Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp726005imm;
        Mon, 1 Oct 2018 18:05:49 -0700 (PDT)
X-Google-Smtp-Source: ACcGV63anWJCqaYzXfEktAh6xjqcr6NkMB2C9xxVg6qgU8vRzc5N5G3fgg73Ob+itg6yU0VNP556
X-Received: by 2002:a62:1c06:: with SMTP id c6-v6mr14080668pfc.41.1538442349607;
        Mon, 01 Oct 2018 18:05:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1538442349; cv=none;
        d=google.com; s=arc-20160816;
        b=BCWCxbylGfLAiL6gwgkkcEcb3m6EIJKkg3qAtiHgEC3yVgbAvj46CUgzQP59T9PCqQ
         rfnDScQUejTnXlYMutzSrepkXSSHQmOqOSW+2vOa8jxK9ii79ezeQVOgyLHpixE5kEf8
         Ferz5vCZgHvTJZynFqjNBbN2OxJ40snhp7qhSxogIoSUaAmWW6eLLA43KkZTePrdL7oN
         f+NluStRYMKnkLHpZ+QWeyXl05JlHwlGxrQ+AeTZYYQTwc4JPMOZJofAszeZgb+qEdzP
         0mtkAIGao6MdGom9uD6gqk/0FgJZbbBR+lFAIT3ZOeWM+kv2/FhkP2AovHTgdh3jNWf7
         Mwyg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from:dkim-signature;
        bh=W/qQzlLdHC3pOVrMYLSbt8GYIcGt6njlsLirLySrxEA=;
        b=Gi6s2Q6tad7h7JPsRnaiH/qJK+8JmgUBjTSN5hXBlwkp5r1xHDTdLvUKgGew3iiIp1
         i4K+/L0n5AfSDZ3Es6VhzRpahMjrfOYB2DZVEXIpzVcf+L6gtt/MVqn4fF52YeLQkzKA
         HK60KvBbdC0FWt/jt6iYEylMNB8e0mw3+y/A3Br83SoEzr6ee39f7EBJofEn1ySA/fZG
         guxXTRKiLOl5lsYQeOTfdsgX6LwSqLTM9gIbrmHmwgJKxwqTkbdr5lHNfS5Ta1dQvtkk
         j1W0yHc17W7HpMOe0ip2Nk+7t6X+RMyLF+A0Jxd1JZWln51Sj055yqcMewT49maZpKvY
         N2rw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=Y7Tdip1y;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a94-v6si9187181pla.123.2018.10.01.18.05.34;
        Mon, 01 Oct 2018 18:05:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=Y7Tdip1y;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727276AbeJBHpk (ORCPT <rfc822;tnerolf.eriarrach@gmail.com>
        + 99 others); Tue, 2 Oct 2018 03:45:40 -0400
Received: from mail-io1-f65.google.com ([209.85.166.65]:40071 "EHLO
        mail-io1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726872AbeJBHpD (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 2 Oct 2018 03:45:03 -0400
Received: by mail-io1-f65.google.com with SMTP id w16-v6so280244iom.7
        for <linux-kernel@vger.kernel.org>; Mon, 01 Oct 2018 18:04:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=W/qQzlLdHC3pOVrMYLSbt8GYIcGt6njlsLirLySrxEA=;
        b=Y7Tdip1y9DwjAKK6x8Y+GHfJCWkEXS3Aw7euEhxbEiDtK6KfdYnw6gwb5IT16cRlOR
         ISlTHU748v3IdC/VJdzbHQA5J6rxccFfp3yCZ3J/6w9GJXQ+hCK5ws2b0T6qoXssy4wc
         EjM77V+6IofPdUj3X/Gebf/zpXt/ZCfP0VSY8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=W/qQzlLdHC3pOVrMYLSbt8GYIcGt6njlsLirLySrxEA=;
        b=oJM+9Kt8qHr/kXE9kUgqysxRkfvBLeNyWELh19sLMWZC4UhAsZGAslknhAbkjT6Byf
         nUazSvvrRpVRS47rj9/YnCls9i80lM/QqxjPbEAiMTCuSOCXHFzZ+i39MqqFP++31OJv
         bLq2x+BQemNOukrxGNBJpDzpdq2reN/bEAbUlQTwLdTJEAMDFqmablfP8GQmV1OaP7dc
         vvy//AUdWyGvVYcasb61VAmuuCSEaCsRRv/ARnYsd88UuxfIdYcDndko8Sty7HvV4j+O
         Gw8stHCjSCY5j04gV7fIvXm3OCsL7Ry4l5+Powwzw5haFesLE+qgcz+SqLMcXfAllQ02
         jhFQ==
X-Gm-Message-State: ABuFfogNQGcS6Gr9PCHzgSioFE+AVkxGsCvIyyqU1Cl/ywXROlz+5PeS
        rmQtubiYDmnyb0zDnTsQiiMlIg==
X-Received: by 2002:a17:902:d90e:: with SMTP id c14-v6mr8773333plz.61.1538442272202;
        Mon, 01 Oct 2018 18:04:32 -0700 (PDT)
Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
        by smtp.gmail.com with ESMTPSA id h77-v6sm18554060pfh.13.2018.10.01.18.04.26
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Mon, 01 Oct 2018 18:04:29 -0700 (PDT)
From:   Kees Cook <keescook@chromium.org>
To:     James Morris <jmorris@namei.org>
Cc:     Kees Cook <keescook@chromium.org>,
        Casey Schaufler <casey@schaufler-ca.com>,
        John Johansen <john.johansen@canonical.com>,
        Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
        Paul Moore <paul@paul-moore.com>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        "Schaufler, Casey" <casey.schaufler@intel.com>,
        LSM <linux-security-module@vger.kernel.org>,
        Jonathan Corbet <corbet@lwn.net>, linux-doc@vger.kernel.org,
        linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH security-next v4 23/32] selinux: Remove boot parameter
Date:   Mon,  1 Oct 2018 17:54:56 -0700
Message-Id: <20181002005505.6112-24-keescook@chromium.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20181002005505.6112-1-keescook@chromium.org>
References: <20181002005505.6112-1-keescook@chromium.org>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Since LSM enabling is now centralized with CONFIG_LSM_ENABLE and
"lsm.enable=...", this removes the LSM-specific enabling logic from
SELinux.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 .../admin-guide/kernel-parameters.txt         |  9 ------
 security/selinux/Kconfig                      | 29 -------------------
 security/selinux/hooks.c                      | 15 +---------
 3 files changed, 1 insertion(+), 52 deletions(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index cf963febebb0..0d10ab3d020e 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -4045,15 +4045,6 @@
 			loaded. An invalid security module name will be treated
 			as if no module has been chosen.
 
-	selinux=	[SELINUX] Disable or enable SELinux at boot time.
-			Format: { "0" | "1" }
-			See security/selinux/Kconfig help text.
-			0 -- disable.
-			1 -- enable.
-			Default value is set via kernel config option.
-			If enabled at boot time, /selinux/disable can be used
-			later to disable prior to initial policy load.
-
 	serialnumber	[BUGS=X86-32]
 
 	shapers=	[NET]
diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
index 8af7a690eb40..86936528a0bb 100644
--- a/security/selinux/Kconfig
+++ b/security/selinux/Kconfig
@@ -8,35 +8,6 @@ config SECURITY_SELINUX
 	  You will also need a policy configuration and a labeled filesystem.
 	  If you are unsure how to answer this question, answer N.
 
-config SECURITY_SELINUX_BOOTPARAM
-	bool "NSA SELinux boot parameter"
-	depends on SECURITY_SELINUX
-	default n
-	help
-	  This option adds a kernel parameter 'selinux', which allows SELinux
-	  to be disabled at boot.  If this option is selected, SELinux
-	  functionality can be disabled with selinux=0 on the kernel
-	  command line.  The purpose of this option is to allow a single
-	  kernel image to be distributed with SELinux built in, but not
-	  necessarily enabled.
-
-	  If you are unsure how to answer this question, answer N.
-
-config SECURITY_SELINUX_BOOTPARAM_VALUE
-	int "NSA SELinux boot parameter default value"
-	depends on SECURITY_SELINUX_BOOTPARAM
-	range 0 1
-	default 1
-	help
-	  This option sets the default value for the kernel parameter
-	  'selinux', which allows SELinux to be disabled at boot.  If this
-	  option is set to 0 (zero), the SELinux kernel parameter will
-	  default to 0, disabling SELinux at bootup.  If this option is
-	  set to 1 (one), the SELinux kernel parameter will default to 1,
-	  enabling SELinux at bootup.
-
-	  If you are unsure how to answer this question, answer 1.
-
 config SECURITY_SELINUX_DISABLE
 	bool "NSA SELinux runtime disable"
 	depends on SECURITY_SELINUX
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 71a10fedecb3..8f5eea097612 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -120,20 +120,7 @@ __setup("enforcing=", enforcing_setup);
 #define selinux_enforcing_boot 1
 #endif
 
-#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
-int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
-
-static int __init selinux_enabled_setup(char *str)
-{
-	unsigned long enabled;
-	if (!kstrtoul(str, 0, &enabled))
-		selinux_enabled = enabled ? 1 : 0;
-	return 1;
-}
-__setup("selinux=", selinux_enabled_setup);
-#else
-int selinux_enabled = 1;
-#endif
+int selinux_enabled __lsm_ro_after_init;
 
 static unsigned int selinux_checkreqprot_boot =
 	CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
-- 
2.17.1