diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2017-01-18 17:09:05 -0800 |
|---|---|---|
| committer | James Morris <james.l.morris@oracle.com> | 2017-01-19 13:18:29 +1100 |
| commit | d69dece5f5b6bc7a5e39d2b6136ddc69469331fe (patch) | |
| tree | b4c23177baf246a1f64b83442fc3359cbc0d8f38 /security/security.c | |
| parent | 3ccb76c5dfe0d25c1d0168d5b726d0b43d19a485 (diff) | |
| download | linux-d69dece5f5b6bc7a5e39d2b6136ddc69469331fe.tar.gz linux-d69dece5f5b6bc7a5e39d2b6136ddc69469331fe.tar.bz2 linux-d69dece5f5b6bc7a5e39d2b6136ddc69469331fe.zip | |
LSM: Add /sys/kernel/security/lsm
I am still tired of having to find indirect ways to determine
what security modules are active on a system. I have added
/sys/kernel/security/lsm, which contains a comma separated
list of the active security modules. No more groping around
in /proc/filesystems or other clever hacks.
Unchanged from previous versions except for being updated
to the latest security next branch.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c index f825304f04a7..f0a802ee29b6 100644 --- a/security/security.c +++ b/security/security.c @@ -32,6 +32,7 @@ /* Maximum number of letters for an LSM name string */ #define SECURITY_NAME_MAX 10 +char *lsm_names; /* Boot-time LSM user choice */ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; @@ -78,6 +79,22 @@ static int __init choose_lsm(char *str) } __setup("security=", choose_lsm); +static int lsm_append(char *new, char **result) +{ + char *cp; + + if (*result == NULL) { + *result = kstrdup(new, GFP_KERNEL); + } else { + cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new); + if (cp == NULL) + return -ENOMEM; + kfree(*result); + *result = cp; + } + return 0; +} + /** * security_module_enable - Load given security module on boot ? * @module: the name of the module @@ -97,6 +114,27 @@ int __init security_module_enable(const char *module) return !strcmp(module, chosen_lsm); } +/** + * security_add_hooks - Add a modules hooks to the hook lists. + * @hooks: the hooks to add + * @count: the number of hooks to add + * @lsm: the name of the security module + * + * Each LSM has to register its hooks with the infrastructure. + */ +void __init security_add_hooks(struct security_hook_list *hooks, int count, + char *lsm) +{ + int i; + + for (i = 0; i < count; i++) { + hooks[i].lsm = lsm; + list_add_tail_rcu(&hooks[i].list, hooks[i].head); + } + if (lsm_append(lsm, &lsm_names) < 0) + panic("%s - Cannot get early memory.\n", __func__); +} + /* * Hook list operation macros. * |