BugLink: http://bugs.launchpad.net/bugs/1763062
When the system boots up the desired default display LSM maybe different
than the first LSM initialized. Allow it to be set by specifying an
LSM with
security.display=apparmor
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
#else
CONFIG_DEFAULT_SECURITY;
#endif
#else
CONFIG_DEFAULT_SECURITY;
#endif
+static __initdata char chosen_display_lsm[SECURITY_NAME_MAX + 1];
+static char default_display_lsm[SECURITY_NAME_MAX + 1];
static void __init do_security_initcalls(void)
{
static void __init do_security_initcalls(void)
{
}
__setup("security=", choose_lsm);
}
__setup("security=", choose_lsm);
+static int __init choose_display_lsm(char *str)
+{
+ strncpy(chosen_display_lsm, str, SECURITY_NAME_MAX);
+ pr_info("LSM: command line set default display lsm %s'\n",
+ chosen_display_lsm);
+ return 1;
+}
+__setup("security.display=", choose_display_lsm);
+
static bool match_last_lsm(const char *list, const char *lsm)
{
const char *last;
static bool match_last_lsm(const char *list, const char *lsm)
{
const char *last;
/*
* Module defined on the command line security=XXXX
*/
/*
* Module defined on the command line security=XXXX
*/
- if (strcmp(chosen_lsms, MODULE_STACK))
- return cmp_lsms(lsm);
-
+ if (strcmp(chosen_lsms, MODULE_STACK)) {
+ if (cmp_lsms(lsm)) {
+ /* set to first LSM registered and then override */
+ if (!*default_display_lsm)
+ strcpy(default_display_lsm, lsm);
+ else if (*chosen_display_lsm && !strcmp(chosen_display_lsm, lsm)) {
+ strcpy(default_display_lsm, lsm);
+ pr_info("LSM: default display lsm '%s'\n", default_display_lsm);
+ }
+ return true;
+ }
+ return false;
+ }
/*
* Module configured as stacked.
*/
/*
* Module configured as stacked.
*/
+ if (stacked && !*default_display_lsm)
+ strcpy(default_display_lsm, lsm);
+ else if (stacked && *chosen_display_lsm && !strcmp(chosen_display_lsm, lsm)) {
+ strcpy(default_display_lsm, lsm);
+ pr_info("LSM: default display lsm '%s'\n", default_display_lsm);
+ }
+
- if (strcmp(lsm, chosen_lsms) == 0)
+ if (strcmp(lsm, chosen_lsms) == 0) {
+ strcpy(default_display_lsm, lsm);
#ifdef CONFIG_SECURITY_STACKING
if (current->security)
strcpy(task->security, lsm_of_task(current));
#ifdef CONFIG_SECURITY_STACKING
if (current->security)
strcpy(task->security, lsm_of_task(current));
+ else
+ strcpy(task->security, default_display_lsm);