From 8a076191f373abaeb4aa5f6755d22e49db98940f Mon Sep 17 00:00:00 2001 From: "Ahmed S. Darwish" Date: Sat, 1 Mar 2008 21:51:09 +0200 Subject: LSM: Introduce inode_getsecid and ipc_getsecid hooks Introduce inode_getsecid(inode, secid) and ipc_getsecid(ipcp, secid) LSM hooks. These hooks will be used instead of similar exported SELinux interfaces. Let {inode,ipc,task}_getsecid hooks set the secid to 0 by default if CONFIG_SECURITY is not defined or if the hook is set to NULL (dummy). This is done to notify the caller that no valid secid exists. Signed-off-by: Casey Schaufler Signed-off-by: Ahmed S. Darwish Acked-by: James Morris Reviewed-by: Paul Moore --- security/security.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'security/security.c') diff --git a/security/security.c b/security/security.c index 9beecac..290482b 100644 --- a/security/security.c +++ b/security/security.c @@ -523,6 +523,11 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer return security_ops->inode_listsecurity(inode, buffer, buffer_size); } +void security_inode_getsecid(const struct inode *inode, u32 *secid) +{ + security_ops->inode_getsecid(inode, secid); +} + int security_file_permission(struct file *file, int mask) { return security_ops->file_permission(file, mask); @@ -712,6 +717,11 @@ int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) return security_ops->ipc_permission(ipcp, flag); } +void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +{ + security_ops->ipc_getsecid(ipcp, secid); +} + int security_msg_msg_alloc(struct msg_msg *msg) { return security_ops->msg_msg_alloc_security(msg); -- cgit v1.1 From 03d37d25e0f91b28c4b6d002be6221f1af4b19d8 Mon Sep 17 00:00:00 2001 From: "Ahmed S. Darwish" Date: Sat, 1 Mar 2008 22:00:05 +0200 Subject: LSM/Audit: Introduce generic Audit LSM hooks Introduce a generic Audit interface for security modules by adding the following new LSM hooks: audit_rule_init(field, op, rulestr, lsmrule) audit_rule_known(krule) audit_rule_match(secid, field, op, rule, actx) audit_rule_free(rule) Those hooks are only available if CONFIG_AUDIT is enabled. Signed-off-by: Casey Schaufler Signed-off-by: Ahmed S. Darwish Acked-by: James Morris Reviewed-by: Paul Moore --- security/security.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'security/security.c') diff --git a/security/security.c b/security/security.c index 290482b..2ef593e 100644 --- a/security/security.c +++ b/security/security.c @@ -1120,3 +1120,28 @@ int security_key_permission(key_ref_t key_ref, } #endif /* CONFIG_KEYS */ + +#ifdef CONFIG_AUDIT + +int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +{ + return security_ops->audit_rule_init(field, op, rulestr, lsmrule); +} + +int security_audit_rule_known(struct audit_krule *krule) +{ + return security_ops->audit_rule_known(krule); +} + +void security_audit_rule_free(void *lsmrule) +{ + security_ops->audit_rule_free(lsmrule); +} + +int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, + struct audit_context *actx) +{ + return security_ops->audit_rule_match(secid, field, op, lsmrule, actx); +} + +#endif /* CONFIG_AUDIT */ -- cgit v1.1 From 076c54c5bcaed2081c0cba94a6f77c4d470236ad Mon Sep 17 00:00:00 2001 From: "Ahmed S. Darwish" Date: Thu, 6 Mar 2008 18:09:10 +0200 Subject: Security: Introduce security= boot parameter Add the security= boot parameter. This is done to avoid LSM registration clashes in case of more than one bult-in module. User can choose a security module to enable at boot. If no security= boot parameter is specified, only the first LSM asking for registration will be loaded. An invalid security module name will be treated as if no module has been chosen. LSM modules must check now if they are allowed to register by calling security_module_enable(ops) first. Modify SELinux and SMACK to do so. Do not let SMACK register smackfs if it was not chosen on boot. Smackfs assumes that smack hooks are registered and the initial task security setup (swapper->security) is done. Signed-off-by: Ahmed S. Darwish Acked-by: James Morris --- security/security.c | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) (limited to 'security/security.c') diff --git a/security/security.c b/security/security.c index 2ef593e..dd0c6ba 100644 --- a/security/security.c +++ b/security/security.c @@ -17,6 +17,8 @@ #include #include +/* Boot-time LSM user choice */ +static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1]; /* things that live in dummy.c */ extern struct security_operations dummy_security_ops; @@ -67,13 +69,47 @@ int __init security_init(void) return 0; } +/* Save user chosen LSM */ +static int __init choose_lsm(char *str) +{ + strncpy(chosen_lsm, str, SECURITY_NAME_MAX); + return 1; +} +__setup("security=", choose_lsm); + +/** + * security_module_enable - Load given security module on boot ? + * @ops: a pointer to the struct security_operations that is to be checked. + * + * Each LSM must pass this method before registering its own operations + * to avoid security registration races. This method may also be used + * to check if your LSM is currently loaded. + * + * Return true if: + * -The passed LSM is the one chosen by user at boot time, + * -or user didsn't specify a specific LSM and we're the first to ask + * for registeration permissoin, + * -or the passed LSM is currently loaded. + * Otherwise, return false. + */ +int __init security_module_enable(struct security_operations *ops) +{ + if (!*chosen_lsm) + strncpy(chosen_lsm, ops->name, SECURITY_NAME_MAX); + else if (strncmp(ops->name, chosen_lsm, SECURITY_NAME_MAX)) + return 0; + + return 1; +} + /** * register_security - registers a security framework with the kernel * @ops: a pointer to the struct security_options that is to be registered * * This function is to allow a security module to register itself with the * kernel security subsystem. Some rudimentary checking is done on the @ops - * value passed to this function. + * value passed to this function. You'll need to check first if your LSM + * is allowed to register its @ops by calling security_module_enable(@ops). * * If there is already a security module registered with the kernel, * an error will be returned. Otherwise 0 is returned on success. -- cgit v1.1 From 7cea51be4e91edad05bd834f3235b45c57783f0d Mon Sep 17 00:00:00 2001 From: James Morris Date: Fri, 7 Mar 2008 12:23:49 +1100 Subject: security: fix up documentation for security_module_enable security_module_enable() can only be called during kernel init. Signed-off-by: James Morris --- security/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security/security.c') diff --git a/security/security.c b/security/security.c index dd0c6ba..4a6265a 100644 --- a/security/security.c +++ b/security/security.c @@ -83,7 +83,7 @@ __setup("security=", choose_lsm); * * Each LSM must pass this method before registering its own operations * to avoid security registration races. This method may also be used - * to check if your LSM is currently loaded. + * to check if your LSM is currently loaded during kernel initialization. * * Return true if: * -The passed LSM is the one chosen by user at boot time, -- cgit v1.1