From 8a076191f373abaeb4aa5f6755d22e49db98940f Mon Sep 17 00:00:00 2001 From: "Ahmed S. Darwish" Date: Sat, 1 Mar 2008 21:51:09 +0200 Subject: LSM: Introduce inode_getsecid and ipc_getsecid hooks Introduce inode_getsecid(inode, secid) and ipc_getsecid(ipcp, secid) LSM hooks. These hooks will be used instead of similar exported SELinux interfaces. Let {inode,ipc,task}_getsecid hooks set the secid to 0 by default if CONFIG_SECURITY is not defined or if the hook is set to NULL (dummy). This is done to notify the caller that no valid secid exists. Signed-off-by: Casey Schaufler Signed-off-by: Ahmed S. Darwish Acked-by: James Morris Reviewed-by: Paul Moore --- security/dummy.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'security/dummy.c') diff --git a/security/dummy.c b/security/dummy.c index 78d8f92310a4..fb2e942efbb6 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -424,6 +424,11 @@ static int dummy_inode_listsecurity(struct inode *inode, char *buffer, size_t bu return 0; } +static void dummy_inode_getsecid(const struct inode *inode, u32 *secid) +{ + *secid = 0; +} + static int dummy_file_permission (struct file *file, int mask) { return 0; @@ -542,7 +547,9 @@ static int dummy_task_getsid (struct task_struct *p) } static void dummy_task_getsecid (struct task_struct *p, u32 *secid) -{ } +{ + *secid = 0; +} static int dummy_task_setgroups (struct group_info *group_info) { @@ -616,6 +623,11 @@ static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag) return 0; } +static void dummy_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +{ + *secid = 0; +} + static int dummy_msg_msg_alloc_security (struct msg_msg *msg) { return 0; @@ -1058,6 +1070,7 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, inode_getsecurity); set_to_dummy_if_null(ops, inode_setsecurity); set_to_dummy_if_null(ops, inode_listsecurity); + set_to_dummy_if_null(ops, inode_getsecid); set_to_dummy_if_null(ops, file_permission); set_to_dummy_if_null(ops, file_alloc_security); set_to_dummy_if_null(ops, file_free_security); @@ -1094,6 +1107,7 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, task_reparent_to_init); set_to_dummy_if_null(ops, task_to_inode); set_to_dummy_if_null(ops, ipc_permission); + set_to_dummy_if_null(ops, ipc_getsecid); set_to_dummy_if_null(ops, msg_msg_alloc_security); set_to_dummy_if_null(ops, msg_msg_free_security); set_to_dummy_if_null(ops, msg_queue_alloc_security); -- cgit v1.2.3 From 03d37d25e0f91b28c4b6d002be6221f1af4b19d8 Mon Sep 17 00:00:00 2001 From: "Ahmed S. Darwish" Date: Sat, 1 Mar 2008 22:00:05 +0200 Subject: LSM/Audit: Introduce generic Audit LSM hooks Introduce a generic Audit interface for security modules by adding the following new LSM hooks: audit_rule_init(field, op, rulestr, lsmrule) audit_rule_known(krule) audit_rule_match(secid, field, op, rule, actx) audit_rule_free(rule) Those hooks are only available if CONFIG_AUDIT is enabled. Signed-off-by: Casey Schaufler Signed-off-by: Ahmed S. Darwish Acked-by: James Morris Reviewed-by: Paul Moore --- security/dummy.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) (limited to 'security/dummy.c') diff --git a/security/dummy.c b/security/dummy.c index fb2e942efbb6..1ac9f8e66aa2 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -993,6 +993,30 @@ static inline int dummy_key_permission(key_ref_t key_ref, } #endif /* CONFIG_KEYS */ +#ifdef CONFIG_AUDIT +static inline int dummy_audit_rule_init(u32 field, u32 op, char *rulestr, + void **lsmrule) +{ + return 0; +} + +static inline int dummy_audit_rule_known(struct audit_krule *krule) +{ + return 0; +} + +static inline int dummy_audit_rule_match(u32 secid, u32 field, u32 op, + void *lsmrule, + struct audit_context *actx) +{ + return 0; +} + +static inline void dummy_audit_rule_free(void *lsmrule) +{ } + +#endif /* CONFIG_AUDIT */ + struct security_operations dummy_security_ops; #define set_to_dummy_if_null(ops, function) \ @@ -1182,6 +1206,11 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, key_free); set_to_dummy_if_null(ops, key_permission); #endif /* CONFIG_KEYS */ - +#ifdef CONFIG_AUDIT + set_to_dummy_if_null(ops, audit_rule_init); + set_to_dummy_if_null(ops, audit_rule_known); + set_to_dummy_if_null(ops, audit_rule_match); + set_to_dummy_if_null(ops, audit_rule_free); +#endif } -- cgit v1.2.3 From 076c54c5bcaed2081c0cba94a6f77c4d470236ad Mon Sep 17 00:00:00 2001 From: "Ahmed S. Darwish" Date: Thu, 6 Mar 2008 18:09:10 +0200 Subject: Security: Introduce security= boot parameter Add the security= boot parameter. This is done to avoid LSM registration clashes in case of more than one bult-in module. User can choose a security module to enable at boot. If no security= boot parameter is specified, only the first LSM asking for registration will be loaded. An invalid security module name will be treated as if no module has been chosen. LSM modules must check now if they are allowed to register by calling security_module_enable(ops) first. Modify SELinux and SMACK to do so. Do not let SMACK register smackfs if it was not chosen on boot. Smackfs assumes that smack hooks are registered and the initial task security setup (swapper->security) is done. Signed-off-by: Ahmed S. Darwish Acked-by: James Morris --- security/dummy.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'security/dummy.c') diff --git a/security/dummy.c b/security/dummy.c index 1ac9f8e66aa2..d797a4196b89 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -1017,7 +1017,9 @@ static inline void dummy_audit_rule_free(void *lsmrule) #endif /* CONFIG_AUDIT */ -struct security_operations dummy_security_ops; +struct security_operations dummy_security_ops = { + .name = "dummy", +}; #define set_to_dummy_if_null(ops, function) \ do { \ -- cgit v1.2.3