On Tue, 2018-06-05 at 15:26 -0700, Kees Cook wrote:
> On Tue, Jun 5, 2018 at 2:35 PM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> > On Tue, 2018-06-05 at 12:45 -0700, Kees Cook wrote:
> >
> >> And if you must have a separate enum, please change this to fail
> >> closed instead of open (and mark the fall-through):
> >>
> >> int rc = -EPERM;
> >>
> >> switch (id) {
> >> case LOADING_MODULE:
> >> rc = loadpin_read_file(NULL, READING_MODULE);
> >> /* Fall-through */
> >> default:
> >> break;
> >> }
> >
> > This will fail the sysfs firmware fallback loading and the kexec_load
> > syscall without any message, as you have for init_module. Is that
> > what you want?
>
> I'd prefer there be a full mapping of the enums so that everything
> gets passed into loadpin_read_file() :)
>
> Can the enum be shared or is that nonsensical?
Considering this is v4 of the patch set, it's pretty obvious I did
everything possible not to define a new LSM hook. Even if we can't
re-use the existing enum, we could define the new enum in terms
of __kernel_read_file_id.
enum kernel_load_data_id {
__kernel_read_file_id(__data_id_enumify)
};
static const char * const kernel_load_data_str[] = {
__kernel_read_file_id(__data_id_stringify)
};
Eric, Serge, would using either the existing __kernel_read_file_id
enum or the above definitions be acceptable?
Mimi
