*/
static struct lsm_blob_sizes blob_sizes = {
#ifdef CONFIG_SECURITY_STACKING
- .lbs_task = SECURITY_NAME_MAX + 2,
+ .lbs_task = SECURITY_NAME_MAX + 6,
#endif
};
#else
CONFIG_DEFAULT_SECURITY;
#endif
-static __initdata char chosen_display_lsm[SECURITY_NAME_MAX + 1];
+static __initdata char chosen_display_lsm[SECURITY_NAME_MAX + 1]
+#ifdef CONFIG_SECURITY_STACKING
+ = CONFIG_SECURITY_DEFAULT_DISPLAY_NAME
+#endif
+;
static char default_display_lsm[SECURITY_NAME_MAX + 1];
static void __init do_security_initcalls(void)
static char *nolsm = "-default";
#define NOLSMLEN 9
+static bool is_registered_lsm(const char *str, size_t size)
+{
+ struct security_hook_list *hp;
+
+ list_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
+ if (size == strlen(hp->lsm) && !strncmp(str, hp->lsm, size))
+ return true;
+ }
+
+ return false;
+}
+
+static bool set_lsm_of_current(const char *str, size_t size)
+{
+ char *lsm = lsm_of_task(current);
+
+ if (is_registered_lsm(str, size)) {
+ strncpy(lsm, str, size);
+ lsm[size] = '\0';
+ } else if (size == NOLSMLEN && !strncmp(str, nolsm, size)) {
+ lsm[0] = '\0';
+ } else {
+ return false;
+ }
+ return true;
+}
+
static int lsm_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5)
{
char buffer[SECURITY_NAME_MAX + 1];
__user char *optval = (__user char *)arg2;
__user int *optlen = (__user int *)arg3;
- struct security_hook_list *hp;
int dlen;
int len;
return -EFAULT;
buffer[len] = '\0';
/* verify the requested LSM is registered */
- list_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
- if (!strcmp(buffer, hp->lsm)) {
- strcpy(lsm, hp->lsm);
- goto out;
- }
- }
- if (!strncmp(buffer, nolsm, NOLSMLEN))
- lsm[0] = '\0';
- else
+ if (!set_lsm_of_current(buffer, len))
return -ENOENT;
break;
default:
return -ENOSYS;
}
-out:
return 0;
}
#endif
if (rc > 0)
return strlen(*value);
return rc;
+ } else if (strcmp(name, "display_lsm") == 0) {
+ *value = kstrdup(current->security, GFP_KERNEL);
+ if (*value == NULL)
+ return -ENOMEM;
+ return strlen(*value);
}
list_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
char *temp;
char *cp;
+ if (!size)
+ return -EINVAL;
+
/*
* If lsm is NULL look at all the modules to find one
* that processes name. If lsm is not NULL only look at
if (rc >= 0)
return size;
return rc;
+ } else if (strcmp(name, "display_lsm") == 0) {
+#ifdef CONFIG_SECURITY_STACKING
+ if (set_lsm_of_current(value, size))
+ return size;
+#endif
+ return -EINVAL;
}
list_for_each_entry(hp, &security_hook_heads.setprocattr, list) {