Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933757AbcJUMu6 (ORCPT ); Fri, 21 Oct 2016 08:50:58 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:39022 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933536AbcJUMth (ORCPT ); Fri, 21 Oct 2016 08:49:37 -0400 From: Tetsuo Handa To: linux-security-module@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Tetsuo Handa Subject: [PATCH 5/8] CaitSith: Add LSM adapter functions. Date: Fri, 21 Oct 2016 21:49:07 +0900 Message-Id: <1477054150-4772-6-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1477054150-4772-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp> References: <1477054150-4772-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1956 Lines: 76 This version implements only execve() related LSM hooks. Signed-off-by: Tetsuo Handa --- security/caitsith/lsm.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 security/caitsith/lsm.c diff --git a/security/caitsith/lsm.c b/security/caitsith/lsm.c new file mode 100644 index 0000000..675cee8 --- /dev/null +++ b/security/caitsith/lsm.c @@ -0,0 +1,60 @@ +/* + * security/caitsith/lsm.c + * + * Copyright (C) 2010-2013 Tetsuo Handa + */ + +#include +#include "caitsith.h" + +/** + * caitsith_bprm_set_creds - Target for security_bprm_set_creds(). + * + * @bprm: Pointer to "struct linux_binprm". + * + * Returns 0 on success, negative value otherwise. + */ +static int caitsith_bprm_set_creds(struct linux_binprm *bprm) +{ + /* + * Do only if this function is called for the first time of an execve + * operation. + */ + if (bprm->cred_prepared) + return 0; +#ifndef CONFIG_SECURITY_CAITSITH_OMIT_USERSPACE_LOADER + /* + * Load policy if /sbin/caitsith-init exists and /sbin/init is requested + * for the first time. + */ + if (!cs_policy_loaded) + cs_load_policy(bprm->filename); +#endif + return cs_start_execve(bprm); +} + +/* + * caitsith_security_ops is a "struct security_operations" which is used for + * registering CaitSith. + */ +static struct security_hook_list caitsith_hooks[] = { + LSM_HOOK_INIT(bprm_set_creds, caitsith_bprm_set_creds), +}; + +/** + * caitsith_init - Register CaitSith as a LSM module. + * + * Returns 0. + */ +static int __init caitsith_init(void) +{ + if (!security_module_enable("caitsith")) + return 0; + /* register ourselves with the security framework */ + security_add_hooks(caitsith_hooks, ARRAY_SIZE(caitsith_hooks)); + printk(KERN_INFO "CaitSith initialized\n"); + cs_init_module(); + return 0; +} + +security_initcall(caitsith_init); -- 1.8.3.1