xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

LSM: LoadPin for kernel file loading restrictions

Browse Source 
This LSM enforces that kernel-loaded files (modules, firmware, etc)
must all come from the same filesystem, with the expectation that
such a filesystem is backed by a read-only device such as dm-verity
or CDROM. This allows systems that have a verified and/or unchangeable
filesystem to enforce module and firmware loading restrictions without
needing to sign the files individually.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
This commit is contained in:
Kees Cook
2016-04-20 15:46:28 -07:00
committed by James Morris
parent 1284ab5b2d
commit 9b091556a0
9 changed files with 233 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
include/linux/lsm_hooks.h
View File

@@ -1892,5 +1892,10 @@ extern void __init yama_add_hooks(void);
#else
static inline void __init yama_add_hooks(void) { }
#endif
#ifdef CONFIG_SECURITY_LOADPIN
void __init loadpin_add_hooks(void);
#else
static inline void loadpin_add_hooks(void) { };
#endif
#endif /* ! __LINUX_LSM_HOOKS_H */