Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 45351056 authored by James Morris's avatar James Morris Committed by Olav Haugan
Browse files

security: introduce CONFIG_SECURITY_WRITABLE_HOOKS 



Subsequent patches will add RO hardening to LSM hooks, however, SELinux
still needs to be able to perform runtime disablement after init to handle
architectures where init-time disablement via boot parameters is not feasible.

Introduce a new kernel configuration parameter CONFIG_SECURITY_WRITABLE_HOOKS,
and a helper macro __lsm_ro_after_init, to handle this case.

Change-Id: I95b96f67402ec7eb3a31befdd11af4e6bdc04d9d
Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
Acked-by: default avatarKees Cook <keescook@chromium.org>
Git-commit: dd0859dccbe291cf8179a96390f5c0e45cb9af1d
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git


Signed-off-by: default avatarOlav Haugan <ohaugan@codeaurora.org>
parent 814e5c69

include/linux/lsm_hooks.h

+7 −0
Original line number Diff line number Diff line
@@ -1921,6 +1921,13 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, 
}

#endif /* CONFIG_SECURITY_SELINUX_DISABLE */



/* Currently required to handle SELinux runtime hook disable. */

#ifdef CONFIG_SECURITY_WRITABLE_HOOKS

#define __lsm_ro_after_init

#else

#define __lsm_ro_after_init	__ro_after_init

#endif /* CONFIG_SECURITY_WRITABLE_HOOKS */



extern int __init security_module_enable(const char *module);

extern void __init capability_add_hooks(void);

#ifdef CONFIG_SECURITY_YAMA

security/Kconfig

+5 −0
Original line number Diff line number Diff line
@@ -40,6 +40,11 @@ config SECURITY 


	  If you are unsure how to answer this question, answer N.



config SECURITY_WRITABLE_HOOKS

	depends on SECURITY

	bool

	default n



config SECURITYFS

	bool "Enable the securityfs filesystem"

	help

security/selinux/Kconfig

+6 −0
Original line number Diff line number Diff line
@@ -40,6 +40,7 @@ config SECURITY_SELINUX_BOOTPARAM_VALUE 
config SECURITY_SELINUX_DISABLE

	bool "NSA SELinux runtime disable"

	depends on SECURITY_SELINUX

	select SECURITY_WRITABLE_HOOKS

	default n

	help

	  This option enables writing to a selinuxfs node 'disable', which
@@ -50,6 +51,11 @@ config SECURITY_SELINUX_DISABLE 
	  portability across platforms where boot parameters are difficult

	  to employ.



	  NOTE: selecting this option will disable the '__ro_after_init'

	  kernel hardening feature for security hooks.   Please consider

	  using the selinux=0 boot parameter instead of enabling this

	  option.



	  If you are unsure how to answer this question, answer N.



config SECURITY_SELINUX_DEVELOP