Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5ef4e419 authored by Kees Cook's avatar Kees Cook
Browse files

LSM: Prepare for reorganizing "security=" logic 



This moves the string handling for "security=" boot parameter into
a stored pointer instead of a string duplicate. This will allow
easier handling of the string when switching logic to use the coming
enable/disable infrastructure.

Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Reviewed-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
Reviewed-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent a8027fb0

security/security.c

+8 −9
Original line number Original line Diff line number Diff line
@@ -34,9 +34,6 @@ 




#define MAX_LSM_EVM_XATTR	2

#define MAX_LSM_EVM_XATTR	2





/* Maximum number of letters for an LSM name string */

#define SECURITY_NAME_MAX	10



/* How many LSMs were built into the kernel? */

/* How many LSMs were built into the kernel? */

#define LSM_COUNT (__end_lsm_info - __start_lsm_info)

#define LSM_COUNT (__end_lsm_info - __start_lsm_info)
@@ -45,9 +42,8 @@ static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain); 




char *lsm_names;

char *lsm_names;

/* Boot-time LSM user choice */

/* Boot-time LSM user choice */

static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =

	CONFIG_DEFAULT_SECURITY;

static __initdata const char *chosen_lsm_order;

static __initdata const char *chosen_lsm_order;

static __initdata const char *chosen_major_lsm;





static __initconst const char * const builtin_lsm_order = CONFIG_LSM;

static __initconst const char * const builtin_lsm_order = CONFIG_LSM;
@@ -138,7 +134,7 @@ static bool __init lsm_allowed(struct lsm_info *lsm) 
		return true;

		return true;





	/* Disabled if this LSM isn't the chosen one. */

	/* Disabled if this LSM isn't the chosen one. */

	if (strcmp(lsm->name, chosen_lsm) != 0)

	if (strcmp(lsm->name, chosen_major_lsm) != 0)

		return false;

		return false;





	return true;

	return true;
@@ -168,6 +164,9 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) 
	struct lsm_info *lsm;

	struct lsm_info *lsm;

	char *sep, *name, *next;

	char *sep, *name, *next;





	if (!chosen_major_lsm)

		chosen_major_lsm = CONFIG_DEFAULT_SECURITY;



	sep = kstrdup(order, GFP_KERNEL);

	sep = kstrdup(order, GFP_KERNEL);

	next = sep;

	next = sep;

	/* Walk the list, looking for matching LSMs. */

	/* Walk the list, looking for matching LSMs. */
@@ -257,12 +256,12 @@ int __init security_init(void) 
}

}





/* Save user chosen LSM */

/* Save user chosen LSM */

static int __init choose_lsm(char *str)

static int __init choose_major_lsm(char *str)

{

{

	strncpy(chosen_lsm, str, SECURITY_NAME_MAX);

	chosen_major_lsm = str;

	return 1;

	return 1;

}

}

__setup("security=", choose_lsm);

__setup("security=", choose_major_lsm);





/* Explicitly choose LSM initialization order. */

/* Explicitly choose LSM initialization order. */

static int __init choose_lsm_order(char *str)

static int __init choose_lsm_order(char *str)