1
linux/security/tomoyo/load_policy.c
Paul Moore c5e3cdbf2a tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM support
This patch reverts two TOMOYO patches that were merged into Linus' tree
during the v6.12 merge window:

8b985bbfab ("tomoyo: allow building as a loadable LSM module")
268225a1de ("tomoyo: preparation step for building as a loadable LSM module")

Together these two patches introduced the CONFIG_SECURITY_TOMOYO_LKM
Kconfig build option which enabled a TOMOYO specific dynamic LSM loading
mechanism (see the original commits for more details).  Unfortunately,
this approach was widely rejected by the LSM community as well as some
members of the general kernel community.  Objections included concerns
over setting a bad precedent regarding individual LSMs managing their
LSM callback registrations as well as general kernel symbol exporting
practices.  With little to no support for the CONFIG_SECURITY_TOMOYO_LKM
approach outside of Tetsuo, and multiple objections, we need to revert
these changes.

Link: https://lore.kernel.org/all/0c4b443a-9c72-4800-97e8-a3816b6a9ae2@I-love.SAKURA.ne.jp
Link: https://lore.kernel.org/all/CAHC9VhR=QjdoHG3wJgHFJkKYBg7vkQH2MpffgVzQ0tAByo_wRg@mail.gmail.com
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2024-10-04 11:41:22 -04:00

111 lines
2.6 KiB
C

// SPDX-License-Identifier: GPL-2.0
/*
* security/tomoyo/load_policy.c
*
* Copyright (C) 2005-2011 NTT DATA CORPORATION
*/
#include "common.h"
#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
/*
* Path to the policy loader. (default = CONFIG_SECURITY_TOMOYO_POLICY_LOADER)
*/
static const char *tomoyo_loader;
/**
* tomoyo_loader_setup - Set policy loader.
*
* @str: Program to use as a policy loader (e.g. /sbin/tomoyo-init ).
*
* Returns 0.
*/
static int __init tomoyo_loader_setup(char *str)
{
tomoyo_loader = str;
return 1;
}
__setup("TOMOYO_loader=", tomoyo_loader_setup);
/**
* tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists.
*
* Returns true if /sbin/tomoyo-init exists, false otherwise.
*/
static bool tomoyo_policy_loader_exists(void)
{
struct path path;
if (!tomoyo_loader)
tomoyo_loader = CONFIG_SECURITY_TOMOYO_POLICY_LOADER;
if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
pr_info("Not activating Mandatory Access Control as %s does not exist.\n",
tomoyo_loader);
return false;
}
path_put(&path);
return true;
}
/*
* Path to the trigger. (default = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER)
*/
static const char *tomoyo_trigger;
/**
* tomoyo_trigger_setup - Set trigger for activation.
*
* @str: Program to use as an activation trigger (e.g. /sbin/init ).
*
* Returns 0.
*/
static int __init tomoyo_trigger_setup(char *str)
{
tomoyo_trigger = str;
return 1;
}
__setup("TOMOYO_trigger=", tomoyo_trigger_setup);
/**
* tomoyo_load_policy - Run external policy loader to load policy.
*
* @filename: The program about to start.
*
* This function checks whether @filename is /sbin/init , and if so
* invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init
* and then continues invocation of /sbin/init.
* /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and
* writes to /sys/kernel/security/tomoyo/ interfaces.
*
* Returns nothing.
*/
void tomoyo_load_policy(const char *filename)
{
static bool done;
char *argv[2];
char *envp[3];
if (tomoyo_policy_loaded || done)
return;
if (!tomoyo_trigger)
tomoyo_trigger = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER;
if (strcmp(filename, tomoyo_trigger))
return;
if (!tomoyo_policy_loader_exists())
return;
done = true;
pr_info("Calling %s to load policy. Please wait.\n", tomoyo_loader);
argv[0] = (char *) tomoyo_loader;
argv[1] = NULL;
envp[0] = "HOME=/";
envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
envp[2] = NULL;
call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC);
tomoyo_check_profile();
}
#endif