Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp2218519imm; Thu, 20 Sep 2018 09:30:23 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYl0DBwuCVlYBiba6f0bIkCH+gLnmrEsI6LwyGQ5D+rw/bk/HVkLOfnwwJo9EHaNbZZlC5T X-Received: by 2002:a17:902:d808:: with SMTP id a8-v6mr40434653plz.68.1537461023909; Thu, 20 Sep 2018 09:30:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537461023; cv=none; d=google.com; s=arc-20160816; b=0ftZxzsdgxAH5iu8WWP9lvaNNub0w6W1VA2B9l5Nqg/i19kzQvPutRwwAOn7rbxnMw byulcgMQmiM/rQUXfd6MxGz+pD0xAMn+ZI8K6uIjg+B0v9dIxtzIFN45s8xlCQMkqiwK wzk+EfIz9ZzCKhWj2N4u0TS8t8t/q15NoJRoUoAZAQCHLYdXSPyZiD+p9UqePFgVJFhT mptjzPEztKXK5JDrgxDfU9c+qZ9nncIVLBlghqi6PR0UVKQah2xzHPBt6rhMR8INRmjS R8otOiJJNk0oksYT8qH1zklUsH6zQitkY58sDG6u5T/xPh7pyvTsAWXt1JFA3zqycC47 Avtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=41JHmeDth85/sNORiIQtTjoZxJboPyIhG2VUHSXPrw4=; b=XvJ7+6S34n7n5nRGZzkZbp0dtjUXnfZxC4m9H28vqoeH5ZTBAy5HnY0vL4wy69fOWI mLm49i2ZT15IkyWGuYEr6iDUUoK61BbQQjiLj2RFg49D/5r6BrmvJeRldD2tjP3IW7NM FSdQWCZNAlZ9JnL3Y9d2VcZ5SM5lRXwnK94VQOkggiKAuflGfMd2mYN3eSa1lC0lYcaC XBWRoosiDbfWCLFpiX6XbJ5yQ8ICdkxrZjpUSlwXGM4FdMeDig1MU/A3AmUwjH8O0nkx 3IYv8J2f8344IKY1HJtRWpL+ismpxXJV0yjadDSsZY0m/CtMBrLejYAg34+uOrvkuP4k AglQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=TFR75zUM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u190-v6si24043870pgu.305.2018.09.20.09.30.05; Thu, 20 Sep 2018 09:30:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=TFR75zUM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387923AbeITWN7 (ORCPT + 99 others); Thu, 20 Sep 2018 18:13:59 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:35470 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387823AbeITWN6 (ORCPT ); Thu, 20 Sep 2018 18:13:58 -0400 Received: by mail-pg1-f195.google.com with SMTP id 205-v6so3734881pgd.2 for ; Thu, 20 Sep 2018 09:29:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=41JHmeDth85/sNORiIQtTjoZxJboPyIhG2VUHSXPrw4=; b=TFR75zUMSBYV6OzQ8u3KsAh7xal3TluRRyzCQLFAJSMAKoYAAV3M6kgk/YYUMghamW akAKBaq8KzANA9fQtvmAbpse10jx1isEpkGT0gSYCv4f8sdW1dStxj9Prkz2OQj7Gzo7 g1Vh/SqzTjgvW9OmOiMOTGaeec56bLp2wKXwA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=41JHmeDth85/sNORiIQtTjoZxJboPyIhG2VUHSXPrw4=; b=Z6nXWmuBw3x/HolSQdHkvQvDwCrfHyxWjLJF5yLnc/DVtAIpyIKP5QKnI3fixlcBKM 3tMn6zD2nhLCRjbLS4qnVC0s8tbvwTnTgMexkqtV6J5e1pReHH1OFydzl1ZFYXuGhgTZ AI+UcxoI31bDcmJAAV2W6OZRp2p0uOkwtVkrFXTJkN4/58aao5JrHeLzOWE9hJlxZ8dP afEl1RMW11xhR4sGGL2H/eqQFRoZo91ZUrmu1lN1DtBWypL5+k7TfrqJvE9s+XYyRF9B dRdh9BdSbg++2ekno2JwwK+/49fCIh8AkErwWNfJHrVRBKR/Jx3wmm4D9wfdyTumrEMc 6s4w== X-Gm-Message-State: APzg51APdue/fMkeUlL+YQ7bGVsaKbFcKJvigDn/xEYWt1j4GIoIZmpl qKl7amRHCRzek8qe6FvBgsVJwQ== X-Received: by 2002:a63:70e:: with SMTP id 14-v6mr2838215pgh.70.1537460981100; Thu, 20 Sep 2018 09:29:41 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id h69-v6sm58906828pfh.13.2018.09.20.09.29.36 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 20 Sep 2018 09:29:39 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , Jonathan Corbet , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v2 17/26] LSM: Refactor "security=" in terms of enable/disable Date: Thu, 20 Sep 2018 09:23:29 -0700 Message-Id: <20180920162338.21060-18-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180920162338.21060-1-keescook@chromium.org> References: <20180920162338.21060-1-keescook@chromium.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org For what are marked as the Legacy Major LSMs, make them effectively exclusive when selected on the "security=" boot parameter, to handle the future case of when a previously major LSMs become non-exclusive (e.g. when TOMOYO starts blob-sharing). Signed-off-by: Kees Cook --- security/security.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/security/security.c b/security/security.c index 5cacbcefbc32..25a019cc4a2b 100644 --- a/security/security.c +++ b/security/security.c @@ -81,14 +81,6 @@ static bool __init lsm_allowed(struct lsm_info *lsm) if (lsm->enabled && !*lsm->enabled) return false; - /* Skip major-specific checks if not a major LSM. */ - if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) - return true; - - /* Disabled if this LSM isn't the chosen one. */ - if (strcmp(lsm->name, chosen_major_lsm) != 0) - return false; - return true; } @@ -150,8 +142,24 @@ int __init security_init(void) i++) INIT_HLIST_HEAD(&list[i]); + /* Process "security=", if given. */ if (!chosen_major_lsm) chosen_major_lsm = CONFIG_DEFAULT_SECURITY; + if (chosen_major_lsm) { + struct lsm_info *lsm; + + /* + * To match the original "security=" behavior, this + * explicitly does NOT fallback to another Legacy Major + * if the selected one was separately disabled: disable + * all non-matching Legacy Major LSMs. + */ + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) && + strcmp(lsm->name, chosen_major_lsm) != 0) + set_enabled(lsm, false); + } + } /* * Load minor LSMs, with the capability module always first. -- 2.17.1