From 89eda06837094ce9f34fae269b8773fcfd70f046 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Sun, 4 Oct 2009 21:49:47 +0900 Subject: LSM: Add security_path_chmod() and security_path_chown(). This patch allows pathname based LSM modules to check chmod()/chown() operations. Since notify_change() does not receive "struct vfsmount *", we add security_path_chmod() and security_path_chown() to the caller of notify_change(). These hooks are used by TOMOYO. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris --- security/capability.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'security/capability.c') diff --git a/security/capability.c b/security/capability.c index fce07a7bc825..09279a8d4a14 100644 --- a/security/capability.c +++ b/security/capability.c @@ -308,6 +308,17 @@ static int cap_path_truncate(struct path *path, loff_t length, { return 0; } + +static int cap_path_chmod(struct dentry *dentry, struct vfsmount *mnt, + mode_t mode) +{ + return 0; +} + +static int cap_path_chown(struct path *path, uid_t uid, gid_t gid) +{ + return 0; +} #endif static int cap_file_permission(struct file *file, int mask) @@ -977,6 +988,8 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, path_link); set_to_cap_if_null(ops, path_rename); set_to_cap_if_null(ops, path_truncate); + set_to_cap_if_null(ops, path_chmod); + set_to_cap_if_null(ops, path_chown); #endif set_to_cap_if_null(ops, file_permission); set_to_cap_if_null(ops, file_alloc_security); -- cgit v1.2.2 From 8b8efb44033c7e86b3dc76f825c693ec92ae30e9 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Sun, 4 Oct 2009 21:49:48 +0900 Subject: LSM: Add security_path_chroot(). This patch allows pathname based LSM modules to check chroot() operations. This hook is used by TOMOYO. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris --- security/capability.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'security/capability.c') diff --git a/security/capability.c b/security/capability.c index 09279a8d4a14..4f3ab476937f 100644 --- a/security/capability.c +++ b/security/capability.c @@ -319,6 +319,11 @@ static int cap_path_chown(struct path *path, uid_t uid, gid_t gid) { return 0; } + +static int cap_path_chroot(struct path *root) +{ + return 0; +} #endif static int cap_file_permission(struct file *file, int mask) @@ -990,6 +995,7 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, path_truncate); set_to_cap_if_null(ops, path_chmod); set_to_cap_if_null(ops, path_chown); + set_to_cap_if_null(ops, path_chroot); #endif set_to_cap_if_null(ops, file_permission); set_to_cap_if_null(ops, file_alloc_security); -- cgit v1.2.2 From dd8dbf2e6880e30c00b18600c962d0cb5a03c555 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Tue, 3 Nov 2009 16:35:32 +1100 Subject: security: report the module name to security_module_request For SELinux to do better filtering in userspace we send the name of the module along with the AVC denial when a program is denied module_request. Example output: type=SYSCALL msg=audit(11/03/2009 10:59:43.510:9) : arch=x86_64 syscall=write success=yes exit=2 a0=3 a1=7fc28c0d56c0 a2=2 a3=7fffca0d7440 items=0 ppid=1727 pid=1729 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rpc.nfsd exe=/usr/sbin/rpc.nfsd subj=system_u:system_r:nfsd_t:s0 key=(null) type=AVC msg=audit(11/03/2009 10:59:43.510:9) : avc: denied { module_request } for pid=1729 comm=rpc.nfsd kmod="net-pf-10" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system Signed-off-by: Eric Paris Signed-off-by: James Morris --- security/capability.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security/capability.c') diff --git a/security/capability.c b/security/capability.c index 4f3ab476937f..5c700e1a4fd3 100644 --- a/security/capability.c +++ b/security/capability.c @@ -421,7 +421,7 @@ static int cap_kernel_create_files_as(struct cred *new, struct inode *inode) return 0; } -static int cap_kernel_module_request(void) +static int cap_kernel_module_request(char *kmod_name) { return 0; } -- cgit v1.2.2 From 189b3b1c89761054fee3438f063d7f257306e2d8 Mon Sep 17 00:00:00 2001 From: "wzt.wzt@gmail.com" Date: Tue, 23 Feb 2010 23:15:28 +0800 Subject: Security: add static to security_ops and default_security_ops variable Enhance the security framework to support resetting the active security module. This eliminates the need for direct use of the security_ops and default_security_ops variables outside of security.c, so make security_ops and default_security_ops static. Also remove the secondary_ops variable as a cleanup since there is no use for that. secondary_ops was originally used by SELinux to call the "secondary" security module (capability or dummy), but that was replaced by direct calls to capability and the only remaining use is to save and restore the original security ops pointer value if SELinux is disabled by early userspace based on /etc/selinux/config. Further, if we support this directly in the security framework, then we can just use &default_security_ops for this purpose since that is now available. Signed-off-by: Zhitong Wang Acked-by: Stephen Smalley Signed-off-by: James Morris --- security/capability.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'security/capability.c') diff --git a/security/capability.c b/security/capability.c index 5c700e1a4fd3..4875142b858d 100644 --- a/security/capability.c +++ b/security/capability.c @@ -906,10 +906,6 @@ static void cap_audit_rule_free(void *lsmrule) } #endif /* CONFIG_AUDIT */ -struct security_operations default_security_ops = { - .name = "default", -}; - #define set_to_cap_if_null(ops, function) \ do { \ if (!ops->function) { \ -- cgit v1.2.2