:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8ABB92A9E7 for ; Thu, 11 Oct 2018 00:18:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726079AbeJKHn2 (ORCPT ); Thu, 11 Oct 2018 03:43:28 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:40755 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726088AbeJKHn2 (ORCPT ); Thu, 11 Oct 2018 03:43:28 -0400 Received: by mail-pf1-f193.google.com with SMTP id s5-v6so3442265pfj.7 for ; Wed, 10 Oct 2018 17:18:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=BNwJMOTTBg+xIR0Zs6W8eU/Z+0Zh4DQ+gRWYfOJdHJk=; b=eswuuMyUcqsBjLTBfAB22g9uhe1PlJ8+V/+KeDKDtQQX4iBQuW1eOEKeqzSReQQSaM EndljOTeVmhtFg8Y6C9BnvuOOSU0eHaz+xjkWESbjrCvyGdGTOzW2lnF6H0X1jQCdmwq ItsjiPNv7g08aVWXJvoW3MYJA84QSOLjysRrg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=BNwJMOTTBg+xIR0Zs6W8eU/Z+0Zh4DQ+gRWYfOJdHJk=; b=jShEcu7xEhFeXMuD+h7dfD4wZw0zB4Y23/sww/Vm/gJQUnpfoTuqnE5fUblvzmP0OS JpvU05JcyRtcMOmGs7gXCaUJlSJPo1ktInWLDzLidNeelhy5Nd4SUwDPGq5GYt+tjhCb tWbxBgjtvSzxWDZkNTZWWLWm4Wvme4aGlY8jGzmNfcjXe1QoryD9x3/tPoipORmQPmff 8eNc5Yw/b2lVPn7lpK7EsVocSKqLccF/t1+5vqANLtBv6qp66YZ0fApaKClQot+lK1mU hSoO3HaBZ8ZQhl6I0cZOz0ro4RTIW+N+cow1NYziFWgFmfOrcs6IVKhJqVW22e6V/1IZ VQgA== X-Gm-Message-State: ABuFfojA9ystnZBTY2BIRL6IJDGFljQ5JqwjJDKLUuCYk1uxZ7KeNXKJ Z+oOVZV0nD6/o4keTrdR5Bl1cg== X-Google-Smtp-Source: ACcGV60R0wKzvkdI8mQ1Qw4xoZj8qzhNGByRSzvOxOWIR3tU81mhVfzxBcRPL9cm6vs7aeQ+Ww2Lgw== X-Received: by 2002:a63:d502:: with SMTP id c2-v6mr31625882pgg.324.1539217133914; Wed, 10 Oct 2018 17:18:53 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id 189-v6sm40061286pfe.121.2018.10.10.17.18.52 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:18:52 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 03/30] LSM: Rename .security_initcall section to .lsm_info Date: Wed, 10 Oct 2018 17:18:19 -0700 Message-Id: <20181011001846.30964-4-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In preparation for switching from initcall to just a regular set of pointers in a section, rename the internal section name. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: James Morris Reviewed-by: John Johansen --- include/asm-generic/vmlinux.lds.h | 10 +++++----- include/linux/init.h | 4 ++-- security/security.c | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 934a45395547..5079a969e612 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -787,14 +787,14 @@ __con_initcall_end = .; #define SECURITY_INITCALL \ - __security_initcall_start = .; \ - KEEP(*(.security_initcall.init)) \ - __security_initcall_end = .; + __start_lsm_info = .; \ + KEEP(*(.lsm_info.init)) \ + __end_lsm_info = .; /* Older linker script style for security init. */ #define SECURITY_INIT \ - .security_initcall.init : AT(ADDR(.security_initcall.init) - LOAD_OFFSET) { \ - SECURITY_INITCALL \ + .lsm_info.init : AT(ADDR(.lsm_info.init) - LOAD_OFFSET) { \ + LSM_INFO \ } #ifdef CONFIG_BLK_DEV_INITRD diff --git a/include/linux/init.h b/include/linux/init.h index 2538d176dd1f..77636539e77c 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -133,7 +133,7 @@ static inline initcall_t initcall_from_entry(initcall_entry_t *entry) #endif extern initcall_entry_t __con_initcall_start[], __con_initcall_end[]; -extern initcall_entry_t __security_initcall_start[], __security_initcall_end[]; +extern initcall_entry_t __start_lsm_info[], __end_lsm_info[]; /* Used for contructor calls. */ typedef void (*ctor_fn_t)(void); @@ -236,7 +236,7 @@ extern bool initcall_debug; static exitcall_t __exitcall_##fn __exit_call = fn #define console_initcall(fn) ___define_initcall(fn,, .con_initcall) -#define security_initcall(fn) ___define_initcall(fn,, .security_initcall) +#define security_initcall(fn) ___define_initcall(fn,, .lsm_info) struct obs_kernel_param { const char *str; diff --git a/security/security.c b/security/security.c index 4cbcf244a965..892fe6b691cf 100644 --- a/security/security.c +++ b/security/security.c @@ -51,9 +51,9 @@ static void __init do_security_initcalls(void) initcall_t call; initcall_entry_t *ce; - ce = __security_initcall_start; + ce = __start_lsm_info; trace_initcall_level("security"); - while (ce < __security_initcall_end) { + while (ce < __end_lsm_info) { call = initcall_from_entry(ce); trace_initcall_start(call); ret = call(); From patchwork Thu Oct 11 00:18:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635545 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 49423933 for ; Thu, 11 Oct 2018 00:20:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 338AC2ABF0 for ; Thu, 11 Oct 2018 00:20:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 279E82ACBE; Thu, 11 Oct 2018 00:20:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C9D672ABF0 for ; Thu, 11 Oct 2018 00:20:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726750AbeJKHnc (ORCPT ); Thu, 11 Oct 2018 03:43:32 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:43284 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726689AbeJKHna (ORCPT ); Thu, 11 Oct 2018 03:43:30 -0400 Received: by mail-pf1-f194.google.com with SMTP id p24-v6so3433050pff.10 for ; Wed, 10 Oct 2018 17:18:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=6eNmHSp4+Q45IaDkZQNXs6+kAcMRIeE3x4RWtQQ9mBQ=; b=DYvDVjc7Xan2EP/iEUqXrj2yKnSYlFhkr34DGSQencgIOy831Os9HD8kGEcDUqRW2h UOL8vxl7DRRzpkbIlRy98nY2vb37prMlBtAdV5CW1oBx4Fcq9fOA0MMLfYvLGRJNoexU bCKXaqd5HJ3BxFRz5OUOZpuy6tl1f0EMKGnbw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=6eNmHSp4+Q45IaDkZQNXs6+kAcMRIeE3x4RWtQQ9mBQ=; b=khYEIgVBYkVag2vMPdMdc3mCQP8I2YqnwNd9l2ZWU+O/GCapTSXqf37hh0/Xg9CVwe uPUylfNbgpg7BLYkfPRonTKPai+cESKvJG93zU9BdZ8n1I63X5lepyLHfAQlEBLgcrhK lhz7DGJHayd+QCUyE3Q6MIlg8ArCZtZsLBSvjSavOrtCCGkBUb2ZtzaMAHilWP30PiDi IWMMOqZDXQmPslkwA5wNUNVYl4rk+qHW0gfwD5sCsDF80Vheu64VlzE/M/3ylGlZL6ke +nOtx7SKTF4PCpf6H9dxkAclJxhuey/szVrQQmLWgOSnYfeFS6AKT1yEy5UuJkEeMV6S 7cNg== X-Gm-Message-State: ABuFfohqCvHD7sa42Pe/1EhOZHNqFT99sr+6qQhiu/iQCINfCsYt1aUM 5gfWsXM6emcxEa9VUJ9SbrUIkQ== X-Google-Smtp-Source: ACcGV63dDeOHLSBcNV01IpVUAP0l7q9lWEPVHsR2O3jUsO5dLyP0b5mqaSyhlTir4maRP3nKsSTw+g== X-Received: by 2002:a63:5605:: with SMTP id k5-v6mr31688220pgb.189.1539217135713; Wed, 10 Oct 2018 17:18:55 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id 72-v6sm49719749pfr.115.2018.10.10.17.18.52 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:18:52 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 04/30] LSM: Remove initcall tracing Date: Wed, 10 Oct 2018 17:18:20 -0700 Message-Id: <20181011001846.30964-5-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This partially reverts commit 58eacfffc417 ("init, tracing: instrument security and console initcall trace events") since security init calls are about to no longer resemble regular init calls. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: James Morris --- security/security.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/security/security.c b/security/security.c index 892fe6b691cf..41a5da2c7faf 100644 --- a/security/security.c +++ b/security/security.c @@ -30,8 +30,6 @@ #include #include -#include - #define MAX_LSM_EVM_XATTR 2 /* Maximum number of letters for an LSM name string */ @@ -47,17 +45,13 @@ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = static void __init do_security_initcalls(void) { - int ret; initcall_t call; initcall_entry_t *ce; ce = __start_lsm_info; - trace_initcall_level("security"); while (ce < __end_lsm_info) { call = initcall_from_entry(ce); - trace_initcall_start(call); - ret = call(); - trace_initcall_finish(call, ret); + call(); ce++; } } From patchwork Thu Oct 11 00:18:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635539 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1AE6017E1 for ; Thu, 11 Oct 2018 00:20:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 02B352ABF0 for ; Thu, 11 Oct 2018 00:20:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EAB152ACBE; Thu, 11 Oct 2018 00:19:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7B6222ABF0 for ; Thu, 11 Oct 2018 00:19:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727095AbeJKHnh (ORCPT ); Thu, 11 Oct 2018 03:43:37 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:34815 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726982AbeJKHng (ORCPT ); Thu, 11 Oct 2018 03:43:36 -0400 Received: by mail-pf1-f193.google.com with SMTP id k19-v6so3453817pfi.1 for ; Wed, 10 Oct 2018 17:19:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=BVWMrSfJ2AOZ0A0KwCR2pOLnq5busYj1TGlJinCC/UA=; b=cn8SFMQLT/IXUwhDgwSavNI74DXuQa+M6y3C7kkAD8GCKAURVkmRGJ0e8F6dWkqQnj hMaxZKIUpNdC00drsrzj93KbPtYdoRRBXiInHviWEK8Jlt3FKw5lQNH/AytBjmIRoqTO qPKOAclziESTj9z6R7ksHvUE600ZVi3eJTmyQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=BVWMrSfJ2AOZ0A0KwCR2pOLnq5busYj1TGlJinCC/UA=; b=O31it4EDddS5VuPzwwQlB5ikr3PMXkJ386UUlvcnFBJFpHhiCKt2rQyEB8h+uVauwB 8OulrFzzEBFEy0ZVytrU3v3ntptE6KPM0F8h1gnUOsaQQ+W8isG97CBlR3rSsM0hXr8F NIuat2fyEYtS79igU7pdcGmG+uX0m/7Lme3QV7Nn/jNlgH5R0DAINHtVTMXOOlIpjTGt aSKZ31g8KFfaDkIDWAtaOUZlXVaDz1JoID26IKkIKChcwNen2QQC9BmQOYQ+m2bFW9TH iPmg9Fa78BQ1YotBsotaC4BS489mEAac60/OnSjpfE5h48xbqHqEn2URNcybe3KNoqar XnSQ== X-Gm-Message-State: ABuFfogUJv3WHeqm8m2yJc7t/Qv45Yqx4iZmEjeSVDq9mneevblVoEIH E5NZydCCc+fN12lA/HfAVPSN9A== X-Google-Smtp-Source: ACcGV62YBMO9BKeWO2iunYaB+KMaVuaaVY37xh3etiwtdZJNnJ1xfCpps5WIX0oxCjy3K7Lgwwzmxg== X-Received: by 2002:a63:fa4e:: with SMTP id g14-v6mr31665406pgk.18.1539217141848; Wed, 10 Oct 2018 17:19:01 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id e9-v6sm24342121pgs.92.2018.10.10.17.18.54 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:18:57 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 05/30] LSM: Convert from initcall to struct lsm_info Date: Wed, 10 Oct 2018 17:18:21 -0700 Message-Id: <20181011001846.30964-6-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In preparation for doing more interesting LSM init probing, this converts the existing initcall system into an explicit call into a function pointer from a section-collected struct lsm_info array. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: James Morris Reviewed-by: John Johansen --- include/linux/init.h | 2 -- include/linux/lsm_hooks.h | 12 ++++++++++++ include/linux/module.h | 1 - security/integrity/iint.c | 1 + security/security.c | 14 +++++--------- 5 files changed, 18 insertions(+), 12 deletions(-) diff --git a/include/linux/init.h b/include/linux/init.h index 77636539e77c..9c2aba1dbabf 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -133,7 +133,6 @@ static inline initcall_t initcall_from_entry(initcall_entry_t *entry) #endif extern initcall_entry_t __con_initcall_start[], __con_initcall_end[]; -extern initcall_entry_t __start_lsm_info[], __end_lsm_info[]; /* Used for contructor calls. */ typedef void (*ctor_fn_t)(void); @@ -236,7 +235,6 @@ extern bool initcall_debug; static exitcall_t __exitcall_##fn __exit_call = fn #define console_initcall(fn) ___define_initcall(fn,, .con_initcall) -#define security_initcall(fn) ___define_initcall(fn,, .lsm_info) struct obs_kernel_param { const char *str; diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 97a020c616ad..d13059feca09 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2039,6 +2039,18 @@ extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, char *lsm); +struct lsm_info { + int (*init)(void); /* Required. */ +}; + +extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; + +#define security_initcall(lsm) \ + static struct lsm_info __lsm_##lsm \ + __used __section(.lsm_info.init) \ + __aligned(sizeof(unsigned long)) \ + = { .init = lsm, } + #ifdef CONFIG_SECURITY_SELINUX_DISABLE /* * Assuring the safety of deleting a security module is up to diff --git a/include/linux/module.h b/include/linux/module.h index f807f15bebbe..264979283756 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -123,7 +123,6 @@ extern void cleanup_module(void); #define late_initcall_sync(fn) module_init(fn) #define console_initcall(fn) module_init(fn) -#define security_initcall(fn) module_init(fn) /* Each module must use one module_init(). */ #define module_init(initfn) \ diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 5a6810041e5c..70d21b566955 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -22,6 +22,7 @@ #include #include #include +#include #include "integrity.h" static struct rb_root integrity_iint_tree = RB_ROOT; diff --git a/security/security.c b/security/security.c index 41a5da2c7faf..e74f46fba591 100644 --- a/security/security.c +++ b/security/security.c @@ -43,16 +43,12 @@ char *lsm_names; static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; -static void __init do_security_initcalls(void) +static void __init major_lsm_init(void) { - initcall_t call; - initcall_entry_t *ce; + struct lsm_info *lsm; - ce = __start_lsm_info; - while (ce < __end_lsm_info) { - call = initcall_from_entry(ce); - call(); - ce++; + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + lsm->init(); } } @@ -82,7 +78,7 @@ int __init security_init(void) /* * Load all the remaining security modules. */ - do_security_initcalls(); + major_lsm_init(); return 0; } From patchwork Thu Oct 11 00:18:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635521 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0C1A85CAF for ; Thu, 11 Oct 2018 00:19:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DFE012A9E7 for ; Thu, 11 Oct 2018 00:19:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D29592AAC3; Thu, 11 Oct 2018 00:19:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4ECC92A9EC for ; Thu, 11 Oct 2018 00:19:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727040AbeJKHnf (ORCPT ); Thu, 11 Oct 2018 03:43:35 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:43002 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726982AbeJKHne (ORCPT ); Thu, 11 Oct 2018 03:43:34 -0400 Received: by mail-pg1-f196.google.com with SMTP id i4-v6so3266935pgq.9 for ; Wed, 10 Oct 2018 17:19:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nzmhAyW5ps/HmENLZ35r1xdB+Z8Iy1FLQtByB3mDQ3c=; b=BdA98Ck/Lpz7tRBnyJceOUjcuRlTEhXJncr3lR3d0LXjLXISN7V07pzfmUNOISDUjv DMr7FD2RISmbWyRNBNHky6uyLWQOD/HXWtro6/0m2paZIeFHfWucwX6X3RZy/ZCuqN9e HTgfHlMwFYamtHE8ls7aic/R9bWsvle0U56xs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nzmhAyW5ps/HmENLZ35r1xdB+Z8Iy1FLQtByB3mDQ3c=; b=VymzbpVrwkOib/XwcdAVb2H1edT6FdenV3fiBEFc1x2q4WIPV9jJQ7uAAfHkKRPWVG KQSQruafOKukH2Wmddlcp2QfLNYMQm4X9bBDrmdG4l26mB+8Fv8GfM2x63fGJABvbm/Z RMUykwORlSUzbAQTUbX/ychrM1AucDAwHUax4PaPaRdjYAgOZB6L1s6euZnShTZ2t0Kn FMa1Q//RuPam+aYXgtANOdgFpbNv9HwpLG4C0THbbVh0RexrzccX0XNCKUJfmhig/jAT llhT/FLxW3PDvaw7+Vh5Q/c6hEtSOB7qusJE0KBmyIruDaL5y50WXVPsV+5YBG5EwgEs o+sQ== X-Gm-Message-State: ABuFfogpmBDidi2rKf+7yDu8+CVGkGjDPRD1O1JP1pqQEVexmvH+xPnH jeGqb9K45nwn9/tCBPo2A3SjlQ== X-Google-Smtp-Source: ACcGV63/hAfQa4SBzFeyALVCWuIXWns5BbIBnXOuKAyprn91eokQDl0sOjYDzsogk5OwGzzjOMfySA== X-Received: by 2002:a62:6dc3:: with SMTP id i186-v6mr26698433pfc.218.1539217140009; Wed, 10 Oct 2018 17:19:00 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id u1-v6sm24171107pgr.61.2018.10.10.17.18.54 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:18:57 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 06/30] vmlinux.lds.h: Move LSM_TABLE into INIT_DATA Date: Wed, 10 Oct 2018 17:18:22 -0700 Message-Id: <20181011001846.30964-7-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Since the struct lsm_info table is not an initcall, we can just move it into INIT_DATA like all the other tables. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen Reviewed-by: James Morris --- arch/arc/kernel/vmlinux.lds.S | 1 - arch/arm/kernel/vmlinux-xip.lds.S | 1 - arch/arm64/kernel/vmlinux.lds.S | 1 - arch/h8300/kernel/vmlinux.lds.S | 1 - arch/microblaze/kernel/vmlinux.lds.S | 2 -- arch/powerpc/kernel/vmlinux.lds.S | 2 -- arch/um/include/asm/common.lds.S | 2 -- arch/xtensa/kernel/vmlinux.lds.S | 1 - include/asm-generic/vmlinux.lds.h | 24 +++++++++++------------- 9 files changed, 11 insertions(+), 24 deletions(-) diff --git a/arch/arc/kernel/vmlinux.lds.S b/arch/arc/kernel/vmlinux.lds.S index f35ed578e007..8fb16bdabdcf 100644 --- a/arch/arc/kernel/vmlinux.lds.S +++ b/arch/arc/kernel/vmlinux.lds.S @@ -71,7 +71,6 @@ SECTIONS INIT_SETUP(L1_CACHE_BYTES) INIT_CALLS CON_INITCALL - SECURITY_INITCALL } .init.arch.info : { diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S index 3593d5c1acd2..8c74037ade22 100644 --- a/arch/arm/kernel/vmlinux-xip.lds.S +++ b/arch/arm/kernel/vmlinux-xip.lds.S @@ -96,7 +96,6 @@ SECTIONS INIT_SETUP(16) INIT_CALLS CON_INITCALL - SECURITY_INITCALL INIT_RAM_FS } diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 605d1b60469c..7d23d591b03c 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -166,7 +166,6 @@ SECTIONS INIT_SETUP(16) INIT_CALLS CON_INITCALL - SECURITY_INITCALL INIT_RAM_FS *(.init.rodata.* .init.bss) /* from the EFI stub */ } diff --git a/arch/h8300/kernel/vmlinux.lds.S b/arch/h8300/kernel/vmlinux.lds.S index 35716a3048de..49f716c0a1df 100644 --- a/arch/h8300/kernel/vmlinux.lds.S +++ b/arch/h8300/kernel/vmlinux.lds.S @@ -56,7 +56,6 @@ SECTIONS __init_begin = .; INIT_TEXT_SECTION(4) INIT_DATA_SECTION(4) - SECURITY_INIT __init_end = .; _edata = . ; _begin_data = LOADADDR(.data); diff --git a/arch/microblaze/kernel/vmlinux.lds.S b/arch/microblaze/kernel/vmlinux.lds.S index 289d0e7f3e3a..e1f3e8741292 100644 --- a/arch/microblaze/kernel/vmlinux.lds.S +++ b/arch/microblaze/kernel/vmlinux.lds.S @@ -117,8 +117,6 @@ SECTIONS { CON_INITCALL } - SECURITY_INIT - __init_end_before_initramfs = .; .init.ramfs : AT(ADDR(.init.ramfs) - LOAD_OFFSET) { diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 07ae018e550e..105a976323aa 100644 --- a/arch/powerpc/kernel/vmlinux.lds.S +++ b/arch/powerpc/kernel/vmlinux.lds.S @@ -212,8 +212,6 @@ SECTIONS CON_INITCALL } - SECURITY_INIT - . = ALIGN(8); __ftr_fixup : AT(ADDR(__ftr_fixup) - LOAD_OFFSET) { __start___ftr_fixup = .; diff --git a/arch/um/include/asm/common.lds.S b/arch/um/include/asm/common.lds.S index 7adb4e6b658a..4049f2c46387 100644 --- a/arch/um/include/asm/common.lds.S +++ b/arch/um/include/asm/common.lds.S @@ -53,8 +53,6 @@ CON_INITCALL } - SECURITY_INIT - .exitcall : { __exitcall_begin = .; *(.exitcall.exit) diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S index a1c3edb8ad56..b727b18a68ac 100644 --- a/arch/xtensa/kernel/vmlinux.lds.S +++ b/arch/xtensa/kernel/vmlinux.lds.S @@ -197,7 +197,6 @@ SECTIONS INIT_SETUP(XCHAL_ICACHE_LINESIZE) INIT_CALLS CON_INITCALL - SECURITY_INITCALL INIT_RAM_FS } diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 5079a969e612..b31ea8bdfef9 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -203,6 +203,15 @@ #define EARLYCON_TABLE() #endif +#ifdef CONFIG_SECURITY +#define LSM_TABLE() . = ALIGN(8); \ + __start_lsm_info = .; \ + KEEP(*(.lsm_info.init)) \ + __end_lsm_info = .; +#else +#define LSM_TABLE() +#endif + #define ___OF_TABLE(cfg, name) _OF_TABLE_##cfg(name) #define __OF_TABLE(cfg, name) ___OF_TABLE(cfg, name) #define OF_TABLE(cfg, name) __OF_TABLE(IS_ENABLED(cfg), name) @@ -597,7 +606,8 @@ IRQCHIP_OF_MATCH_TABLE() \ ACPI_PROBE_TABLE(irqchip) \ ACPI_PROBE_TABLE(timer) \ - EARLYCON_TABLE() + EARLYCON_TABLE() \ + LSM_TABLE() #define INIT_TEXT \ *(.init.text .init.text.*) \ @@ -786,17 +796,6 @@ KEEP(*(.con_initcall.init)) \ __con_initcall_end = .; -#define SECURITY_INITCALL \ - __start_lsm_info = .; \ - KEEP(*(.lsm_info.init)) \ - __end_lsm_info = .; - -/* Older linker script style for security init. */ -#define SECURITY_INIT \ - .lsm_info.init : AT(ADDR(.lsm_info.init) - LOAD_OFFSET) { \ - LSM_INFO \ - } - #ifdef CONFIG_BLK_DEV_INITRD #define INIT_RAM_FS \ . = ALIGN(4); \ @@ -963,7 +962,6 @@ INIT_SETUP(initsetup_align) \ INIT_CALLS \ CON_INITCALL \ - SECURITY_INITCALL \ INIT_RAM_FS \ } From patchwork Thu Oct 11 00:18:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635543 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 375DA933 for ; Thu, 11 Oct 2018 00:20:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 18E352ABF6 for ; Thu, 11 Oct 2018 00:20:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 010342ACBE; Thu, 11 Oct 2018 00:20:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 806202ABF0 for ; Thu, 11 Oct 2018 00:20:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727589AbeJKHor (ORCPT ); Thu, 11 Oct 2018 03:44:47 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:45578 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726990AbeJKHnf (ORCPT ); Thu, 11 Oct 2018 03:43:35 -0400 Received: by mail-pf1-f193.google.com with SMTP id u12-v6so3425584pfn.12 for ; Wed, 10 Oct 2018 17:19:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=SVqtedufC5YNGveTdBgoJ/XYFtvod6rEynhSC1mAznA=; b=Tfywul4y3Jb5yidWPPGYNAiurEwaGUe9aFxYHuEif8khyQl7SZCnhl9N8p1mFe/KvB YJPwsn0uN8UXYM21nZPS5pky4MhMMbRBKHSqC7V7MEzrcoiMvUpVxabFOeXxnYtD7iVa uzcrDnL/bQIgbI9bpl5+cmA0MFqvFt0aLJHzA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=SVqtedufC5YNGveTdBgoJ/XYFtvod6rEynhSC1mAznA=; b=sLuNIzIp7tdjvqpgFfhMmSgBkBQIyzLH8zsprk17Y8SmeOOazoAljGnAngY6Kk3rHJ wyU4miPfQ+JQQMwHXPBGeFI9m3lhfh8WiFhMIev0AWoDMKwUODCwpI3kwVkv0X6MUpds Nc7ZMfsOhzjVFKTlQOxZoXTdul/KLsxNyXu+jgoqnWdNIIGbzTMGxdqvrQdQKifUjtuH Wz7rXrWQp4lLgXxqPW+KV3qZuo65P97rUsqgDV1Frfk7yKpyo83K0wc4uz1eSLEdPGIs /MHnoAUMd7TrDy4Z7xR8U9OuO6xLfYBwXhULFOvOf/K/1/phGTu+l5kFx/VNy9+sSLIV l8hQ== X-Gm-Message-State: ABuFfojnZ2MJdUra9qFkqSDinnvTf3ubRjbSslwJekZERUmLNZ2EB4i/ xkaAGpHLTkHOAqfmXelZ5hThHA== X-Google-Smtp-Source: ACcGV618L5PGRFkI24cNpxITPpIoIIcqXUhzWYorSRWK7CReB4nFLMNQcDE47kdYCJCGY0tF3vhMsg== X-Received: by 2002:a63:e47:: with SMTP id 7-v6mr27888803pgo.320.1539217140928; Wed, 10 Oct 2018 17:19:00 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id o62-v6sm32784578pfb.0.2018.10.10.17.18.55 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:18:58 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 07/30] LSM: Convert security_initcall() into DEFINE_LSM() Date: Wed, 10 Oct 2018 17:18:23 -0700 Message-Id: <20181011001846.30964-8-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Instead of using argument-based initializers, switch to defining the contents of struct lsm_info on a per-LSM basis. This also drops the final use of the now inaccurate "initcall" naming. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: James Morris --- include/linux/lsm_hooks.h | 5 ++--- security/apparmor/lsm.c | 4 +++- security/integrity/iint.c | 4 +++- security/selinux/hooks.c | 4 +++- security/smack/smack_lsm.c | 4 +++- security/tomoyo/tomoyo.c | 4 +++- 6 files changed, 17 insertions(+), 8 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index d13059feca09..9c6b4198ff5a 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2045,11 +2045,10 @@ struct lsm_info { extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; -#define security_initcall(lsm) \ +#define DEFINE_LSM(lsm) \ static struct lsm_info __lsm_##lsm \ __used __section(.lsm_info.init) \ - __aligned(sizeof(unsigned long)) \ - = { .init = lsm, } + __aligned(sizeof(unsigned long)) #ifdef CONFIG_SECURITY_SELINUX_DISABLE /* diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 8b8b70620bbe..c4863956c832 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1606,4 +1606,6 @@ static int __init apparmor_init(void) return error; } -security_initcall(apparmor_init); +DEFINE_LSM(apparmor) = { + .init = apparmor_init, +}; diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 70d21b566955..94e8e1820748 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -175,7 +175,9 @@ static int __init integrity_iintcache_init(void) 0, SLAB_PANIC, init_once); return 0; } -security_initcall(integrity_iintcache_init); +DEFINE_LSM(integrity) = { + .init = integrity_iintcache_init, +}; /* diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ad9a9b8e9979..6ca2e89ddbd6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7202,7 +7202,9 @@ void selinux_complete_init(void) /* SELinux requires early initialization in order to label all processes and objects when they are created. */ -security_initcall(selinux_init); +DEFINE_LSM(selinux) = { + .init = selinux_init, +}; #if defined(CONFIG_NETFILTER) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 340fc30ad85d..c62e26939a69 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4882,4 +4882,6 @@ static __init int smack_init(void) * Smack requires early initialization in order to label * all processes and objects when they are created. */ -security_initcall(smack_init); +DEFINE_LSM(smack) = { + .init = smack_init, +}; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 9f932e2d6852..b2d833999910 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -550,4 +550,6 @@ static int __init tomoyo_init(void) return 0; } -security_initcall(tomoyo_init); +DEFINE_LSM(tomoyo) = { + .init = tomoyo_init, +}; From patchwork Thu Oct 11 00:18:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635519 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8A7D1933 for ; Thu, 11 Oct 2018 00:19:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 73F1B2A9E7 for ; Thu, 11 Oct 2018 00:19:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 681FE2ABF0; Thu, 11 Oct 2018 00:19:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 08C6E2A9E7 for ; Thu, 11 Oct 2018 00:19:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726921AbeJKHne (ORCPT ); Thu, 11 Oct 2018 03:43:34 -0400 Received: from mail-pl1-f193.google.com ([209.85.214.193]:46283 "EHLO mail-pl1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726920AbeJKHnd (ORCPT ); Thu, 11 Oct 2018 03:43:33 -0400 Received: by mail-pl1-f193.google.com with SMTP id v5-v6so3274249plz.13 for ; Wed, 10 Oct 2018 17:18:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=6nN6g4PbGutmb0/T7yPnm6eCRi6kQ3RGQm5QiHIoyDE=; b=JYp+0PFQzpPjqpzN/l8/VwCmRn3KZQxQgNYdk93VP1lEK+liUvTyFglEnayEycMuXL pErHVG7vmzakl0U1Lf8Hz54AwP3cVKMxIjRMT8+UAUvmLUGIPNF+UsPlonw0cmR1yhp4 QzkzgtaNcjfeHiBGqyxOCGSCe8Wa8ccjoQS8k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=6nN6g4PbGutmb0/T7yPnm6eCRi6kQ3RGQm5QiHIoyDE=; b=JyokWAQ/9YdhkGHIrUK/70G8ONtvJf60Hoe8J5YIFOxuxMsAHiF7fjKSplV+VxYrUZ iEgg7U6oDnABu3MUpWnRn4m53VatqTAiwcsu6hoRq2BErwlxo8Onu3gKfT7DXwW7J775 goIn810qzCKlmTMoerwcN7f1snw7y6NcPkBFuZmkUEURXDS0eyrj4rjVt3Ct9mfYZ/eO WKCTE0I879t8wJnT+un6vt1nYWpxwf1hNEm1w2DWmW6fQ5KaRp2oqzSLKhRzNnkcXnEQ YFLyq2DDjo8bO/i+hKsTfHHEosGlKT12j4I/hSsG/i8hy2SqlDPi4Q4EYaerAKEImwIT agJQ== X-Gm-Message-State: ABuFfoj8ZUlie6n0VDZmG+H/Khw/txfQXbPiLxGocbOM6VFAp9EQ3k42 C/ikj/WXaswLzPHK1HyGSP2QeA== X-Google-Smtp-Source: ACcGV619747qShRQi5/OlLQAuc5h4/PU5fBaXlKirrvUnSTqpL5fZiblOOtUmiWoVYz5qFISotH+Ug== X-Received: by 2002:a17:902:7802:: with SMTP id p2-v6mr150926pll.170.1539217139129; Wed, 10 Oct 2018 17:18:59 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id o133-v6sm59590051pfg.86.2018.10.10.17.18.55 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:18:57 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 08/30] LSM: Record LSM name in struct lsm_info Date: Wed, 10 Oct 2018 17:18:24 -0700 Message-Id: <20181011001846.30964-9-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In preparation for making LSM selections outside of the LSMs, include the name of LSMs in struct lsm_info. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- include/linux/lsm_hooks.h | 1 + security/apparmor/lsm.c | 1 + security/integrity/iint.c | 1 + security/selinux/hooks.c | 1 + security/smack/smack_lsm.c | 1 + security/tomoyo/tomoyo.c | 1 + 6 files changed, 6 insertions(+) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 9c6b4198ff5a..ae159b02f3ab 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2040,6 +2040,7 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count, char *lsm); struct lsm_info { + const char *name; /* Required. */ int (*init)(void); /* Required. */ }; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index c4863956c832..dca4b7dbf368 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1607,5 +1607,6 @@ static int __init apparmor_init(void) } DEFINE_LSM(apparmor) = { + .name = "apparmor", .init = apparmor_init, }; diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 94e8e1820748..1ea05da2323d 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -176,6 +176,7 @@ static int __init integrity_iintcache_init(void) return 0; } DEFINE_LSM(integrity) = { + .name = "integrity", .init = integrity_iintcache_init, }; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 6ca2e89ddbd6..9651bccae270 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7203,6 +7203,7 @@ void selinux_complete_init(void) /* SELinux requires early initialization in order to label all processes and objects when they are created. */ DEFINE_LSM(selinux) = { + .name = "selinux", .init = selinux_init, }; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index c62e26939a69..2fb56bcf1316 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4883,5 +4883,6 @@ static __init int smack_init(void) * all processes and objects when they are created. */ DEFINE_LSM(smack) = { + .name = "smack", .init = smack_init, }; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index b2d833999910..1b5b5097efd7 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -551,5 +551,6 @@ static int __init tomoyo_init(void) } DEFINE_LSM(tomoyo) = { + .name = "tomoyo", .init = tomoyo_init, }; From patchwork Thu Oct 11 00:18:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635537 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8FFB2933 for ; Thu, 11 Oct 2018 00:19:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 766922ABF0 for ; Thu, 11 Oct 2018 00:19:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 69D502ACBE; Thu, 11 Oct 2018 00:19:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 077C02ABF0 for ; Thu, 11 Oct 2018 00:19:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727180AbeJKHnj (ORCPT ); Thu, 11 Oct 2018 03:43:39 -0400 Received: from mail-pf1-f196.google.com ([209.85.210.196]:39535 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727152AbeJKHnj (ORCPT ); Thu, 11 Oct 2018 03:43:39 -0400 Received: by mail-pf1-f196.google.com with SMTP id c25-v6so3444412pfe.6 for ; Wed, 10 Oct 2018 17:19:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=O55DFeS8ueFeZRsonWfjwV1xQL3qE86rj2SxIpnAmMg=; b=SnJL19inC1A4uT1F9hK0NVjaJHzq4ikuhyvQZjAdgvEZYbYPVBYF99u+kezQV7YvtS TRWhdqZoJNOwf1Xr5Vmkq1dYyTLwe1OnOzAs9UWA2CZooDhUDac9UEaTwJDdOEdoe9rZ r7bJlN7WfZYwNT3zKh6fTEO4BS3805PxuY51M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=O55DFeS8ueFeZRsonWfjwV1xQL3qE86rj2SxIpnAmMg=; b=Ehni2fau1XVftheIwZ/NRJgRuPZdK9iC+RzA/IMB/+nYjqATtIyyKibh88RoQA/Lm2 HC2WeN7udgNtOKXjMoIMN5JlJ06hkv3+Ow+5GSNLHoXhtcg2CHCb0qQYYCmn2Gg+/oN+ 1bNmAvgXkAS5lsAxy3+w6Zm/+vbIhlDyjCFWKdXYFlBg7mrjJFymYMgfrG0q4/+kjJFN NzvviawDM/b4iwYTFi/SoDLhUPUmUtW/6BmCVavtjYe8J/S6HmEYykH517FxFHPQBkup G+qWJ98ozob+JtB+5Qks/Snj5te0l+ChNQ3z+Zu/mOW+VrUJrE5hMr70TBsVpwDoun8v CTmw== X-Gm-Message-State: ABuFfoh4pQwR8OMd9IAG3ZsWhNf2tfMasO90vGSnCgJrZ+Nxoskm832l ogBCJgajSoD9DyldlZ1yIKNRkg== X-Google-Smtp-Source: ACcGV62ySqYROrB5LLeSkAniSEvUin/jAQUthu9Z2hI8/66fd8ozoSTiVrhYKRl/r8/5x5QALVqtXg== X-Received: by 2002:a63:fd09:: with SMTP id d9-v6mr32277270pgh.164.1539217144391; Wed, 10 Oct 2018 17:19:04 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id b3-v6sm40544422pfc.178.2018.10.10.17.18.56 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:18:58 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 09/30] LSM: Provide init debugging infrastructure Date: Wed, 10 Oct 2018 17:18:25 -0700 Message-Id: <20181011001846.30964-10-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Booting with "lsm.debug" will report future details on how LSM ordering decisions are being made. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen Reviewed-by: James Morris --- .../admin-guide/kernel-parameters.txt | 2 ++ security/security.c | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 9871e649ffef..32d323ee9218 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2274,6 +2274,8 @@ ltpc= [NET] Format: ,, + lsm.debug [SECURITY] Enable LSM initialization debugging output. + machvec= [IA-64] Force the use of a particular machine-vector (machvec) in a generic kernel. Example: machvec=hpzx1_swiotlb diff --git a/security/security.c b/security/security.c index e74f46fba591..395f804f6a91 100644 --- a/security/security.c +++ b/security/security.c @@ -12,6 +12,8 @@ * (at your option) any later version. */ +#define pr_fmt(fmt) "LSM: " fmt + #include #include #include @@ -43,11 +45,19 @@ char *lsm_names; static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; +static __initdata bool debug; +#define init_debug(...) \ + do { \ + if (debug) \ + pr_info(__VA_ARGS__); \ + } while (0) + static void __init major_lsm_init(void) { struct lsm_info *lsm; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + init_debug("initializing %s\n", lsm->name); lsm->init(); } } @@ -91,6 +101,14 @@ static int __init choose_lsm(char *str) } __setup("security=", choose_lsm); +/* Enable LSM order debugging. */ +static int __init enable_debug(char *str) +{ + debug = true; + return 1; +} +__setup("lsm.debug", enable_debug); + static bool match_last_lsm(const char *list, const char *lsm) { const char *last; From patchwork Thu Oct 11 00:18:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635541 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3C922933 for ; Thu, 11 Oct 2018 00:20:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 27C6D2ABF0 for ; Thu, 11 Oct 2018 00:20:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1BA6C2ACBE; Thu, 11 Oct 2018 00:20:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B35D62ABF0 for ; Thu, 11 Oct 2018 00:20:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727268AbeJKHod (ORCPT ); Thu, 11 Oct 2018 03:44:33 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:33313 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727081AbeJKHnh (ORCPT ); Thu, 11 Oct 2018 03:43:37 -0400 Received: by mail-pf1-f195.google.com with SMTP id 78-v6so1060903pfq.0 for ; Wed, 10 Oct 2018 17:19:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=qfu2i5vCbLXUhEgxVTjIKQVSKkT0aaheZInMAAU7pCg=; b=h8CSwExuRPJDsJrDiwuXEIyychgJe6pkvqcLZBNNK8I35pEFBC2JDMH9FmbCB5c4Hh 2XqMoTa2jXCGVupBPQtfabThLm2M/nFsf9gez6PimPn0zhmC8QU6Ij9PGuhRlp60+KYy l24DA0UBAjTpm3PNbqWTTD4YzjRpiIPoV0N2o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=qfu2i5vCbLXUhEgxVTjIKQVSKkT0aaheZInMAAU7pCg=; b=m/QF0LzelofBhKnKlUXq+a420NThXNGAZARWPh0t3Sb/QzW1xWkvH4Vqe8raei9cxY ytxzrHuO2gs/+ivZMgiIx7O+LA5fs+n92JC3qdUQd5B5Otcr9+0LtIkApwcgTaIVXn3D +VbfP5pnxVXfHBY03epkSr09MWQ7sdJQvfxwEMvBX2aAl4snjbO1tvyQuEpXYxagNKYj 3By6W/Xwn7GdvR5AyWc+Rn0HcrRqawYctREg8dWXO3/3xsNUshmzqTsOel0fjGnrLxXS +TzakhRhPH/xxNBwmDy53erUc4ETczJjvnbTs+vwMAxWlzlzYBPbHSf6CELilrvsyflt t5iw== X-Gm-Message-State: ABuFfojFkf2qm1cpn2sTKZWBpU/E6mRI9wWaOmw6Qcu2sH9+8cO93Jv9 DRciqymIEFUP90eHJMIZ8kbLhQ== X-Google-Smtp-Source: ACcGV63prjsFPCaTcde6dqOws5c/V8PiRq37SDg6xRRo82yu+prgVvu9t7835fjLP2q7ILQSj1HJJA== X-Received: by 2002:a62:ccd4:: with SMTP id j81-v6mr37703628pfk.76.1539217142740; Wed, 10 Oct 2018 17:19:02 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id k3-v6sm73024605pfk.60.2018.10.10.17.18.56 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:18:58 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 10/30] LSM: Don't ignore initialization failures Date: Wed, 10 Oct 2018 17:18:26 -0700 Message-Id: <20181011001846.30964-11-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP LSM initialization failures have traditionally been ignored. We should at least WARN when something goes wrong. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen --- security/security.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/security/security.c b/security/security.c index 395f804f6a91..2055af907eba 100644 --- a/security/security.c +++ b/security/security.c @@ -55,10 +55,12 @@ static __initdata bool debug; static void __init major_lsm_init(void) { struct lsm_info *lsm; + int ret; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { init_debug("initializing %s\n", lsm->name); - lsm->init(); + ret = lsm->init(); + WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); } } From patchwork Thu Oct 11 00:18:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635535 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1FF4D17E1 for ; Thu, 11 Oct 2018 00:19:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 071752ABF0 for ; Thu, 11 Oct 2018 00:19:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EE86D2ACBE; Thu, 11 Oct 2018 00:19:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8B5B62ABF0 for ; Thu, 11 Oct 2018 00:19:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727148AbeJKHnk (ORCPT ); Thu, 11 Oct 2018 03:43:40 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:39844 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727170AbeJKHnj (ORCPT ); Thu, 11 Oct 2018 03:43:39 -0400 Received: by mail-pg1-f195.google.com with SMTP id r9-v6so3274953pgv.6 for ; Wed, 10 Oct 2018 17:19:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=yHtJ2wuDy6KMLinmeN4owhKSAddTYrZKj9GP/zJS5B4=; b=HLor249iQGUkqWngqbljMZtySuE21yUrEo0+FI/u0LOXzuv/6lTKBCef2FuTyuR/Pk nI/yxw0K6UCn5sJ8iCEHYlBak0gI1eLnwyyhNXEiyJSmo7+PUrYgoI2ol+beypahuyZ8 X15efCIUr/3Uy25+Xasnz+S67i3LADfaF6thU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=yHtJ2wuDy6KMLinmeN4owhKSAddTYrZKj9GP/zJS5B4=; b=Z8XfWXTXnAYRm91WjmkROxVxKNXi9WtbDch95GC+r5QMdLz9Knub4wArDuIcWYXtXf w3qpvuWRyTVPHVPGZzaTICYN3uLn/2tH2bKZbm5taQk3mmP1gz0Al6mtcc69xUcdMbW/ BaOkJV4k+OHdd/in3HJGeqfqMIHs5mE75omOMGXbjt3zrdm/RUobnaO3b8laaH/2fFhF 6i3FJEo2+JcH/tQToKUIwgsL/bYbYuwbUS8FZc3IbrMc6Us6rqsmD8AWI4Eax9tpc/Oe Q9tcje5hID6Z6QtrpDjTxHWX7Elv4xIUZ5uel7+mCwsfQGh+dfP8x3bAWvLu8iNdhy6J VSLQ== X-Gm-Message-State: ABuFfogYqYI+3f2kIjMyZdJDLOMa7Su/kevx1hMFizapi13UOWqlRDfd 67GQebpzraflVvK83+lG5nuiQQ== X-Google-Smtp-Source: ACcGV610vd06UCWYQXRHpRCxKnvZYdjvbxPoXNFqhJTYaKgw2nLO/SdmzjE53vLw3NbcnCdeFqN3fQ== X-Received: by 2002:a63:d40c:: with SMTP id a12-v6mr31304706pgh.394.1539217145485; Wed, 10 Oct 2018 17:19:05 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id b3-v6sm40544447pfc.178.2018.10.10.17.18.57 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:18:58 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 11/30] LSM: Introduce LSM_FLAG_LEGACY_MAJOR Date: Wed, 10 Oct 2018 17:18:27 -0700 Message-Id: <20181011001846.30964-12-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This adds a flag for the current "major" LSMs to distinguish them when we have a universal method for ordering all LSMs. It's called "legacy" since the distinction of "major" will go away in the blob-sharing world. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen --- include/linux/lsm_hooks.h | 3 +++ security/apparmor/lsm.c | 1 + security/selinux/hooks.c | 1 + security/smack/smack_lsm.c | 1 + security/tomoyo/tomoyo.c | 1 + 5 files changed, 7 insertions(+) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index ae159b02f3ab..531e219a49b9 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2039,8 +2039,11 @@ extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, char *lsm); +#define LSM_FLAG_LEGACY_MAJOR BIT(0) + struct lsm_info { const char *name; /* Required. */ + unsigned long flags; /* Optional: flags describing LSM */ int (*init)(void); /* Required. */ }; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index dca4b7dbf368..768cb539fb6c 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1608,5 +1608,6 @@ static int __init apparmor_init(void) DEFINE_LSM(apparmor) = { .name = "apparmor", + .flags = LSM_FLAG_LEGACY_MAJOR, .init = apparmor_init, }; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9651bccae270..020886895819 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7204,6 +7204,7 @@ void selinux_complete_init(void) all processes and objects when they are created. */ DEFINE_LSM(selinux) = { .name = "selinux", + .flags = LSM_FLAG_LEGACY_MAJOR, .init = selinux_init, }; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 2fb56bcf1316..db8bc6b6d8b0 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4884,5 +4884,6 @@ static __init int smack_init(void) */ DEFINE_LSM(smack) = { .name = "smack", + .flags = LSM_FLAG_LEGACY_MAJOR, .init = smack_init, }; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 1b5b5097efd7..09f7af130d3a 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -552,5 +552,6 @@ static int __init tomoyo_init(void) DEFINE_LSM(tomoyo) = { .name = "tomoyo", + .flags = LSM_FLAG_LEGACY_MAJOR, .init = tomoyo_init, }; From patchwork Thu Oct 11 00:18:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635531 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 17A95933 for ; Thu, 11 Oct 2018 00:19:44 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 032A42A9E7 for ; Thu, 11 Oct 2018 00:19:44 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EB7972AAC3; Thu, 11 Oct 2018 00:19:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8B5B52A9E7 for ; Thu, 11 Oct 2018 00:19:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727281AbeJKHnm (ORCPT ); Thu, 11 Oct 2018 03:43:42 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:38504 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727219AbeJKHnl (ORCPT ); Thu, 11 Oct 2018 03:43:41 -0400 Received: by mail-pg1-f195.google.com with SMTP id f8-v6so3273677pgq.5 for ; Wed, 10 Oct 2018 17:19:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=K8Z4hRQ9RjNB3cw7dID4X7rT0mlxEqRr67feJ2NB/9c=; b=B9/2xlN/BrGlJ2jEJ0k8X5eCznO9gGb86L7kP3gEAlTRWjvKke3tLyWsCO63usDSsB FZfgrRb1sQrXPB/GT2lJ2OgWtPdonIT7DCAAIFQyxtAPY5OhrkW1baX6/pUqa4pPu7jz 9r/HS+A0PFL4QnzSYF1GhOOYUhJ5/7UBcVFhc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=K8Z4hRQ9RjNB3cw7dID4X7rT0mlxEqRr67feJ2NB/9c=; b=OVIvOhvME/c872XmX95ZctTCp6CAcvpggiv7FJAjNQsIJ3GW/VCZXHydUmKPgU58Ym 277Yx2az2ovY4lz1Etfi6inMLkz2sVyzokSbeIODRbQVEeXaOMGVoDeDzzAID17W/oso Rg0Oa5T8BrB8wRLmjulXIuABS/nuQyxBJoCT6WAdj7XCqV7ZI91XSBSgWm24SDHSVdlV 5MTBpC8Em7ZKUXXjm+EVIEDlFOnkZ3NzmaqPUJ4ev7fR8gmEMndij5Ct8DlhUO5Pxf3R /tjsKC1YgEY8bQNN6SGV5+hFTIz4wHAg8J0W6szKKgZVWWG/gC6eXWNViedIsYICtpWC v7Fg== X-Gm-Message-State: ABuFfojqn0vI7qAsBlWtIKN4JmU5Hn+dtlT/lDWkJD38MvjTN6TbnJPy pCJYxKh9ZFJOJ7IkQVbBlJEf5g== X-Google-Smtp-Source: ACcGV60VLYbwdHOrzl5sFJ1cCwZRzKXIvXxg77pXFxsGRdNxcZiuZS1nq8GwLdI1uOIzhhF6+PxITg== X-Received: by 2002:a62:36c3:: with SMTP id d186-v6mr29685315pfa.133.1539217146434; Wed, 10 Oct 2018 17:19:06 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id a15-v6sm23591467pff.8.2018.10.10.17.18.57 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:18:58 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 12/30] LSM: Provide separate ordered initialization Date: Wed, 10 Oct 2018 17:18:28 -0700 Message-Id: <20181011001846.30964-13-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This provides a place for ordered LSMs to be initialized, separate from the "major" LSMs. This is mainly a copy/paste from major_lsm_init() to ordered_lsm_init(), but it will change drastically in later patches. What is not obvious in the patch is that this change moves the integrity LSM from major_lsm_init() into ordered_lsm_init(), since it is not marked with the LSM_FLAG_LEGACY_MAJOR. As it is the only LSM in the "ordered" list, there is no reordering yet created. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen --- security/security.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/security/security.c b/security/security.c index 2055af907eba..ebbbb672ced5 100644 --- a/security/security.c +++ b/security/security.c @@ -52,12 +52,30 @@ static __initdata bool debug; pr_info(__VA_ARGS__); \ } while (0) +static void __init ordered_lsm_init(void) +{ + struct lsm_info *lsm; + int ret; + + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) != 0) + continue; + + init_debug("initializing %s\n", lsm->name); + ret = lsm->init(); + WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); + } +} + static void __init major_lsm_init(void) { struct lsm_info *lsm; int ret; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) + continue; + init_debug("initializing %s\n", lsm->name); ret = lsm->init(); WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); @@ -87,6 +105,9 @@ int __init security_init(void) yama_add_hooks(); loadpin_add_hooks(); + /* Load LSMs in specified order. */ + ordered_lsm_init(); + /* * Load all the remaining security modules. */ From patchwork Thu Oct 11 00:18:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635529 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 719A7933 for ; Thu, 11 Oct 2018 00:19:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 589CE2A9E7 for ; Thu, 11 Oct 2018 00:19:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4CB6A2AAC3; Thu, 11 Oct 2018 00:19:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C01442A9E7 for ; Thu, 11 Oct 2018 00:19:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727222AbeJKHno (ORCPT ); Thu, 11 Oct 2018 03:43:44 -0400 Received: from mail-pf1-f196.google.com ([209.85.210.196]:41822 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727329AbeJKHnn (ORCPT ); Thu, 11 Oct 2018 03:43:43 -0400 Received: by mail-pf1-f196.google.com with SMTP id m77-v6so3436773pfi.8 for ; Wed, 10 Oct 2018 17:19:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=9oGsxFd1lYWYAorYyN9hIBrjHAPxot319f0edyopgaA=; b=anZ9tL1PA/A7rUVRlnGvXfA1RrTh3Rl+L9f8RGaTp3W6wYeJEIdrEvUDt+++H9nwI5 +SSz/JUU3Fj6H3VQP4MEL83+vnQ4ISidqkmm6l19mIxm+FslYKv5SHX4K0daMZ7riVM/ 8PrbhtZGbF/S8ELKZ8XiOBJqS1BJafhlmhcpQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=9oGsxFd1lYWYAorYyN9hIBrjHAPxot319f0edyopgaA=; b=eBv2faFxjoedMDsGS8OzTxKLnR/LGUaiUCzC9MI0T770mdnucSaswVD2gJh09ixz7n LOvFAAVWi4M+XvE4l+ljFNZGTfgZug54AENr7A8Yk1e7PjOO2SgLHhFJqzEYQF7bHCBs tx//7e+QjL71+gtlOaEnK45UKr3boz+3mzyg9+AHG3LAyxONQ2t5Y/HF3xw4H2Q3wL4l nKFjrNQLh0Ax+YTVHbfnjTyRjnWQg4GB7PxBKvm1EtgwYjHwEi56uVX2foPRu017dmPZ 9ZGeCDheaJRAijk4rG1EC6rxtoxlUbxXGbrplQGlGT+0Y2KiExexBAEiCmc2dZnTUnPI s5eQ== X-Gm-Message-State: ABuFfoipH3YH2U7BALMJ4D4hbfT6LYi29cy7qSC0gbHUhphY6DxKjppA BjPbpXl84vCrXzgMylGWNFwGFQ== X-Google-Smtp-Source: ACcGV60LUQF72bP/Wa30XRftKl+C/LebjcC1hyRFYuci9cH0ZA+wlWrXoxfVnBxvygE5UPg+mAqHxQ== X-Received: by 2002:a62:c2c1:: with SMTP id w62-v6mr16418780pfk.35.1539217148718; Wed, 10 Oct 2018 17:19:08 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id r65-v6sm35307981pfj.5.2018.10.10.17.18.58 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:19:06 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 13/30] LoadPin: Rename boot param "enabled" to "enforce" Date: Wed, 10 Oct 2018 17:18:29 -0700 Message-Id: <20181011001846.30964-14-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP LoadPin's "enabled" setting is really about enforcement, not whether or not the LSM is using LSM hooks. Instead, split this out so that LSM enabling can be logically distinct from whether enforcement is happening (for example, the pinning happens when the LSM is enabled, but the pin is only checked when "enforce" is set). This allows LoadPin to continue to operate sanely in test environments once LSM enable/disable is centrally handled (i.e. we want LoadPin to be enabled separately from its enforcement). Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen --- security/loadpin/Kconfig | 4 ++-- security/loadpin/loadpin.c | 21 +++++++++++---------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/security/loadpin/Kconfig b/security/loadpin/Kconfig index dd01aa91e521..a0d70d82b98e 100644 --- a/security/loadpin/Kconfig +++ b/security/loadpin/Kconfig @@ -10,10 +10,10 @@ config SECURITY_LOADPIN have a root filesystem backed by a read-only device such as dm-verity or a CDROM. -config SECURITY_LOADPIN_ENABLED +config SECURITY_LOADPIN_ENFORCE bool "Enforce LoadPin at boot" depends on SECURITY_LOADPIN help If selected, LoadPin will enforce pinning at boot. If not selected, it can be enabled at boot with the kernel parameter - "loadpin.enabled=1". + "loadpin.enforce=1". diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index 0716af28808a..a2dc146b6364 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -44,7 +44,7 @@ static void report_load(const char *origin, struct file *file, char *operation) kfree(pathname); } -static int enabled = IS_ENABLED(CONFIG_SECURITY_LOADPIN_ENABLED); +static int enforce = IS_ENABLED(CONFIG_SECURITY_LOADPIN_ENFORCE); static struct super_block *pinned_root; static DEFINE_SPINLOCK(pinned_root_spinlock); @@ -60,8 +60,8 @@ static struct ctl_path loadpin_sysctl_path[] = { static struct ctl_table loadpin_sysctl_table[] = { { - .procname = "enabled", - .data = &enabled, + .procname = "enforce", + .data = &enforce, .maxlen = sizeof(int), .mode = 0644, .proc_handler = proc_dointvec_minmax, @@ -97,7 +97,7 @@ static void check_pinning_enforcement(struct super_block *mnt_sb) loadpin_sysctl_table)) pr_notice("sysctl registration failed!\n"); else - pr_info("load pinning can be disabled.\n"); + pr_info("enforcement can be disabled.\n"); } else pr_info("load pinning engaged.\n"); } @@ -128,7 +128,7 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id) /* This handles the older init_module API that has a NULL file. */ if (!file) { - if (!enabled) { + if (!enforce) { report_load(origin, NULL, "old-api-pinning-ignored"); return 0; } @@ -151,7 +151,7 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id) * Unlock now since it's only pinned_root we care about. * In the worst case, we will (correctly) report pinning * failures before we have announced that pinning is - * enabled. This would be purely cosmetic. + * enforcing. This would be purely cosmetic. */ spin_unlock(&pinned_root_spinlock); check_pinning_enforcement(pinned_root); @@ -161,7 +161,7 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id) } if (IS_ERR_OR_NULL(pinned_root) || load_root != pinned_root) { - if (unlikely(!enabled)) { + if (unlikely(!enforce)) { report_load(origin, file, "pinning-ignored"); return 0; } @@ -186,10 +186,11 @@ static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { void __init loadpin_add_hooks(void) { - pr_info("ready to pin (currently %sabled)", enabled ? "en" : "dis"); + pr_info("ready to pin (currently %senforcing)\n", + enforce ? "" : "not "); security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); } /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */ -module_param(enabled, int, 0); -MODULE_PARM_DESC(enabled, "Pin module/firmware loading (default: true)"); +module_param(enforce, int, 0); +MODULE_PARM_DESC(enforce, "Enforce module/firmware pinning"); From patchwork Thu Oct 11 00:18:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635533 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3633017E1 for ; Thu, 11 Oct 2018 00:19:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 20F802ABF0 for ; Thu, 11 Oct 2018 00:19:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 151742ACBE; Thu, 11 Oct 2018 00:19:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A45432ABF0 for ; Thu, 11 Oct 2018 00:19:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726774AbeJKHoR (ORCPT ); Thu, 11 Oct 2018 03:44:17 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:39848 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727277AbeJKHnm (ORCPT ); Thu, 11 Oct 2018 03:43:42 -0400 Received: by mail-pg1-f196.google.com with SMTP id r9-v6so3274991pgv.6 for ; Wed, 10 Oct 2018 17:19:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=GuIJ8XJ4isc39j9FCpw3e0aw5+nW65wvPHXUlrmcc7Y=; b=mhtBdzE+++HD8ZlJoh9Sh0lv152Wzv0XGlfdoeoVj/D32O41aK7MS3Rnda2A+qODA4 Qrtnl5zHcJjkVY0W3YVUHVY6xRjOu9KcQX0A9xYhnJ/gGZTbh0I5BYOJHFqBeSSiV/fs A2G5p2YQxlN9jUuRqSEWvuI/VAQoq+e1ylRS8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=GuIJ8XJ4isc39j9FCpw3e0aw5+nW65wvPHXUlrmcc7Y=; b=cZ7DD1xFMWL6yKSDagByOUXsjpslX0IX0LN8jEtctsMGFirg+EN8CQii5iohvAubt4 eACzfMloe7CHUdtX0Nw4k28RmHU/I9kSs31Nq+kB5E7WoBCUXqrqE/mRcIQtIdfadwu+ mU+sX9Ib5ooOFyrxumcua1QWG6cQ+JUTHmid8Mn0rWaujKwb8WfcamU0beFlU9hOva7s usDy+Z6M6/1iI8rgJuEBwO8mUqqledVb7NV1t47tEZv+IpQad+8BKg40g/5HGX0M8wSf bFsKKUTkN24PFTX6blnmSNEyyTaRQ6HNN0+nKUfocaLEqDi9nw9hsE+CJ2SHORx3rCQd BHVQ== X-Gm-Message-State: ABuFfojLmgwFN+nP5ea2iZ01wp2L6Hmcl1Rx/9zTgRBWm5bfwNrI6ZBt m/uBc+jkrkMhGekUFROrlvblYg== X-Google-Smtp-Source: ACcGV627jaDsqj2WS45TJpj57mDCEEoEjxz2qpKKlMB5C0fElqT6SNaIE4E9x/uZC/smsv9yjDYbMw== X-Received: by 2002:a62:c80d:: with SMTP id z13-v6mr36366057pff.176.1539217147856; Wed, 10 Oct 2018 17:19:07 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id y185-v6sm26488288pgd.8.2018.10.10.17.18.58 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:19:06 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 14/30] LSM: Plumb visibility into optional "enabled" state Date: Wed, 10 Oct 2018 17:18:30 -0700 Message-Id: <20181011001846.30964-15-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In preparation for lifting the "is this LSM enabled?" logic out of the individual LSMs, pass in any special enabled state tracking (as needed for SELinux, AppArmor, and LoadPin). This should be an "int" to include handling any future cases where "enabled" is exposed via sysctl which has no "bool" type. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen --- include/linux/lsm_hooks.h | 1 + security/apparmor/lsm.c | 5 +++-- security/selinux/hooks.c | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 531e219a49b9..6ec5a0266f21 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2044,6 +2044,7 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count, struct lsm_info { const char *name; /* Required. */ unsigned long flags; /* Optional: flags describing LSM */ + int *enabled; /* Optional: NULL means enabled. */ int (*init)(void); /* Required. */ }; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 768cb539fb6c..6ace45704cb6 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1303,8 +1303,8 @@ bool aa_g_paranoid_load = true; module_param_named(paranoid_load, aa_g_paranoid_load, aabool, S_IRUGO); /* Boot time disable flag */ -static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; -module_param_named(enabled, apparmor_enabled, bool, S_IRUGO); +static int apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; +module_param_named(enabled, apparmor_enabled, int, 0444); static int __init apparmor_enabled_setup(char *str) { @@ -1609,5 +1609,6 @@ static int __init apparmor_init(void) DEFINE_LSM(apparmor) = { .name = "apparmor", .flags = LSM_FLAG_LEGACY_MAJOR, + .enabled = &apparmor_enabled, .init = apparmor_init, }; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 020886895819..e8da99550b67 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7205,6 +7205,7 @@ void selinux_complete_init(void) DEFINE_LSM(selinux) = { .name = "selinux", .flags = LSM_FLAG_LEGACY_MAJOR, + .enabled = &selinux_enabled, .init = selinux_init, }; From patchwork Thu Oct 11 00:18:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635523 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 05CBB933 for ; Thu, 11 Oct 2018 00:19:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E1D632A9E7 for ; Thu, 11 Oct 2018 00:19:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D57FE2AAC3; Thu, 11 Oct 2018 00:19:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 37D122A9E7 for ; Thu, 11 Oct 2018 00:19:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727398AbeJKHnp (ORCPT ); Thu, 11 Oct 2018 03:43:45 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:41258 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727072AbeJKHno (ORCPT ); Thu, 11 Oct 2018 03:43:44 -0400 Received: by mail-pg1-f196.google.com with SMTP id 23-v6so3269360pgc.8 for ; Wed, 10 Oct 2018 17:19:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ggiLtK2eVkrPN9cVnQ8nFfasYZlbOTQ2PdEkKAoFPYo=; b=kBFOoQet2q2u/XISInQRvsegm4Dgd+yUhCYwmOdRzNXfQ3+T5dPxohU2Nb5jnXtm21 Gtqj7KTya3WKWGpHzOImIzLxXaURH1MHTn2hcDcingz3yfgZeCbRyhcgrNlYJah45Nql YH5V3j+r3DkiDj10WOLOm9oESMUv4E/Xz+OQQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ggiLtK2eVkrPN9cVnQ8nFfasYZlbOTQ2PdEkKAoFPYo=; b=KF8Hyq170TAI9JXalobLf1uRfTHLw9rzEFLJANjZuG/iISUPz9QVAAgIBnbYaByb6J FHwEX9Eqg0ah3e9wDPk9tJgG8KXfENlaakAW/G7RVxKxeBVQqGZj29lcipgiFfKTDkUN B6F4aCtK+bhRh3RLvOcEwEiXo7jU5OkT/cl4O1K8r5KKjQM6iTyrsmexKl5VlxoJwAPs Cxl7w0GOqwrPi+4I+oDNKYNA10qDycinlmsjectHiwisRPWuSCAs60n3Zvp3yXm7/z/O HiqDgowFhqiTtgodQNH+CpeYQL5vxkrWf60wwku2064U8A+xLbyXS5uiyl/34FTTcxuf eQwg== X-Gm-Message-State: ABuFfohZy55Ue4V7/oxWSfIZuyMQ7qz1tCRkM/bGW1J4V2z01UzLO7JH qPrKE53Sbt7KGPesyWCIlxhbNHdFA3E= X-Google-Smtp-Source: ACcGV600ne3Z/J2XFBDawR+74H8Kv7NX8Ws49Nu05JynMEEBKRfJjgIcKSJRS2aG8Y03GXGXT8kL+w== X-Received: by 2002:a62:3384:: with SMTP id z126-v6mr36082448pfz.85.1539217149666; Wed, 10 Oct 2018 17:19:09 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id l129-v6sm37483966pfc.155.2018.10.10.17.18.59 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:19:06 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 15/30] LSM: Lift LSM selection out of individual LSMs Date: Wed, 10 Oct 2018 17:18:31 -0700 Message-Id: <20181011001846.30964-16-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP As a prerequisite to adjusting LSM selection logic in the future, this moves the selection logic up out of the individual major LSMs, making their init functions only run when actually enabled. This considers all LSMs enabled by default unless they specified an external "enable" variable. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen --- include/linux/lsm_hooks.h | 1 - security/apparmor/lsm.c | 6 --- security/security.c | 102 ++++++++++++++++++++++++++----------- security/selinux/hooks.c | 10 ---- security/smack/smack_lsm.c | 3 -- security/tomoyo/tomoyo.c | 2 - 6 files changed, 71 insertions(+), 53 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 6ec5a0266f21..9ecb623fb39d 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2085,7 +2085,6 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, #define __lsm_ro_after_init __ro_after_init #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ -extern int __init security_module_enable(const char *module); extern void __init capability_add_hooks(void); #ifdef CONFIG_SECURITY_YAMA extern void __init yama_add_hooks(void); diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 6ace45704cb6..bc56b058dc75 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1542,12 +1542,6 @@ static int __init apparmor_init(void) { int error; - if (!apparmor_enabled || !security_module_enable("apparmor")) { - aa_info_message("AppArmor disabled by boot time parameter"); - apparmor_enabled = false; - return 0; - } - aa_secids_init(); error = aa_setup_dfa_engine(); diff --git a/security/security.c b/security/security.c index ebbbb672ced5..8968c98e0a0e 100644 --- a/security/security.c +++ b/security/security.c @@ -52,33 +52,96 @@ static __initdata bool debug; pr_info(__VA_ARGS__); \ } while (0) +static bool __init is_enabled(struct lsm_info *lsm) +{ + if (!lsm->enabled || *lsm->enabled) + return true; + + return false; +} + +/* Mark an LSM's enabled flag. */ +static int lsm_enabled_true __initdata = 1; +static int lsm_enabled_false __initdata = 0; +static void __init set_enabled(struct lsm_info *lsm, bool enabled) +{ + /* + * When an LSM hasn't configured an enable variable, we can use + * a hard-coded location for storing the default enabled state. + */ + if (!lsm->enabled) { + if (enabled) + lsm->enabled = &lsm_enabled_true; + else + lsm->enabled = &lsm_enabled_false; + } else if (lsm->enabled == &lsm_enabled_true) { + if (!enabled) + lsm->enabled = &lsm_enabled_false; + } else if (lsm->enabled == &lsm_enabled_false) { + if (enabled) + lsm->enabled = &lsm_enabled_true; + } else { + *lsm->enabled = enabled; + } +} + +/* Is an LSM allowed to be initialized? */ +static bool __init lsm_allowed(struct lsm_info *lsm) +{ + /* Skip if the LSM is disabled. */ + if (!is_enabled(lsm)) + return false; + + /* Skip major-specific checks if not a major LSM. */ + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) + return true; + + /* Disabled if this LSM isn't the chosen one. */ + if (strcmp(lsm->name, chosen_lsm) != 0) + return false; + + return true; +} + +/* Check if LSM should be initialized. */ +static void __init maybe_initialize_lsm(struct lsm_info *lsm) +{ + int enabled = lsm_allowed(lsm); + + /* Record enablement (to handle any following exclusive LSMs). */ + set_enabled(lsm, enabled); + + /* If selected, initialize the LSM. */ + if (enabled) { + int ret; + + init_debug("initializing %s\n", lsm->name); + ret = lsm->init(); + WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); + } +} + static void __init ordered_lsm_init(void) { struct lsm_info *lsm; - int ret; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) != 0) continue; - init_debug("initializing %s\n", lsm->name); - ret = lsm->init(); - WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); + maybe_initialize_lsm(lsm); } } static void __init major_lsm_init(void) { struct lsm_info *lsm; - int ret; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) continue; - init_debug("initializing %s\n", lsm->name); - ret = lsm->init(); - WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); + maybe_initialize_lsm(lsm); } } @@ -168,29 +231,6 @@ static int lsm_append(char *new, char **result) return 0; } -/** - * security_module_enable - Load given security module on boot ? - * @module: the name of the module - * - * Each LSM must pass this method before registering its own operations - * to avoid security registration races. This method may also be used - * to check if your LSM is currently loaded during kernel initialization. - * - * Returns: - * - * true if: - * - * - The passed LSM is the one chosen by user at boot time, - * - or the passed LSM is configured as the default and the user did not - * choose an alternate LSM at boot time. - * - * Otherwise, return false. - */ -int __init security_module_enable(const char *module) -{ - return !strcmp(module, chosen_lsm); -} - /** * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e8da99550b67..71a10fedecb3 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7133,16 +7133,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { static __init int selinux_init(void) { - if (!security_module_enable("selinux")) { - selinux_enabled = 0; - return 0; - } - - if (!selinux_enabled) { - pr_info("SELinux: Disabled at boot.\n"); - return 0; - } - pr_info("SELinux: Initializing.\n"); memset(&selinux_state, 0, sizeof(selinux_state)); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index db8bc6b6d8b0..f243044d5a55 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4834,9 +4834,6 @@ static __init int smack_init(void) struct cred *cred; struct task_smack *tsp; - if (!security_module_enable("smack")) - return 0; - smack_inode_cache = KMEM_CACHE(inode_smack, 0); if (!smack_inode_cache) return -ENOMEM; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 09f7af130d3a..a46f6bc1e97c 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -540,8 +540,6 @@ static int __init tomoyo_init(void) { struct cred *cred = (struct cred *) current_cred(); - if (!security_module_enable("tomoyo")) - return 0; /* register ourselves with the security framework */ security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); printk(KERN_INFO "TOMOYO Linux initialized\n"); From patchwork Thu Oct 11 00:18:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635527 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E3B79933 for ; Thu, 11 Oct 2018 00:19:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CF0412A9E7 for ; Thu, 11 Oct 2018 00:19:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C2DF52AAC3; Thu, 11 Oct 2018 00:19:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 495B62A9E7 for ; Thu, 11 Oct 2018 00:19:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727402AbeJKHnp (ORCPT ); Thu, 11 Oct 2018 03:43:45 -0400 Received: from mail-pf1-f196.google.com ([209.85.210.196]:33802 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727332AbeJKHnp (ORCPT ); Thu, 11 Oct 2018 03:43:45 -0400 Received: by mail-pf1-f196.google.com with SMTP id k19-v6so3453964pfi.1 for ; Wed, 10 Oct 2018 17:19:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=G3G6jZlpTaj7SjcMKQ9jlQ7SbDDXxzquRoJPLZTO5H4=; b=dg5iAQJMWFrX83s5d3vVRoxp4uxA1LkCL2Ls9eFz3EhPVAYgtJqdqCUBoW7kmM2qRP 0RlmEaF6WL2y3vijfrmnitI7f2DhWhSIyfiiixNF/kNbwYcInJU/aa70mqHdKjCaODzh U3c5Lvqb/1mN/nmP5GseZ37xccQyI9FqL/G+w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=G3G6jZlpTaj7SjcMKQ9jlQ7SbDDXxzquRoJPLZTO5H4=; b=R76Pa18XnT2N9QXEAtS07xr/7sdkaWhu2jnKDYD7DeYhCmqsWPAQkkRAm8IwxFZbLE +sKk9XBcXJIGjxVn5HHcyJH/r4S9iQINvnPv0zCIpH1F2wIaQeZVduPGOoeMH804hHtC hOyK6LxqjylXbxiKdb1JQlXSmDRx5WHg1c2Ah7Jkq4WJFALr9k9ym0zncs9Ii3/D5gXo rFKGNLfIU8CxI8ShBhxwtxbseWQiPmIxzKcfj9XzNX+czYBsCapCJr0bOx+Pf+goA11A 3/d21T7+y/v8mAzKVRE9FkXb6ziTwROOTJG3eJwGfmMvvS7O3iVuyrXvfzQkrO+AfHP1 AZcg== X-Gm-Message-State: ABuFfoh8ptdJ+tQ+qu7rgcQ9CXajlXQRQuEM0V5wCm8ESbE6suTIG5nm 55zHQj+BKfK4wT7vT6ZSawN/wg== X-Google-Smtp-Source: ACcGV62IGmxCychjvc+FVpBPqxGWtVHKGNZVge9/GY5v7i7aAErhTB1fgphOUELGEsXhF3poGaP7mw== X-Received: by 2002:a63:2643:: with SMTP id m64-v6mr31224545pgm.435.1539217150604; Wed, 10 Oct 2018 17:19:10 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id p4-v6sm25604331pfg.188.2018.10.10.17.18.59 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:19:06 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 16/30] LSM: Build ordered list of LSMs to initialize Date: Wed, 10 Oct 2018 17:18:32 -0700 Message-Id: <20181011001846.30964-17-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This constructs an ordered list of LSMs to initialize, using a hard-coded list of only "integrity": minor LSMs continue to have direct hook calls, and major LSMs continue to initialize separately. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- security/security.c | 58 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 53 insertions(+), 5 deletions(-) diff --git a/security/security.c b/security/security.c index 8968c98e0a0e..9bb15d697287 100644 --- a/security/security.c +++ b/security/security.c @@ -37,6 +37,9 @@ /* Maximum number of letters for an LSM name string */ #define SECURITY_NAME_MAX 10 +/* How many LSMs were built into the kernel? */ +#define LSM_COUNT (__end_lsm_info - __start_lsm_info) + struct security_hook_heads security_hook_heads __lsm_ro_after_init; static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain); @@ -45,6 +48,9 @@ char *lsm_names; static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; +/* Ordered list of LSMs to initialize. */ +static __initdata struct lsm_info **ordered_lsms; + static __initdata bool debug; #define init_debug(...) \ do { \ @@ -85,6 +91,34 @@ static void __init set_enabled(struct lsm_info *lsm, bool enabled) } } +/* Is an LSM already listed in the ordered LSMs list? */ +static bool __init exists_ordered_lsm(struct lsm_info *lsm) +{ + struct lsm_info **check; + + for (check = ordered_lsms; *check; check++) + if (*check == lsm) + return true; + + return false; +} + +/* Append an LSM to the list of ordered LSMs to initialize. */ +static int last_lsm __initdata; +static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from) +{ + /* Ignore duplicate selections. */ + if (exists_ordered_lsm(lsm)) + return; + + if (WARN(last_lsm == LSM_COUNT, "%s: out of LSM slots!?\n", from)) + return; + + ordered_lsms[last_lsm++] = lsm; + init_debug("%s ordering: %s (%sabled)\n", from, lsm->name, + is_enabled(lsm) ? "en" : "dis"); +} + /* Is an LSM allowed to be initialized? */ static bool __init lsm_allowed(struct lsm_info *lsm) { @@ -121,18 +155,32 @@ static void __init maybe_initialize_lsm(struct lsm_info *lsm) } } -static void __init ordered_lsm_init(void) +/* Populate ordered LSMs list from single LSM name. */ +static void __init ordered_lsm_parse(const char *order, const char *origin) { struct lsm_info *lsm; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) != 0) - continue; - - maybe_initialize_lsm(lsm); + if (strcmp(lsm->name, order) == 0) + append_ordered_lsm(lsm, origin); } } +static void __init ordered_lsm_init(void) +{ + struct lsm_info **lsm; + + ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), + GFP_KERNEL); + + ordered_lsm_parse("integrity", "builtin"); + + for (lsm = ordered_lsms; *lsm; lsm++) + maybe_initialize_lsm(*lsm); + + kfree(ordered_lsms); +} + static void __init major_lsm_init(void) { struct lsm_info *lsm; From patchwork Thu Oct 11 00:18:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635563 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1051414DB for ; Thu, 11 Oct 2018 00:25:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DB9BB2A071 for ; Thu, 11 Oct 2018 00:25:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CE1092A155; Thu, 11 Oct 2018 00:25:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 684592A071 for ; Thu, 11 Oct 2018 00:25:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726034AbeJKHuY (ORCPT ); Thu, 11 Oct 2018 03:50:24 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:35941 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726189AbeJKHuX (ORCPT ); Thu, 11 Oct 2018 03:50:23 -0400 Received: by mail-pg1-f193.google.com with SMTP id f18-v6so3291090pgv.3 for ; Wed, 10 Oct 2018 17:25:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=7MWm0+P/X+39HL+s8UrwNL/nmKrjGJUnQdRflWFBBLo=; b=YFYFaZPMiA6bx2pBhzXKXyqcvud3xTvKW0vJDgjtV6OcljqJzfkIJb+k5aN2/OZBYT kbI9yzJnnTLUovU2SMPJRQFQFeSFoyQFDA3QRihYt9w+bBySiUFFWRS32h8iANEVHkKW cbje0S0KgD59l7H3FViEsEmzw7NNEAKCa1FcQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=7MWm0+P/X+39HL+s8UrwNL/nmKrjGJUnQdRflWFBBLo=; b=c9psIYgYkRD0u12qYAi/c6ljHKonDmY23CsjtDn0QA7JY/aSKaFfyOaRSqzhHE2leA IH7zJG+/cjMytRKi989YXaCkR1S1Kz6WkrpYt2fcCnvJz1/jkCBULxIChlnnu8nD3hMd CpwhWmJyT+qu2XexUK880fWEeUVgE+hPkCg270Hyf9aO+DRbtR7suetoq3//+SD4/bQ7 Dn3rUUQECNBRRjl6wWksO6gJm5ePyqKPpUvNTpacXXWl+qO6OITfxFCbn4Z1YzrzP2GB 4kDpV/B/s5mya+erpZtOlDk/o1xvregJB5OVIVamvKGrkAYw0pOlkBc3MSjVatWohF6j vZfA== X-Gm-Message-State: ABuFfogci0UjYoSrf2m9NNbdPD3r1XxwOMj+BQ/1WUVw8RX85LbxCxhp i5d4nyuONMJYuSzHV2VNj6Waig== X-Google-Smtp-Source: ACcGV61//8vWC9oFusndN9PkH+YwosFItNb/PjHYIYtOo0iGstbSGUkswUC9yvVOa8ZTf9yTjit4tA== X-Received: by 2002:a62:c60a:: with SMTP id m10-v6mr36286695pfg.15.1539217547310; Wed, 10 Oct 2018 17:25:47 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id l83-v6sm62173135pfi.172.2018.10.10.17.25.45 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:25:45 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 17/30] LSM: Introduce CONFIG_LSM Date: Wed, 10 Oct 2018 17:18:33 -0700 Message-Id: <20181011001846.30964-18-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This provides a way to declare LSM initialization order via the new CONFIG_LSM. Currently only non-major LSMs are recognized. This will be expanded in future patches. Signed-off-by: Kees Cook --- security/Kconfig | 9 +++++++++ security/security.c | 27 ++++++++++++++++++++++----- 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/security/Kconfig b/security/Kconfig index 27d8b2688f75..005634f7c4bb 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -276,5 +276,14 @@ config DEFAULT_SECURITY default "apparmor" if DEFAULT_SECURITY_APPARMOR default "" if DEFAULT_SECURITY_DAC +config LSM + string "Ordered list of enabled LSMs" + default "integrity" + help + A comma-separated list of LSMs, in initialization order. + Any LSMs left off this list will be ignored. + + If unsure, leave this as the default. + endmenu diff --git a/security/security.c b/security/security.c index 9bb15d697287..1c4889bce917 100644 --- a/security/security.c +++ b/security/security.c @@ -48,6 +48,8 @@ char *lsm_names; static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; +static __initconst const char * const builtin_lsm_order = CONFIG_LSM; + /* Ordered list of LSMs to initialize. */ static __initdata struct lsm_info **ordered_lsms; @@ -155,15 +157,30 @@ static void __init maybe_initialize_lsm(struct lsm_info *lsm) } } -/* Populate ordered LSMs list from single LSM name. */ +/* Populate ordered LSMs list from comma-separated LSM name list. */ static void __init ordered_lsm_parse(const char *order, const char *origin) { struct lsm_info *lsm; + char *sep, *name, *next; + + sep = kstrdup(order, GFP_KERNEL); + next = sep; + /* Walk the list, looking for matching LSMs. */ + while ((name = strsep(&next, ",")) != NULL) { + bool found = false; + + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0 && + strcmp(lsm->name, name) == 0) { + append_ordered_lsm(lsm, origin); + found = true; + } + } - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (strcmp(lsm->name, order) == 0) - append_ordered_lsm(lsm, origin); + if (!found) + init_debug("%s ignored: %s\n", origin, name); } + kfree(sep); } static void __init ordered_lsm_init(void) @@ -173,7 +190,7 @@ static void __init ordered_lsm_init(void) ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), GFP_KERNEL); - ordered_lsm_parse("integrity", "builtin"); + ordered_lsm_parse(builtin_lsm_order, "builtin"); for (lsm = ordered_lsms; *lsm; lsm++) maybe_initialize_lsm(*lsm); From patchwork Thu Oct 11 00:18:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635587 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 12A9414DB for ; Thu, 11 Oct 2018 00:27:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EBACC2A071 for ; Thu, 11 Oct 2018 00:27:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DF7602A1A1; Thu, 11 Oct 2018 00:27:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8087F2A071 for ; Thu, 11 Oct 2018 00:27:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725971AbeJKHuW (ORCPT ); Thu, 11 Oct 2018 03:50:22 -0400 Received: from mail-pl1-f194.google.com ([209.85.214.194]:46700 "EHLO mail-pl1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725988AbeJKHuW (ORCPT ); Thu, 11 Oct 2018 03:50:22 -0400 Received: by mail-pl1-f194.google.com with SMTP id v5-v6so3280808plz.13 for ; Wed, 10 Oct 2018 17:25:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=u3Rn1Vu6J+MynTAWlzZFNM86DMwzLFNgXxOVSZrRq4M=; b=GssHaghULj0202mm4Q+TkXZyANOB8bpB7rB/hrLSoWtrvZuq77Z5/43fo3/ksejQoa XuACGmImRc0KpCdW+5aguZtdk9bwuHzuGnOBIwKxKZz4IwOTcGeelTBuDTlVyMlZCaYv twWS3zm/lq3q4ccZ8I5mpgucnHf6JSHBlR0/A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=u3Rn1Vu6J+MynTAWlzZFNM86DMwzLFNgXxOVSZrRq4M=; b=NJ371P+tni/IZofIKOChw+NGUjLOqxnCqTqbwFNdyrpqyBI48UaQ/B52DXlOyadoGi b6KNqeehixfmPV1lDEIT3/2jyFSPY9v76tRR85HBZttXstBefdaHLtCBRxdn4Gs10nh8 zXagsDHKPQO71bLz21E9nyM1xsq0plaBw4/q2BjZoB5Tc0hMrGsmcY1wf0b7osZp7mOV fD9VTHL3Msp08G3IZg6LT1hMfOz+wqweHTu8tB4n9+PTLhjRhhDUqX5VFzkn6dAy0Gfb kG6XX7s3lsqzbqvJUntKxX6junk6UF5Py+PZCMbTv89nL93GKKGwNKd4is8UxR/k19Fc CBIw== X-Gm-Message-State: ABuFfohB7yIFT9hys8zi68kV/JzEO4iaRDpUMhiYBWEnKS3F6hdGwwxQ d+4SXJQYSi7IJToqYS6lIC8Dcg== X-Google-Smtp-Source: ACcGV61cd4KP8MEFuD9gVVtS0zUppyIPOBNavb9Of99Bx8SiXjk0XuM4xsOCTRmUPQII0dgPM6pXqg== X-Received: by 2002:a17:902:108a:: with SMTP id c10-v6mr33939722pla.272.1539217546453; Wed, 10 Oct 2018 17:25:46 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id d186-v6sm33693640pfg.173.2018.10.10.17.25.45 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:25:45 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 18/30] LSM: Introduce "lsm=" for boottime LSM selection Date: Wed, 10 Oct 2018 17:18:34 -0700 Message-Id: <20181011001846.30964-19-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Provide a way to explicitly choose LSM initialization order via the new "lsm=" comma-separated list of LSMs. Signed-off-by: Kees Cook --- Documentation/admin-guide/kernel-parameters.txt | 4 ++++ security/Kconfig | 3 ++- security/security.c | 14 +++++++++++++- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 32d323ee9218..d6389ab66f49 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2276,6 +2276,10 @@ lsm.debug [SECURITY] Enable LSM initialization debugging output. + lsm=lsm1,...,lsmN + [SECURITY] Choose order of LSM initialization. This + overrides CONFIG_LSM. + machvec= [IA-64] Force the use of a particular machine-vector (machvec) in a generic kernel. Example: machvec=hpzx1_swiotlb diff --git a/security/Kconfig b/security/Kconfig index 005634f7c4bb..0aa82c1c928e 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -281,7 +281,8 @@ config LSM default "integrity" help A comma-separated list of LSMs, in initialization order. - Any LSMs left off this list will be ignored. + Any LSMs left off this list will be ignored. This can be + controlled at boot with the "lsm=" parameter. If unsure, leave this as the default. diff --git a/security/security.c b/security/security.c index 1c4889bce917..70cb2d0004e9 100644 --- a/security/security.c +++ b/security/security.c @@ -47,6 +47,7 @@ char *lsm_names; /* Boot-time LSM user choice */ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; +static __initdata const char *chosen_lsm_order; static __initconst const char * const builtin_lsm_order = CONFIG_LSM; @@ -190,7 +191,10 @@ static void __init ordered_lsm_init(void) ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), GFP_KERNEL); - ordered_lsm_parse(builtin_lsm_order, "builtin"); + if (chosen_lsm_order) + ordered_lsm_parse(chosen_lsm_order, "cmdline"); + else + ordered_lsm_parse(builtin_lsm_order, "builtin"); for (lsm = ordered_lsms; *lsm; lsm++) maybe_initialize_lsm(*lsm); @@ -252,6 +256,14 @@ static int __init choose_lsm(char *str) } __setup("security=", choose_lsm); +/* Explicitly choose LSM initialization order. */ +static int __init choose_lsm_order(char *str) +{ + chosen_lsm_order = str; + return 1; +} +__setup("lsm=", choose_lsm_order); + /* Enable LSM order debugging. */ static int __init enable_debug(char *str) { From patchwork Thu Oct 11 00:18:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635569 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8304917E1 for ; Thu, 11 Oct 2018 00:26:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 629CD2A071 for ; Thu, 11 Oct 2018 00:26:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 56A5A2A155; Thu, 11 Oct 2018 00:26:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F18D32A071 for ; Thu, 11 Oct 2018 00:26:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727166AbeJKHue (ORCPT ); Thu, 11 Oct 2018 03:50:34 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:40151 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727129AbeJKHud (ORCPT ); Thu, 11 Oct 2018 03:50:33 -0400 Received: by mail-pg1-f193.google.com with SMTP id n31-v6so3279255pgm.7 for ; Wed, 10 Oct 2018 17:25:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=IKJr22+ArqQau5eHRp/gArdrGaRS+9hQmMHuu8m9jEg=; b=ATJmINTA5StSNCj0pPjYkH38S5HIB4GmfSh05agNfZdmcdk4MUyJrFyx/DxH1t1spX aVZQ947MBmkicK/he7Zuo+0ykRQosImfjSgS+gTA9IGfXDi82jpv0OgSlyFoJpCqROxM Vvwe7L8cr23Fp+F2kL7eTw5AZbTY8D0kL1LDU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=IKJr22+ArqQau5eHRp/gArdrGaRS+9hQmMHuu8m9jEg=; b=DjLfWbYS59mU3GpnBg7QV4T0iUfw2wFLDy0ORtslakVABD5pQKdA49HZs9yroP1A7k gdHDMYMt6sFyC/innA5NstC02IJsszS/5Z2lZ/wYPbwuMJKhImSuToZehuZUqjV+TmoP KPBh0AtDS2vXZ6Tfue+x5cVjWUbu9ipd4E4OQ6t1iuyDua6LBZteOBJYJPrtwODb8Ehc 1S3v9kmRx4nNxrZBnP0O1dhL11PB+pVUX/b9bic2oywgpv2Wy/D4SvW0Nf4v8UmuJWVv FhD/5wkYqDBU5+StFKACbQKwdsNd15Zv+1a8RuNYEEc625hTPN18QkZdOImLdZ1DC21g EcQA== X-Gm-Message-State: ABuFfojoN4VcwvTr97BP1qS7Jg9JczlLE6K64rMhA6GZFhHZoA3m7NAr dvy2OshU0Y+JMPa4zJkNUULiAQ== X-Google-Smtp-Source: ACcGV61MxGFAZ6VzFBml2hAhCO+suhwicMkrIZ7kzEMbWjJwCJ+cB4CkCQZwUi2dvqkZMT+DhJ6/Qw== X-Received: by 2002:a62:3047:: with SMTP id w68-v6mr12340587pfw.19.1539217557357; Wed, 10 Oct 2018 17:25:57 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id q24-v6sm22973712pff.83.2018.10.10.17.25.49 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:25:50 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 19/30] LSM: Tie enabling logic to presence in ordered list Date: Wed, 10 Oct 2018 17:18:35 -0700 Message-Id: <20181011001846.30964-20-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Until now, any LSM without an enable storage variable was considered enabled. This inverts the logic and sets defaults to true only if the LSM gets added to the ordered initialization list. (And an exception continues for the major LSMs until they are integrated into the ordered initialization in a later patch.) Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 2 +- security/security.c | 14 +++++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 9ecb623fb39d..b6b05d351eb4 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2044,7 +2044,7 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count, struct lsm_info { const char *name; /* Required. */ unsigned long flags; /* Optional: flags describing LSM */ - int *enabled; /* Optional: NULL means enabled. */ + int *enabled; /* Optional: controlled by CONFIG_LSM */ int (*init)(void); /* Required. */ }; diff --git a/security/security.c b/security/security.c index 70cb2d0004e9..f3777ed4ca80 100644 --- a/security/security.c +++ b/security/security.c @@ -63,10 +63,10 @@ static __initdata bool debug; static bool __init is_enabled(struct lsm_info *lsm) { - if (!lsm->enabled || *lsm->enabled) - return true; + if (!lsm->enabled) + return false; - return false; + return *lsm->enabled; } /* Mark an LSM's enabled flag. */ @@ -117,7 +117,11 @@ static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from) if (WARN(last_lsm == LSM_COUNT, "%s: out of LSM slots!?\n", from)) return; + /* Enable this LSM, if it is not already set. */ + if (!lsm->enabled) + lsm->enabled = &lsm_enabled_true; ordered_lsms[last_lsm++] = lsm; + init_debug("%s ordering: %s (%sabled)\n", from, lsm->name, is_enabled(lsm) ? "en" : "dis"); } @@ -210,6 +214,10 @@ static void __init major_lsm_init(void) if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) continue; + /* Enable this LSM, if it is not already set. */ + if (!lsm->enabled) + lsm->enabled = &lsm_enabled_true; + maybe_initialize_lsm(lsm); } } From patchwork Thu Oct 11 00:18:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635567 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BF6FE14DB for ; Thu, 11 Oct 2018 00:26:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A689C2A071 for ; Thu, 11 Oct 2018 00:26:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9A4A92A155; Thu, 11 Oct 2018 00:26:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3B73B2A071 for ; Thu, 11 Oct 2018 00:26:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727182AbeJKHuf (ORCPT ); Thu, 11 Oct 2018 03:50:35 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:41228 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727129AbeJKHue (ORCPT ); Thu, 11 Oct 2018 03:50:34 -0400 Received: by mail-pf1-f195.google.com with SMTP id m77-v6so3443924pfi.8 for ; Wed, 10 Oct 2018 17:25:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=MDq8QXTvGfDQo8enk7I/8dLpEbR7SYI/PHjZNIdtOls=; b=TFVYQeBD3isOYarr6fwcaguoEF1VqoyVIGS/Jy4VnBSn2ch8BFXlv3ocNYM/+XaNvU 4drzTWDWTFNWge+b+2BbGWlF2i90wvl1/SNzzKJXnrlqQpUF1WVonESt1NOKpO8aKjU2 UMTwYPv58C17E6wKQXqWMp1wLhBLl6zFy1YMk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=MDq8QXTvGfDQo8enk7I/8dLpEbR7SYI/PHjZNIdtOls=; b=juGKG5gjLLYnWv1MUliy65/1ZIuaQy+0KuPlLJmr7+i8HyhmO8o2CTkHseJILh3qvP bK45l5pP8GgsPXw7k0A8M6Y0QNiVlRwXtHESxV1lWGnRNw4wTOEN1/tbCsv+X/qKxVhj GIjShx55wxxEfnZ02X0SnOrOPkpRsj2hpdCzJnUwR2f5BC2xP14shdKOlStiNGtLRKDi VDcHz57UJvHr+FiXpCWq32IUgJdds/z/3wrz5SNNEUFFT//sSRbNUIVv4l68FLdReZyX lbx1zP2M2YkXp4w5vWdKccLIzS9EagbnwEmLBNnHw0ihI/n0n1OoxbD+CBDS5DPZVf+I L+Kw== X-Gm-Message-State: ABuFfohR1C6KJdLjxaBlL7iiEFy3Ad2zVnpx7PbeosgHPYMXpHbhVQoz e0hCmP7oCIPJgwfnRdmV//qExA== X-Google-Smtp-Source: ACcGV63wJGPcUqiX1haS0R+LeYhgztWmc+PLTeJMbugNUBpVwZbLBngSTPX4KjH9F5Jbs3eX5FrsHg== X-Received: by 2002:a62:5e02:: with SMTP id s2-v6mr25795217pfb.146.1539217558491; Wed, 10 Oct 2018 17:25:58 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id 187-v6sm43659859pfu.129.2018.10.10.17.25.50 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:25:57 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 20/30] LSM: Prepare for reorganizing "security=" logic Date: Wed, 10 Oct 2018 17:18:36 -0700 Message-Id: <20181011001846.30964-21-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This moves the string handling for "security=" boot parameter into a stored pointer instead of a string duplicate. This will allow easier handling of the string when switching logic to use the coming enable/disable infrastructure. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen --- security/security.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/security/security.c b/security/security.c index f3777ed4ca80..1b1ee823457c 100644 --- a/security/security.c +++ b/security/security.c @@ -34,9 +34,6 @@ #define MAX_LSM_EVM_XATTR 2 -/* Maximum number of letters for an LSM name string */ -#define SECURITY_NAME_MAX 10 - /* How many LSMs were built into the kernel? */ #define LSM_COUNT (__end_lsm_info - __start_lsm_info) @@ -45,9 +42,8 @@ static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain); char *lsm_names; /* Boot-time LSM user choice */ -static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = - CONFIG_DEFAULT_SECURITY; static __initdata const char *chosen_lsm_order; +static __initdata const char *chosen_major_lsm; static __initconst const char * const builtin_lsm_order = CONFIG_LSM; @@ -138,7 +134,7 @@ static bool __init lsm_allowed(struct lsm_info *lsm) return true; /* Disabled if this LSM isn't the chosen one. */ - if (strcmp(lsm->name, chosen_lsm) != 0) + if (strcmp(lsm->name, chosen_major_lsm) != 0) return false; return true; @@ -195,6 +191,9 @@ static void __init ordered_lsm_init(void) ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), GFP_KERNEL); + if (!chosen_major_lsm) + chosen_major_lsm = CONFIG_DEFAULT_SECURITY; + if (chosen_lsm_order) ordered_lsm_parse(chosen_lsm_order, "cmdline"); else @@ -257,12 +256,12 @@ int __init security_init(void) } /* Save user chosen LSM */ -static int __init choose_lsm(char *str) +static int __init choose_major_lsm(char *str) { - strncpy(chosen_lsm, str, SECURITY_NAME_MAX); + chosen_major_lsm = str; return 1; } -__setup("security=", choose_lsm); +__setup("security=", choose_major_lsm); /* Explicitly choose LSM initialization order. */ static int __init choose_lsm_order(char *str) From patchwork Thu Oct 11 00:18:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635525 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 86A8F933 for ; Thu, 11 Oct 2018 00:19:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6BEF62A9EC for ; Thu, 11 Oct 2018 00:19:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5F92C2A9E7; Thu, 11 Oct 2018 00:19:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 025152A9E7 for ; Thu, 11 Oct 2018 00:19:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727460AbeJKHnr (ORCPT ); Thu, 11 Oct 2018 03:43:47 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:39853 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727419AbeJKHnq (ORCPT ); Thu, 11 Oct 2018 03:43:46 -0400 Received: by mail-pg1-f196.google.com with SMTP id r9-v6so3275053pgv.6 for ; Wed, 10 Oct 2018 17:19:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=B2MT6Hr/No4vpDLMQ0LP9i/w9/IFVSU+eSeH5iht8h0=; b=U67kSwydciTfRVqGNMDeIqFUpcBJ162GM2d553kzz5RbZjIjzrSIO1iyYXPh2ZrTc6 gulfyHT5dGoFdrzUFQwLz4na5qDwo2SB/8TYoDVyIzWmruj7V4bdPJVfGjS7PPi3Uiyv Y1m6ianmGcdPdRqoW8DaPRRPqT07RRQ0Yfb4o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=B2MT6Hr/No4vpDLMQ0LP9i/w9/IFVSU+eSeH5iht8h0=; b=n1EpkrTGkj5JZ50N+amy9354htir0vYbX+wgvqYFXdGVbyi52nj0ctW5IFXIAtFTyU MIoaK/XoPpL4Q+doJbr1fFy0D2FJ6bwJmBmRmJyPqNTInk4BzLJnm6MuIZhwBAby9UzQ QHDZ5oaT6Nloybl644DBfRpvSjO141r7LSeGJ+qaNC+l0pibSn5TCANblsA2ZaDtBZM2 f4eC48nbJp0PEfnfsQbht/0S4ZkbIpukzKtOa0S2VsKAXuuLlgNWUZ5O/G6H/J8XXBsf HY+y+7ebAFw9hHycAq7Dwaw/bEx7K7IHeVkpSY7HG5Ol9f0lB+AbP8T4i93v2+nkmX6j 1Tag== X-Gm-Message-State: ABuFfoiIpcB+QlXs0vQtDsMbegDPbWLbO5SiOLdwFPXX7T2YFaY/0/Un mZLe/YkW3zv9socSteV5vZ8KdQ== X-Google-Smtp-Source: ACcGV6310duiuF1CQG4tNR5CeYEJfiN55QHgbhZ8qvhYNs1wQKuAfxlpd4rNTL7ACyGKDtThXGstEw== X-Received: by 2002:a63:2807:: with SMTP id o7-v6mr31367120pgo.155.1539217151797; Wed, 10 Oct 2018 17:19:11 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id k3-v6sm73024896pfk.60.2018.10.10.17.19.02 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:19:06 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 21/30] LSM: Refactor "security=" in terms of enable/disable Date: Wed, 10 Oct 2018 17:18:37 -0700 Message-Id: <20181011001846.30964-22-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP For what are marked as the Legacy Major LSMs, make them effectively exclusive when selected on the "security=" boot parameter, to handle the future case of when a previously major LSMs become non-exclusive (e.g. when TOMOYO starts blob-sharing). Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- security/security.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/security/security.c b/security/security.c index 1b1ee823457c..2c754968f98b 100644 --- a/security/security.c +++ b/security/security.c @@ -129,14 +129,6 @@ static bool __init lsm_allowed(struct lsm_info *lsm) if (!is_enabled(lsm)) return false; - /* Skip major-specific checks if not a major LSM. */ - if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) - return true; - - /* Disabled if this LSM isn't the chosen one. */ - if (strcmp(lsm->name, chosen_major_lsm) != 0) - return false; - return true; } @@ -191,8 +183,28 @@ static void __init ordered_lsm_init(void) ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), GFP_KERNEL); + /* Process "security=", if given. */ if (!chosen_major_lsm) chosen_major_lsm = CONFIG_DEFAULT_SECURITY; + if (chosen_major_lsm) { + struct lsm_info *major; + + /* + * To match the original "security=" behavior, this + * explicitly does NOT fallback to another Legacy Major + * if the selected one was separately disabled: disable + * all non-matching Legacy Major LSMs. + */ + for (major = __start_lsm_info; major < __end_lsm_info; + major++) { + if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && + strcmp(major->name, chosen_major_lsm) != 0) { + set_enabled(major, false); + init_debug("security=%s disabled: %s\n", + chosen_major_lsm, major->name); + } + } + } if (chosen_lsm_order) ordered_lsm_parse(chosen_lsm_order, "cmdline"); From patchwork Thu Oct 11 00:18:38 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635565 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1794D14DB for ; Thu, 11 Oct 2018 00:25:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ECE162A071 for ; Thu, 11 Oct 2018 00:25:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E07842A155; Thu, 11 Oct 2018 00:25:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6689C2A071 for ; Thu, 11 Oct 2018 00:25:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727065AbeJKHuc (ORCPT ); Thu, 11 Oct 2018 03:50:32 -0400 Received: from mail-pl1-f193.google.com ([209.85.214.193]:42908 "EHLO mail-pl1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727029AbeJKHuc (ORCPT ); Thu, 11 Oct 2018 03:50:32 -0400 Received: by mail-pl1-f193.google.com with SMTP id c8-v6so3291642plo.9 for ; Wed, 10 Oct 2018 17:25:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=i7+WY/jHpzJT6ht0Y+8g3kVgLzl4v3M2OeZZNdpdTfs=; b=odSYJl5MVP6b7FO/sh3vvTt0HGfbPxDgszmGZ7afN533sijcINFI5wqsUkHVLRqy5v qPCya2I+EUl/w+8ITFfZzhNyyYdO87wueoQ7sLrA2GG1YhgfD15tKk74AKpGSvNOCvXR loWdLuY7a+TrOiO9ebUBqA2BRlMGgt8AEX9sA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=i7+WY/jHpzJT6ht0Y+8g3kVgLzl4v3M2OeZZNdpdTfs=; b=gMeByrr3xfbb8Ap3QgSrfYCkz/yVFyLtUd2CEP9Hvg5/HrQptWdA5JCdNf6AcQBvNU d/jQZLa9/e6n7u37ZSUuhYL7XwlB4V5DGimTFXz+4J5gqLSj6eRRsQdDkzCR1f7wFmQg Dvr9djVf/yt0QNnhLFw6NS9B4YVMD8omTj7o5n9vwn2/oVavj72qeFRkC+nXuLRJRi3x m0QK8BH2rnMnzmQhkuUW5kz7e+GmGxXW4/TVboivlNgcemqbkl/kXLhC3sOzhp0+SJkv tZqq9JSv2kDkv3aCoIWSGz79qPhUkggfEFNucNAHu3Qz/6MbLFCOM8Kp3iCA+vceZ9Ey Ti6w== X-Gm-Message-State: ABuFfojnLdJ8WvcQuD+rVxGqfbKG4OKp70ZYPd7w23jwv4cg4FB9OHXs d0bwgAXdPvi4rQQH8+hPJ5zT7A== X-Google-Smtp-Source: ACcGV60dUTyw3VCQSwMlueigJGcG9Tv+uK5nOIioeNv9gG8dH2JcJ28IFaQE7rn6vhF6uMUkh6aWvQ== X-Received: by 2002:a17:902:b198:: with SMTP id s24-v6mr33605985plr.70.1539217555602; Wed, 10 Oct 2018 17:25:55 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id v189-v6sm36233331pfb.54.2018.10.10.17.25.47 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:25:50 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 22/30] LSM: Separate idea of "major" LSM from "exclusive" LSM Date: Wed, 10 Oct 2018 17:18:38 -0700 Message-Id: <20181011001846.30964-23-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In order to both support old "security=" Legacy Major LSM selection, and handling real exclusivity, this creates LSM_FLAG_EXCLUSIVE and updates the selection logic to handle them. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- include/linux/lsm_hooks.h | 1 + security/apparmor/lsm.c | 2 +- security/security.c | 12 ++++++++++++ security/selinux/hooks.c | 2 +- security/smack/smack_lsm.c | 2 +- security/tomoyo/tomoyo.c | 2 +- 6 files changed, 17 insertions(+), 4 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index b6b05d351eb4..e88c725a43b8 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2040,6 +2040,7 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count, char *lsm); #define LSM_FLAG_LEGACY_MAJOR BIT(0) +#define LSM_FLAG_EXCLUSIVE BIT(1) struct lsm_info { const char *name; /* Required. */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index bc56b058dc75..ebf63461a79c 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1602,7 +1602,7 @@ static int __init apparmor_init(void) DEFINE_LSM(apparmor) = { .name = "apparmor", - .flags = LSM_FLAG_LEGACY_MAJOR, + .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .enabled = &apparmor_enabled, .init = apparmor_init, }; diff --git a/security/security.c b/security/security.c index 2c754968f98b..65f1fa733e4b 100644 --- a/security/security.c +++ b/security/security.c @@ -49,6 +49,7 @@ static __initconst const char * const builtin_lsm_order = CONFIG_LSM; /* Ordered list of LSMs to initialize. */ static __initdata struct lsm_info **ordered_lsms; +static __initdata struct lsm_info *exclusive; static __initdata bool debug; #define init_debug(...) \ @@ -129,6 +130,12 @@ static bool __init lsm_allowed(struct lsm_info *lsm) if (!is_enabled(lsm)) return false; + /* Not allowed if another exclusive LSM already initialized. */ + if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) { + init_debug("exclusive disabled: %s\n", lsm->name); + return false; + } + return true; } @@ -144,6 +151,11 @@ static void __init maybe_initialize_lsm(struct lsm_info *lsm) if (enabled) { int ret; + if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { + exclusive = lsm; + init_debug("exclusive chosen: %s\n", lsm->name); + } + init_debug("initializing %s\n", lsm->name); ret = lsm->init(); WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 71a10fedecb3..0f8d7bb88197 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7194,7 +7194,7 @@ void selinux_complete_init(void) all processes and objects when they are created. */ DEFINE_LSM(selinux) = { .name = "selinux", - .flags = LSM_FLAG_LEGACY_MAJOR, + .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .enabled = &selinux_enabled, .init = selinux_init, }; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index f243044d5a55..92e4baa342f8 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4881,6 +4881,6 @@ static __init int smack_init(void) */ DEFINE_LSM(smack) = { .name = "smack", - .flags = LSM_FLAG_LEGACY_MAJOR, + .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .init = smack_init, }; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index a46f6bc1e97c..daff7d7897ad 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -550,6 +550,6 @@ static int __init tomoyo_init(void) DEFINE_LSM(tomoyo) = { .name = "tomoyo", - .flags = LSM_FLAG_LEGACY_MAJOR, + .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .init = tomoyo_init, }; From patchwork Thu Oct 11 00:18:39 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635575 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D0AF817E1 for ; Thu, 11 Oct 2018 00:26:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ACDA92A155 for ; Thu, 11 Oct 2018 00:26:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A12B82A199; Thu, 11 Oct 2018 00:26:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 48B052A173 for ; Thu, 11 Oct 2018 00:26:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726977AbeJKHub (ORCPT ); Thu, 11 Oct 2018 03:50:31 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:43726 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726896AbeJKHua (ORCPT ); Thu, 11 Oct 2018 03:50:30 -0400 Received: by mail-pf1-f194.google.com with SMTP id p24-v6so3440264pff.10 for ; Wed, 10 Oct 2018 17:25:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=5nEDfuECvIoCXFIzMh9Dj+6TlJ4peBjPjA1wDbBbnVw=; b=oargnQD59MjHdASA/jZzqoYS/AuSEnLTP9i33/bcO4GerJX7MNwfBorPpxSGkmy8dk SnlpmRUWdTySLIhGr/p5wxbZlEBIlVWGlvn+XgDoi7kOGBh3BjnJqSZBCORTZB+Ei4I+ 5GJchYdIkG9d29+fzpDbdZuxOILSOHhtP4u3w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=5nEDfuECvIoCXFIzMh9Dj+6TlJ4peBjPjA1wDbBbnVw=; b=f87i3Bac3NMgKwzbA5x5J0q0lNS/f0VsiazONCIwrBvFJXg6V5BETL2vOYmgWlUYw+ ouNQ1waO674NJOBGzssPO9kJLItGgGMGzIMfP9eDpcwkxtkRdDBRUYbbKKDYw+GHCTiF WlFHJp0cvyV+MR7FonIvCJvvj2JvWx2Y3cpo+KqAjR6buVjxhfcTDJ1UyrEvpyHnVIl4 6fgSLp4Qiu2uFM0R5rcXpQ5F614vtrgyoMO3owA8XbE6dkHdtDTNPmbwFHZmZnsgkwtU viwz0OK+K3beYZIhK6pExwNjJR66Zhbus6SYrrDcFXodjznIp1A+h5HSYt5/rCYgE/8M vtOg== X-Gm-Message-State: ABuFfojEN12mfQzarYHAypuCWin1tdtDH/9P33DTvfSwd8YPKLsP7MfS 7P6ViK3OhAljSRhT4hqOw2FsJA== X-Google-Smtp-Source: ACcGV60psu5w1GB0+hcdsn8NLGqumxgi1GedY++WWis/Q829xrZiGZPmIT5ghc7tMJClonWd/JWD6g== X-Received: by 2002:a62:3541:: with SMTP id c62-v6mr36860753pfa.45.1539217553729; Wed, 10 Oct 2018 17:25:53 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id w127-v6sm32878924pfd.112.2018.10.10.17.25.47 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:25:50 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 23/30] apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE Date: Wed, 10 Oct 2018 17:18:39 -0700 Message-Id: <20181011001846.30964-24-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In preparation for removing CONFIG_DEFAULT_SECURITY, this removes the soon-to-be redundant SECURITY_APPARMOR_BOOTPARAM_VALUE. Since explicit ordering via CONFIG_LSM or "lsm=" will define whether an LSM is enabled or not, this CONFIG will become effectively ignored, so remove it. However, in order to stay backward-compatible with "security=apparmor", the enable variable defaults to true. Signed-off-by: Kees Cook --- security/apparmor/Kconfig | 16 ---------------- security/apparmor/lsm.c | 2 +- 2 files changed, 1 insertion(+), 17 deletions(-) diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig index b6b68a7750ce..3de21f46c82a 100644 --- a/security/apparmor/Kconfig +++ b/security/apparmor/Kconfig @@ -14,22 +14,6 @@ config SECURITY_APPARMOR If you are unsure how to answer this question, answer N. -config SECURITY_APPARMOR_BOOTPARAM_VALUE - int "AppArmor boot parameter default value" - depends on SECURITY_APPARMOR - range 0 1 - default 1 - help - This option sets the default value for the kernel parameter - 'apparmor', which allows AppArmor to be enabled or disabled - at boot. If this option is set to 0 (zero), the AppArmor - kernel parameter will default to 0, disabling AppArmor at - boot. If this option is set to 1 (one), the AppArmor - kernel parameter will default to 1, enabling AppArmor at - boot. - - If you are unsure how to answer this question, answer 1. - config SECURITY_APPARMOR_HASH bool "Enable introspection of sha1 hashes for loaded profiles" depends on SECURITY_APPARMOR diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index ebf63461a79c..9eaf1dec2e61 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1303,7 +1303,7 @@ bool aa_g_paranoid_load = true; module_param_named(paranoid_load, aa_g_paranoid_load, aabool, S_IRUGO); /* Boot time disable flag */ -static int apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; +static int apparmor_enabled __lsm_ro_after_init = 1; module_param_named(enabled, apparmor_enabled, int, 0444); static int __init apparmor_enabled_setup(char *str) From patchwork Thu Oct 11 00:18:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635583 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 263BA5CAF for ; Thu, 11 Oct 2018 00:26:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 069C42A071 for ; Thu, 11 Oct 2018 00:26:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EF13D2A1A1; Thu, 11 Oct 2018 00:26:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 950B42A071 for ; Thu, 11 Oct 2018 00:26:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726311AbeJKHu0 (ORCPT ); Thu, 11 Oct 2018 03:50:26 -0400 Received: from mail-pl1-f194.google.com ([209.85.214.194]:46703 "EHLO mail-pl1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726223AbeJKHuZ (ORCPT ); Thu, 11 Oct 2018 03:50:25 -0400 Received: by mail-pl1-f194.google.com with SMTP id v5-v6so3280854plz.13 for ; Wed, 10 Oct 2018 17:25:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=IXmX6NWqSt00W/pJqFjPQo5O3fzHwsapi11+f9ycNnY=; b=cws5cD8Uerjr3MHzRcnYnlT5+eBQqFBGojNGuzv077jH86oBWEdNpl23x4IdPMZlTp A6ebBufTnmglmqUmC/kB9s1M6Hu5fMFoZ69kZWKv6HcGYu7FIXM8MIulumWsAVpfrCWg +5+mE7eMuFZnCg1bLyBbI5xRzVDm0O23F4o6g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=IXmX6NWqSt00W/pJqFjPQo5O3fzHwsapi11+f9ycNnY=; b=F7I9gGs38v+XMzdWa5EqLIe8gHxK3Qtt1ZyjeCxINBGc1iVGRQyFiqzLuSPxzuuuPV KqyRRHoS3rPJMpMg2Gfu7xBStTPXXfU8UqOubZWKGqIsXrTdnkATR38faq001uR1uxtd MuPD+W47G34MoH4b78zt6acx5wfWmiAsZEUXz4yqILatW9QUMNaCydMCEyj/YFlLY2El 5l8iwTLOT69QZN4kof1Ln3AQM8Q4lziMx7Y7XxLguxuyFgmorkwDpguiFqS122JgQ3ur YRr/0I++R8XrpCLvsPqrC5b4Bt/PAFoBclPia3KISk4jutPZHnnsyk5zupX+41wcWh/u 254g== X-Gm-Message-State: ABuFfohM+2BaKqfWkaXkCGEY3raKUkEyGD5Q9NyJA4FOxzxv5vrP65vh MMW3RY6xmmplcGuR0hJ2ZA2pRg== X-Google-Smtp-Source: ACcGV62jhBnYWxcO5h7stRmixxdBMTEDtpjlyNYVISANT7qe+10BZJpGKCGnvCYg18nHuaZ/lFlcZw== X-Received: by 2002:a17:902:9a07:: with SMTP id v7-v6mr34065840plp.14.1539217549396; Wed, 10 Oct 2018 17:25:49 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id v84-v6sm36583257pfk.12.2018.10.10.17.25.45 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:25:45 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 24/30] selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE Date: Wed, 10 Oct 2018 17:18:40 -0700 Message-Id: <20181011001846.30964-25-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In preparation for removing CONFIG_DEFAULT_SECURITY, this removes the soon-to-be redundant SECURITY_SELINUX_BOOTPARAM_VALUE. Since explicit ordering via CONFIG_LSM or "lsm=" will define whether an LSM is enabled or not, this CONFIG will become effectively ignored, so remove it. However, in order to stay backward-compatible with "security=selinux", the enable variable defaults to true. Signed-off-by: Kees Cook --- security/selinux/Kconfig | 15 --------------- security/selinux/hooks.c | 5 +---- 2 files changed, 1 insertion(+), 19 deletions(-) diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig index 8af7a690eb40..55f032f1fc2d 100644 --- a/security/selinux/Kconfig +++ b/security/selinux/Kconfig @@ -22,21 +22,6 @@ config SECURITY_SELINUX_BOOTPARAM If you are unsure how to answer this question, answer N. -config SECURITY_SELINUX_BOOTPARAM_VALUE - int "NSA SELinux boot parameter default value" - depends on SECURITY_SELINUX_BOOTPARAM - range 0 1 - default 1 - help - This option sets the default value for the kernel parameter - 'selinux', which allows SELinux to be disabled at boot. If this - option is set to 0 (zero), the SELinux kernel parameter will - default to 0, disabling SELinux at bootup. If this option is - set to 1 (one), the SELinux kernel parameter will default to 1, - enabling SELinux at bootup. - - If you are unsure how to answer this question, answer 1. - config SECURITY_SELINUX_DISABLE bool "NSA SELinux runtime disable" depends on SECURITY_SELINUX diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 0f8d7bb88197..14c120842ab4 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -120,9 +120,8 @@ __setup("enforcing=", enforcing_setup); #define selinux_enforcing_boot 1 #endif +int selinux_enabled __lsm_ro_after_init = 1; #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM -int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE; - static int __init selinux_enabled_setup(char *str) { unsigned long enabled; @@ -131,8 +130,6 @@ static int __init selinux_enabled_setup(char *str) return 1; } __setup("selinux=", selinux_enabled_setup); -#else -int selinux_enabled = 1; #endif static unsigned int selinux_checkreqprot_boot = From patchwork Thu Oct 11 00:18:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635577 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A5FD517E1 for ; Thu, 11 Oct 2018 00:26:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 85D342A155 for ; Thu, 11 Oct 2018 00:26:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 77F7B2A199; Thu, 11 Oct 2018 00:26:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F2C0B2A155 for ; Thu, 11 Oct 2018 00:26:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726214AbeJKHvR (ORCPT ); Thu, 11 Oct 2018 03:51:17 -0400 Received: from mail-pl1-f193.google.com ([209.85.214.193]:34185 "EHLO mail-pl1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726703AbeJKHu3 (ORCPT ); Thu, 11 Oct 2018 03:50:29 -0400 Received: by mail-pl1-f193.google.com with SMTP id f18-v6so3311882plr.1 for ; Wed, 10 Oct 2018 17:25:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=O+n1UZ9G4yKJazZzNuVd8n+cXsOtWyTYvX517I36L/Q=; b=C22U1ev7xMSh2fiuwFIgKlasVKjOebDH2/kjkOXR4Qlp3KSQpkuuXEc1PAY9HaRMQO ug18C/EBi1AUvtl/plUm8tEedGuWWgu482TP87Qd/GZxHirzV1KnVMjpbTNMbLjeF5jS mEC1pdMHYqeUOhmHk2VYKdHCCl2C+YuT4Hlng= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=O+n1UZ9G4yKJazZzNuVd8n+cXsOtWyTYvX517I36L/Q=; b=MORo7obk8mg0jyul2HN5UnTtKuO2uaDb9+NNbHFXYdirMTP9nB8b6Cj7RfSURfdsbz siiVamshPD40uxd8GVI8Ns7h0mVtdqqMc0PwawS0mjRDtCzXaohEXjUA34WMPGOhL4FH XdIYktT2ALRqWYyffzOTaBGdLKQryKGNQKiZhxdcpGQk18E4v7KpbrOTTwgsp1+zFLT7 0InjjMHVcpq/uTR8oAUvhdp79RRtu9ni5ghE6Zl8diPlLITclJfuUK0rQpsK0Q+0mudf uKoUuIRhQ+t7y/9nWKkDc4BqC644SL7CueacEy/c2ZA8cXQOgiIwWMDfF9cs9+iU+9ll Q7ZQ== X-Gm-Message-State: ABuFfogKWfl0hWZSdGWuVo7kXuZ7mhy3QPu+v9hRO8adPv9LJe+QSMiD gfK88rcVCAi0W98eZqbAbH6jug== X-Google-Smtp-Source: ACcGV60BxUJWXHpb/8AKwu+qTuIQMX4gWtf94uTcDCr5C32Sc2Yre0PBW5Vr7EhpfkL09/9AoWx4zA== X-Received: by 2002:a17:902:104:: with SMTP id 4-v6mr8503458plb.189.1539217552801; Wed, 10 Oct 2018 17:25:52 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id b10-v6sm35720727pfe.148.2018.10.10.17.25.47 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:25:50 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 25/30] LSM: Add all exclusive LSMs to ordered initialization Date: Wed, 10 Oct 2018 17:18:41 -0700 Message-Id: <20181011001846.30964-26-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This removes CONFIG_DEFAULT_SECURITY in favor of the explicit ordering offered by CONFIG_LSM and adds all the exclusive LSMs to the ordered LSM initialization. The old meaning of CONFIG_DEFAULT_SECURITY is now captured by which exclusive LSM is listed first in the LSM order. All LSMs not added to the ordered list are explicitly disabled. Signed-off-by: Kees Cook --- security/Kconfig | 39 +-------------------------------------- security/security.c | 35 ++++++++++------------------------- 2 files changed, 11 insertions(+), 63 deletions(-) diff --git a/security/Kconfig b/security/Kconfig index 0aa82c1c928e..2f8dc1f59cae 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -239,46 +239,9 @@ source security/yama/Kconfig source security/integrity/Kconfig -choice - prompt "Default security module" - default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX - default DEFAULT_SECURITY_SMACK if SECURITY_SMACK - default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO - default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR - default DEFAULT_SECURITY_DAC - - help - Select the security module that will be used by default if the - kernel parameter security= is not specified. - - config DEFAULT_SECURITY_SELINUX - bool "SELinux" if SECURITY_SELINUX=y - - config DEFAULT_SECURITY_SMACK - bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y - - config DEFAULT_SECURITY_TOMOYO - bool "TOMOYO" if SECURITY_TOMOYO=y - - config DEFAULT_SECURITY_APPARMOR - bool "AppArmor" if SECURITY_APPARMOR=y - - config DEFAULT_SECURITY_DAC - bool "Unix Discretionary Access Controls" - -endchoice - -config DEFAULT_SECURITY - string - default "selinux" if DEFAULT_SECURITY_SELINUX - default "smack" if DEFAULT_SECURITY_SMACK - default "tomoyo" if DEFAULT_SECURITY_TOMOYO - default "apparmor" if DEFAULT_SECURITY_APPARMOR - default "" if DEFAULT_SECURITY_DAC - config LSM string "Ordered list of enabled LSMs" - default "integrity" + default "integrity,selinux,smack,tomoyo,apparmor" help A comma-separated list of LSMs, in initialization order. Any LSMs left off this list will be ignored. This can be diff --git a/security/security.c b/security/security.c index 65f1fa733e4b..4f52bd06705f 100644 --- a/security/security.c +++ b/security/security.c @@ -175,8 +175,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) bool found = false; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0 && - strcmp(lsm->name, name) == 0) { + if (strcmp(lsm->name, name) == 0) { append_ordered_lsm(lsm, origin); found = true; } @@ -185,6 +184,15 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) if (!found) init_debug("%s ignored: %s\n", origin, name); } + + /* Disable all LSMs not in the ordered list. */ + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (exists_ordered_lsm(lsm)) + continue; + set_enabled(lsm, false); + init_debug("%s disabled: %s\n", origin, lsm->name); + } + kfree(sep); } @@ -196,8 +204,6 @@ static void __init ordered_lsm_init(void) GFP_KERNEL); /* Process "security=", if given. */ - if (!chosen_major_lsm) - chosen_major_lsm = CONFIG_DEFAULT_SECURITY; if (chosen_major_lsm) { struct lsm_info *major; @@ -229,22 +235,6 @@ static void __init ordered_lsm_init(void) kfree(ordered_lsms); } -static void __init major_lsm_init(void) -{ - struct lsm_info *lsm; - - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) - continue; - - /* Enable this LSM, if it is not already set. */ - if (!lsm->enabled) - lsm->enabled = &lsm_enabled_true; - - maybe_initialize_lsm(lsm); - } -} - /** * security_init - initializes the security framework * @@ -271,11 +261,6 @@ int __init security_init(void) /* Load LSMs in specified order. */ ordered_lsm_init(); - /* - * Load all the remaining security modules. - */ - major_lsm_init(); - return 0; } From patchwork Thu Oct 11 00:18:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635579 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4AB1914DB for ; Thu, 11 Oct 2018 00:26:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 315202A071 for ; Thu, 11 Oct 2018 00:26:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 252C72A1A2; Thu, 11 Oct 2018 00:26:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B7FEC2A1A1 for ; Thu, 11 Oct 2018 00:26:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726718AbeJKHu3 (ORCPT ); Thu, 11 Oct 2018 03:50:29 -0400 Received: from mail-pl1-f193.google.com ([209.85.214.193]:36792 "EHLO mail-pl1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726247AbeJKHu1 (ORCPT ); Thu, 11 Oct 2018 03:50:27 -0400 Received: by mail-pl1-f193.google.com with SMTP id y11-v6so3294093plt.3 for ; Wed, 10 Oct 2018 17:25:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=o/EXRqhMc1kFihgZuEZ0aZzlHiUobpIVUrAgL2D7PCk=; b=mNyLGuf7bZUAbbM2vwI42nUFhUZ6PjmRv3XC1G5aZQGlWBYiYjGxgxglQxB2mkxSHS XXISL8/WTRY5lDINv8C2QoHevX2QpKrsFAAUGHumt+5cqBBTiiDW5nYXp2i/Q3ii/Z7M QJY43whG8ngJ4q0RLA/BF4S0/umyDw6CgeiVI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=o/EXRqhMc1kFihgZuEZ0aZzlHiUobpIVUrAgL2D7PCk=; b=bsZfZdk+sBZK6wuAfeAzN2t3oBmgLbfBVFMlxg7r69IR6NnsShC1YvPrxxmCOAJ4JO RAquab7nBrXR7K+oHoZNpt4qQOfYgwcr+x+8sjFh7m2/YBjz1QNLTroO1Nydas3424x1 YGsf+qvoBH3Ph+AmyPRMMTDXw3lL2jBL0r3fmZ0b9O8Lfq9qdSl/WkJtN55aJndJUnM4 24/MvxIIJp7zPGgQqHdvGtRHYQTC0rj2E7aJOWG4vsh/Ne3WqIu3CzHUzCScU4XINjeM CxXegm0MbabZlT8DCDDdj9xRPIn4qfyA9QAtmdcEHLO/mw56fYH7aY6VnOdBwMyEUWr3 xxkw== X-Gm-Message-State: ABuFfogpV+EzL8ns7dix9GFMWdLR2yexqQW258ZOQLe/lteE0x02AU1q D1FJH2vB7ibASASCDtfMAhw5kA== X-Google-Smtp-Source: ACcGV62gtlSEYk6DttLToS0EZ4Auvn1R5JW2dXPCNh4rrFOK3yAHclxlz6Jw/dXRHO0LwV5Nrsx3Yw== X-Received: by 2002:a17:902:1021:: with SMTP id b30-v6mr35637768pla.23.1539217551470; Wed, 10 Oct 2018 17:25:51 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id w127-v6sm32878900pfd.112.2018.10.10.17.25.47 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:25:50 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 26/30] LSM: Split LSM preparation from initialization Date: Wed, 10 Oct 2018 17:18:42 -0700 Message-Id: <20181011001846.30964-27-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Since we already have to do a pass through the LSMs to figure out if exclusive LSMs should be disabled after the first one is seen as enabled, this splits the logic up a bit more cleanly. Now we do a full "prepare" pass through the LSMs (which also allows for later use by the blob-sharing code), before starting the LSM initialization pass. Signed-off-by: Kees Cook --- security/security.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/security/security.c b/security/security.c index 4f52bd06705f..b40c4c212892 100644 --- a/security/security.c +++ b/security/security.c @@ -139,22 +139,28 @@ static bool __init lsm_allowed(struct lsm_info *lsm) return true; } -/* Check if LSM should be initialized. */ -static void __init maybe_initialize_lsm(struct lsm_info *lsm) +/* Prepare LSM for initialization. */ +static void __init prepare_lsm(struct lsm_info *lsm) { int enabled = lsm_allowed(lsm); /* Record enablement (to handle any following exclusive LSMs). */ set_enabled(lsm, enabled); - /* If selected, initialize the LSM. */ + /* If enabled, do pre-initialization work. */ if (enabled) { - int ret; - if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { exclusive = lsm; init_debug("exclusive chosen: %s\n", lsm->name); } + } +} + +/* Initialize a given LSM, if it is enabled. */ +static void __init initialize_lsm(struct lsm_info *lsm) +{ + if (is_enabled(lsm)) { + int ret; init_debug("initializing %s\n", lsm->name); ret = lsm->init(); @@ -230,7 +236,10 @@ static void __init ordered_lsm_init(void) ordered_lsm_parse(builtin_lsm_order, "builtin"); for (lsm = ordered_lsms; *lsm; lsm++) - maybe_initialize_lsm(*lsm); + prepare_lsm(*lsm); + + for (lsm = ordered_lsms; *lsm; lsm++) + initialize_lsm(*lsm); kfree(ordered_lsms); } From patchwork Thu Oct 11 00:18:43 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635573 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9A33F14DB for ; Thu, 11 Oct 2018 00:26:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7C4512A173 for ; Thu, 11 Oct 2018 00:26:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 706D12A1A1; Thu, 11 Oct 2018 00:26:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1147D2A173 for ; Thu, 11 Oct 2018 00:26:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726016AbeJKHvB (ORCPT ); Thu, 11 Oct 2018 03:51:01 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:34233 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726964AbeJKHub (ORCPT ); Thu, 11 Oct 2018 03:50:31 -0400 Received: by mail-pf1-f195.google.com with SMTP id k19-v6so3461137pfi.1 for ; Wed, 10 Oct 2018 17:25:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=DQdgKCn/bUcvd4Br0t1av29yxKn0HH2crs0trsCjZig=; b=QqnvfrjOuLJL+o80kwEM6qYiHn0sy8kw7gXZmCstlzgpaTG3KZqajuzVHpQ0/sFT0M GgwrOaDxSW0Xk6DbnGFZzipweTUnxmQFulXD04QsigOvs+4JBeRDO9OmXboeZJzJXmlT 9fcx7z5VGj2C7HVs1qfcfubyZJhpic6HWpYhs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=DQdgKCn/bUcvd4Br0t1av29yxKn0HH2crs0trsCjZig=; b=KyIKlxG4WaTY8pE5vjh6QKSmIDNpYwGFPue8jud/LETbBpud74LgfYE3hw2/D2krnL 11YeH8zFMH5lzkOg49zLrBxq9i0PSa4+AUK05EfpoqGcNeOpMBsb4ZwAt5fPOGdkFLyL uQFdE6qExbmWRXBN8XIniSGCnlFta6BTpHhfb/p5cP2emqBfHjAqYhxwTG7+MoY0Bpak eWUfVDdi5MxlIDLLCCnoOh2KoWT9zHNfTHc535Pxo1Eastx6CVnfhMMH4OSjPGtp0h3n ZHfMz9ijTBitl9HKWUrz1wujIP8dddcr0ySnN1umx/gqS1DpWoOb0UaGqj30TAjI20wy hRTA== X-Gm-Message-State: ABuFfoiA0qt5/KfRomDVEWKitcOhGgJ3/gHRebwZTiv4rCeX3USeSNhD BNnXITBXuWuXUaks6/a2wn/rpA== X-Google-Smtp-Source: ACcGV60OeEfa3KCZ/kUGezk7hN7oOaeQIOP2MjQZBjsY8UYfF8TYdVII5lAGVX0MQzYl/ny4PdjmOQ== X-Received: by 2002:a62:d40d:: with SMTP id a13-v6mr37693607pfh.23.1539217554665; Wed, 10 Oct 2018 17:25:54 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id t64-v6sm35947232pfb.44.2018.10.10.17.25.48 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:25:50 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 27/30] LoadPin: Initialize as ordered LSM Date: Wed, 10 Oct 2018 17:18:43 -0700 Message-Id: <20181011001846.30964-28-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This converts LoadPin from being a direct "minor" LSM into an ordered LSM. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- include/linux/lsm_hooks.h | 5 ----- security/Kconfig | 2 +- security/loadpin/loadpin.c | 8 +++++++- security/security.c | 1 - 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index e88c725a43b8..e6893ff9ca2b 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2092,10 +2092,5 @@ extern void __init yama_add_hooks(void); #else static inline void __init yama_add_hooks(void) { } #endif -#ifdef CONFIG_SECURITY_LOADPIN -void __init loadpin_add_hooks(void); -#else -static inline void loadpin_add_hooks(void) { }; -#endif #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/Kconfig b/security/Kconfig index 2f8dc1f59cae..550bd7032ab2 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -241,7 +241,7 @@ source security/integrity/Kconfig config LSM string "Ordered list of enabled LSMs" - default "integrity,selinux,smack,tomoyo,apparmor" + default "loadpin,integrity,selinux,smack,tomoyo,apparmor" help A comma-separated list of LSMs, in initialization order. Any LSMs left off this list will be ignored. This can be diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index a2dc146b6364..640d9c69cf2e 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -184,13 +184,19 @@ static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(kernel_load_data, loadpin_load_data), }; -void __init loadpin_add_hooks(void) +static int __init loadpin_init(void) { pr_info("ready to pin (currently %senforcing)\n", enforce ? "" : "not "); security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); + return 0; } +DEFINE_LSM(loadpin) = { + .name = "loadpin", + .init = loadpin_init, +}; + /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */ module_param(enforce, int, 0); MODULE_PARM_DESC(enforce, "Enforce module/firmware pinning"); diff --git a/security/security.c b/security/security.c index b40c4c212892..6ad1262aa6ab 100644 --- a/security/security.c +++ b/security/security.c @@ -265,7 +265,6 @@ int __init security_init(void) */ capability_add_hooks(); yama_add_hooks(); - loadpin_add_hooks(); /* Load LSMs in specified order. */ ordered_lsm_init(); From patchwork Thu Oct 11 00:18:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635571 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CA98514DB for ; Thu, 11 Oct 2018 00:26:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AAF9B2A071 for ; Thu, 11 Oct 2018 00:26:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9E09F2A173; Thu, 11 Oct 2018 00:26:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 354982A155 for ; Thu, 11 Oct 2018 00:26:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727040AbeJKHuv (ORCPT ); Thu, 11 Oct 2018 03:50:51 -0400 Received: from mail-pl1-f194.google.com ([209.85.214.194]:32944 "EHLO mail-pl1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727031AbeJKHuc (ORCPT ); Thu, 11 Oct 2018 03:50:32 -0400 Received: by mail-pl1-f194.google.com with SMTP id s4-v6so3311252plp.0 for ; Wed, 10 Oct 2018 17:25:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=piFJbUUnA3DqTyvccR0Ze8PG9upbNm6UGtvVT6YJ0+U=; b=aswPjPNs9bK0tyjPisDP2i0c3HxiZJd9dkzq0IXlaPWuNK/z/NLKaysyb/tEQZqYWj yuGe5dqHCdG/xOcXFanWAqPLhny9RIpqjtlmHncMmOeuzfPAtcL0wcwGNsgThWiWIPSO 3SeL8e8kMJ2pbTd18YM/XwjcsAG1VY1VIQRhA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=piFJbUUnA3DqTyvccR0Ze8PG9upbNm6UGtvVT6YJ0+U=; b=bR7JSdwQBc40piRtvOpXlPJFGNieUn3T3EHT1zwKLbbvX8tNcuIVvT2bEyoD9Jby62 t2KRpWWzb6ylrJLgx5Bk3USi8UCQwfZahmzINcovnltlgbKXzLFnkTsDYId5ZnN6Cl3O jKRsp197ANR92ALDEmbx5mNABuqpAGGUt8Ti+VIxgIW6AVeaFEPHiRvGJvKWW0MufX3L C/eiZCOmuwx/gZTxdy6j8nWCZm1qHcExls8TFgjL+PKgDlFGwGl4qjdz/qVDcjRN5oEy w2YjKx/N1IM9Q0MgDu427iVLHvJTSxgoJWUilTYSvU33mLQyiHnxHHHU5e9lW0L0p8z1 4l9Q== X-Gm-Message-State: ABuFfohErlVHQSItEhv6PCw9HzPNTAEBV2NRrY+dZGy+nVwvzWvxNrt3 JFwdk9EYQqk6Il+ZuYJu6QT1Yw== X-Google-Smtp-Source: ACcGV61GWZ/jEH6+pjl/Cg7EY2qZq9fOqxOtf2HYn5v8u6IR+5Y73sAiWB+W5hGJ2mYIohWFcE/jNQ== X-Received: by 2002:a17:902:6e17:: with SMTP id u23-v6mr36037411plk.28.1539217556469; Wed, 10 Oct 2018 17:25:56 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id c28-v6sm82620821pfk.48.2018.10.10.17.25.48 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:25:50 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 28/30] Yama: Initialize as ordered LSM Date: Wed, 10 Oct 2018 17:18:44 -0700 Message-Id: <20181011001846.30964-29-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This converts Yama from being a direct "minor" LSM into an ordered LSM. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- include/linux/lsm_hooks.h | 5 ----- security/Kconfig | 2 +- security/security.c | 1 - security/yama/yama_lsm.c | 8 +++++++- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index e6893ff9ca2b..833ec0f03795 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2087,10 +2087,5 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ extern void __init capability_add_hooks(void); -#ifdef CONFIG_SECURITY_YAMA -extern void __init yama_add_hooks(void); -#else -static inline void __init yama_add_hooks(void) { } -#endif #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/Kconfig b/security/Kconfig index 550bd7032ab2..f2a04f922ede 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -241,7 +241,7 @@ source security/integrity/Kconfig config LSM string "Ordered list of enabled LSMs" - default "loadpin,integrity,selinux,smack,tomoyo,apparmor" + default "yama,loadpin,integrity,selinux,smack,tomoyo,apparmor" help A comma-separated list of LSMs, in initialization order. Any LSMs left off this list will be ignored. This can be diff --git a/security/security.c b/security/security.c index 6ad1262aa6ab..2eb8afdd945d 100644 --- a/security/security.c +++ b/security/security.c @@ -264,7 +264,6 @@ int __init security_init(void) * Load minor LSMs, with the capability module always first. */ capability_add_hooks(); - yama_add_hooks(); /* Load LSMs in specified order. */ ordered_lsm_init(); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index ffda91a4a1aa..eb1da1303d2e 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -477,9 +477,15 @@ static void __init yama_init_sysctl(void) static inline void yama_init_sysctl(void) { } #endif /* CONFIG_SYSCTL */ -void __init yama_add_hooks(void) +static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); yama_init_sysctl(); + return 0; } + +DEFINE_LSM(yama) = { + .name = "yama", + .init = yama_init, +}; From patchwork Thu Oct 11 00:18:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635585 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B6B7514DB for ; Thu, 11 Oct 2018 00:27:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 99D7A2A071 for ; Thu, 11 Oct 2018 00:27:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8BC9B2A1A1; Thu, 11 Oct 2018 00:27:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 316942A071 for ; Thu, 11 Oct 2018 00:27:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726070AbeJKHv2 (ORCPT ); Thu, 11 Oct 2018 03:51:28 -0400 Received: from mail-pl1-f193.google.com ([209.85.214.193]:42903 "EHLO mail-pl1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726215AbeJKHuY (ORCPT ); Thu, 11 Oct 2018 03:50:24 -0400 Received: by mail-pl1-f193.google.com with SMTP id c8-v6so3291538plo.9 for ; Wed, 10 Oct 2018 17:25:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=lkpsct+7al6mQcKUWpOrrVGi/g6rgIy3oTqM5eABQTE=; b=i+MSroZgJnutX2Oav6Ml2tAnleP3kHJrhHKvvu3YVHAltkMlqHmaPfXnRW9ylM3WiJ P/Wyji4qgFeedpkFMpMAIfDWbYyfx6d7YkZFSXrvUtG6fOx5Au4Vga1698769wWXToFy ddZtslZkSp+KCWLtsNWZOpkKGMQ7+gsI7J6z4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lkpsct+7al6mQcKUWpOrrVGi/g6rgIy3oTqM5eABQTE=; b=o/oKDe5blUz4ZRPQTYTehvkattzl5UFtAT7Hs0E/elPWOzF8OY6T2k+HmBNufy/iO/ VLP2R84VxbPDn3er2sVDMwGiZE6mfWKqeJ4VbpOzWQ/JNBRcqg2T518fW1imv2Q1N4JX e1Jj8cwOFr/xV8DfWHWaqp4HZRUiBAITgvpazt1pBi4kcBUvdojLIIZUVwtspM0x+vD+ 2OTM9kqAnN6/pHcEdM4IeJwiYfK3oO6Q5+PcqMMkSr01s/dV6uxGpyOX6tFIQNjZ9wXl 5xzRGN3C4gwr88vC2O7CC65tmza0g+P2ZAmusEbdP3LPfukwlOY6BE/qsdBKYW3fI/ew S1ow== X-Gm-Message-State: ABuFfoiWWScDJn1wJxRIG5FAfYuovQ5IlQYvSCXoMTucqCQze06lkFQK CYDS8AaGbXSevQcrb3lyiDiODw== X-Google-Smtp-Source: ACcGV605NzkbnTPYziyIUkQrQljKwn9ZEDxCkvTvssMk4M8pDTaDpmzuuYKyWFVypmdhrdK7yfeOIg== X-Received: by 2002:a17:902:b706:: with SMTP id d6-v6mr1661442pls.53.1539217548207; Wed, 10 Oct 2018 17:25:48 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id k63-v6sm25901722pga.36.2018.10.10.17.25.45 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:25:45 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 29/30] LSM: Introduce enum lsm_order Date: Wed, 10 Oct 2018 17:18:45 -0700 Message-Id: <20181011001846.30964-30-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In preparation for distinguishing the "capability" LSM from other LSMs, it must be ordered first. This introduces LSM_ORDER_MUTABLE for the general LSMs and LSM_ORDER_FIRST for capability. In the future LSM_ORDER_LAST for could be added for anything that must run last (e.g. Landlock may use this). Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 6 ++++++ security/security.c | 9 ++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 833ec0f03795..97898679a505 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2042,8 +2042,14 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count, #define LSM_FLAG_LEGACY_MAJOR BIT(0) #define LSM_FLAG_EXCLUSIVE BIT(1) +enum lsm_order { + LSM_ORDER_FIRST = -1, /* This is only for capabilities. */ + LSM_ORDER_MUTABLE = 0, +}; + struct lsm_info { const char *name; /* Required. */ + enum lsm_order order; /* Optional: default is LSM_ORDER_MUTABLE */ unsigned long flags; /* Optional: flags describing LSM */ int *enabled; /* Optional: controlled by CONFIG_LSM */ int (*init)(void); /* Required. */ diff --git a/security/security.c b/security/security.c index 2eb8afdd945d..004938eb8e70 100644 --- a/security/security.c +++ b/security/security.c @@ -174,6 +174,12 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) struct lsm_info *lsm; char *sep, *name, *next; + /* LSM_ORDER_FIRST is always first. */ + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (lsm->order == LSM_ORDER_FIRST) + append_ordered_lsm(lsm, "first"); + } + sep = kstrdup(order, GFP_KERNEL); next = sep; /* Walk the list, looking for matching LSMs. */ @@ -181,7 +187,8 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) bool found = false; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (strcmp(lsm->name, name) == 0) { + if (lsm->order == LSM_ORDER_MUTABLE && + strcmp(lsm->name, name) == 0) { append_ordered_lsm(lsm, origin); found = true; } From patchwork Thu Oct 11 00:18:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10635581 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 48A2E17E1 for ; Thu, 11 Oct 2018 00:26:52 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2CF142A071 for ; Thu, 11 Oct 2018 00:26:52 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 20DA92A1A1; Thu, 11 Oct 2018 00:26:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BD54B2A071 for ; Thu, 11 Oct 2018 00:26:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726034AbeJKHv0 (ORCPT ); Thu, 11 Oct 2018 03:51:26 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:44961 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726300AbeJKHu1 (ORCPT ); Thu, 11 Oct 2018 03:50:27 -0400 Received: by mail-pg1-f193.google.com with SMTP id g2-v6so3268729pgu.11 for ; Wed, 10 Oct 2018 17:25:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=f7MAy9mUUeYOMxjwjpwy6gsSU/ScT6gKoTAYP39DmWY=; b=EKyGGt0rSKRVrksa4ueW6GHsYaRXgCYj4q0KjP+m+wkKZPKNH5yT42FbOkIELQ1ERS rC57Khf/Qiu0U8fYdmIHGZv99rMI9/2oyMttaonvrMCyA7EtVLJ+Nwgvh6pvItnCWsOf Sz+6nT4TxBzHHwsf17U09678uG9ZSnhxZZAGo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=f7MAy9mUUeYOMxjwjpwy6gsSU/ScT6gKoTAYP39DmWY=; b=hHYyI9M6KaPvdNvNAzz3YMLtHNr7SGNr2I/jdg9THKNbPu7Q5eXH4ffxPdU5wmw2XC 2IbpXeefZiuu4BCm/ZY929Oy1Ku+krkmpXbflkU4sai8lza0xRRuoAPkBNhdAJjR4wgW H8rlgUEt+pId57emcRa4cTJSoxtZ/jWdL0kGopnifYXKufPI0X7HQejMuawTM5jqXabZ PoNNPJ2mKZgDW8XACZkW2QCkvWbgmiQGl/FAyDUdU5K5xsOnMCOcQzHuh3OfCy0TWyfZ IH3iL7vbLjDcnLx1wsorAECEZ0PxWaJHmEWXHzlrFOw5c8ZUiYKbaQ/alSMzzkaUG2l5 gHpQ== X-Gm-Message-State: ABuFfojIP8dLGY9k0yY40uFdPO11QvdQ6MQJd+W69wvIZMZeVhTC1fWP xW+70+33SXPpNMhp/iBnxgswOQ== X-Google-Smtp-Source: ACcGV62Mh0fpsW6JhMcZPgXNY6KV/gPsEDH2CbM6vYQ4G2gK3UT02xWAcVWf+GABYsRQKKE6Nxlwuw== X-Received: by 2002:a63:ed55:: with SMTP id m21-v6mr31611186pgk.147.1539217550287; Wed, 10 Oct 2018 17:25:50 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id n79-v6sm53021033pfk.19.2018.10.10.17.25.45 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 10 Oct 2018 17:25:45 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v5 30/30] capability: Initialize as LSM_ORDER_FIRST Date: Wed, 10 Oct 2018 17:18:46 -0700 Message-Id: <20181011001846.30964-31-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011001846.30964-1-keescook@chromium.org> References: <20181011001846.30964-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This converts capabilities to use the new LSM_ORDER_FIRST position. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- include/linux/lsm_hooks.h | 2 -- security/commoncap.c | 9 ++++++++- security/security.c | 5 ----- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 97898679a505..b728cb448957 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2092,6 +2092,4 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, #define __lsm_ro_after_init __ro_after_init #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ -extern void __init capability_add_hooks(void); - #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/commoncap.c b/security/commoncap.c index 2e489d6a3ac8..c928eb3fe784 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1366,10 +1366,17 @@ struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(vm_enough_memory, cap_vm_enough_memory), }; -void __init capability_add_hooks(void) +static int __init capability_init(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), "capability"); + return 0; } +DEFINE_LSM(capability) = { + .name = "capability", + .order = LSM_ORDER_FIRST, + .init = capability_init, +}; + #endif /* CONFIG_SECURITY */ diff --git a/security/security.c b/security/security.c index 004938eb8e70..aa91181133c1 100644 --- a/security/security.c +++ b/security/security.c @@ -267,11 +267,6 @@ int __init security_init(void) i++) INIT_HLIST_HEAD(&list[i]); - /* - * Load minor LSMs, with the capability module always first. - */ - capability_add_hooks(); - /* Load LSMs in specified order. */ ordered_lsm_init();