summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/dummy.c4
-rw-r--r--security/security.c38
-rw-r--r--security/selinux/hooks.c7
-rw-r--r--security/smack/smack.h2
-rw-r--r--security/smack/smack_lsm.c7
-rw-r--r--security/smack/smackfs.c11
6 files changed, 65 insertions, 4 deletions
diff --git a/security/dummy.c b/security/dummy.c
index 1ac9f8e66aa..d797a4196b8 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -1017,7 +1017,9 @@ static inline void dummy_audit_rule_free(void *lsmrule)
#endif /* CONFIG_AUDIT */
-struct security_operations dummy_security_ops;
+struct security_operations dummy_security_ops = {
+ .name = "dummy",
+};
#define set_to_dummy_if_null(ops, function) \
do { \
diff --git a/security/security.c b/security/security.c
index 2ef593ec70f..dd0c6baed49 100644
--- a/security/security.c
+++ b/security/security.c
@@ -17,6 +17,8 @@
#include <linux/kernel.h>
#include <linux/security.h>
+/* Boot-time LSM user choice */
+static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1];
/* things that live in dummy.c */
extern struct security_operations dummy_security_ops;
@@ -67,13 +69,47 @@ int __init security_init(void)
return 0;
}
+/* Save user chosen LSM */
+static int __init choose_lsm(char *str)
+{
+ strncpy(chosen_lsm, str, SECURITY_NAME_MAX);
+ return 1;
+}
+__setup("security=", choose_lsm);
+
+/**
+ * security_module_enable - Load given security module on boot ?
+ * @ops: a pointer to the struct security_operations that is to be checked.
+ *
+ * Each LSM must pass this method before registering its own operations
+ * to avoid security registration races. This method may also be used
+ * to check if your LSM is currently loaded.
+ *
+ * Return true if:
+ * -The passed LSM is the one chosen by user at boot time,
+ * -or user didsn't specify a specific LSM and we're the first to ask
+ * for registeration permissoin,
+ * -or the passed LSM is currently loaded.
+ * Otherwise, return false.
+ */
+int __init security_module_enable(struct security_operations *ops)
+{
+ if (!*chosen_lsm)
+ strncpy(chosen_lsm, ops->name, SECURITY_NAME_MAX);
+ else if (strncmp(ops->name, chosen_lsm, SECURITY_NAME_MAX))
+ return 0;
+
+ return 1;
+}
+
/**
* register_security - registers a security framework with the kernel
* @ops: a pointer to the struct security_options that is to be registered
*
* This function is to allow a security module to register itself with the
* kernel security subsystem. Some rudimentary checking is done on the @ops
- * value passed to this function.
+ * value passed to this function. You'll need to check first if your LSM
+ * is allowed to register its @ops by calling security_module_enable(@ops).
*
* If there is already a security module registered with the kernel,
* an error will be returned. Otherwise 0 is returned on success.
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a2f7e9cf78c..f9927f02bc3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5295,6 +5295,8 @@ static int selinux_key_permission(key_ref_t key_ref,
#endif
static struct security_operations selinux_ops = {
+ .name = "selinux",
+
.ptrace = selinux_ptrace,
.capget = selinux_capget,
.capset_check = selinux_capset_check,
@@ -5492,6 +5494,11 @@ static __init int selinux_init(void)
{
struct task_security_struct *tsec;
+ if (!security_module_enable(&selinux_ops)) {
+ selinux_enabled = 0;
+ return 0;
+ }
+
if (!selinux_enabled) {
printk(KERN_INFO "SELinux: Disabled at boot.\n");
return 0;
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 62c1e982849..4a4477f5afd 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -15,6 +15,7 @@
#include <linux/capability.h>
#include <linux/spinlock.h>
+#include <linux/security.h>
#include <net/netlabel.h>
/*
@@ -187,6 +188,7 @@ extern struct smack_known smack_known_star;
extern struct smack_known smack_known_unset;
extern struct smk_list_entry *smack_list;
+extern struct security_operations smack_ops;
/*
* Stricly for CIPSO level manipulation.
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 732ba27923c..904bdc01a12 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2424,7 +2424,9 @@ static void smack_release_secctx(char *secdata, u32 seclen)
{
}
-static struct security_operations smack_ops = {
+struct security_operations smack_ops = {
+ .name = "smack",
+
.ptrace = smack_ptrace,
.capget = cap_capget,
.capset_check = cap_capset_check,
@@ -2557,6 +2559,9 @@ static struct security_operations smack_ops = {
*/
static __init int smack_init(void)
{
+ if (!security_module_enable(&smack_ops))
+ return 0;
+
printk(KERN_INFO "Smack: Initializing.\n");
/*
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index cfae8afcc26..6ba283783b7 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -965,12 +965,21 @@ static struct vfsmount *smackfs_mount;
*
* register the smackfs
*
- * Returns 0 unless the registration fails.
+ * Do not register smackfs if Smack wasn't enabled
+ * on boot. We can not put this method normally under the
+ * smack_init() code path since the security subsystem get
+ * initialized before the vfs caches.
+ *
+ * Returns true if we were not chosen on boot or if
+ * we were chosen and filesystem registration succeeded.
*/
static int __init init_smk_fs(void)
{
int err;
+ if (!security_module_enable(&smack_ops))
+ return 0;
+
err = register_filesystem(&smk_fs_type);
if (!err) {
smackfs_mount = kern_mount(&smk_fs_type);