LSM: Fix security_module_enable() error.

We can set default LSM module to DAC (which means "enable no LSM module"). If default LSM module was set to DAC, security_module_enable() must return 0 unless overridden via boot time parameter. Signed-off-by: N Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: N Serge E. Hallyn <serge@hallyn.com> Signed-off-by: N James Morris <jmorris@namei.org>

LSM: Fix security_module_enable() error.
We can set default LSM module to DAC (which means "enable no LSM module"). If default LSM module was set to DAC, security_module_enable() must return 0 unless overridden via boot time parameter. Signed-off-by: N Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: N Serge E. Hallyn <serge@hallyn.com> Signed-off-by: N James Morris <jmorris@namei.org>
065d78a0 · Tetsuo Handa · James Morris · daa6d83a · 065d78a0
隐藏空白更改
内联并排

Showing with 2 addition and 10 deletion

security/security.c security/security.c +2 -10

未找到文件。
--- a/security/security.c
+++ b/security/security.c
@@ -89,20 +89,12 @@ __setup("security=", choose_lsm);
 * Return true if:
 *	-The passed LSM is the one chosen by user at boot time,
 *	-or the passed LSM is configured as the default and the user did not
- *	 choose an alternate LSM at boot time,
+ *	 choose an alternate LSM at boot time.
- *	-or there is no default LSM set and the user didn't specify a
- *	 specific LSM and we're the first to ask for registration permission,
- *	-or the passed LSM is currently loaded.
 * Otherwise, return false.
 */
 int __init security_module_enable(struct security_operations *ops)
 {
-	if (!*chosen_lsm)
+	return !strcmp(ops->name, chosen_lsm);
-		strncpy(chosen_lsm, ops->name, SECURITY_NAME_MAX);
-	else if (strncmp(ops->name, chosen_lsm, SECURITY_NAME_MAX))
-		return 0;
-	return 1;
 }
 /**