Browse Subversion Repository
Annotation of /branches/for-mainline/security/caitsith/lsm.c
 Parent Directory
|  Revision Log
Revision 267 -
( hide annotations)
( download)
( as text)
Mon Aug 27 10:15:55 2018 UTC
(5 years, 7 months ago)
by kumaneko
File MIME type: text/x-csrc
File size: 1451 byte(s)
| 1 |
kumaneko |
205 |
/* |
| 2 |
|
|
* security/caitsith/lsm.c |
| 3 |
|
|
* |
| 4 |
|
|
* Copyright (C) 2010-2013 Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
| 5 |
|
|
*/ |
| 6 |
|
|
|
| 7 |
|
|
#include <linux/lsm_hooks.h> |
| 8 |
|
|
#include "caitsith.h" |
| 9 |
|
|
|
| 10 |
|
|
/** |
| 11 |
|
|
* caitsith_bprm_set_creds - Target for security_bprm_set_creds(). |
| 12 |
|
|
* |
| 13 |
|
|
* @bprm: Pointer to "struct linux_binprm". |
| 14 |
|
|
* |
| 15 |
|
|
* Returns 0 on success, negative value otherwise. |
| 16 |
|
|
*/ |
| 17 |
|
|
static int caitsith_bprm_set_creds(struct linux_binprm *bprm) |
| 18 |
|
|
{ |
| 19 |
|
|
/* |
| 20 |
|
|
* Do only if this function is called for the first time of an execve |
| 21 |
|
|
* operation. |
| 22 |
|
|
*/ |
| 23 |
kumaneko |
267 |
if (bprm->called_set_creds) |
| 24 |
kumaneko |
205 |
return 0; |
| 25 |
|
|
#ifndef CONFIG_SECURITY_CAITSITH_OMIT_USERSPACE_LOADER |
| 26 |
|
|
/* |
| 27 |
|
|
* Load policy if /sbin/caitsith-init exists and /sbin/init is requested |
| 28 |
|
|
* for the first time. |
| 29 |
|
|
*/ |
| 30 |
|
|
if (!cs_policy_loaded) |
| 31 |
|
|
cs_load_policy(bprm->filename); |
| 32 |
|
|
#endif |
| 33 |
|
|
return cs_start_execve(bprm); |
| 34 |
|
|
} |
| 35 |
|
|
|
| 36 |
|
|
/* |
| 37 |
|
|
* caitsith_security_ops is a "struct security_operations" which is used for |
| 38 |
|
|
* registering CaitSith. |
| 39 |
|
|
*/ |
| 40 |
|
|
static struct security_hook_list caitsith_hooks[] = { |
| 41 |
|
|
LSM_HOOK_INIT(bprm_set_creds, caitsith_bprm_set_creds), |
| 42 |
|
|
}; |
| 43 |
|
|
|
| 44 |
|
|
/** |
| 45 |
|
|
* caitsith_init - Register CaitSith as a LSM module. |
| 46 |
|
|
* |
| 47 |
|
|
* Returns 0. |
| 48 |
|
|
*/ |
| 49 |
|
|
static int __init caitsith_init(void) |
| 50 |
|
|
{ |
| 51 |
|
|
if (!security_module_enable("caitsith")) |
| 52 |
|
|
return 0; |
| 53 |
|
|
/* register ourselves with the security framework */ |
| 54 |
kumaneko |
267 |
security_add_hooks(caitsith_hooks, ARRAY_SIZE(caitsith_hooks), |
| 55 |
|
|
"caitsith"); |
| 56 |
kumaneko |
205 |
printk(KERN_INFO "CaitSith initialized\n"); |
| 57 |
|
|
cs_init_module(); |
| 58 |
|
|
return 0; |
| 59 |
|
|
} |
| 60 |
|
|
|
| 61 |
|
|
security_initcall(caitsith_init); |
| 
Parent Directory
Revision Log