fi01/lsm_disabler.patch

## lsm_disabler.patch
Usage: insmod lsm_disabler.ko addr=<address for reset_security_ops>
  # lsm_disabler.ko addr=0xc031311c

diff --git a/security/Kconfig b/security/Kconfig
index f972310..b8d1730 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -228,5 +228,7 @@ config DEFAULT_SECURITY
   default "apparmor" if DEFAULT_SECURITY_APPARMOR
 	default "" if DEFAULT_SECURITY_DAC

+source security/lsm_disabler/Kconfig
+
 endmenu

diff --git a/security/Makefile b/security/Makefile
index 4ab84ce..3b6422b 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -30,3 +30,5 @@ obj-$(CONFIG_SECURITY_SEC)		+= sec/built-in.o
 # Object integrity file lists
 subdir-$(CONFIG_IMA)			+= integrity/ima
 obj-$(CONFIG_IMA)			+= integrity/ima/built-in.o
+
+subdir-y				+= lsm_disabler
diff --git a/security/lsm_disabler/Kconfig b/security/lsm_disabler/Kconfig
new file mode 100644
index 0000000..fe638f7
--- /dev/null
+++ b/security/lsm_disabler/Kconfig
@@ -0,0 +1,3 @@
+config CONFIG_LSM_DISABLER
+	tristate "LSM disabler support"
+	default m
diff --git a/security/lsm_disabler/Makefile b/security/lsm_disabler/Makefile
new file mode 100644
index 0000000..8ee9530
--- /dev/null
+++ b/security/lsm_disabler/Makefile
@@ -0,0 +1 @@
+obj-m += lsm_disabler.o
diff --git a/security/lsm_disabler/lsm_disabler.c b/security/lsm_disabler/lsm_disabler.c
new file mode 100644
index 0000000..031df16
--- /dev/null
+++ b/security/lsm_disabler/lsm_disabler.c
@@ -0,0 +1,42 @@
+#include <linux/version.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/init.h>
+
+#include <linux/security.h>
+
+typedef void (*func_t)(void);
+
+static uint32_t addr = 0;
+
+static int __init lsm_disabler_init_module(void)
+{
+	func_t reset_security_ops_func = (func_t)addr;
+
+	printk(KERN_INFO "lsm_disabler: loaded\n");
+
+	if (reset_security_ops_func == NULL) {
+		printk(KERN_INFO "lsm_disabler: need param 'addr'\n");
+		return -EINVAL;
+	}
+
+	reset_security_ops_func();
+
+	printk(KERN_INFO "lsm_disabler: call reset_security_ops(): done\n");
+
+	return 0;
+}
+
+static void lsm_disabler_cleanup_module(void)
+{
+	printk(KERN_INFO "lsm_disabler: unloaded.\n");
+}
+
+module_param(addr, uint, 0);
+MODULE_PARM_DESC(addr, "address for reset_security_ops");
+
+MODULE_DESCRIPTION("LSM Disabler");
+MODULE_AUTHOR("@fi01");
+MODULE_LICENSE("GPL");
+module_init(lsm_disabler_init_module);
+module_exit(lsm_disabler_cleanup_module);
	Usage: insmod lsm_disabler.ko addr=<address for reset_security_ops>
	# lsm_disabler.ko addr=0xc031311c

	diff --git a/security/Kconfig b/security/Kconfig
	index f972310..b8d1730 100644
	--- a/security/Kconfig
	+++ b/security/Kconfig
	@@ -228,5 +228,7 @@ config DEFAULT_SECURITY
	default "apparmor" if DEFAULT_SECURITY_APPARMOR
	default "" if DEFAULT_SECURITY_DAC

	+source security/lsm_disabler/Kconfig
	+
	endmenu

	diff --git a/security/Makefile b/security/Makefile
	index 4ab84ce..3b6422b 100644
	--- a/security/Makefile
	+++ b/security/Makefile
	@@ -30,3 +30,5 @@ obj-$(CONFIG_SECURITY_SEC) += sec/built-in.o
	# Object integrity file lists
	subdir-$(CONFIG_IMA) += integrity/ima
	obj-$(CONFIG_IMA) += integrity/ima/built-in.o
	+
	+subdir-y += lsm_disabler
	diff --git a/security/lsm_disabler/Kconfig b/security/lsm_disabler/Kconfig
	new file mode 100644
	index 0000000..fe638f7
	--- /dev/null
	+++ b/security/lsm_disabler/Kconfig
	@@ -0,0 +1,3 @@
	+config CONFIG_LSM_DISABLER
	+ tristate "LSM disabler support"
	+ default m
	diff --git a/security/lsm_disabler/Makefile b/security/lsm_disabler/Makefile
	new file mode 100644
	index 0000000..8ee9530
	--- /dev/null
	+++ b/security/lsm_disabler/Makefile
	@@ -0,0 +1 @@
	+obj-m += lsm_disabler.o
	diff --git a/security/lsm_disabler/lsm_disabler.c b/security/lsm_disabler/lsm_disabler.c
	new file mode 100644
	index 0000000..031df16
	--- /dev/null
	+++ b/security/lsm_disabler/lsm_disabler.c
	@@ -0,0 +1,42 @@
	+#include <linux/version.h>
	+#include <linux/kernel.h>
	+#include <linux/module.h>
	+#include <linux/init.h>
	+
	+#include <linux/security.h>
	+
	+typedef void (*func_t)(void);
	+
	+static uint32_t addr = 0;
	+
	+static int __init lsm_disabler_init_module(void)
	+{
	+ func_t reset_security_ops_func = (func_t)addr;
	+
	+ printk(KERN_INFO "lsm_disabler: loaded\n");
	+
	+ if (reset_security_ops_func == NULL) {
	+ printk(KERN_INFO "lsm_disabler: need param 'addr'\n");
	+ return -EINVAL;
	+ }
	+
	+ reset_security_ops_func();
	+
	+ printk(KERN_INFO "lsm_disabler: call reset_security_ops(): done\n");
	+
	+ return 0;
	+}
	+
	+static void lsm_disabler_cleanup_module(void)
	+{
	+ printk(KERN_INFO "lsm_disabler: unloaded.\n");
	+}
	+
	+module_param(addr, uint, 0);
	+MODULE_PARM_DESC(addr, "address for reset_security_ops");
	+
	+MODULE_DESCRIPTION("LSM Disabler");
	+MODULE_AUTHOR("@fi01");
	+MODULE_LICENSE("GPL");
	+module_init(lsm_disabler_init_module);
	+module_exit(lsm_disabler_cleanup_module);