Here is the patch which introduces 3 new hooks to replace
attach_pathlabel. I've tested it with a dummy lsm-based dte
system with very simple static policy.
-serge
diff -rU 10 linux/fs/namei.c linux-dte/fs/namei.c
--- linux/fs/namei.c Sat Jul 7 12:34:18 2001
+++ linux-dte/fs/namei.c Mon Jul 9 11:08:08 2001
@@ -284,22 +284,24 @@
result = d_lookup(parent, name);
if (!result) {
struct dentry * dentry = d_alloc(parent, name);
result = ERR_PTR(-ENOMEM);
if (dentry) {
lock_kernel();
result = dir->i_op->lookup(dir, dentry);
unlock_kernel();
if (result)
dput(dentry);
- else
+ else {
result = dentry;
+ security_ops->inode_ops->post_lookup(dir, result);
+ }
}
up(&dir->i_sem);
return result;
}
/*
* Uhhuh! Nasty case: the cache was re-populated while
* we waited on the semaphore. Need to revalidate.
*/
up(&dir->i_sem);
diff -rU 10 linux/fs/super.c linux-dte/fs/super.c
--- linux/fs/super.c Sat Jul 7 12:34:18 2001
+++ linux-dte/fs/super.c Mon Jul 9 14:55:55 2001
@@ -1256,20 +1256,21 @@
if (path_init(old_name, LOOKUP_POSITIVE|LOOKUP_FOLLOW, &old_nd))
err = path_walk(old_name, &old_nd);
if (err)
return err;
down(&mount_sem);
err = -ENOMEM;
mnt = clone_mnt(old_nd.mnt, old_nd.dentry);
if (mnt) {
err = graft_tree(mnt, nd);
+ security_ops->post_graft(mnt, nd);
mntput(mnt);
}
up(&mount_sem);
path_release(&old_nd);
return err;
}
/*
* change filesystem flags. dir should be a physical root of filesystem.
* If you've mounted a non-root directory somewhere and want to do remount
@@ -1354,22 +1355,24 @@
list_add(&mnt->mnt_instances, &sb->s_mounts);
spin_unlock(&dcache_lock);
/* Something was mounted here while we slept */
while(d_mountpoint(nd->dentry) && follow_down(&nd->mnt, &nd->dentry))
;
/* Refuse the same filesystem on the same mount point */
if (nd->mnt->mnt_sb == sb && nd->mnt->mnt_root == nd->dentry)
retval = -EBUSY;
- else
+ else {
retval = graft_tree(mnt, nd);
+ security_ops->post_graft(mnt, nd);
+ }
mntput(mnt);
up(&mount_sem);
fs_out:
put_filesystem(fstype);
return retval;
}
static int copy_mount_options (const void *data, unsigned long *where)
{
int i;
@@ -1639,20 +1642,23 @@
fs_type->name,
(sb->s_flags & MS_RDONLY) ? " readonly" : "");
if (path_start >= 0) {
devfs_mk_symlink (NULL, "root", DEVFS_FL_DEFAULT,
path + 5 + path_start, NULL, NULL);
memcpy (path + path_start, "/dev/", 5);
vfsmnt = add_vfsmnt(sb->s_root, path + path_start);
}
else
vfsmnt = add_vfsmnt(sb->s_root, "/dev/root");
+
+ security_ops->post_mountroot(sb);
+
/* FIXME: if something will try to umount us right now... */
if (vfsmnt) {
set_fs_root(current->fs, vfsmnt, sb->s_root);
set_fs_pwd(current->fs, vfsmnt, sb->s_root);
if (bdev)
bdput(bdev); /* sb holds a reference */
return;
}
panic("VFS: add_vfsmnt failed for root fs");
}
diff -rU 10 linux/include/linux/security.h linux-dte/include/linux/security.h
--- linux/include/linux/security.h Sat Jul 7 17:20:33 2001
+++ linux-dte/include/linux/security.h Sat Jul 7 14:20:09 2001
@@ -70,20 +70,21 @@
struct inode *new_dir, struct dentry *new_dentry);
void (* post_rename) (struct inode *old_dir, struct dentry *old_dentry,
struct inode *new_dir, struct dentry *new_dentry);
int (* readlink) (struct dentry *dentry, char *buf, int bufsiz);
int (* follow_link) (struct dentry *dentry, struct nameidata *nd);
int (* truncate) (struct inode *inode);
int (* permission) (struct inode *inode, int mask);
int (* revalidate) (struct dentry *dentry);
int (* setattr) (struct dentry *dentry, struct iattr *attr);
int (* stat) (struct inode *inode);
+ void (* post_lookup) (struct inode *ino, struct dentry *d);
};
struct file_security_ops {
int (* permission) (struct file *, int);
int (* alloc_security) (struct file *);
void (* free_security) (struct file *);
/* cmw: essentially copied from struct file_operations */
int (* llseek) (struct file *);
int (* read) (struct file *);
int (* write) (struct file *);
@@ -180,20 +181,22 @@
void (* umount_busy) (struct vfsmount *mnt);
int (* remount) (struct vfsmount *mnt, unsigned long flags, void *data);
void (* post_remount) (struct vfsmount *mnt, unsigned long flags, void *data);
int (* ioperm) (unsigned long from, unsigned long num, int turn_on);
int (* iopl) (unsigned int old, unsigned int level);
int (* ptrace) (struct task_struct *parent, struct task_struct *child);
int (* setcapability) (void);
int (* acct) (struct file *file);
int (* sysctl) (ctl_table * table, int op);
int (* capable) (struct task_struct *tsk, int cap);
+ void (* post_mountroot) (struct super_block *sb);
+ void (* post_graft) (struct vfsmount *mnt, struct nameidata *mountpoint_nd);
struct binprm_security_ops * bprm_ops;
struct super_block_security_ops * sb_ops;
struct inode_security_ops * inode_ops;
struct file_security_ops * file_ops;
struct task_security_ops * task_ops;
struct socket_security_ops * socket_ops;
struct module_security_ops * module_ops;
struct ipc_security_ops * ipc_ops;
struct msg_msg_security_ops * msg_msg_ops;
diff -rU 10 linux/kernel/capability_plug.c linux-dte/kernel/capability_plug.c
--- linux/kernel/capability_plug.c Sat Jul 7 12:34:19 2001
+++ linux-dte/kernel/capability_plug.c Sat Jul 7 14:21:21 2001
@@ -37,20 +37,23 @@
static int cap_capable (struct task_struct *tsk, int cap)
{
/* Derived from include/linux/sched.h:capable. */
if (cap_raised(tsk->cap_effective, cap))
return 0;
else
return -EPERM;
}
+static void cap_post_mountroot (struct super_block *sb) {return;}
+static void cap_post_graft (struct vfsmount *mnt, struct nameidata *nd) {return;}
+
static int cap_ptrace(struct task_struct *parent, struct task_struct *child)
{
/* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */
if (!cap_issubset(child->cap_permitted, current->cap_permitted) &&
!cap_capable(current, CAP_SYS_PTRACE))
return -EPERM;
else
return 0;
}
@@ -157,20 +160,21 @@
static void cap_inode_post_mknod (struct inode *inode, struct dentry *dentry, int major, dev_t minor) {return;}
static int cap_inode_rename (struct inode *old_inode, struct dentry *old_dentry, struct inode *new_inode, struct dentry *new_dentry) {return 0;}
static void cap_inode_post_rename (struct inode *old_inode, struct dentry *old_dentry, struct inode *new_inode, struct dentry *new_dentry) {return;}
static int cap_inode_readlink (struct dentry *dentry, char *name, int mask) {return 0;}
static int cap_inode_follow_link (struct dentry *dentry, struct nameidata *nameidata) {return 0;}
static int cap_inode_truncate (struct inode *inode) {return 0;}
static int cap_inode_permission (struct inode *inode, int mask) {return 0;}
static int cap_inode_revalidate (struct dentry *inode) {return 0;}
static int cap_inode_setattr (struct dentry *dentry, struct iattr *iattr) {return 0;}
static int cap_inode_stat (struct inode *inode) {return 0;}
+static void cap_post_lookup (struct inode *ino, struct dentry *d) {return;}
static int cap_file_permission (struct file *file, int mask) {return 0;}
static int cap_file_alloc_security (struct file *file) {return 0;}
static void cap_file_free_security (struct file *file) {return;}
static int cap_file_llseek (struct file *file) {return 0;}
static int cap_file_read (struct file *file) {return 0;}
static int cap_file_write (struct file *file) {return 0;}
static int cap_file_ioctl (struct file *file, unsigned int command
, unsigned long arg) {return 0;}
static int cap_file_mmap (struct file *file, unsigned long prot, unsigned long flags) {return 0;}
@@ -352,20 +356,21 @@
post_mknod: cap_inode_post_mknod,
rename: cap_inode_rename,
post_rename: cap_inode_post_rename,
readlink: cap_inode_readlink,
follow_link: cap_inode_follow_link,
truncate: cap_inode_truncate,
permission: cap_inode_permission,
revalidate: cap_inode_revalidate,
setattr: cap_inode_setattr,
stat: cap_inode_stat,
+ post_lookup: cap_post_lookup,
};
static struct file_security_ops cap_file_ops = {
permission: cap_file_permission,
alloc_security: cap_file_alloc_security,
free_security: cap_file_free_security,
llseek: cap_file_llseek,
read: cap_file_read,
write: cap_file_write,
ioctl: cap_file_ioctl,
@@ -452,20 +457,22 @@
umount_close: cap_umount_close,
umount_busy: cap_umount_busy,
remount: cap_remount,
post_remount: cap_post_remount,
ioperm: cap_ioperm,
iopl: cap_iopl,
ptrace: cap_ptrace,
setcapability: cap_setcapablity,
acct: cap_acct,
capable: cap_capable,
+ post_mountroot: cap_post_mountroot,
+ post_graft: cap_post_graft,
bprm_ops: &cap_binprm_ops,
sb_ops: &cap_sb_ops,
inode_ops: &cap_inode_ops,
file_ops: &cap_file_ops,
task_ops: &cap_task_ops,
socket_ops: &cap_socket_ops,
module_ops: &cap_module_ops,
ipc_ops: &cap_ipc_ops,
msg_msg_ops: &cap_msg_ops,
diff -rU 10 linux/kernel/security.c linux-dte/kernel/security.c
--- linux/kernel/security.c Sat Jul 7 12:34:19 2001
+++ linux-dte/kernel/security.c Mon Jul 9 14:47:48 2001
@@ -55,20 +55,22 @@
{
if (cap_is_fs_cap(cap) ? tsk->fsuid == 0 : tsk->euid == 0)
/* capability granted */
return 0;
/* capability denied */
return -EPERM;
}
static int dummy_sysctl (ctl_table * table, int op) {return 0;}
+static void dummy_post_mountroot (struct super_block *sb) {return;}
+static void dummy_post_graft (struct vfsmount *mnt, struct nameidata *nd) {return;}
static int dummy_binprm_alloc_security (struct linux_binprm *bprm) {return 0;}
static void dummy_binprm_free_security (struct linux_binprm *bprm) {return;}
static void dummy_binprm_compute_creds (struct linux_binprm *bprm) {return;}
static int dummy_sb_alloc_security (struct super_block *sb) {return 0;}
static void dummy_sb_free_security (struct super_block *sb) {return;}
static int dummy_sb_statfs (struct super_block *sb) {return 0;}
static int dummy_inode_alloc_security (struct inode *inode) {return 0;}
static void dummy_inode_free_security (struct inode *inode) {return;}
@@ -86,20 +88,21 @@
static void dummy_inode_post_mknod (struct inode *inode, struct dentry *dentry, int major, dev_t minor) {return;}
static int dummy_inode_rename (struct inode *old_inode, struct dentry *old_dentry, struct inode *new_inode, struct dentry *new_dentry) {return 0;}
static void dummy_inode_post_rename (struct inode *old_inode, struct dentry *old_dentry, struct inode *new_inode, struct dentry *new_dentry) {return;}
static int dummy_inode_readlink (struct dentry *dentry, char *name, int mask) {return 0;}
static int dummy_inode_follow_link (struct dentry *dentry, struct nameidata *nameidata) {return 0;}
static int dummy_inode_truncate (struct inode *inode) {return 0;}
static int dummy_inode_permission (struct inode *inode, int mask) { return 0; }
static int dummy_inode_revalidate (struct dentry *inode) {return 0;}
static int dummy_inode_setattr (struct dentry *dentry, struct iattr *iattr) {return 0;}
static int dummy_inode_stat (struct inode *inode) {return 0;}
+static void dummy_post_lookup (struct inode *ino, struct dentry *d) {return;};
static int dummy_file_permission (struct file *file, int mask) {return 0;}
static int dummy_file_alloc_security (struct file *file) {return 0;}
static void dummy_file_free_security (struct file *file) {return;}
static int dummy_file_llseek (struct file *file) {return 0;}
static int dummy_file_read (struct file *file) {return 0;}
static int dummy_file_write (struct file *file) {return 0;}
static int dummy_file_ioctl (struct file *file, unsigned int command, unsigned long arg) {return 0;}
static int dummy_file_mmap (struct file *file, unsigned long prot, unsigned long flags) {return 0;}
static int dummy_file_mprotect (struct vm_area_struct *vma, unsigned long prot) {return 0;}
@@ -189,20 +192,21 @@
post_mknod: dummy_inode_post_mknod,
rename: dummy_inode_rename,
post_rename: dummy_inode_post_rename,
readlink: dummy_inode_readlink,
follow_link: dummy_inode_follow_link,
truncate: dummy_inode_truncate,
permission: dummy_inode_permission,
revalidate: dummy_inode_revalidate,
setattr: dummy_inode_setattr,
stat: dummy_inode_stat,
+ post_lookup: dummy_post_lookup,
};
static struct file_security_ops dummy_file_ops = {
permission: dummy_file_permission,
alloc_security: dummy_file_alloc_security,
free_security: dummy_file_free_security,
llseek: dummy_file_llseek,
read: dummy_file_read,
write: dummy_file_write,
ioctl: dummy_file_ioctl,
@@ -290,20 +294,22 @@
umount_busy: dummy_umount_busy,
remount: dummy_remount,
post_remount: dummy_post_remount,
ioperm: dummy_ioperm,
iopl: dummy_iopl,
ptrace: dummy_ptrace,
setcapability: dummy_setcapablity,
acct: dummy_acct,
capable: dummy_capable,
sysctl: dummy_sysctl,
+ post_mountroot: dummy_post_mountroot,
+ post_graft: dummy_post_graft,
bprm_ops: &dummy_binprm_ops,
sb_ops: &dummy_sb_ops,
inode_ops: &dummy_inode_ops,
file_ops: &dummy_file_ops,
task_ops: &dummy_task_ops,
socket_ops: &dummy_socket_ops,
ipc_ops: &dummy_ipc_ops,
module_ops: &dummy_module_ops,
msg_msg_ops: &dummy_msg_msg_ops,
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 12:36:24 PDT