path_post_lookup

• Previous message: mit96pceat_private: "Your details"
• Next in thread: Stephen Smalley: "Re: path_post_lookup"
• Reply: Stephen Smalley: "Re: path_post_lookup"
• Reply: Chris Wright: "Re: path_post_lookup"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi everyone.

I am working on a security module that (kind of) implements traditional
capabilities (i.e., unforgeable references, not posix-draft capabilities).
For this, I need a security hook in LSM that allows me to walk the
directory tree (in the dcache) across mountpoints if necessary, every
time a file is opened.  This means I need more than just a dentry but
also the vfsmount that goes with it.  One way to obtain this is to be
passed a nameidata.

The way I solved the problem is by adding a new hook to LSM, after having
tried to do it with the existing set of hooks.  However, I would welcome
suggestions in addressing my problem with the existing set of hooks if
you think this is possible.

The patch below is relative to linux-2.6.0-test4.  I also have a patch for
linux-2.4.20-lsm1 that I will send if this one is accepted.  Note that
the patch sends two parameters through the hook; for the record, I do
not use or need the name parameter; I just figured the hook is here and
the name string is available, so why the heck not?  I am also open on
the way I named the hook; maybe the "_post" part isn't needed.

Thanks.


Charles



--- include/linux/security.h.orig	Fri Aug 22 19:58:04 2003
+++ include/linux/security.h	Sat Aug 23 19:17:19 2003
@@ -216,6 +216,14 @@ struct swap_info_struct;
  *	@old_nd contains the nameidata structure for the old root.
  *      @new_nd contains the nameidata structure for the new root.
  *
+ * Security hooks for path operations.
+ *
+ * @path_post_lookup:
+ *	Veto path lookup result.
+ *	@name contains the path name to lookup.
+ *	@nd contains the nameidata structure after the lookup.
+ *	Returns 0 if everything is ok.
+ *
  * Security hooks for inode operations.
  *
  * @inode_alloc_security:
@@ -1023,6 +1031,8 @@ struct security_operations {
 	void (*sb_post_pivotroot) (struct nameidata * old_nd,
 				   struct nameidata * new_nd);
 
+	int (*path_post_lookup) (const char *name, struct nameidata *nd);
+
 	int (*inode_alloc_security) (struct inode *inode);	
 	void (*inode_free_security) (struct inode *inode);
 	int (*inode_create) (struct inode *dir,
@@ -1353,6 +1363,12 @@ static inline void security_sb_post_pivo
 	security_ops->sb_post_pivotroot (old_nd, new_nd);
 }
 
+static inline int security_path_post_lookup (const char *name,
+					     struct nameidata *nd)
+{
+	return security_ops->path_post_lookup (name, nd);
+}
+
 static inline int security_inode_alloc (struct inode *inode)
 {
 	return security_ops->inode_alloc_security (inode);
--- fs/namei.c.orig	Fri Aug 22 19:54:18 2003
+++ fs/namei.c	Sat Aug 23 19:18:22 2003
@@ -851,6 +851,8 @@ walk_init_root(const char *name, struct 
 
 int path_lookup(const char *name, unsigned int flags, struct nameidata *nd)
 {
+	int error = 0;
+
 	nd->last_type = LAST_ROOT; /* if there are only slashes... */
 	nd->flags = flags;
 
@@ -861,7 +863,7 @@ int path_lookup(const char *name, unsign
 			nd->dentry = dget(current->fs->altroot);
 			read_unlock(&current->fs->lock);
 			if (__emul_lookup_dentry(name,nd))
-				return 0;
+				goto out;
 			read_lock(&current->fs->lock);
 		}
 		nd->mnt = mntget(current->fs->rootmnt);
@@ -873,7 +875,11 @@ int path_lookup(const char *name, unsign
 	}
 	read_unlock(&current->fs->lock);
 	current->total_link_count = 0;
-	return link_path_walk(name, nd);
+	error = link_path_walk(name, nd);
+out:
+	if (!error)
+		error = security_path_post_lookup(name, nd);
+	return error;
 }
 
 /*
--- security/dummy.c.orig	Fri Aug 22 19:53:07 2003
+++ security/dummy.c	Sat Aug 23 19:17:19 2003
@@ -256,6 +256,11 @@ static void dummy_sb_post_pivotroot (str
 	return;
 }
 
+static int dummy_path_post_lookup (const char *name, struct nameidata *nd)
+{
+	return 0;
+}
+
 static int dummy_inode_alloc_security (struct inode *inode)
 {
 	return 0;
@@ -865,6 +870,7 @@ void security_fixup_ops (struct security
 	set_to_dummy_if_null(ops, sb_post_addmount);
 	set_to_dummy_if_null(ops, sb_pivotroot);
 	set_to_dummy_if_null(ops, sb_post_pivotroot);
+	set_to_dummy_if_null(ops, path_post_lookup);
 	set_to_dummy_if_null(ops, inode_alloc_security);
 	set_to_dummy_if_null(ops, inode_free_security);
 	set_to_dummy_if_null(ops, inode_create);
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: yournameat_private: "Re: Details"
• Previous message: mit96pceat_private: "Your details"
• Next in thread: Stephen Smalley: "Re: path_post_lookup"
• Reply: Stephen Smalley: "Re: path_post_lookup"
• Reply: Chris Wright: "Re: path_post_lookup"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Aug 31 2003 - 21:42:08 PDT