xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

LSM: LoadPin: provide enablement CONFIG

Browse Source 
Instead of being enabled by default when SECURITY_LOADPIN is selected,
provide an additional (default off) config to determine the boot time
behavior. As before, the "loadpin.enabled=0/1" kernel parameter remains
available.

Suggested-by: James Morris <jmorris@namei.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
This commit is contained in:
Kees Cook
2016-05-17 01:45:52 -07:00
committed by James Morris
parent a6926cc989
commit b937190c40
2 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
security/loadpin/loadpin.c
View File

@@ -45,7 +45,7 @@ static void report_load(const char *origin, struct file *file, char *operation)
kfree(pathname);
}
static int enabled = 1;
static int enabled = IS_ENABLED(CONFIG_SECURITY_LOADPIN_ENABLED);
static struct super_block *pinned_root;
static DEFINE_SPINLOCK(pinned_root_spinlock);