On Fri, Jul 26, 2019 at 04:39:20PM -0700, Casey Schaufler wrote:
> Create /sys/kernel/security/lsm_display_default which contains
> the name of the security module used when no display value
> has been set.
>
> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
-Kees
> ---
> security/inode.c | 22 ++++++++++++++++++++--
> 1 file changed, 20 insertions(+), 2 deletions(-)
>
> diff --git a/security/inode.c b/security/inode.c
> index b7772a9b315e..538a4d6796da 100644
> --- a/security/inode.c
> +++ b/security/inode.c
> @@ -321,6 +321,22 @@ static const struct file_operations lsm_ops = {
> .read = lsm_read,
> .llseek = generic_file_llseek,
> };
> +
> +static struct dentry *lsm_display_default_dentry;
> +static ssize_t lsm_display_default_read(struct file *filp, char __user *buf,
> + size_t count, loff_t *ppos)
> +{
> + const char *name = security_lsm_slot_name(0);
> +
> + if (name == NULL)
> + return 0;
> + return simple_read_from_buffer(buf, count, ppos, name, strlen(name));
> +}
> +
> +static const struct file_operations lsm_display_default_ops = {
> + .read = lsm_display_default_read,
> + .llseek = generic_file_llseek,
> +};
> #endif
>
> static int __init securityfs_init(void)
> @@ -337,8 +353,10 @@ static int __init securityfs_init(void)
> return retval;
> }
> #ifdef CONFIG_SECURITY
> - lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL,
> - &lsm_ops);
> + lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL, &lsm_ops);
> + lsm_display_default_dentry = securityfs_create_file(
> + "lsm_display_default", 0444, NULL,
> + NULL, &lsm_display_default_ops);
> #endif
> return 0;
> }
> --
> 2.20.1
>
--
Kees Cook
