diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-10-24 11:49:35 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-10-24 11:49:35 +0100 |
commit | 638820d8da8ededd6dc609beaef02d5396599c03 (patch) | |
tree | 7b0076c6e4ea30935f1d9a1af90f7c57d4b9a99f /security | |
parent | d5e4d81da4d443d54b0b5c28ba6d26be297c509b (diff) | |
parent | 3f6caaf5ff33073ca1a3a0b82edacab3c57c38f9 (diff) |
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"In this patchset, there are a couple of minor updates, as well as some
reworking of the LSM initialization code from Kees Cook (these prepare
the way for ordered stackable LSMs, but are a valuable cleanup on
their own)"
* 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
LSM: Don't ignore initialization failures
LSM: Provide init debugging infrastructure
LSM: Record LSM name in struct lsm_info
LSM: Convert security_initcall() into DEFINE_LSM()
vmlinux.lds.h: Move LSM_TABLE into INIT_DATA
LSM: Convert from initcall to struct lsm_info
LSM: Remove initcall tracing
LSM: Rename .security_initcall section to .lsm_info
vmlinux.lds.h: Avoid copy/paste of security_init section
LSM: Correctly announce start of LSM initialization
security: fix LSM description location
keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h
seccomp: remove unnecessary unlikely()
security: tomoyo: Fix obsolete function
security/capabilities: remove check for -EINVAL
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/lsm.c | 5 | ||||
-rw-r--r-- | security/commoncap.c | 3 | ||||
-rw-r--r-- | security/integrity/iint.c | 6 | ||||
-rw-r--r-- | security/security.c | 43 | ||||
-rw-r--r-- | security/selinux/hooks.c | 5 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 5 | ||||
-rw-r--r-- | security/tomoyo/common.c | 3 | ||||
-rw-r--r-- | security/tomoyo/tomoyo.c | 5 |
8 files changed, 50 insertions, 25 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index cbcb8ba51142..aa35939443c4 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1606,4 +1606,7 @@ alloc_out: return error; } -security_initcall(apparmor_init); +DEFINE_LSM(apparmor) = { + .name = "apparmor", + .init = apparmor_init, +}; diff --git a/security/commoncap.c b/security/commoncap.c index 2e489d6a3ac8..18a4fdf6f6eb 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -684,9 +684,6 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_f } rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_fcap); - if (rc == -EINVAL) - printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n", - __func__, rc, bprm->filename); out: if (rc) diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 5a6810041e5c..1ea05da2323d 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -22,6 +22,7 @@ #include <linux/file.h> #include <linux/uaccess.h> #include <linux/security.h> +#include <linux/lsm_hooks.h> #include "integrity.h" static struct rb_root integrity_iint_tree = RB_ROOT; @@ -174,7 +175,10 @@ static int __init integrity_iintcache_init(void) 0, SLAB_PANIC, init_once); return 0; } -security_initcall(integrity_iintcache_init); +DEFINE_LSM(integrity) = { + .name = "integrity", + .init = integrity_iintcache_init, +}; /* diff --git a/security/security.c b/security/security.c index 0d504fceda8b..04d173eb93f6 100644 --- a/security/security.c +++ b/security/security.c @@ -12,6 +12,8 @@ * (at your option) any later version. */ +#define pr_fmt(fmt) "LSM: " fmt + #include <linux/bpf.h> #include <linux/capability.h> #include <linux/dcache.h> @@ -30,8 +32,6 @@ #include <linux/string.h> #include <net/flow.h> -#include <trace/events/initcall.h> - #define MAX_LSM_EVM_XATTR 2 /* Maximum number of letters for an LSM name string */ @@ -45,20 +45,22 @@ char *lsm_names; static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; -static void __init do_security_initcalls(void) +static __initdata bool debug; +#define init_debug(...) \ + do { \ + if (debug) \ + pr_info(__VA_ARGS__); \ + } while (0) + +static void __init major_lsm_init(void) { + struct lsm_info *lsm; int ret; - initcall_t call; - initcall_entry_t *ce; - - ce = __security_initcall_start; - trace_initcall_level("security"); - while (ce < __security_initcall_end) { - call = initcall_from_entry(ce); - trace_initcall_start(call); - ret = call(); - trace_initcall_finish(call, ret); - ce++; + + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + init_debug("initializing %s\n", lsm->name); + ret = lsm->init(); + WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); } } @@ -72,10 +74,11 @@ int __init security_init(void) int i; struct hlist_head *list = (struct hlist_head *) &security_hook_heads; + pr_info("Security Framework initializing\n"); + for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct hlist_head); i++) INIT_HLIST_HEAD(&list[i]); - pr_info("Security Framework initialized\n"); /* * Load minor LSMs, with the capability module always first. @@ -87,7 +90,7 @@ int __init security_init(void) /* * Load all the remaining security modules. */ - do_security_initcalls(); + major_lsm_init(); return 0; } @@ -100,6 +103,14 @@ static int __init choose_lsm(char *str) } __setup("security=", choose_lsm); +/* Enable LSM order debugging. */ +static int __init enable_debug(char *str) +{ + debug = true; + return 1; +} +__setup("lsm.debug", enable_debug); + static bool match_last_lsm(const char *list, const char *lsm) { const char *last; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1b73a3f966c8..7ce683259357 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7207,7 +7207,10 @@ void selinux_complete_init(void) /* SELinux requires early initialization in order to label all processes and objects when they are created. */ -security_initcall(selinux_init); +DEFINE_LSM(selinux) = { + .name = "selinux", + .init = selinux_init, +}; #if defined(CONFIG_NETFILTER) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 025de76af1db..934dabe150fa 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4882,4 +4882,7 @@ static __init int smack_init(void) * Smack requires early initialization in order to label * all processes and objects when they are created. */ -security_initcall(smack_init); +DEFINE_LSM(smack) = { + .name = "smack", + .init = smack_init, +}; diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 03923a138ef5..9b38f94b5dd0 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -1660,7 +1660,8 @@ static void tomoyo_read_pid(struct tomoyo_io_buffer *head) head->r.eof = true; if (tomoyo_str_starts(&buf, "global-pid ")) global_pid = true; - pid = (unsigned int) simple_strtoul(buf, NULL, 10); + if (kstrtouint(buf, 10, &pid)) + return; rcu_read_lock(); if (global_pid) p = find_task_by_pid_ns(pid, &init_pid_ns); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 9f932e2d6852..1b5b5097efd7 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -550,4 +550,7 @@ static int __init tomoyo_init(void) return 0; } -security_initcall(tomoyo_init); +DEFINE_LSM(tomoyo) = { + .name = "tomoyo", + .init = tomoyo_init, +}; |