[PATCH v2 04/24] Add security policy support
Sascha Hauer
s.hauer at pengutronix.de
Tue Sep 23 01:11:32 PDT 2025
On Mon, Sep 22, 2025 at 06:14:36PM +0200, Ahmad Fatoum wrote:
> On 17.09.25 15:53, Sascha Hauer wrote:
> > +bool is_allowed(const struct security_policy *policy, unsigned option)
> > +{
> > + policy = policy ?: active_policy;
> > +
> > + if (WARN(option > SCONFIG_NUM))
> > + return false;
> > +
> > + if (!policy && *CONFIG_SECURITY_POLICY_INIT) {
> > + security_policy_select(CONFIG_SECURITY_POLICY_INIT);
> > + policy = active_policy;
> > + }
> > +
> > + if (policy) {
> > + bool allow = __is_allowed(policy, option);
> > +
> > + policy_debug(policy, option, "%s for %pS\n",
> > + allow ? "allowed" : "denied", (void *)_RET_IP_);
> > +
> > + return allow;
> > + }
> > +
> > + if (IS_ENABLED(CONFIG_SECURITY_POLICY_DEFAULT_PERMISSIVE))
> > + pr_warn_once("option %s checked before security policy was set!\n",
> > + sconfig_name(option));
> > + else
> > + return false;
>
> Not having a security policy selected outside of permissive mode is a bug, so
> I don't think silent forbidding is a good idea.
>
> At the very least, we should print the warning outside permissive mode as well,
> if only to tell people if they select the policy too late in their board code.
>
> What's wrong with a panic though?
The rationale was:
- It's forbidden, so it's safe
- I assumed the caller would print an error
- It might offer a bit more flexibility on when we select the security
policy
Anyway, we still make this more relaxed in the future should we want to.
For now I have put back the panic() here.
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list