LSM: Tie enabling logic to presence in ordered list

Until now, any LSM without an enable storage variable was considered
enabled. This inverts the logic and sets defaults to true only if the
LSM gets added to the ordered initialization list. (And an exception
continues for the major LSMs until they are integrated into the ordered
initialization in a later patch.)

Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
Kees Cook 2018-10-09 14:42:57 -07:00
parent 79f7865d84
commit a8027fb0d1
2 changed files with 12 additions and 4 deletions

View File

@ -2047,7 +2047,7 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count,
struct lsm_info { struct lsm_info {
const char *name; /* Required. */ const char *name; /* Required. */
unsigned long flags; /* Optional: flags describing LSM */ unsigned long flags; /* Optional: flags describing LSM */
int *enabled; /* Optional: NULL means enabled. */ int *enabled; /* Optional: controlled by CONFIG_LSM */
int (*init)(void); /* Required. */ int (*init)(void); /* Required. */
}; };

View File

@ -63,10 +63,10 @@ static __initdata bool debug;
static bool __init is_enabled(struct lsm_info *lsm) static bool __init is_enabled(struct lsm_info *lsm)
{ {
if (!lsm->enabled || *lsm->enabled) if (!lsm->enabled)
return true; return false;
return false; return *lsm->enabled;
} }
/* Mark an LSM's enabled flag. */ /* Mark an LSM's enabled flag. */
@ -117,7 +117,11 @@ static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
if (WARN(last_lsm == LSM_COUNT, "%s: out of LSM slots!?\n", from)) if (WARN(last_lsm == LSM_COUNT, "%s: out of LSM slots!?\n", from))
return; return;
/* Enable this LSM, if it is not already set. */
if (!lsm->enabled)
lsm->enabled = &lsm_enabled_true;
ordered_lsms[last_lsm++] = lsm; ordered_lsms[last_lsm++] = lsm;
init_debug("%s ordering: %s (%sabled)\n", from, lsm->name, init_debug("%s ordering: %s (%sabled)\n", from, lsm->name,
is_enabled(lsm) ? "en" : "dis"); is_enabled(lsm) ? "en" : "dis");
} }
@ -210,6 +214,10 @@ static void __init major_lsm_init(void)
if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0)
continue; continue;
/* Enable this LSM, if it is not already set. */
if (!lsm->enabled)
lsm->enabled = &lsm_enabled_true;
maybe_initialize_lsm(lsm); maybe_initialize_lsm(lsm);
} }
} }