source security/tomoyo/Kconfig
source security/apparmor/Kconfig
source security/yama/Kconfig
+source security/chromiumos/Kconfig
source security/integrity/Kconfig
default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
default DEFAULT_SECURITY_YAMA if SECURITY_YAMA
+ default DEFAULT_SECURITY_CHROMIUMOS if SECURITY_CHROMIUMOS
default DEFAULT_SECURITY_DAC
help
config DEFAULT_SECURITY_YAMA
bool "Yama" if SECURITY_YAMA=y
+ config DEFAULT_SECURITY_CHROMIUMOS
+ bool "Chromium OS" if SECURITY_CHROMIUMOS=y
+
config DEFAULT_SECURITY_DAC
bool "Unix Discretionary Access Controls"
default "tomoyo" if DEFAULT_SECURITY_TOMOYO
default "apparmor" if DEFAULT_SECURITY_APPARMOR
default "yama" if DEFAULT_SECURITY_YAMA
+ default "chromiumos" if DEFAULT_SECURITY_CHROMIUMOS
default "" if DEFAULT_SECURITY_DAC
endmenu
subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
subdir-$(CONFIG_SECURITY_APPARMOR) += apparmor
subdir-$(CONFIG_SECURITY_YAMA) += yama
+subdir-$(CONFIG_SECURITY_CHROMIUMOS) += chromiumos
# always enable default capabilities
obj-y += commoncap.o
obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o
obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/built-in.o
obj-$(CONFIG_SECURITY_YAMA) += yama/built-in.o
+obj-$(CONFIG_SECURITY_CHROMIUMOS) += chromiumos/built-in.o
obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
# Object integrity file lists
--- /dev/null
+config SECURITY_CHROMIUMOS
+ tristate "Chromium OS Security Module"
+ depends on SECURITY
+ help
+ The purpose of the Chromium OS security module is to reduce attacking
+ surface by preventing access to general purpose access modes not required
+ by Chromium OS.
+ Currently only the mount operation is restricted by requiring a mount point
+ path without symbolic links.
+
--- /dev/null
+obj-$(CONFIG_SECURITY_CHROMIUMOS) += lsm.o
--- /dev/null
+/*
+ * Linux Security Module for Chromium OS
+ *
+ * Copyright 2011 Google Inc. All Rights Reserved
+ *
+ * Author:
+ * Stephan Uphoff <ups@google.com>
+ *
+ * This software is licensed under the terms of the GNU General Public
+ * License version 2, as published by the Free Software Foundation, and
+ * may be copied, distributed, and modified under those terms.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+#include <linux/module.h>
+#include <linux/security.h>
+#include <linux/sched.h> /* current and other task related stuff */
+
+static int chromiumos_security_sb_mount(char *dev_name, struct path *path,
+ char *type, unsigned long flags, void *data)
+{
+ int error = current->total_link_count ? -ELOOP : 0;
+
+ if (error) {
+ char name[sizeof(current->comm)];
+ printk(KERN_NOTICE "Chromium OS LSM: Mount path with symlinks"
+ " prohibited - Task %s (pid = %d)\n",
+ get_task_comm(name, current), task_pid_nr(current));
+ }
+
+ return error;
+}
+
+static struct security_operations chromiumos_security_ops = {
+ .name = "chromiumos",
+ .sb_mount = chromiumos_security_sb_mount,
+};
+
+
+static int __init chromiumos_security_init(void)
+{
+ int error;
+
+ error = register_security(&chromiumos_security_ops);
+
+ if (error)
+ panic("Could not register chromiumos security module");
+
+ return error;
+}
+security_initcall(chromiumos_security_init);