Define the functions to be used by LSMs to add, retrieve, and remove
elements to the kernel object ->security hlists.
Changelog:
[July 26] Fixed prototypes which did not specify fastcall.
[July 26] Added security_unlink_value, for use by modules
to free data when they are unloaded, and
security_disown_value, which is used when a module
has not freed it's object->security data when object
is being freed.
Signed-off-by: Serge Hallyn <[email protected]>
include/linux/security-stack.h | 25 +++++++
include/linux/security.h | 32 ++++++++++
security/security.c | 130 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 187 insertions(+)
Index: linux-2.6.13-rc3/include/linux/security-stack.h
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ linux-2.6.13-rc3/include/linux/security-stack.h 2005-07-25 14:50:44.000000000 -0500
@@ -0,0 +1,25 @@
+/*
+ * security-stack.h
+ *
+ * Contains function prototypes or inline definitions for the
+ * function which manipulate kernel object security annotations.
+ *
+ * If stacker is compiled in, then we use the full functions as
+ * defined in security/security.c. Otherwise we use the #defines
+ * here.
+ */
+
+extern fastcall struct security_list *security_get_value(
+ struct hlist_head *head,
+ int security_id);
+
+extern fastcall struct security_list *security_set_value(
+ struct hlist_head *head,
+ int security_id, struct security_list *obj_node);
+extern fastcall struct security_list *security_add_value(
+ struct hlist_head *head,
+ int security_id, struct security_list *obj_node);
+extern int security_unlink_value(struct hlist_node *n);
+extern fastcall struct security_list *security_del_value(
+ struct hlist_head *head,
+ int security_id);
Index: linux-2.6.13-rc3/include/linux/security.h
===================================================================
--- linux-2.6.13-rc3.orig/include/linux/security.h 2005-07-25 14:40:42.000000000 -0500
+++ linux-2.6.13-rc3/include/linux/security.h 2005-07-25 14:55:20.000000000 -0500
@@ -35,6 +35,38 @@ struct ctl_table;
struct module;
/*
+ * structure to be embedded at top of each LSM's security
+ * objects.
+ */
+struct security_list {
+ struct hlist_node list;
+ int security_id;
+};
+
+
+/*
+ * These #defines present more convenient interfaces to
+ * LSMs for using the security{g,d,s}et_value functions.
+ */
+#define security_get_value_type(head, id, type) ( { \
+ struct security_list *v = security_get_value((head), id); \
+ v ? hlist_entry(v, type, lsm_list) : NULL; } )
+
+#define security_set_value_type(head, id, value) \
+ security_set_value((head), id, &(value)->lsm_list);
+
+#define security_add_value_type(head, id, value) \
+ security_add_value((head), id, &(value)->lsm_list);
+
+#define security_del_value_type(head, id, type) ( { \
+ struct security_list *v; \
+ v = security_del_value((head), id); \
+ v ? hlist_entry(v, type, lsm_list) : NULL; } )
+
+/* security_disown_value is really only to be used by stacker */
+extern void security_disown_value(struct hlist_head *);
+
+/*
* These functions are in security/capability.c and are used
* as the default capabilities functions
*/
Index: linux-2.6.13-rc3/security/security.c
===================================================================
--- linux-2.6.13-rc3.orig/security/security.c 2005-07-25 14:40:42.000000000 -0500
+++ linux-2.6.13-rc3/security/security.c 2005-07-25 14:50:34.000000000 -0500
@@ -20,6 +20,136 @@
#define SECURITY_FRAMEWORK_VERSION "1.0.0"
+fastcall struct security_list *
+security_get_value(struct hlist_head *head, int security_id)
+{
+ struct security_list *e, *ret = NULL;
+ struct hlist_node *tmp;
+
+ rcu_read_lock();
+ for (tmp = head->first; tmp;
+ tmp = rcu_dereference(tmp->next)) {
+ e = hlist_entry(tmp, struct security_list, list);
+ if (e->security_id == security_id) {
+ ret = e;
+ goto out;
+ }
+ }
+
+out:
+ rcu_read_unlock();
+ return ret;
+}
+
+/*
+ * Only to be called from security_*_alloc hooks, so there is
+ * no locking as it is naturally serialized.
+ */
+fastcall void
+security_set_value(struct hlist_head *head, int security_id,
+ struct security_list *obj_node)
+{
+
+ obj_node->security_id = security_id;
+ hlist_add_head(&obj_node->list, head);
+}
+
+static DEFINE_SPINLOCK(stacker_value_spinlock);
+
+/*
+ * Used outside of security_*_alloc hooks, so we need to
+ * lock. Hopefully this won't be used much, so we use a
+ * spinlock for now.
+ */
+fastcall void
+security_add_value(struct hlist_head *head, int security_id,
+ struct security_list *obj_node)
+{
+
+ spin_lock(&stacker_value_spinlock);
+ obj_node->security_id = security_id;
+ hlist_add_head_rcu(&obj_node->list, head);
+ spin_unlock(&stacker_value_spinlock);
+}
+
+/*
+ * Unlink a security value from object->security, at a time other
+ * than when the object is being destroyed. Note that you MUST
+ * wait a full rcu cycle before deleting the object. If you are
+ * deleting a lot of objects (ie when unloading an LSM), then you
+ * likely will want to build a list of objects to be deleted as
+ * you remove them using this function, wait an rcu cycle, and then
+ * delete all the objects in your list.
+ * NOTE you obviously can't use the .next pointer for the to-be-
+ * deleted list, but you should be able to use the .prev pointer.
+ *
+ * XXX TODO - switch this to take a type, and deref
+ * obj->lsm_list.list here.
+ */
+int security_unlink_value(struct hlist_node *n)
+{
+ int ret = 0;
+ spin_lock(&stacker_value_spinlock);
+ if (n->pprev == LIST_POISON2) {
+ ret = 1;
+ goto out;
+ }
+ hlist_del_rcu(n);
+
+out:
+ spin_unlock(&stacker_value_spinlock);
+ return ret;
+}
+
+/*
+ * When a security module is unloaded, it is first removed from
+ * the list of callable modules
+ * (echo -n lsmname > /security/stacker/unload). Then at some
+ * later time the module's exit function will be called, which
+ * may try to free memory attached to kernel objects. The kernel
+ * objects may be deleted during this time. If that happens,
+ * then stacker will call security_disown_value so that the
+ * in-limbo LSM's data can be safely deleted. The LSM calls
+ * security_unlink_value() to remove the item from the list.
+ * security_unlink_value() will check whether
+ * lsm_list.pprev == LIST_POISON2. If not, then it removes the
+ * item from the (valid) list, else it simply returns, as there
+ * is no more list.
+ */
+void security_disown_value(struct hlist_head *h)
+{
+ spin_lock(&stacker_value_spinlock);
+ if (h->first)
+ h->first->pprev = LIST_POISON2;
+ h->first = NULL;
+ spin_unlock(&stacker_value_spinlock);
+}
+
+/* No locking needed: only called during object_destroy */
+fastcall struct security_list *
+security_del_value(struct hlist_head *head, int security_id)
+{
+ struct security_list *e;
+ struct hlist_node *tmp;
+
+ for (tmp = head->first; tmp; tmp = tmp->next) {
+ e = hlist_entry(tmp, struct security_list, list);
+ if (e->security_id == security_id) {
+ hlist_del(&e->list);
+ return e;
+ }
+ }
+
+ return NULL;
+}
+
+EXPORT_SYMBOL_GPL(security_get_value);
+EXPORT_SYMBOL_GPL(security_set_value);
+EXPORT_SYMBOL_GPL(security_add_value);
+EXPORT_SYMBOL_GPL(security_unlink_value);
+EXPORT_SYMBOL_GPL(security_disown_value);
+EXPORT_SYMBOL_GPL(security_del_value);
+
/* things that live in dummy.c */
extern struct security_operations dummy_security_ops;
extern void security_fixup_ops(struct security_operations *ops);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
|
|