Re: [PATCH -mm 3/3] [LSM] Stacking support for inode_init_security

serue Mon, 22 Aug 2005 14:31:22 -0700

This patch adds two stackable test LSMs which only define
inode_init_security().  Any file created while these modules are
loaded should have the xattrs ("security.name1", "value1") and
("security.name2", "value2").


thanks,
-serge

Signed-off-by: Serge Hallyn <[EMAIL PROTECTED]>
--
 testinitsec1.c |   75 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 testinitsec2.c |   75 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 150 insertions(+)

Index: linux-2.6.13-rc6-mm1/security/testinitsec1.c
===================================================================
--- /dev/null   1970-01-01 00:00:00.000000000 +0000
+++ linux-2.6.13-rc6-mm1/security/testinitsec1.c        2005-08-19 
17:01:57.000000000 -0500
@@ -0,0 +1,75 @@
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/security.h>
+
+#define VALUE "value1"
+#define NAME "name1"
+#define MY_NAME "testinitsec1"
+static int test_init_security(struct inode *inode, struct inode *dir,
+                                      struct list_head *head)
+{
+       char *namep = NULL, *valuep = NULL;
+       struct xattr_data *data = NULL;
+
+       if (!head)
+               return 0;
+
+       data = kmalloc(sizeof(struct xattr_data), GFP_KERNEL);
+       if (!data)
+               goto err;
+       namep = kmalloc(32, GFP_KERNEL);
+       if (!namep)
+               goto err;
+       valuep = kmalloc(32, GFP_KERNEL);
+       if (!valuep)
+               goto err;
+
+       strcpy(namep, NAME);
+       strcpy(valuep, VALUE);
+       data->name = namep;
+       data->value = valuep;
+       data->len = strlen(VALUE);
+       INIT_LIST_HEAD(&data->list);
+       list_add_tail(&data->list, head);
+       return 0;
+err:
+       kfree(namep);
+       kfree(valuep);
+       kfree(data);
+       return -ENOMEM;
+}
+
+static struct security_operations testlsm_security_ops = {
+       .owner =                        THIS_MODULE,
+
+       .inode_init_security =          test_init_security,
+};
+
+static int __init testlsm_init (void)
+{
+       if (mod_reg_security (MY_NAME, &testlsm_security_ops, NULL)) {
+               printk (KERN_INFO "Failure registering testlsm "
+                       " module with primary security module.\n");
+               return -EINVAL;
+       }
+       return 0;
+}
+
+
+static void __exit testlsm_exit (void)
+{
+       if (unregister_security (&testlsm_security_ops)) {
+               printk (KERN_INFO "Failure unregistering testlsm "
+                       "module with the kernel\n");
+       }
+       printk (KERN_INFO "init_security test module removed\n");
+}
+
+security_initcall (testlsm_init);
+module_exit (testlsm_exit);
+
+MODULE_DESCRIPTION("inode_initsecurity test LSM module");
+MODULE_LICENSE("GPL");
+
Index: linux-2.6.13-rc6-mm1/security/testinitsec2.c
===================================================================
--- /dev/null   1970-01-01 00:00:00.000000000 +0000
+++ linux-2.6.13-rc6-mm1/security/testinitsec2.c        2005-08-19 
17:01:57.000000000 -0500
@@ -0,0 +1,75 @@
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/security.h>
+
+#define VALUE "value2"
+#define NAME "name2"
+#define MY_NAME "testinitsec2"
+static int test_init_security(struct inode *inode, struct inode *dir,
+                                      struct list_head *head)
+{
+       char *namep = NULL, *valuep = NULL;
+       struct xattr_data *data = NULL;
+
+       if (!head)
+               return 0;
+
+       data = kmalloc(sizeof(struct xattr_data), GFP_KERNEL);
+       if (!data)
+               goto err;
+       namep = kmalloc(32, GFP_KERNEL);
+       if (!namep)
+               goto err;
+       valuep = kmalloc(32, GFP_KERNEL);
+       if (!valuep)
+               goto err;
+
+       strcpy(namep, NAME);
+       strcpy(valuep, VALUE);
+       data->name = namep;
+       data->value = valuep;
+       data->len = strlen(VALUE);
+       INIT_LIST_HEAD(&data->list);
+       list_add_tail(&data->list, head);
+       return 0;
+err:
+       kfree(namep);
+       kfree(valuep);
+       kfree(data);
+       return -ENOMEM;
+}
+
+static struct security_operations testlsm_security_ops = {
+       .owner =                        THIS_MODULE,
+
+       .inode_init_security =          test_init_security,
+};
+
+static int __init testlsm_init (void)
+{
+       if (mod_reg_security (MY_NAME, &testlsm_security_ops, NULL)) {
+               printk (KERN_INFO "Failure registering testlsm "
+                       " module with primary security module.\n");
+               return -EINVAL;
+       }
+       return 0;
+}
+
+
+static void __exit testlsm_exit (void)
+{
+       if (unregister_security (&testlsm_security_ops)) {
+               printk (KERN_INFO "Failure unregistering testlsm "
+                       "module with the kernel\n");
+       }
+       printk (KERN_INFO "init_security test module removed\n");
+}
+
+security_initcall (testlsm_init);
+module_exit (testlsm_exit);
+
+MODULE_DESCRIPTION("inode_initsecurity test LSM module");
+MODULE_LICENSE("GPL");
+
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH -mm 3/3] [LSM] Stacking support for inode_init_security

Reply via email to