[PATCH] net device hooks

From: James Morris (jmorrisat_private)
Date: Sun Jul 22 2001 - 10:08:06 PDT

  • Next message: jmjonesat_private: "Re: Names vs. Inodes" 

    Hi Folks,

Attached below is a tentative patch to add hooks for network devices,
based upon the currently released selinux code.

The patch involves adding a security context to the net_device structure,
which may be used to store module-specific information with each active
device.

The new hooks are:

alloc_security()
        Called when a net device is registered or probed successfully,
        depending on the type of device and whether it is a module.  The
        LSM module would typically allocate a context structure and
        initialize it with some default value, and may return an error
        under OOM.

free_security()
        Called when a net device is being unregistered.  The LSM module
        should free any associated security context.

ioctl()
        This is called when certain ioctls are performed on a net device.
        Currently, the ioctls are interface configuration
        management calls per the netdevice(7) man page, for IPv4
        networking.  This hook may be useful for access/audit.

If the general scheme of this patch is acceptable (please discuss!),
more work would need to be done to make sure all of the net devices are
included.  The patch as it stands should work for most of the commonly
used net devices, although not yet for non-ethernet hardware drivers which
are compiled statically into the kernel (e.g. frame relay).


- James
-- 
James Morris
<jmorrisat_private>

diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/drivers/net/Space.c lsm-w4/drivers/net/Space.c
--- lsm/drivers/net/Space.c	Thu Jun 28 04:02:01 2001
+++ lsm-w4/drivers/net/Space.c	Mon Jul 23 02:38:15 2001
@@ -34,6 +34,7 @@
 #include <linux/init.h>
 #include <linux/netlink.h>
 #include <linux/divert.h>
+#include <linux/security.h>

 #define	NEXT_DEV	NULL

@@ -147,7 +148,7 @@
 			if (ret)
 				return ret;
 #endif /* CONFIG_NET_DIVERT */
-			return 0;
+			return security_ops->netdev_ops->alloc_security(dev);
 		} else if (p->status == 0) {		/* has autoprobe failed yet? */
 			p->status = p->probe(dev);	/* no, try autoprobe */
 			if (p->status == 0) {
@@ -156,7 +157,7 @@
 				if (ret)
 					return ret;
 #endif /* CONFIG_NET_DIVERT */
-				return 0;
+				return security_ops->netdev_ops->alloc_security(dev);
 			}
 		}
 		p++;
diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/drivers/net/loopback.c lsm-w4/drivers/net/loopback.c
--- lsm/drivers/net/loopback.c	Thu Jun 28 04:02:02 2001
+++ lsm-w4/drivers/net/loopback.c	Mon Jul 23 01:54:48 2001
@@ -39,6 +39,7 @@
 #include <linux/fcntl.h>
 #include <linux/in.h>
 #include <linux/init.h>
+#include <linux/security.h>

 #include <asm/system.h>
 #include <asm/uaccess.h>
@@ -127,5 +128,5 @@
 	 *	Fill in the generic fields of the device structure.
 	 */

-	return(0);
+	return security_ops->netdev_ops->alloc_security(dev);
 };
diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/include/linux/netdevice.h lsm-w4/include/linux/netdevice.h
--- lsm/include/linux/netdevice.h	Sat Jun 30 22:04:37 2001
+++ lsm-w4/include/linux/netdevice.h	Mon Jul 23 02:16:38 2001
@@ -408,6 +408,7 @@
 	/* this will get initialized at each interface type init routine */
 	struct divert_blk	*divert;
 #endif /* CONFIG_NET_DIVERT */
+	void			*security_context;	/* For LSM */
 };


diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/include/linux/security.h lsm-w4/include/linux/security.h
--- lsm/include/linux/security.h	Sat Jul 21 15:07:21 2001
+++ lsm-w4/include/linux/security.h	Mon Jul 23 02:16:37 2001
@@ -124,6 +124,13 @@
 struct socket_security_ops {
 };

+struct net_device;
+struct netdev_security_ops {
+	int (*alloc_security)		(struct net_device *dev);
+	int (*ioctl)			(struct net_device *dev, int cmd, void *arg);
+	void (*free_security)		(struct net_device *dev);
+};
+
 struct module_security_ops {
  	int  (* create_module)		(const char *name_user, size_t size);
  	int  (* init_module)		(const char *name_user, struct module *mod_user);
@@ -197,6 +204,7 @@
 	struct file_security_ops	* file_ops;
 	struct task_security_ops	* task_ops;
 	struct socket_security_ops	* socket_ops;
+	struct netdev_security_ops	* netdev_ops;
 	struct module_security_ops 	* module_ops;
 	struct ipc_security_ops		* ipc_ops;
 	struct msg_msg_security_ops	* msg_msg_ops;
diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/kernel/capability_plug.c lsm-w4/kernel/capability_plug.c
--- lsm/kernel/capability_plug.c	Sat Jul 21 15:07:21 2001
+++ lsm-w4/kernel/capability_plug.c	Mon Jul 23 02:31:43 2001
@@ -19,6 +19,7 @@
 #include <linux/slab.h>
 #include <linux/smp_lock.h>
 #include <asm/uaccess.h>
+#include <linux/netdevice.h>

 /* flag to keep track of how we were registered */
 static int secondary;
@@ -295,6 +296,10 @@
 	return;
 }

+static int cap_netdev_alloc_security	(struct net_device *dev) {return 0;}
+static int cap_netdev_ioctl		(struct net_device *dev, int cmd, void *arg) {return 0;}
+static void cap_netdev_free_security	(struct net_device *dev) {return;}
+
 static int cap_module_create_module	(const char *name_user, size_t size)			{return 0;}
 static int cap_module_init_module	(const char *name_user, struct module *mod_user)	{return 0;}
 static int cap_module_delete_module	(const char *name_user)					{return 0;}
@@ -404,6 +409,12 @@

 static struct socket_security_ops cap_socket_ops = {};

+static struct netdev_security_ops cap_netdev_ops = {
+	alloc_security:	cap_netdev_alloc_security,
+	ioctl:		cap_netdev_ioctl,
+	free_security:	cap_netdev_free_security,
+};
+
 static struct module_security_ops cap_module_ops = {
 	create_module:	cap_module_create_module,
 	init_module:	cap_module_init_module,
@@ -475,6 +486,7 @@
 	file_ops:		&cap_file_ops,
 	task_ops:		&cap_task_ops,
 	socket_ops:		&cap_socket_ops,
+	netdev_ops:		&cap_netdev_ops,
 	module_ops:		&cap_module_ops,
 	ipc_ops:		&cap_ipc_ops,
 	msg_msg_ops:		&cap_msg_ops,
diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/kernel/security.c lsm-w4/kernel/security.c
--- lsm/kernel/security.c	Sat Jul 21 15:07:21 2001
+++ lsm-w4/kernel/security.c	Mon Jul 23 01:59:19 2001
@@ -30,7 +30,7 @@

 #include <linux/module.h>
 #include <linux/sysctl.h>
-
+#include <linux/netdevice.h>



@@ -132,6 +132,10 @@

 static void dummy_task_kmod_set_label	(void)	                {return;}

+static int dummy_netdev_alloc_security	(struct net_device *dev) {return 0;}
+static int dummy_netdev_ioctl		(struct net_device *dev, int cmd, void *arg) {return 0;}
+static void dummy_netdev_free_security	(struct net_device *dev) {return;}
+
 static int dummy_module_create_module	(const char *name_user, size_t size)			{return 0;}
 static int dummy_module_init_module	(const char *name_user, struct module *mod_user)	{return 0;}
 static int dummy_module_delete_module	(const char *name_user)					{return 0;}
@@ -239,6 +243,12 @@

 static struct socket_security_ops dummy_socket_ops = {};

+static struct netdev_security_ops dummy_netdev_ops = {
+	alloc_security:	dummy_netdev_alloc_security,
+	ioctl:		dummy_netdev_ioctl,
+	free_security:	dummy_netdev_free_security,
+};
+
 static struct module_security_ops dummy_module_ops = {
 	create_module:	dummy_module_create_module,
 	init_module:	dummy_module_init_module,
@@ -310,6 +320,7 @@
 	file_ops:		&dummy_file_ops,
 	task_ops:		&dummy_task_ops,
 	socket_ops:		&dummy_socket_ops,
+	netdev_ops:		&dummy_netdev_ops,
 	ipc_ops:		&dummy_ipc_ops,
 	module_ops:		&dummy_module_ops,
 	msg_msg_ops:		&dummy_msg_msg_ops,
@@ -380,6 +391,7 @@
 	    !ops->file_ops ||
 	    !ops->task_ops ||
 	    !ops->socket_ops ||
+	    !ops->netdev_ops ||
 	    !ops->module_ops ||
 	    !ops->ipc_ops ||
 	    !ops->msg_msg_ops ||
diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/net/core/dev.c lsm-w4/net/core/dev.c
--- lsm/net/core/dev.c	Thu Jun 28 04:02:01 2001
+++ lsm-w4/net/core/dev.c	Mon Jul 23 01:41:56 2001
@@ -96,6 +96,7 @@
 #include <linux/init.h>
 #include <linux/kmod.h>
 #include <linux/module.h>
+#include <linux/security.h>
 #if defined(CONFIG_NET_RADIO) || defined(CONFIG_NET_PCMCIA_RADIO)
 #include <linux/wireless.h>		/* Note : will define WIRELESS_EXT */
 #endif	/* CONFIG_NET_RADIO || CONFIG_NET_PCMCIA_RADIO */
@@ -2385,9 +2386,7 @@
 int register_netdevice(struct net_device *dev)
 {
 	struct net_device *d, **dp;
-#ifdef CONFIG_NET_DIVERT
 	int ret;
-#endif

 	spin_lock_init(&dev->queue_lock);
 	spin_lock_init(&dev->xmit_lock);
@@ -2403,6 +2402,10 @@
 			return ret;
 #endif /* CONFIG_NET_DIVERT */

+		ret = security_ops->netdev_ops->alloc_security(dev);
+		if (ret)
+			return ret;
+
 		/* This is NOT bug, but I am not sure, that all the
 		   devices, initialized before netdev module is started
 		   are sane.
@@ -2444,6 +2447,10 @@
 		return ret;
 #endif /* CONFIG_NET_DIVERT */

+	ret = security_ops->netdev_ops->alloc_security(dev);
+	if (ret)
+		return ret;
+
 	dev->iflink = -1;

 	/* Init, if this function is available */
@@ -2594,6 +2601,8 @@
 	free_divert_blk(dev);
 #endif

+	security_ops->netdev_ops->free_security(dev);
+
 	if (dev->features & NETIF_F_DYNALLOC) {
 #ifdef NET_REFCNT_DEBUG
 		if (atomic_read(&dev->refcnt) != 1)
diff -urN --exclude SCCS --exclude BitKeeper --exclude ChangeSet lsm/net/ipv4/devinet.c lsm-w4/net/ipv4/devinet.c
--- lsm/net/ipv4/devinet.c	Thu Jun 28 04:02:01 2001
+++ lsm-w4/net/ipv4/devinet.c	Mon Jul 23 01:49:09 2001
@@ -51,6 +51,7 @@
 #include <linux/sysctl.h>
 #endif
 #include <linux/kmod.h>
+#include <linux/security.h>

 #include <net/ip.h>
 #include <net/route.h>
@@ -524,6 +525,10 @@
 		ret = -ENODEV;
 		goto done;
 	}
+
+	ret = security_ops->netdev_ops->ioctl(dev, cmd, &ifr);
+	if (ret)
+		goto done;

 	if (colon)
 		*colon = ':';


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

    This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 10:10:13 PDT