[patch] Hook for d_instantiate

• Previous message: Stephen D. Smalley: "Re: OWLSM - please update! Also, here are tweaks to stack it."
• Next in thread: Stephen D. Smalley: "Re: [patch] Hook for d_instantiate"
• Maybe reply: Stephen D. Smalley: "Re: [patch] Hook for d_instantiate"
• Reply: Greg KH: "Re: [patch] Hook for d_instantiate"
• Reply: Stephen D. Smalley: "Re: [patch] Hook for d_instantiate"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The attached patch adds a hook for d_instantiate to the lsm-2.5 tree.  I also 
have a patch for the 2.4 tree, but it is essentially the same other than the 
extra diff in 2.5 for d_splice_alias.

The purpose of this hook is to provide security modules with a reliable means of 
initializing the inode security structures before the inode becomes accessible 
through the dcache.  The existing inode_post_lookup hook is inadequate in 
several ways:
1) It is subject to races since the inode is already accessible through the 
dcache before it is called,
2) It doesn't handle filesystems that directly populate the dcache,
3) It isn't always called in the desired context, e.g. for pipe, shm, and devpts 
inodes, we want to perform this initialization in the context of the allocating 
process after the inode's other state such as mode and uid have been set.

Note that the d_instantiate hook call is performed before attaching the inode 
and before taking the dcache lock.  

A few caveats when implementing this hook:
a) The 'inode' can be NULL.  Most (all?) modules will simply return immediately 
in that case.  We could optionally only call the hook for non-NULL inodes.
b) The inode is not attached yet when this hook is called.  Don't try to use 
dentry->d_inode.  That's the point. You get to fill in the inode security
state before it gets attached.

--
Stephen Smalley, NSA
sdsat_private


Index: lsm-2.5/fs/dcache.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/fs/dcache.c,v
retrieving revision 1.1.1.18
diff -u -r1.1.1.18 dcache.c
--- lsm-2.5/fs/dcache.c	25 Nov 2002 13:30:33 -0000	1.1.1.18
+++ lsm-2.5/fs/dcache.c	19 Dec 2002 13:32:06 -0000
@@ -25,6 +25,7 @@
 #include <linux/module.h>
 #include <linux/mount.h>
 #include <asm/uaccess.h>
+#include <linux/security.h>
 
 #define DCACHE_PARANOIA 1
 /* #define DCACHE_DEBUG 1 */
@@ -699,6 +700,7 @@
 void d_instantiate(struct dentry *entry, struct inode * inode)
 {
 	if (!list_empty(&entry->d_alias)) BUG();
+	security_d_instantiate(entry, inode);
 	spin_lock(&dcache_lock);
 	if (inode)
 		list_add(&entry->d_alias, &inode->i_dentry);
@@ -825,6 +827,7 @@
 	struct dentry *new = NULL;
 
 	if (inode && S_ISDIR(inode->i_mode)) {
+		security_d_instantiate(dentry, inode);
 		spin_lock(&dcache_lock);
 		if (!list_empty(&inode->i_dentry)) {
 			new = list_entry(inode->i_dentry.next, struct dentry, d_alias);
Index: lsm-2.5/include/linux/security.h
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/include/linux/security.h,v
retrieving revision 1.30
diff -u -r1.30 security.h
--- lsm-2.5/include/linux/security.h	4 Dec 2002 21:58:27 -0000	1.30
+++ lsm-2.5/include/linux/security.h	18 Dec 2002 15:23:42 -0000
@@ -1375,6 +1375,8 @@
 	                          struct security_operations *ops);
 	int (*unregister_security) (const char *name,
 	                            struct security_operations *ops);
+
+	void (*d_instantiate) (struct dentry * dentry, struct inode * inode);
 };
 
 /* global variables */
@@ -2244,6 +2247,10 @@
 	return security_ops->sem_semctl(sma, cmd);
 }
 
+static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode)
+{
+	security_ops->d_instantiate (dentry, inode);
+}
 
 /* prototypes */
 extern int security_scaffolding_startup	(void);
@@ -3066,6 +3073,9 @@
 {
 	return 0;
 }
+
+static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode)
+{ }
 
 #endif	/* CONFIG_SECURITY */
 
Index: lsm-2.5/security/dummy.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/security/dummy.c,v
retrieving revision 1.30
diff -u -r1.30 dummy.c
--- lsm-2.5/security/dummy.c	13 Dec 2002 20:26:34 -0000	1.30
+++ lsm-2.5/security/dummy.c	18 Dec 2002 15:23:42 -0000
@@ -873,6 +873,12 @@
 	return -EINVAL;
 }
 
+static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode)
+{
+	return;
+}
+
+
 struct security_operations dummy_security_ops;
 
 #define set_to_dummy_if_null(ops, function)				\
@@ -1039,5 +1045,6 @@
 	set_to_dummy_if_null(ops, skb_set_owner_w);
 	set_to_dummy_if_null(ops, skb_recv_datagram);
 	set_to_dummy_if_null(ops, skb_free_security);
+	set_to_dummy_if_null(ops, d_instantiate);
 }
 

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: David Wheeler: "Re: OWLSM - please update! Also, here are tweaks to stack it."
• Previous message: Stephen D. Smalley: "Re: OWLSM - please update! Also, here are tweaks to stack it."
• Next in thread: Stephen D. Smalley: "Re: [patch] Hook for d_instantiate"
• Maybe reply: Stephen D. Smalley: "Re: [patch] Hook for d_instantiate"
• Reply: Greg KH: "Re: [patch] Hook for d_instantiate"
• Reply: Stephen D. Smalley: "Re: [patch] Hook for d_instantiate"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 19 2002 - 19:31:55 PST