Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp600289imu; Mon, 26 Nov 2018 15:36:40 -0800 (PST) X-Google-Smtp-Source: AJdET5eAFLmfUgLINl1fyo/qtbE/j28qdPJQxpDqx19Wr8CZDYYLLsq+c0ChjLIsGa9FbOQfnkRP X-Received: by 2002:a62:fc86:: with SMTP id e128mr31575514pfh.54.1543275400170; Mon, 26 Nov 2018 15:36:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543275400; cv=none; d=google.com; s=arc-20160816; b=Ykkrxrs5ufeLE/Cmn+TZPA5gat343nfPKvdc9yl2rbHgEQpjBOCa4KS4eAFpttYDXh FYXYes9tMGfXv0EJbefQ1K5oSx4Szdx044U3eEzKWn/FlLE43rEgrx9Q/FCxfvtMQssN dOJftzogTsSllf9Yhwvh34GoTM2WLwM3qg/elF6FQnmSEJOIhIwZRgC8gDrqxk6C1kvO G3qKGiNXkPV89TqeOdIZVhklnmmgTgVXUCdJoBvKng3X+24myJAZsz/LRt6pX6K0QhZl 4a6EqkdvCVqNxEMuF/5lekFQoAmAMJhaaocOPWgMk8gIv+CzjTCruKmMehs71/W0tOh/ +JiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=JESyzlEmAuMKC2MyqRiFUQ6TTYRfwx7Dj+XqdsOoILQ=; b=qE2WqjSFB+km4G+RjPVNBR/dHExOyntKASTbb5dydxeQMILsRwxUP5afRSR6Gl1zox Ocmg1tvIOumpJKCYzX1m8aEtDprh9F1vjNpZiSI4JapW8WU5FRgF+p7TRUNtkRdwUZmf kxia1X3pExRFwxcQDP5H3FmflvxI0ohLvO66u0NVz9RL9XZsbZgkW1+4g1UjfG8RfTPD HFn5d4j1uuGkz5StUjlmUw2OAo4IhKC9qHN0AgrRStQ8o1JJ44CKt3BqkK8dqrK+77ph lV3CPSigjt38DXQfLWmj9blfbeveBvs0PFYFHadIppwOdxNkig717Jy2lFI142vom8Sn XNtg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=ZFu7Owfc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f81si1899249pfh.33.2018.11.26.15.36.25; Mon, 26 Nov 2018 15:36:40 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=ZFu7Owfc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727772AbeK0KaK (ORCPT + 99 others); Tue, 27 Nov 2018 05:30:10 -0500 Received: from sonic315-27.consmr.mail.ne1.yahoo.com ([66.163.190.153]:35726 "EHLO sonic315-27.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727652AbeK0KaK (ORCPT ); Tue, 27 Nov 2018 05:30:10 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1543275261; bh=JESyzlEmAuMKC2MyqRiFUQ6TTYRfwx7Dj+XqdsOoILQ=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=ZFu7Owfcd2Os4HBSe0CXkqcXFfGreYQYM+u7rgIMxeCcjRTuF+xMVLjzgkN1wyLwIV5qyZqmRKL9mvbAmhqgdxcqOXrJKpCLp9oB6pvFVj7QQkBGd4CNf07ikVC8lHerWyKKVw5qOYaLf/2zh6NPZJgxwft/upzlP0R8J/7m0JU7X82VJ4TPrpQfbomsxu5s+L8H87e3eynHZdsZI+TbYgmj3O7L0Y3hlymfc7pb3nrSPqFkT1/uua/QbP/Mt1o2tMFJ/j7oFiY3q+NU+OxmtGdi6i3QStjD0A/KozrA+HL+H5hXaRtm7ggPi5qcQCIlFkAzvDJPhhlKCGbjt+imFg== X-YMail-OSG: PXkK3sAVM1lqOBToQKU08pPKpcSixDim7PTaNa8tdg11E9V9Ab3YZ6J2wetjrtR sVEsDDJ2yKQiHZI4sKRNCf3hEpvPhfGDozlbD_OP1sfdrkj1s7flfF.IOfd4CaemaxckjVKrtUCJ Fdx2o8lM7_f4PlLIkaOvCZOuhiFMchQOwnvjYiKkBlcSh.5Z6oCfr.ihQK1bLdhy.IktDqfzcmln H4CeZQ7gGpJKHuleYj0eEHDcQ0zeNnjh5tFLazorw0KyhPSUvhnLhbmxb5tBbRvboVlOR11Md5T0 RbPRb6JepsVCdNx7ekyBIC_CoIVlYXqxqwn5MKEwtlKMUbrFsRBLtnlurfo3hqFGMHKWGoOYYxQD kEzuqevv9OZhPZZiOWUIwndwqHfYztuBLx7km5hOxZOGkZTUJvuQYhO76RmrBivYBRLcpzzkbOKF _JCpS5IqC6IYrFUNy6w5EndMBHt8BY3VBXz_TY8xrgv4ekTSBbUGR3eO2cVcNoRGKJ4a5hCIyH_9 wwM4R3hzk.a6zJFc2uGI9Pbx3PZOuBgXf_zFRTvZudYKz9BpVmkSChZcEU9ccWGIGOeLs1p3eK1O s16OgBn2ifjIC0aOAdn3QHMA8v4vITaj.IZwztXn3j.Uc0F2cIdvT3AepjZIDctXGOmu625m.Gcj LT8K.BE3.77GD7psKGph.pMaK4LXTsnGJN3f5DOkya23AgECig6K5chqLdv0zCaz8IUl21xOpDNX mmyDVva07F1j0Ob5GEPV2zK.HLZexvxRKiBMQThL3gOI3Fu5rgRAIiIP1yANZx70QZgiO0iydTT4 2E2DBTEAIotdEb1b2mRcsrBiOZeqoiifva.tvM6gcJS3q2ZfKKc7x3HE1YBS6_f_KJ43yTqVn63D jxZoMdEK5Jbe7L98.q07YcrZTOKOJAZD.Hn2bIjIWz_pDKmhiA4tKhQPn86CV9vQoDHAsTgS9heP amrHgbeg9bwYu5L1PH.DX7pkS2y9lEOF4pPBAij6af78XtH.Nq0KGxUEavGjd5sQiMBKYQ3Z3jlG rydcdrTWNTuscvr5NUhCmFL_oGaask_uYXwMFFXZ3L7X_Sah3jBjCWG_UAcLay6lNEJki9uCIHoW zfLQqNS2KyhQH7n8I.FpDVXfBPbrMtWAbZZP650bRsOI- Received: from sonic.gate.mail.ne1.yahoo.com by sonic315.consmr.mail.ne1.yahoo.com with HTTP; Mon, 26 Nov 2018 23:34:21 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.105]) ([67.169.65.224]) by smtp409.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 6719886c9db44dc80f25d476093b10cb; Mon, 26 Nov 2018 23:34:18 +0000 (UTC) Subject: [PATCH v5 10/38] LSM: Refactor "security=" in terms of enable/disable To: James Morris , LSM , LKLM , SE Linux Cc: John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , "linux-fsdevel@vger.kernel.org" , Stephen Smalley , Alexey Dobriyan , =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , Salvatore Mesoraca References: <50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com> From: Casey Schaufler Message-ID: <2b7a343c-c433-6a87-84ee-5b69e966a908@schaufler-ca.com> Date: Mon, 26 Nov 2018 15:34:15 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler-ca.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org For what are marked as the Legacy Major LSMs, make them effectively exclusive when selected on the "security=" boot parameter, to handle the future case of when a previously major LSMs become non-exclusive (e.g. when TOMOYO starts blob-sharing). Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler --- security/security.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/security/security.c b/security/security.c index f4a7b7d52d71..a7889885585e 100644 --- a/security/security.c +++ b/security/security.c @@ -129,14 +129,6 @@ static bool __init lsm_allowed(struct lsm_info *lsm) if (!is_enabled(lsm)) return false; - /* Skip major-specific checks if not a major LSM. */ - if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) - return true; - - /* Disabled if this LSM isn't the chosen one. */ - if (strcmp(lsm->name, chosen_major_lsm) != 0) - return false; - return true; } @@ -164,8 +156,28 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) struct lsm_info *lsm; char *sep, *name, *next; + /* Process "security=", if given. */ if (!chosen_major_lsm) chosen_major_lsm = CONFIG_DEFAULT_SECURITY; + if (chosen_major_lsm) { + struct lsm_info *major; + + /* + * To match the original "security=" behavior, this + * explicitly does NOT fallback to another Legacy Major + * if the selected one was separately disabled: disable + * all non-matching Legacy Major LSMs. + */ + for (major = __start_lsm_info; major < __end_lsm_info; + major++) { + if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && + strcmp(major->name, chosen_major_lsm) != 0) { + set_enabled(major, false); + init_debug("security=%s disabled: %s\n", + chosen_major_lsm, major->name); + } + } + } sep = kstrdup(order, GFP_KERNEL); next = sep; -- 2.14.5