From patchwork Thu Sep 20 16:23:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10608063 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4FFBA6CB for ; Thu, 20 Sep 2018 16:24:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3FC252E177 for ; Thu, 20 Sep 2018 16:24:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 339F92E179; Thu, 20 Sep 2018 16:24:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CB9C72E177 for ; Thu, 20 Sep 2018 16:24:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731240AbeITWIP (ORCPT ); Thu, 20 Sep 2018 18:08:15 -0400 Received: from mail-pl1-f195.google.com ([209.85.214.195]:44284 "EHLO mail-pl1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387999AbeITWIN (ORCPT ); Thu, 20 Sep 2018 18:08:13 -0400 Received: by mail-pl1-f195.google.com with SMTP id ba4-v6so4579354plb.11 for ; Thu, 20 Sep 2018 09:23:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=BeQr1Ga9Sqhtx/dPF+aE8dyd+vsJj9zy6kl28UiVeAk=; b=elzC9uC1o2GlCzazWMRmW2T/zPif2g6mcBiq1AAUZceUWdpId51CJVMf4iR72gRdBp DX/BibWfxSZ3QvHjxYqQATZs+zJvKRqk0kURi52o8AJ+7o9/aT3tyqvEnPehPNnm1HRR 2ol7Ye++YfusTRcsUD18+j+QH/jYBKgm/Dirg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=BeQr1Ga9Sqhtx/dPF+aE8dyd+vsJj9zy6kl28UiVeAk=; b=sRq4ejKWXUOl/GYKBgcspZ4zv0oi/skccUlgeq4ALauSd61g2KPzzvFIy/DNz/maZJ ZxKl0AWY5k85Uo2Lh1trogZ0NI8fu5kK4uZmUGJm5eLUkLFVfKps6JWV0pr/Q+E1P0mb 3mUeYFevnRIt8efr1conOrrJYwpIOQnbldy13GHNrvusDquNaRHskXVazx8VOtrs5FOC wDu7Qmap/wg5OYFg9h1hDrokYJqErIR9KVzPAjtyTO7H2MZQeCgFGeTBRAEj7gLw6N0Y 2x7E+oXwuT1i+AqnxEORsimisFZpVOhxVyy0i/gve8wMAZSomOl9zvksO6uVndUOz2Dj t/jg== X-Gm-Message-State: APzg51AB1HmFVTHgtMsR94RsS/oGyz5pZveMjgA3k3LGp7pStyhhRub5 d5JkXsPkf+7nFE3NC92yYQA7tg== X-Google-Smtp-Source: ANB0VdZIKRqCF7z+uK4jPaPynnK4mPQ/Q4Y27pQUjt2G6mLiv/ZVjYDMyWCbRqCD7RHjkQ+313TCuw== X-Received: by 2002:a17:902:b28:: with SMTP id 37-v6mr40461495plq.337.1537460637592; Thu, 20 Sep 2018 09:23:57 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id h124-v6sm2689731pfg.112.2018.09.20.09.23.48 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 20 Sep 2018 09:23:55 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , Jonathan Corbet , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v2 13/26] LSM: Plumb visibility into optional "enabled" state Date: Thu, 20 Sep 2018 09:23:25 -0700 Message-Id: <20180920162338.21060-14-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180920162338.21060-1-keescook@chromium.org> References: <20180920162338.21060-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In preparation for lifting the "is this LSM enabled?" logic out of the individual LSMs, pass in any special enabled state tracking (as needed for SELinux, AppArmor, and LoadPin). This must be an "int" to include handling cases where "enabled" is exposed via sysctl which has no "bool" type (i.e. LoadPin's use). LoadPin's "enabled" tracking will be added later when it gets added to the "ordered LSM" stack. Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 1 + security/apparmor/lsm.c | 5 +++-- security/selinux/hooks.c | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 38cbefabff71..118e12f678df 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2044,6 +2044,7 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count, struct lsm_info { const char *name; /* Populated automatically. */ unsigned long flags; /* Optional: flags describing LSM */ + int *enabled; /* Optional: NULL means enabled. */ int (*init)(void); }; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 4c5f63e9aeba..d03133a267f2 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1303,8 +1303,8 @@ bool aa_g_paranoid_load = true; module_param_named(paranoid_load, aa_g_paranoid_load, aabool, S_IRUGO); /* Boot time disable flag */ -static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; -module_param_named(enabled, apparmor_enabled, bool, S_IRUGO); +static int apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; +module_param_named(enabled, apparmor_enabled, int, 0444); static int __init apparmor_enabled_setup(char *str) { @@ -1608,5 +1608,6 @@ static int __init apparmor_init(void) DEFINE_LSM(apparmor) .flags = LSM_FLAG_LEGACY_MAJOR, + .enabled = &apparmor_enabled, .init = apparmor_init, END_LSM; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 615cf6498c0f..3f999ed98cfd 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7204,6 +7204,7 @@ void selinux_complete_init(void) all processes and objects when they are created. */ DEFINE_LSM(selinux) .flags = LSM_FLAG_LEGACY_MAJOR, + .enabled = &selinux_enabled, .init = selinux_init, END_LSM;