Re: [PATCH -mm 3/3] [LSM] Stacking support for inode_init_security

From: serue
Date: Mon Aug 22 2005 - 16:31:14 EST

Next message: Andrew Morton: "Re: 3com 3c59x stopped working with 2.6.13-rc[56]"
Previous message: Brent Casavant: "Re: [PATCH 0/2] external interrupts"
In reply to: serue: "[PATCH -mm] [LSM] Stacking support for inode_init_security"
Next in thread: serue: "Re: [PATCH -mm 3/3] [LSM] Stacking support for inode_init_security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch adds two stackable test LSMs which only define
inode_init_security(). Any file created while these modules are
loaded should have the xattrs ("security.name1", "value1") and
("security.name2", "value2").

thanks,
-serge

Signed-off-by: Serge Hallyn <serue@xxxxxxxxxx>
--
testinitsec1.c | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
testinitsec2.c | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 150 insertions(+)

Index: linux-2.6.13-rc6-mm1/security/testinitsec1.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ linux-2.6.13-rc6-mm1/security/testinitsec1.c 2005-08-19 17:01:57.000000000 -0500
@@ -0,0 +1,75 @@
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/security.h>
+
+#define VALUE "value1"
+#define NAME "name1"
+#define MY_NAME "testinitsec1"
+static int test_init_security(struct inode *inode, struct inode *dir,
+ struct list_head *head)
+{
+ char *namep = NULL, *valuep = NULL;
+ struct xattr_data *data = NULL;
+
+ if (!head)
+ return 0;
+
+ data = kmalloc(sizeof(struct xattr_data), GFP_KERNEL);
+ if (!data)
+ goto err;
+ namep = kmalloc(32, GFP_KERNEL);
+ if (!namep)
+ goto err;
+ valuep = kmalloc(32, GFP_KERNEL);
+ if (!valuep)
+ goto err;
+
+ strcpy(namep, NAME);
+ strcpy(valuep, VALUE);
+ data->name = namep;
+ data->value = valuep;
+ data->len = strlen(VALUE);
+ INIT_LIST_HEAD(&data->list);
+ list_add_tail(&data->list, head);
+ return 0;
+err:
+ kfree(namep);
+ kfree(valuep);
+ kfree(data);
+ return -ENOMEM;
+}
+
+static struct security_operations testlsm_security_ops = {
+ .owner = THIS_MODULE,
+
+ .inode_init_security = test_init_security,
+};
+
+static int __init testlsm_init (void)
+{
+ if (mod_reg_security (MY_NAME, &testlsm_security_ops, NULL)) {
+ printk (KERN_INFO "Failure registering testlsm "
+ " module with primary security module.\n");
+ return -EINVAL;
+ }
+ return 0;
+}
+
+
+static void __exit testlsm_exit (void)
+{
+ if (unregister_security (&testlsm_security_ops)) {
+ printk (KERN_INFO "Failure unregistering testlsm "
+ "module with the kernel\n");
+ }
+ printk (KERN_INFO "init_security test module removed\n");
+}
+
+security_initcall (testlsm_init);
+module_exit (testlsm_exit);
+
+MODULE_DESCRIPTION("inode_initsecurity test LSM module");
+MODULE_LICENSE("GPL");
+
Index: linux-2.6.13-rc6-mm1/security/testinitsec2.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ linux-2.6.13-rc6-mm1/security/testinitsec2.c 2005-08-19 17:01:57.000000000 -0500
@@ -0,0 +1,75 @@
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/security.h>
+
+#define VALUE "value2"
+#define NAME "name2"
+#define MY_NAME "testinitsec2"
+static int test_init_security(struct inode *inode, struct inode *dir,
+ struct list_head *head)
+{
+ char *namep = NULL, *valuep = NULL;
+ struct xattr_data *data = NULL;
+
+ if (!head)
+ return 0;
+
+ data = kmalloc(sizeof(struct xattr_data), GFP_KERNEL);
+ if (!data)
+ goto err;
+ namep = kmalloc(32, GFP_KERNEL);
+ if (!namep)
+ goto err;
+ valuep = kmalloc(32, GFP_KERNEL);
+ if (!valuep)
+ goto err;
+
+ strcpy(namep, NAME);
+ strcpy(valuep, VALUE);
+ data->name = namep;
+ data->value = valuep;
+ data->len = strlen(VALUE);
+ INIT_LIST_HEAD(&data->list);
+ list_add_tail(&data->list, head);
+ return 0;
+err:
+ kfree(namep);
+ kfree(valuep);
+ kfree(data);
+ return -ENOMEM;
+}
+
+static struct security_operations testlsm_security_ops = {
+ .owner = THIS_MODULE,
+
+ .inode_init_security = test_init_security,
+};
+
+static int __init testlsm_init (void)
+{
+ if (mod_reg_security (MY_NAME, &testlsm_security_ops, NULL)) {
+ printk (KERN_INFO "Failure registering testlsm "
+ " module with primary security module.\n");
+ return -EINVAL;
+ }
+ return 0;
+}
+
+
+static void __exit testlsm_exit (void)
+{
+ if (unregister_security (&testlsm_security_ops)) {
+ printk (KERN_INFO "Failure unregistering testlsm "
+ "module with the kernel\n");
+ }
+ printk (KERN_INFO "init_security test module removed\n");
+}
+
+security_initcall (testlsm_init);
+module_exit (testlsm_exit);
+
+MODULE_DESCRIPTION("inode_initsecurity test LSM module");
+MODULE_LICENSE("GPL");
+
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: 3com 3c59x stopped working with 2.6.13-rc[56]"
Previous message: Brent Casavant: "Re: [PATCH 0/2] external interrupts"
In reply to: serue: "[PATCH -mm] [LSM] Stacking support for inode_init_security"
Next in thread: serue: "Re: [PATCH -mm 3/3] [LSM] Stacking support for inode_init_security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]