aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/seclvl.c228
1 files changed, 70 insertions, 158 deletions
diff --git a/security/seclvl.c b/security/seclvl.c
index c8e87b22c9bd..f8700e935b33 100644
--- a/security/seclvl.c
+++ b/security/seclvl.c
@@ -119,69 +119,6 @@ MODULE_PARM_DESC(hideHash, "When set to 0, reading seclvl/passwd from sysfs "
119 } while (0) 119 } while (0)
120 120
121/** 121/**
122 * kobject stuff
123 */
124
125struct subsystem seclvl_subsys;
126
127struct seclvl_obj {
128 char *name;
129 struct list_head slot_list;
130 struct kobject kobj;
131};
132
133/**
134 * There is a seclvl_attribute struct for each file in sysfs.
135 *
136 * In our case, we have one of these structs for "passwd" and another
137 * for "seclvl".
138 */
139struct seclvl_attribute {
140 struct attribute attr;
141 ssize_t(*show) (struct seclvl_obj *, char *);
142 ssize_t(*store) (struct seclvl_obj *, const char *, size_t);
143};
144
145/**
146 * When this function is called, one of the files in sysfs is being
147 * written to. attribute->store is a function pointer to whatever the
148 * struct seclvl_attribute store function pointer points to. It is
149 * unique for "passwd" and "seclvl".
150 */
151static ssize_t
152seclvl_attr_store(struct kobject *kobj,
153 struct attribute *attr, const char *buf, size_t len)
154{
155 struct seclvl_obj *obj = container_of(kobj, struct seclvl_obj, kobj);
156 struct seclvl_attribute *attribute =
157 container_of(attr, struct seclvl_attribute, attr);
158 return attribute->store ? attribute->store(obj, buf, len) : -EIO;
159}
160
161static ssize_t
162seclvl_attr_show(struct kobject *kobj, struct attribute *attr, char *buf)
163{
164 struct seclvl_obj *obj = container_of(kobj, struct seclvl_obj, kobj);
165 struct seclvl_attribute *attribute =
166 container_of(attr, struct seclvl_attribute, attr);
167 return attribute->show ? attribute->show(obj, buf) : -EIO;
168}
169
170/**
171 * Callback function pointers for show and store
172 */
173static struct sysfs_ops seclvlfs_sysfs_ops = {
174 .show = seclvl_attr_show,
175 .store = seclvl_attr_store,
176};
177
178static struct kobj_type seclvl_ktype = {
179 .sysfs_ops = &seclvlfs_sysfs_ops
180};
181
182decl_subsys(seclvl, &seclvl_ktype, NULL);
183
184/**
185 * The actual security level. Ranges between -1 and 2 inclusive. 122 * The actual security level. Ranges between -1 and 2 inclusive.
186 */ 123 */
187static int seclvl; 124static int seclvl;
@@ -213,97 +150,44 @@ static int seclvl_sanity(int reqlvl)
213} 150}
214 151
215/** 152/**
216 * Called whenever the user reads the sysfs handle to this kernel
217 * object
218 */
219static ssize_t seclvl_read_file(struct seclvl_obj *obj, char *buff)
220{
221 return snprintf(buff, PAGE_SIZE, "%d\n", seclvl);
222}
223
224/**
225 * security level advancement rules: 153 * security level advancement rules:
226 * Valid levels are -1 through 2, inclusive. 154 * Valid levels are -1 through 2, inclusive.
227 * From -1, stuck. [ in case compiled into kernel ] 155 * From -1, stuck. [ in case compiled into kernel ]
228 * From 0 or above, can only increment. 156 * From 0 or above, can only increment.
229 */ 157 */
230static int do_seclvl_advance(int newlvl) 158static void do_seclvl_advance(void *data, u64 val)
231{ 159{
232 if (newlvl <= seclvl) { 160 int ret;
233 seclvl_printk(1, KERN_WARNING, "Cannot advance to seclvl " 161 int newlvl = (int)val;
234 "[%d]\n", newlvl); 162
235 return -EINVAL; 163 ret = seclvl_sanity(newlvl);
236 } 164 if (ret)
165 return;
166
237 if (newlvl > 2) { 167 if (newlvl > 2) {
238 seclvl_printk(1, KERN_WARNING, "Cannot advance to seclvl " 168 seclvl_printk(1, KERN_WARNING, "Cannot advance to seclvl "
239 "[%d]\n", newlvl); 169 "[%d]\n", newlvl);
240 return -EINVAL; 170 return;
241 } 171 }
242 if (seclvl == -1) { 172 if (seclvl == -1) {
243 seclvl_printk(1, KERN_WARNING, "Not allowed to advance to " 173 seclvl_printk(1, KERN_WARNING, "Not allowed to advance to "
244 "seclvl [%d]\n", seclvl); 174 "seclvl [%d]\n", seclvl);
245 return -EPERM; 175 return;
246 } 176 }
247 seclvl = newlvl; 177 seclvl = newlvl; /* would it be more "correct" to set *data? */
248 return 0; 178 return;
249} 179}
250 180
251/** 181static u64 seclvl_int_get(void *data)
252 * Called whenever the user writes to the sysfs handle to this kernel
253 * object (seclvl/seclvl). It expects a single-digit number.
254 */
255static ssize_t
256seclvl_write_file(struct seclvl_obj *obj, const char *buff, size_t count)
257{ 182{
258 unsigned long val; 183 return *(int *)data;
259 if (count > 2 || (count == 2 && buff[1] != '\n')) {
260 seclvl_printk(1, KERN_WARNING, "Invalid value passed to "
261 "seclvl: [%s]\n", buff);
262 return -EINVAL;
263 }
264 val = buff[0] - 48;
265 if (seclvl_sanity(val)) {
266 seclvl_printk(1, KERN_WARNING, "Illegal secure level "
267 "requested: [%d]\n", (int)val);
268 return -EPERM;
269 }
270 if (do_seclvl_advance(val)) {
271 seclvl_printk(0, KERN_ERR, "Failure advancing security level "
272 "to %lu\n", val);
273 }
274 return count;
275} 184}
276 185
277/* Generate sysfs_attr_seclvl */ 186DEFINE_SIMPLE_ATTRIBUTE(seclvl_file_ops, seclvl_int_get, do_seclvl_advance, "%lld\n");
278static struct seclvl_attribute sysfs_attr_seclvl =
279__ATTR(seclvl, (S_IFREG | S_IRUGO | S_IWUSR), seclvl_read_file,
280 seclvl_write_file);
281 187
282static unsigned char hashedPassword[SHA1_DIGEST_SIZE]; 188static unsigned char hashedPassword[SHA1_DIGEST_SIZE];
283 189
284/** 190/**
285 * Called whenever the user reads the sysfs passwd handle.
286 */
287static ssize_t seclvl_read_passwd(struct seclvl_obj *obj, char *buff)
288{
289 /* So just how good *is* your password? :-) */
290 char tmp[3];
291 int i = 0;
292 buff[0] = '\0';
293 if (hideHash) {
294 /* Security through obscurity */
295 return 0;
296 }
297 while (i < SHA1_DIGEST_SIZE) {
298 snprintf(tmp, 3, "%02x", hashedPassword[i]);
299 strncat(buff, tmp, 2);
300 i++;
301 }
302 strcat(buff, "\n");
303 return ((SHA1_DIGEST_SIZE * 2) + 1);
304}
305
306/**
307 * Converts a block of plaintext of into its SHA1 hashed value. 191 * Converts a block of plaintext of into its SHA1 hashed value.
308 * 192 *
309 * It would be nice if crypto had a wrapper to do this for us linear 193 * It would be nice if crypto had a wrapper to do this for us linear
@@ -347,12 +231,15 @@ plaintext_to_sha1(unsigned char *hash, const char *plaintext, int len)
347 * object. It hashes the password and compares the hashed results. 231 * object. It hashes the password and compares the hashed results.
348 */ 232 */
349static ssize_t 233static ssize_t
350seclvl_write_passwd(struct seclvl_obj *obj, const char *buff, size_t count) 234passwd_write_file(struct file * file, const char __user * buf,
235 size_t count, loff_t *ppos)
351{ 236{
352 int i; 237 int i;
353 unsigned char tmp[SHA1_DIGEST_SIZE]; 238 unsigned char tmp[SHA1_DIGEST_SIZE];
239 char *page;
354 int rc; 240 int rc;
355 int len; 241 int len;
242
356 if (!*passwd && !*sha1_passwd) { 243 if (!*passwd && !*sha1_passwd) {
357 seclvl_printk(0, KERN_ERR, "Attempt to password-unlock the " 244 seclvl_printk(0, KERN_ERR, "Attempt to password-unlock the "
358 "seclvl module, but neither a plain text " 245 "seclvl module, but neither a plain text "
@@ -363,13 +250,26 @@ seclvl_write_passwd(struct seclvl_obj *obj, const char *buff, size_t count)
363 "maintainer about this event.\n"); 250 "maintainer about this event.\n");
364 return -EINVAL; 251 return -EINVAL;
365 } 252 }
366 len = strlen(buff); 253
254 if (count < 0 || count >= PAGE_SIZE)
255 return -ENOMEM;
256 if (*ppos != 0) {
257 return -EINVAL;
258 }
259 page = (char *)get_zeroed_page(GFP_KERNEL);
260 if (!page)
261 return -ENOMEM;
262 len = -EFAULT;
263 if (copy_from_user(page, buf, count))
264 goto out;
265
266 len = strlen(page);
367 /* ``echo "secret" > seclvl/passwd'' includes a newline */ 267 /* ``echo "secret" > seclvl/passwd'' includes a newline */
368 if (buff[len - 1] == '\n') { 268 if (page[len - 1] == '\n') {
369 len--; 269 len--;
370 } 270 }
371 /* Hash the password, then compare the hashed values */ 271 /* Hash the password, then compare the hashed values */
372 if ((rc = plaintext_to_sha1(tmp, buff, len))) { 272 if ((rc = plaintext_to_sha1(tmp, page, len))) {
373 seclvl_printk(0, KERN_ERR, "Error hashing password: rc = " 273 seclvl_printk(0, KERN_ERR, "Error hashing password: rc = "
374 "[%d]\n", rc); 274 "[%d]\n", rc);
375 return rc; 275 return rc;
@@ -382,13 +282,16 @@ seclvl_write_passwd(struct seclvl_obj *obj, const char *buff, size_t count)
382 seclvl_printk(0, KERN_INFO, 282 seclvl_printk(0, KERN_INFO,
383 "Password accepted; seclvl reduced to 0.\n"); 283 "Password accepted; seclvl reduced to 0.\n");
384 seclvl = 0; 284 seclvl = 0;
385 return count; 285 len = count;
286
287out:
288 free_page((unsigned long)page);
289 return len;
386} 290}
387 291
388/* Generate sysfs_attr_passwd */ 292static struct file_operations passwd_file_ops = {
389static struct seclvl_attribute sysfs_attr_passwd = 293 .write = passwd_write_file,
390__ATTR(passwd, (S_IFREG | S_IRUGO | S_IWUSR), seclvl_read_passwd, 294};
391 seclvl_write_passwd);
392 295
393/** 296/**
394 * Explicitely disallow ptrace'ing the init process. 297 * Explicitely disallow ptrace'ing the init process.
@@ -647,22 +550,34 @@ static int processPassword(void)
647} 550}
648 551
649/** 552/**
650 * Sysfs registrations 553 * securityfs registrations
651 */ 554 */
652static int doSysfsRegistrations(void) 555struct dentry *dir_ino, *seclvl_ino, *passwd_ino;
556
557static int seclvlfs_register(void)
653{ 558{
654 int rc = 0; 559 dir_ino = securityfs_create_dir("seclvl", NULL);
655 if ((rc = subsystem_register(&seclvl_subsys))) { 560 if (!dir_ino)
656 seclvl_printk(0, KERN_WARNING, 561 return -EFAULT;
657 "Error [%d] registering seclvl subsystem\n", rc); 562
658 return rc; 563 seclvl_ino = securityfs_create_file("seclvl", S_IRUGO | S_IWUSR,
659 } 564 dir_ino, &seclvl, &seclvl_file_ops);
660 sysfs_create_file(&seclvl_subsys.kset.kobj, &sysfs_attr_seclvl.attr); 565 if (!seclvl_ino)
566 goto out_deldir;
661 if (*passwd || *sha1_passwd) { 567 if (*passwd || *sha1_passwd) {
662 sysfs_create_file(&seclvl_subsys.kset.kobj, 568 passwd_ino = securityfs_create_file("passwd", S_IRUGO | S_IWUSR,
663 &sysfs_attr_passwd.attr); 569 dir_ino, NULL, &passwd_file_ops);
570 if (!passwd_ino)
571 goto out_delf;
664 } 572 }
665 return 0; 573 return 0;
574
575out_deldir:
576 securityfs_remove(dir_ino);
577out_delf:
578 securityfs_remove(seclvl_ino);
579
580 return -EFAULT;
666} 581}
667 582
668/** 583/**
@@ -677,8 +592,6 @@ static int __init seclvl_init(void)
677 rc = -EINVAL; 592 rc = -EINVAL;
678 goto exit; 593 goto exit;
679 } 594 }
680 sysfs_attr_seclvl.attr.owner = THIS_MODULE;
681 sysfs_attr_passwd.attr.owner = THIS_MODULE;
682 if (initlvl < -1 || initlvl > 2) { 595 if (initlvl < -1 || initlvl > 2) {
683 seclvl_printk(0, KERN_ERR, "Error: bad initial securelevel " 596 seclvl_printk(0, KERN_ERR, "Error: bad initial securelevel "
684 "[%d].\n", initlvl); 597 "[%d].\n", initlvl);
@@ -706,7 +619,7 @@ static int __init seclvl_init(void)
706 } /* if primary module registered */ 619 } /* if primary module registered */
707 secondary = 1; 620 secondary = 1;
708 } /* if we registered ourselves with the security framework */ 621 } /* if we registered ourselves with the security framework */
709 if ((rc = doSysfsRegistrations())) { 622 if ((rc = seclvlfs_register())) {
710 seclvl_printk(0, KERN_ERR, "Error registering with sysfs\n"); 623 seclvl_printk(0, KERN_ERR, "Error registering with sysfs\n");
711 goto exit; 624 goto exit;
712 } 625 }
@@ -724,12 +637,11 @@ static int __init seclvl_init(void)
724 */ 637 */
725static void __exit seclvl_exit(void) 638static void __exit seclvl_exit(void)
726{ 639{
727 sysfs_remove_file(&seclvl_subsys.kset.kobj, &sysfs_attr_seclvl.attr); 640 securityfs_remove(seclvl_ino);
728 if (*passwd || *sha1_passwd) { 641 if (*passwd || *sha1_passwd) {
729 sysfs_remove_file(&seclvl_subsys.kset.kobj, 642 securityfs_remove(passwd_ino);
730 &sysfs_attr_passwd.attr);
731 } 643 }
732 subsystem_unregister(&seclvl_subsys); 644 securityfs_remove(dir_ino);
733 if (secondary == 1) { 645 if (secondary == 1) {
734 mod_unreg_security(MY_NAME, &seclvl_ops); 646 mod_unreg_security(MY_NAME, &seclvl_ops);
735 } else if (unregister_security(&seclvl_ops)) { 647 } else if (unregister_security(&seclvl_ops)) {