Message ID | 20170627173323.11287-4-igor.stoppa@huawei.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
On Tue, Jun 27, 2017 at 08:33:23PM +0300, Igor Stoppa wrote: > From: Igor Stoppa <igor.stoppa@gmail.com> > > This patch shows how it is possible to take advantage of pmalloc: > instead of using the build-time option __lsm_ro_after_init, to decide if > it is possible to keep the hooks modifiable, now this becomes a > boot-time decision, based on the kernel command line. > > This patch relies on: > > "Convert security_hook_heads into explicit array of struct list_head" > Author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > > to break free from the static constraint imposed by the previous > hardening model, based on __ro_after_init. > > The default value is disabled, unless SE Linux debugging is turned on. Can we please just force it to be read-only? -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Resending my reply, I mistakenly used the wrong mail account yesterday and my reply didn't et to the ml. On 27/06/17 20:51, Christoph Hellwig wrote: > On Tue, Jun 27, 2017 at 08:33:23PM +0300, Igor Stoppa wrote: [...] >> The default value is disabled, unless SE Linux debugging is turned on. > > Can we please just force it to be read-only? I'm sorry, I'm not quite sure I understand your comment. I'm trying to replicate the behavior of __lsm_ro_after_init: line 1967 @ [1] - Did I get it wrong? thanks, igor [1] https://kernel.googlesource.com/pub/scm/linux/kernel/git/jmorris/linux-security/+/5965453d5e3fb425e6f9d6b4fec403bda3f33107/include/linux/lsm_hooks.h -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/security/security.c b/security/security.c index 44c47b6..c7b4670 100644 --- a/security/security.c +++ b/security/security.c @@ -27,6 +27,7 @@ #include <linux/personality.h> #include <linux/backing-dev.h> #include <linux/string.h> +#include <linux/pmalloc.h> #include <net/flow.h> #define MAX_LSM_EVM_XATTR 2 @@ -34,10 +35,19 @@ /* Maximum number of letters for an LSM name string */ #define SECURITY_NAME_MAX 10 -static struct list_head hook_heads[LSM_MAX_HOOK_INDEX] - __lsm_ro_after_init; static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain); +static int dynamic_lsm = IS_ENABLED(CONFIG_SECURITY_SELINUX_DISABLE); + +static __init int set_dynamic_lsm(char *str) +{ + get_option(&str, &dynamic_lsm); + return 0; +} +early_param("dynamic_lsm", set_dynamic_lsm); + +static struct list_head *hook_heads; +static struct gen_pool *sec_pool; char *lsm_names; /* Boot-time LSM user choice */ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = @@ -62,6 +72,11 @@ int __init security_init(void) { enum security_hook_index i; + sec_pool = pmalloc_create_pool("security", PMALLOC_DEFAULT_ALLOC_ORDER); + BUG_ON(!sec_pool); + hook_heads = pmalloc(sec_pool, + sizeof(struct list_head) * LSM_MAX_HOOK_INDEX); + BUG_ON(!hook_heads); for (i = 0; i < LSM_MAX_HOOK_INDEX; i++) INIT_LIST_HEAD(&hook_heads[i]); pr_info("Security Framework initialized\n"); @@ -77,7 +92,8 @@ int __init security_init(void) * Load all the remaining security modules. */ do_security_initcalls(); - + if (!dynamic_lsm) + pmalloc_protect_pool(sec_pool); return 0; }