From patchwork Fri Oct 21 12:49:10 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tetsuo Handa X-Patchwork-Id: 9388923 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0E994607F0 for ; Fri, 21 Oct 2016 12:53:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0027F29195 for ; Fri, 21 Oct 2016 12:53:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E91392A177; Fri, 21 Oct 2016 12:53:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5B41F29195 for ; Fri, 21 Oct 2016 12:53:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932708AbcJUMux (ORCPT ); Fri, 21 Oct 2016 08:50:53 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:39030 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933537AbcJUMth (ORCPT ); Fri, 21 Oct 2016 08:49:37 -0400 Received: from fsav109.sakura.ne.jp (fsav109.sakura.ne.jp [27.133.134.236]) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id u9LCnU9g029130; Fri, 21 Oct 2016 21:49:30 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav109.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav109.sakura.ne.jp); Fri, 21 Oct 2016 21:49:30 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav109.sakura.ne.jp) Received: from ccsecurity.localdomain (softbank126227147111.bbtec.net [126.227.147.111]) (authenticated bits=0) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id u9LCnMFs029053 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Fri, 21 Oct 2016 21:49:30 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) From: Tetsuo Handa To: linux-security-module@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Tetsuo Handa Subject: [PATCH 8/8] CaitSith: Add Kconfig and Makefile Date: Fri, 21 Oct 2016 21:49:10 +0900 Message-Id: <1477054150-4772-9-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1477054150-4772-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp> References: <1477054150-4772-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP CaitSith uses LSM hooks and securityfs support. For now, CaitSith is not using security blobs (i.e. "void *security" field in data structures) so that you can enable CaitSith using Multiple Concurrent LSMs. Signed-off-by: Tetsuo Handa --- security/Kconfig | 6 ++++++ security/Makefile | 2 ++ security/caitsith/Kconfig | 48 ++++++++++++++++++++++++++++++++++++++++++++++ security/caitsith/Makefile | 15 +++++++++++++++ 4 files changed, 71 insertions(+) create mode 100644 security/caitsith/Kconfig create mode 100644 security/caitsith/Makefile diff --git a/security/Kconfig b/security/Kconfig index 176758c..ab5b634 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -124,6 +124,7 @@ source security/tomoyo/Kconfig source security/apparmor/Kconfig source security/loadpin/Kconfig source security/yama/Kconfig +source security/caitsith/Kconfig source security/integrity/Kconfig @@ -133,6 +134,7 @@ choice default DEFAULT_SECURITY_SMACK if SECURITY_SMACK default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR + default DEFAULT_SECURITY_CAITSITH if SECURITY_CAITSITH default DEFAULT_SECURITY_DAC help @@ -151,6 +153,9 @@ choice config DEFAULT_SECURITY_APPARMOR bool "AppArmor" if SECURITY_APPARMOR=y + config DEFAULT_SECURITY_CAITSITH + bool "CaitSith" if SECURITY_CAITSITH=y + config DEFAULT_SECURITY_DAC bool "Unix Discretionary Access Controls" @@ -162,6 +167,7 @@ config DEFAULT_SECURITY default "smack" if DEFAULT_SECURITY_SMACK default "tomoyo" if DEFAULT_SECURITY_TOMOYO default "apparmor" if DEFAULT_SECURITY_APPARMOR + default "caitsith" if DEFAULT_SECURITY_CAITSITH default "" if DEFAULT_SECURITY_DAC endmenu diff --git a/security/Makefile b/security/Makefile index f2d71cd..3745af0 100644 --- a/security/Makefile +++ b/security/Makefile @@ -9,6 +9,7 @@ subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo subdir-$(CONFIG_SECURITY_APPARMOR) += apparmor subdir-$(CONFIG_SECURITY_YAMA) += yama subdir-$(CONFIG_SECURITY_LOADPIN) += loadpin +subdir-$(CONFIG_SECURITY_CAITSITH) += caitsith # always enable default capabilities obj-y += commoncap.o @@ -25,6 +26,7 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/ obj-$(CONFIG_SECURITY_YAMA) += yama/ obj-$(CONFIG_SECURITY_LOADPIN) += loadpin/ obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o +obj-$(CONFIG_SECURITY_CAITSITH) += caitsith/ # Object integrity file lists subdir-$(CONFIG_INTEGRITY) += integrity diff --git a/security/caitsith/Kconfig b/security/caitsith/Kconfig new file mode 100644 index 0000000..005cdb1 --- /dev/null +++ b/security/caitsith/Kconfig @@ -0,0 +1,48 @@ +config SECURITY_CAITSITH + bool "CaitSith Support" + depends on SECURITY + select SECURITYFS + select SRCU + default n + help + This selects CaitSith, check list based access control. + Required userspace tools and further information may be + found at . + If you are unsure how to answer this question, answer N. + +config SECURITY_CAITSITH_OMIT_USERSPACE_LOADER + bool "Activate without calling userspace policy loader." + default n + depends on SECURITY_CAITSITH + ---help--- + Say Y here if you want to activate access control as soon as built-in + policy was loaded. This option will be useful for systems where + operations which can lead to the hijacking of the boot sequence are + needed before loading the policy. For example, you can activate + immediately after loading the fixed part of policy which will allow + only operations needed for mounting a partition which contains the + variant part of policy and verifying (e.g. running GPG check) and + loading the variant part of policy. Since you can start using + enforcing mode from the beginning, you can reduce the possibility of + hijacking the boot sequence. + +config SECURITY_CAITSITH_POLICY_LOADER + string "Location of userspace policy loader" + default "/sbin/caitsith-init" + depends on SECURITY_CAITSITH + depends on !SECURITY_CAITSITH_OMIT_USERSPACE_LOADER + ---help--- + This is the default pathname of policy loader which is called before + activation. You can override this setting via CS_loader= kernel + command line option. + +config SECURITY_CAITSITH_ACTIVATION_TRIGGER + string "Trigger for calling userspace policy loader" + default "/sbin/init" + depends on SECURITY_CAITSITH + depends on !SECURITY_CAITSITH_OMIT_USERSPACE_LOADER + ---help--- + This is the default pathname of activation trigger. You can override + this setting via CS_trigger= kernel command line option. + For example, if you pass init=/usr/lib/systemd/systemd option, you + may want to also pass CS_trigger=/usr/lib/systemd/systemd option. diff --git a/security/caitsith/Makefile b/security/caitsith/Makefile new file mode 100644 index 0000000..1f0b83f --- /dev/null +++ b/security/caitsith/Makefile @@ -0,0 +1,15 @@ +obj-y += permission.o gc.o policy_io.o realpath.o lsm.o load_policy.o + +$(obj)/policy/policy.conf: + @mkdir -p $(obj)/policy/ + @echo Creating an empty policy/policy.conf + @touch $@ + +$(obj)/builtin-policy.h: $(obj)/policy/policy.conf + @echo Generating built-in policy for CaitSith. + @echo "static char cs_builtin_policy[] __initdata =" > $@.tmp + @sed -e 's/\\/\\134/g' -e 's/"/\\"/g' -e 's/\(.*\)/"\1\\n"/' < $(obj)/policy/policy.conf >> $@.tmp + @echo "\"\";" >> $@.tmp + @mv $@.tmp $@ + +$(obj)/policy_io.o: $(obj)/builtin-policy.h