Re: [PATCH 24/27] LSM: Provide an user space interface for the default display
From: Kees Cook <hidden>
Date: 2019-07-29 17:16:01
Also in:
selinux
On Fri, Jul 26, 2019 at 04:39:20PM -0700, Casey Schaufler wrote:
Create /sys/kernel/security/lsm_display_default which contains the name of the security module used when no display value has been set. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <redacted> -Kees
quoted hunk ↗ jump to hunk
--- security/inode.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-)diff --git a/security/inode.c b/security/inode.c index b7772a9b315e..538a4d6796da 100644 --- a/security/inode.c +++ b/security/inode.c@@ -321,6 +321,22 @@ static const struct file_operations lsm_ops = { .read = lsm_read, .llseek = generic_file_llseek, }; + +static struct dentry *lsm_display_default_dentry; +static ssize_t lsm_display_default_read(struct file *filp, char __user *buf, + size_t count, loff_t *ppos) +{ + const char *name = security_lsm_slot_name(0); + + if (name == NULL) + return 0; + return simple_read_from_buffer(buf, count, ppos, name, strlen(name)); +} + +static const struct file_operations lsm_display_default_ops = { + .read = lsm_display_default_read, + .llseek = generic_file_llseek, +}; #endif static int __init securityfs_init(void)@@ -337,8 +353,10 @@ static int __init securityfs_init(void) return retval; } #ifdef CONFIG_SECURITY - lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL, - &lsm_ops); + lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL, &lsm_ops); + lsm_display_default_dentry = securityfs_create_file( + "lsm_display_default", 0444, NULL, + NULL, &lsm_display_default_ops); #endif return 0; }-- 2.20.1
-- Kees Cook