LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Kernel page

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

[PATCH] [6/6] LSM Stacking: temporary setprocattr hack

From:  Serge Hallyn <serue@us.ibm.com>
To:  Chris Wright <chrisw@osdl.org>
Subject:  Re: [RFC] [PATCH] [6/6] LSM Stacking: temporary setprocattr hack
Date:  Thu, 04 Nov 2004 17:12:51 -0600
Cc:  Andrew Morton <akpm@osdl.org>, lkml <linux-kernel@vger.kernel.org>

Stacker assumes that data written to /proc/<pid>/attr/* is of the
form:

module_name: data

Until the SELinux tools are rewritten to use this form, or it is decided
other LSMs should use a different way of communicating with userspace,
this patch will assume that data not in this form is intended for SELinux.

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>

Index: linux-2.6.10-rc1-bk14/security/stacker.c
===================================================================
--- linux-2.6.10-rc1-bk14.orig/security/stacker.c	2004-11-04
12:31:02.636390608 -0600
+++ linux-2.6.10-rc1-bk14/security/stacker.c	2004-11-04
12:31:12.248929280 -0600
@@ -91,6 +91,8 @@
    pointed to by stacked_modules. It's initially NULL (an empty list).
*/
 struct module_entry *stacked_modules;
 
+static struct module_entry *selinux_module;
+static int selinux_is_loaded;
 
 /* penultimate_stacked_module points to the next-to-last
  * entry in the stacked list if there are 2+ entries, else it's NULL;
@@ -1007,12 +1009,20 @@
 
 	s = value;
 	e = strnchr(s, size, ':');
+	if (!e && selinux_is_loaded) {
+		m = selinux_module;
+		goto cont;
+	}
 	if (!e) {
 		printk(KERN_INFO "%s: couln't find module name end\n",
 			__FUNCTION__);
 		return -EINVAL;
 	}
 	m = find_lsm_module_by_name(s,e);
+	if (!m && selinux_is_loaded) {
+		m = selinux_module;
+		goto cont;
+	}
 	if (!m) {
 		strncpy(modname, s, 50);
 		modname[49] = '\0';
@@ -1021,6 +1031,7 @@
 		return -EINVAL;
 	}
 	s = e+1;
+cont:
 	while ((void *)s < value+size && *s == ' ')
 		s++;
 	if (s == value+size) {
@@ -1028,9 +1039,7 @@
 		return -EINVAL;
 	}
 	len = size - (int)((void *)s - value);
-	printk(KERN_INFO "%s: sending to module\n", __FUNCTION__);
 	ret = m->module_operations.setprocattr(p,name,s,len);
-	printk(KERN_INFO "%s: ret was %d, returning %d\n", __FUNCTION__, ret,
ret+(size-len));
 	if (ret < 0)
 		return ret;
 	return ret + (size-len);
@@ -1092,6 +1101,10 @@
 	new_module_entry->namelen = namelen;
 
 	add_module_entry(new_module_entry);
+	if (strcmp(name, "selinux") == 0) {
+		selinux_is_loaded = 1;
+		selinux_module = new_module_entry;
+	}
 
 	/* One more write barrier; this one is to _ensure_ that the
 	 * inactive list is valid before releasing the locking. */
@@ -1139,6 +1152,10 @@
 			penultimate_stacked_module = bb;
 	}
 	num_stacked_modules--;
+	if (strcmp(m->module_name, "selinux") == 0) {
+		selinux_is_loaded = 0;
+		selinux_module = NULL;
+	}
 	kfree(m->module_name);
 	kfree(m);
 out:
@@ -1567,6 +1584,9 @@
 	sysfsfiles_registered = 0;
 	num_stacked_modules = 0;
 
+	selinux_is_loaded = 0;
+	selinux_module = NULL;
+
 	INIT_STACKER_LOCKING;
 
 	if (register_security (&stacker_ops)) {


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds