From patchwork Fri Oct 21 12:49:07 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
X-Patchwork-Id: 9388921
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	08C16607F0
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Fri, 21 Oct 2016 12:53:14 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EEF0229195
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Fri, 21 Oct 2016 12:53:13 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id E36022A177; Fri, 21 Oct 2016 12:53:13 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8F2EE29195
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Fri, 21 Oct 2016 12:53:13 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933001AbcJUMuy (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Fri, 21 Oct 2016 08:50:54 -0400
Received: from www262.sakura.ne.jp ([202.181.97.72]:39022 "EHLO
	www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S933536AbcJUMth (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Fri, 21 Oct 2016 08:49:37 -0400
Received: from fsav301.sakura.ne.jp (fsav301.sakura.ne.jp [153.120.85.132])
	by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id
	u9LCnTJW029100; Fri, 21 Oct 2016 21:49:29 +0900 (JST)
	(envelope-from penguin-kernel@I-love.SAKURA.ne.jp)
Received: from www262.sakura.ne.jp (202.181.97.72) by fsav301.sakura.ne.jp
	(F-Secure/fsigk_smtp/530/fsav301.sakura.ne.jp);
	Fri, 21 Oct 2016 21:49:29 +0900 (JST)
X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav301.sakura.ne.jp)
Received: from ccsecurity.localdomain (softbank126227147111.bbtec.net
	[126.227.147.111]) (authenticated bits=0)
	by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id u9LCnMFp029053
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256
	verify=NO); Fri, 21 Oct 2016 21:49:29 +0900 (JST)
	(envelope-from penguin-kernel@I-love.SAKURA.ne.jp)
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
To: linux-security-module@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Subject: [PATCH 5/8] CaitSith: Add LSM adapter functions.
Date: Fri, 21 Oct 2016 21:49:07 +0900
Message-Id: 
 <1477054150-4772-6-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: 
 <1477054150-4772-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp>
References: 
 <1477054150-4772-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp>
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

This version implements only execve() related LSM hooks.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
 security/caitsith/lsm.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 security/caitsith/lsm.c

diff --git a/security/caitsith/lsm.c b/security/caitsith/lsm.c
new file mode 100644
index 0000000..675cee8
--- /dev/null
+++ b/security/caitsith/lsm.c
@@ -0,0 +1,60 @@
+/*
+ * security/caitsith/lsm.c
+ *
+ * Copyright (C) 2010-2013  Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+ */
+
+#include <linux/lsm_hooks.h>
+#include "caitsith.h"
+
+/**
+ * caitsith_bprm_set_creds - Target for security_bprm_set_creds().
+ *
+ * @bprm: Pointer to "struct linux_binprm".
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
+static int caitsith_bprm_set_creds(struct linux_binprm *bprm)
+{
+	/*
+	 * Do only if this function is called for the first time of an execve
+	 * operation.
+	 */
+	if (bprm->cred_prepared)
+		return 0;
+#ifndef CONFIG_SECURITY_CAITSITH_OMIT_USERSPACE_LOADER
+	/*
+	 * Load policy if /sbin/caitsith-init exists and /sbin/init is requested
+	 * for the first time.
+	 */
+	if (!cs_policy_loaded)
+		cs_load_policy(bprm->filename);
+#endif
+	return cs_start_execve(bprm);
+}
+
+/*
+ * caitsith_security_ops is a "struct security_operations" which is used for
+ * registering CaitSith.
+ */
+static struct security_hook_list caitsith_hooks[] = {
+	LSM_HOOK_INIT(bprm_set_creds, caitsith_bprm_set_creds),
+};
+
+/**
+ * caitsith_init - Register CaitSith as a LSM module.
+ *
+ * Returns 0.
+ */
+static int __init caitsith_init(void)
+{
+	if (!security_module_enable("caitsith"))
+		return 0;
+	/* register ourselves with the security framework */
+	security_add_hooks(caitsith_hooks, ARRAY_SIZE(caitsith_hooks));
+	printk(KERN_INFO "CaitSith initialized\n");
+	cs_init_module();
+	return 0;
+}
+
+security_initcall(caitsith_init);