From adf8a6ee0836890cfdb85fa373842b835763b6fd Mon Sep 17 00:00:00 2001 From: John Johansen Date: Wed, 27 Sep 2017 07:50:19 -0400 Subject: [PATCH] UBUNTU: SAUCE: LSM stacking: add Kconfig to set default display LSM BugLink: http://bugs.launchpad.net/bugs/1763062 Signed-off-by: John Johansen Signed-off-by: Seth Forshee --- security/Kconfig | 36 ++++++++++++++++++++++++++++++++++++ security/security.c | 6 +++++- 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/security/Kconfig b/security/Kconfig index 3bc5e8475d77..16803be979b2 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -408,6 +408,42 @@ menu "Default Security Module or Modules" bool default y if SECURITY_DAC_STACKED +choice + depends on SECURITY_STACKING && !SECURITY_DAC_STACKED + prompt "Default LSM for legacy interfaces" + default SECURITY_DEFAULT_DISPLAY_SELINUX if SECURITY_SELINUX_STACKED + default SECURITY_DEFAULT_DISPLAY_SMACK if SECURITY_SMACK_STACKED + default SECURITY_DEFAULT_DISPLAY_TOMOYO if SECURITY_TOMOYO_STACKED + default SECURITY_DEFAULT_DISPALY_APPARMOR if SECURITY_APPARMOR_STACKED + default SECURITY_DEFAULT_DISPLAY_FIRST + + help + Select the security module context that will be displayed by + default on legacy interfaces if the kernel parameter + security.display= is not specified. + + config SECURITY_DEFAULT_DISPLAY_SELINUX + bool "SELinux" if SECURITY_SELINUX_STACKED=y + + config SECURITY_DEFAULT_DISPLAY_SMACK + bool "Simplified Mandatory Access Control" if SECURITY_SMACK_STACKED + + config SECURITY_DEFAULT_DISPLAY_TOMOYO + bool "TOMOYO" if SECURITY_TOMOYO_STACKED + + config SECURITY_DEFAULT_DISPLAY_APPARMOR + bool "AppArmor" if SECURITY_APPARMOR_STACKED + +endchoice + +config SECURITY_DEFAULT_DISPLAY_NAME + string + default "selinux" if SECURITY_DEFAULT_DISPLAY_SELINUX + default "smack" if SECURITY_DEFAULT_DISPLAY_SMACK + default "tomoyo" if SECURITY_DEFAULT_DISPLAY_TOMOYO + default "apparmor" if SECURITY_DEFAULT_DISPLAY_APPARMOR + default "" if DEFAULT_SECURITY_DAC + endmenu config DEFAULT_SECURITY diff --git a/security/security.c b/security/security.c index 03624c3e0b7f..20c628843900 100644 --- a/security/security.c +++ b/security/security.c @@ -66,7 +66,11 @@ static __initdata char chosen_lsms[SECURITY_CHOSEN_NAMES_MAX + 1] = #else CONFIG_DEFAULT_SECURITY; #endif -static __initdata char chosen_display_lsm[SECURITY_NAME_MAX + 1]; +static __initdata char chosen_display_lsm[SECURITY_NAME_MAX + 1] +#ifdef CONFIG_SECURITY_STACKING + = CONFIG_SECURITY_DEFAULT_DISPLAY_NAME +#endif +; static char default_display_lsm[SECURITY_NAME_MAX + 1]; static void __init do_security_initcalls(void) -- 2.39.2