RE: [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions.
On Saturday, March 03, 2018 5:22 PM, Tetsuo Handa wrote: > Masanobu Koike wrote: > > On Friday, March 02, 2018 12:43 AM, Casey Schaufler wrote: > > > On 2/28/2018 11:38 PM, Masanobu Koike wrote: > > > > @@ -264,6 +266,9 @@ choice > > > > config DEFAULT_SECURITY_APPARMOR > > > > bool "AppArmor" if SECURITY_APPARMOR=y > > > > > > > > + config DEFAULT_SECURITY_WHITEEGRET > > > > + bool "WhiteEgret" if SECURITY_WHITEEGRET=y > > > > + > > > > > > I don't see this module using any security blobs. Is there > > > a reason you're not making this a minor (like yama) module > > > instead of a major (like AppArmor) module? > > > > Thank you for your suggestion. > > We are now developing WhiteEgret on the environment > > it works certainly. > > > > ??? What Casey suggested is effectively > > -- > --- a/security/whiteegret/init.c > +++ b/security/whiteegret/init.c > @@ -48,9 +48,6 @@ static int __init we_init(void) > { > int rc; > > - if (!security_module_enable("whiteegret")) > - return 0; > - > security_add_hooks(we_hooks, ARRAY_SIZE(we_hooks), > "whiteegret"); > > rc = we_specific_init(); > -- > > , isn't it? Unlike Yama, adding whiteegret_add_hooks() to security_init() > is not useful, for security_init() is called too early to create securityfs > entries for WhiteEgret. > > Current version uses security= parameter as a switch for enabling/disabling > WhiteEgret, doesn't it? If WhiteEgret does not use security= as a switch, > is some other switch (e.g. __setup()) expected? Sorry for the delay. Thank you for your comment and suggestion. I'll make this module a minor one in the next version. Masanobu Koike
Re: [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions.
Masanobu Koike wrote: > On Friday, March 02, 2018 12:43 AM, Casey Schaufler wrote: > > On 2/28/2018 11:38 PM, Masanobu Koike wrote: > > > @@ -264,6 +266,9 @@ choice > > > config DEFAULT_SECURITY_APPARMOR > > > bool "AppArmor" if SECURITY_APPARMOR=y > > > > > > + config DEFAULT_SECURITY_WHITEEGRET > > > + bool "WhiteEgret" if SECURITY_WHITEEGRET=y > > > + > > > > I don't see this module using any security blobs. Is there > > a reason you're not making this a minor (like yama) module > > instead of a major (like AppArmor) module? > > Thank you for your suggestion. > We are now developing WhiteEgret on the environment > it works certainly. > ??? What Casey suggested is effectively -- --- a/security/whiteegret/init.c +++ b/security/whiteegret/init.c @@ -48,9 +48,6 @@ static int __init we_init(void) { int rc; - if (!security_module_enable("whiteegret")) - return 0; - security_add_hooks(we_hooks, ARRAY_SIZE(we_hooks), "whiteegret"); rc = we_specific_init(); -- , isn't it? Unlike Yama, adding whiteegret_add_hooks() to security_init() is not useful, for security_init() is called too early to create securityfs entries for WhiteEgret. Current version uses security= parameter as a switch for enabling/disabling WhiteEgret, doesn't it? If WhiteEgret does not use security= as a switch, is some other switch (e.g. __setup()) expected?
RE: [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions.
On Friday, March 02, 2018 12:43 AM, Casey Schaufler wrote: > On 2/28/2018 11:38 PM, Masanobu Koike wrote: > > This RFC provides implementation of WhiteEgret. > > > > Signed-off-by: Masanobu Koike > > --- > > security/Kconfig | 6 + > > security/Makefile | 2 + > > security/whiteegret/Kconfig| 11 ++ > > security/whiteegret/Makefile | 2 + > > security/whiteegret/init.c | 75 ++ > > security/whiteegret/main.c | 251 > + > > security/whiteegret/request.c | 151 > > security/whiteegret/request.h | 52 +++ > > security/whiteegret/we.h | 66 + > > security/whiteegret/we_fs.c| 280 > + > > security/whiteegret/we_fs.h| 23 +++ > > security/whiteegret/we_fs_common.h | 36 + > > 12 files changed, 955 insertions(+) > > create mode 100644 security/whiteegret/Kconfig > > create mode 100644 security/whiteegret/Makefile > > create mode 100644 security/whiteegret/init.c > > create mode 100644 security/whiteegret/main.c > > create mode 100644 security/whiteegret/request.c > > create mode 100644 security/whiteegret/request.h > > create mode 100644 security/whiteegret/we.h > > create mode 100644 security/whiteegret/we_fs.c > > create mode 100644 security/whiteegret/we_fs.h > > create mode 100644 security/whiteegret/we_fs_common.h > > > > diff --git a/security/Kconfig b/security/Kconfig > > index c4302067a3ad..f17fefecaf84 100644 > > --- a/security/Kconfig > > +++ b/security/Kconfig > > @@ -237,6 +237,7 @@ source security/tomoyo/Kconfig > > source security/apparmor/Kconfig > > source security/loadpin/Kconfig > > source security/yama/Kconfig > > +source security/whiteegret/Kconfig > > > > source security/integrity/Kconfig > > > > @@ -246,6 +247,7 @@ choice > > default DEFAULT_SECURITY_SMACK if SECURITY_SMACK > > default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO > > default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR > > + default DEFAULT_SECURITY_WHITEEGRET if SECURITY_WHITEEGRET > > default DEFAULT_SECURITY_DAC > > > > help > > @@ -264,6 +266,9 @@ choice > > config DEFAULT_SECURITY_APPARMOR > > bool "AppArmor" if SECURITY_APPARMOR=y > > > > + config DEFAULT_SECURITY_WHITEEGRET > > + bool "WhiteEgret" if SECURITY_WHITEEGRET=y > > + > > I don't see this module using any security blobs. Is there > a reason you're not making this a minor (like yama) module > instead of a major (like AppArmor) module? Thank you for your suggestion. We are now developing WhiteEgret on the environment it works certainly. Masanobu Koike > > > config DEFAULT_SECURITY_DAC > > bool "Unix Discretionary Access Controls" > > > > @@ -275,6 +280,7 @@ config DEFAULT_SECURITY > > default "smack" if DEFAULT_SECURITY_SMACK > > default "tomoyo" if DEFAULT_SECURITY_TOMOYO > > default "apparmor" if DEFAULT_SECURITY_APPARMOR > > + default "whiteegret" if DEFAULT_SECURITY_WHITEEGRET > > default "" if DEFAULT_SECURITY_DAC > > > > endmenu > > diff --git a/security/Makefile b/security/Makefile > > index 4d2d3782ddef..3a8249c77288 100644 > > --- a/security/Makefile > > +++ b/security/Makefile > > @@ -10,6 +10,7 @@ subdir-$(CONFIG_SECURITY_TOMOYO)+= tomoyo > > subdir-$(CONFIG_SECURITY_APPARMOR) += apparmor > > subdir-$(CONFIG_SECURITY_YAMA) += yama > > subdir-$(CONFIG_SECURITY_LOADPIN) += loadpin > > +subdir-$(CONFIG_SECURITY_WHITEEGRET) += whiteegret > > > > # always enable default capabilities > > obj-y += commoncap.o > > @@ -25,6 +26,7 @@ obj-$(CONFIG_SECURITY_TOMOYO) += > tomoyo/ > > obj-$(CONFIG_SECURITY_APPARMOR)+= apparmor/ > > obj-$(CONFIG_SECURITY_YAMA)+= yama/ > > obj-$(CONFIG_SECURITY_LOADPIN) += loadpin/ > > +obj-$(CONFIG_SECURITY_WHITEEGRET) += whiteegret/ > > obj-$(CONFIG_CGROUP_DEVICE)+= device_cgroup.o > > > > # Object integrity file lists > > diff --git a/security/whiteegret/Kconfig b/security/whiteegret/Kconfig > > new file mode 100644 > > index ..32845977745f > > --- /dev/null > > +++ b/security/whiteegret/Kconfig > > @@ -0,0 +1,11 @@ > > +config SECURITY_WHITEEGRET > > +bool "WhiteEgret support" > > +depends on SECURITY > > +default n > > +help > > + This enables the WhiteEgret security module. > > + WhiteEgret provides a whitelisting execution control > capability, > > + which helps stop the execution of unauthorized software > > + such as malware. > > + You will also need a user application and an execution whitelist. > > + If you are unsure how to answer this question, answer N. > > diff --git a/security/whiteegret/Makefile > b/security/whiteegret/Makefile > > new file mode 100644 > > index ..1
Re: [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions.
On 2/28/2018 11:38 PM, Masanobu Koike wrote: > This RFC provides implementation of WhiteEgret. > > Signed-off-by: Masanobu Koike > --- > security/Kconfig | 6 + > security/Makefile | 2 + > security/whiteegret/Kconfig| 11 ++ > security/whiteegret/Makefile | 2 + > security/whiteegret/init.c | 75 ++ > security/whiteegret/main.c | 251 + > security/whiteegret/request.c | 151 > security/whiteegret/request.h | 52 +++ > security/whiteegret/we.h | 66 + > security/whiteegret/we_fs.c| 280 > + > security/whiteegret/we_fs.h| 23 +++ > security/whiteegret/we_fs_common.h | 36 + > 12 files changed, 955 insertions(+) > create mode 100644 security/whiteegret/Kconfig > create mode 100644 security/whiteegret/Makefile > create mode 100644 security/whiteegret/init.c > create mode 100644 security/whiteegret/main.c > create mode 100644 security/whiteegret/request.c > create mode 100644 security/whiteegret/request.h > create mode 100644 security/whiteegret/we.h > create mode 100644 security/whiteegret/we_fs.c > create mode 100644 security/whiteegret/we_fs.h > create mode 100644 security/whiteegret/we_fs_common.h > > diff --git a/security/Kconfig b/security/Kconfig > index c4302067a3ad..f17fefecaf84 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -237,6 +237,7 @@ source security/tomoyo/Kconfig > source security/apparmor/Kconfig > source security/loadpin/Kconfig > source security/yama/Kconfig > +source security/whiteegret/Kconfig > > source security/integrity/Kconfig > > @@ -246,6 +247,7 @@ choice > default DEFAULT_SECURITY_SMACK if SECURITY_SMACK > default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO > default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR > + default DEFAULT_SECURITY_WHITEEGRET if SECURITY_WHITEEGRET > default DEFAULT_SECURITY_DAC > > help > @@ -264,6 +266,9 @@ choice > config DEFAULT_SECURITY_APPARMOR > bool "AppArmor" if SECURITY_APPARMOR=y > > + config DEFAULT_SECURITY_WHITEEGRET > + bool "WhiteEgret" if SECURITY_WHITEEGRET=y > + I don't see this module using any security blobs. Is there a reason you're not making this a minor (like yama) module instead of a major (like AppArmor) module? > config DEFAULT_SECURITY_DAC > bool "Unix Discretionary Access Controls" > > @@ -275,6 +280,7 @@ config DEFAULT_SECURITY > default "smack" if DEFAULT_SECURITY_SMACK > default "tomoyo" if DEFAULT_SECURITY_TOMOYO > default "apparmor" if DEFAULT_SECURITY_APPARMOR > + default "whiteegret" if DEFAULT_SECURITY_WHITEEGRET > default "" if DEFAULT_SECURITY_DAC > > endmenu > diff --git a/security/Makefile b/security/Makefile > index 4d2d3782ddef..3a8249c77288 100644 > --- a/security/Makefile > +++ b/security/Makefile > @@ -10,6 +10,7 @@ subdir-$(CONFIG_SECURITY_TOMOYO)+= tomoyo > subdir-$(CONFIG_SECURITY_APPARMOR) += apparmor > subdir-$(CONFIG_SECURITY_YAMA) += yama > subdir-$(CONFIG_SECURITY_LOADPIN)+= loadpin > +subdir-$(CONFIG_SECURITY_WHITEEGRET) += whiteegret > > # always enable default capabilities > obj-y+= commoncap.o > @@ -25,6 +26,7 @@ obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/ > obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/ > obj-$(CONFIG_SECURITY_YAMA) += yama/ > obj-$(CONFIG_SECURITY_LOADPIN) += loadpin/ > +obj-$(CONFIG_SECURITY_WHITEEGRET)+= whiteegret/ > obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o > > # Object integrity file lists > diff --git a/security/whiteegret/Kconfig b/security/whiteegret/Kconfig > new file mode 100644 > index ..32845977745f > --- /dev/null > +++ b/security/whiteegret/Kconfig > @@ -0,0 +1,11 @@ > +config SECURITY_WHITEEGRET > +bool "WhiteEgret support" > +depends on SECURITY > +default n > +help > + This enables the WhiteEgret security module. > + WhiteEgret provides a whitelisting execution control capability, > + which helps stop the execution of unauthorized software > + such as malware. > + You will also need a user application and an execution whitelist. > + If you are unsure how to answer this question, answer N. > diff --git a/security/whiteegret/Makefile b/security/whiteegret/Makefile > new file mode 100644 > index ..16bd3afd9324 > --- /dev/null > +++ b/security/whiteegret/Makefile > @@ -0,0 +1,2 @@ > +obj-$(CONFIG_SECURITY_WHITEEGRET) += whiteegret.o > +whiteegret-y := init.o main.o request.o we_fs.o > diff --git a/security/whiteegret/init.c b/security/whiteegret/init.c > new file mode 100644 > index ..3691cca6bc27 > --- /dev/null > +++ b/security/white
[RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions.
This RFC provides implementation of WhiteEgret. Signed-off-by: Masanobu Koike --- security/Kconfig | 6 + security/Makefile | 2 + security/whiteegret/Kconfig| 11 ++ security/whiteegret/Makefile | 2 + security/whiteegret/init.c | 75 ++ security/whiteegret/main.c | 251 + security/whiteegret/request.c | 151 security/whiteegret/request.h | 52 +++ security/whiteegret/we.h | 66 + security/whiteegret/we_fs.c| 280 + security/whiteegret/we_fs.h| 23 +++ security/whiteegret/we_fs_common.h | 36 + 12 files changed, 955 insertions(+) create mode 100644 security/whiteegret/Kconfig create mode 100644 security/whiteegret/Makefile create mode 100644 security/whiteegret/init.c create mode 100644 security/whiteegret/main.c create mode 100644 security/whiteegret/request.c create mode 100644 security/whiteegret/request.h create mode 100644 security/whiteegret/we.h create mode 100644 security/whiteegret/we_fs.c create mode 100644 security/whiteegret/we_fs.h create mode 100644 security/whiteegret/we_fs_common.h diff --git a/security/Kconfig b/security/Kconfig index c4302067a3ad..f17fefecaf84 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -237,6 +237,7 @@ source security/tomoyo/Kconfig source security/apparmor/Kconfig source security/loadpin/Kconfig source security/yama/Kconfig +source security/whiteegret/Kconfig source security/integrity/Kconfig @@ -246,6 +247,7 @@ choice default DEFAULT_SECURITY_SMACK if SECURITY_SMACK default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR + default DEFAULT_SECURITY_WHITEEGRET if SECURITY_WHITEEGRET default DEFAULT_SECURITY_DAC help @@ -264,6 +266,9 @@ choice config DEFAULT_SECURITY_APPARMOR bool "AppArmor" if SECURITY_APPARMOR=y + config DEFAULT_SECURITY_WHITEEGRET + bool "WhiteEgret" if SECURITY_WHITEEGRET=y + config DEFAULT_SECURITY_DAC bool "Unix Discretionary Access Controls" @@ -275,6 +280,7 @@ config DEFAULT_SECURITY default "smack" if DEFAULT_SECURITY_SMACK default "tomoyo" if DEFAULT_SECURITY_TOMOYO default "apparmor" if DEFAULT_SECURITY_APPARMOR + default "whiteegret" if DEFAULT_SECURITY_WHITEEGRET default "" if DEFAULT_SECURITY_DAC endmenu diff --git a/security/Makefile b/security/Makefile index 4d2d3782ddef..3a8249c77288 100644 --- a/security/Makefile +++ b/security/Makefile @@ -10,6 +10,7 @@ subdir-$(CONFIG_SECURITY_TOMOYO)+= tomoyo subdir-$(CONFIG_SECURITY_APPARMOR) += apparmor subdir-$(CONFIG_SECURITY_YAMA) += yama subdir-$(CONFIG_SECURITY_LOADPIN) += loadpin +subdir-$(CONFIG_SECURITY_WHITEEGRET) += whiteegret # always enable default capabilities obj-y += commoncap.o @@ -25,6 +26,7 @@ obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/ obj-$(CONFIG_SECURITY_APPARMOR)+= apparmor/ obj-$(CONFIG_SECURITY_YAMA)+= yama/ obj-$(CONFIG_SECURITY_LOADPIN) += loadpin/ +obj-$(CONFIG_SECURITY_WHITEEGRET) += whiteegret/ obj-$(CONFIG_CGROUP_DEVICE)+= device_cgroup.o # Object integrity file lists diff --git a/security/whiteegret/Kconfig b/security/whiteegret/Kconfig new file mode 100644 index ..32845977745f --- /dev/null +++ b/security/whiteegret/Kconfig @@ -0,0 +1,11 @@ +config SECURITY_WHITEEGRET +bool "WhiteEgret support" +depends on SECURITY +default n +help + This enables the WhiteEgret security module. + WhiteEgret provides a whitelisting execution control capability, + which helps stop the execution of unauthorized software + such as malware. + You will also need a user application and an execution whitelist. + If you are unsure how to answer this question, answer N. diff --git a/security/whiteegret/Makefile b/security/whiteegret/Makefile new file mode 100644 index ..16bd3afd9324 --- /dev/null +++ b/security/whiteegret/Makefile @@ -0,0 +1,2 @@ +obj-$(CONFIG_SECURITY_WHITEEGRET) += whiteegret.o +whiteegret-y := init.o main.o request.o we_fs.o diff --git a/security/whiteegret/init.c b/security/whiteegret/init.c new file mode 100644 index ..3691cca6bc27 --- /dev/null +++ b/security/whiteegret/init.c @@ -0,0 +1,75 @@ +/* + * WhiteEgret Linux Security Module + * + * Copyright (C) 2017-2018 Toshiba Corporation + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation, version 2. + */ + +#define pr_fmt(fmt) "WhiteEgret: " fmt + +#include +#include +#include +#inclu