bool
default y if SECURITY_DAC_STACKED
+choice
+ depends on SECURITY_STACKING && !SECURITY_DAC_STACKED
+ prompt "Default LSM for legacy interfaces"
+ default SECURITY_DEFAULT_DISPLAY_SELINUX if SECURITY_SELINUX_STACKED
+ default SECURITY_DEFAULT_DISPLAY_SMACK if SECURITY_SMACK_STACKED
+ default SECURITY_DEFAULT_DISPLAY_TOMOYO if SECURITY_TOMOYO_STACKED
+ default SECURITY_DEFAULT_DISPALY_APPARMOR if SECURITY_APPARMOR_STACKED
+ default SECURITY_DEFAULT_DISPLAY_FIRST
+
+ help
+ Select the security module context that will be displayed by
+ default on legacy interfaces if the kernel parameter
+ security.display= is not specified.
+
+ config SECURITY_DEFAULT_DISPLAY_SELINUX
+ bool "SELinux" if SECURITY_SELINUX_STACKED=y
+
+ config SECURITY_DEFAULT_DISPLAY_SMACK
+ bool "Simplified Mandatory Access Control" if SECURITY_SMACK_STACKED
+
+ config SECURITY_DEFAULT_DISPLAY_TOMOYO
+ bool "TOMOYO" if SECURITY_TOMOYO_STACKED
+
+ config SECURITY_DEFAULT_DISPLAY_APPARMOR
+ bool "AppArmor" if SECURITY_APPARMOR_STACKED
+
+endchoice
+
+config SECURITY_DEFAULT_DISPLAY_NAME
+ string
+ default "selinux" if SECURITY_DEFAULT_DISPLAY_SELINUX
+ default "smack" if SECURITY_DEFAULT_DISPLAY_SMACK
+ default "tomoyo" if SECURITY_DEFAULT_DISPLAY_TOMOYO
+ default "apparmor" if SECURITY_DEFAULT_DISPLAY_APPARMOR
+ default "" if DEFAULT_SECURITY_DAC
+
endmenu
config DEFAULT_SECURITY
#else
CONFIG_DEFAULT_SECURITY;
#endif
-static __initdata char chosen_display_lsm[SECURITY_NAME_MAX + 1];
+static __initdata char chosen_display_lsm[SECURITY_NAME_MAX + 1]
+#ifdef CONFIG_SECURITY_STACKING
+ = CONFIG_SECURITY_DEFAULT_DISPLAY_NAME
+#endif
+;
static char default_display_lsm[SECURITY_NAME_MAX + 1];
static void __init do_security_initcalls(void)
projects / mirror_ubuntu-bionic-kernel.git / commitdiff