Re: LSM: mod_reg_security

From: Chris Wright (chrisat_private)
Date: Thu Jan 16 2003 - 17:34:33 PST

  • Next message: Chris Wright: "Re: Question about opaque security field"

    * Koichi ONOUE (koichiat_private) wrote:
    > I would like to use  "mod_reg_security()" in order to use 
    > multiple modules. 
    > I succeed at "insmond" as each sub-modules of primary module,
    > but I don't know how each sub-modules are classify in hook 
    > function. Please tell me how to classify (and use) specified 
    > sub-module in hook function.
    
    Say you have two modules: the primary which is loaded first and uses
    register_security(); and the secondary, which is loaded second and uses
    mod_reg_security().  The way to actually use both modules really through
    the primary module.  The  primary module registers with the kernel
    (using register_security()) so the kernel hooks will only call into the
    primary module.  The primary module can then choose to call into the
    secondary module if desired.
    
    So here is very rough example code from a primary module that
    can stack with a secondary module (this does not account for
    sharing the security blob in the object, e.g. inode->i_security).
    For more detailed info, look at David Wheeler's Stacker module
    <http://www.dwheeler.com/misc/stacker.c>.
    
    static struct security_operations my_ops = { ... }; /* fill out your ops */
    static struct security_operations my_second_ops;
    static int secondary;	/* statically initialized to zero */
    my_module_init() {
    	register_security(&my_ops);
    
    }
    
    my_mod_reg_security_hook(name, ops) {
    	/* do some validation */
    	my_second_ops = ops;
    	secondary = 1;	/* toggle secondary mode */
    }
    
    my_random_lsm_hook(...) {
    
    	int error;
    	if (secondary)
    		error = my_second_ops->random_lsm_hook(...);
    		if (error)
    			goto out;
    	
    	error = /* the stuff this module cares about */
    out:
    	return error;
    }
    
    hope that helps,
    -chris
    -- 
    Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Jan 16 2003 - 17:41:03 PST