shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-05 18:41:58 +09:00
Code Issues Packages Projects Releases Wiki Activity

ANDROID: GKI: Disable security lockdown for unsigned modules

Browse Source 
By default with SELinux enabled behavior for unsigned
module loading is same as sig_enforce=1. This causes
loading of unsigned modules fail. All modules in Android
GKI are unsigned except GKI modules. Do not prevent
module loading in case of CONFIG_SIG_MODULE_PROTECT; which
was introduced to change behavior of sig_enforce to allow
unsigned modules but not access to protected symbols.

Bug: 200082547
Bug: 214445388
Fixes: 9ab6a24225 ("ANDROID: GKI: Add module load time protected symbol lookup")
Test: TreeHugger
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: Iab3113d706cbd7db7a5684897bcafd5671a6d424
This commit is contained in:
Ramji Jiyani
2022-01-08 22:17:12 +00:00
parent 9dfd1d9e59
commit befc75e758
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kernel/module.c
View File

@@ -2960,7 +2960,15 @@ static int module_sig_check(struct load_info *info, int flags)
return -EKEYREJECTED;
}
/*
* ANDROID: GKI: Do not prevent loading of unsigned modules;
* as all modules except GKI modules are not signed.
*/
#ifndef CONFIG_MODULE_SIG_PROTECT
return security_locked_down(LOCKDOWN_MODULE_SIGNATURE);
#else
return 0;
#endif
}
#else /* !CONFIG_MODULE_SIG */
static int module_sig_check(struct load_info *info, int flags)