LSM零知识学习六、插桩原理实现细节(4)

接前一篇文章:LSM零知识学习五、插桩原理实现细节(3)

本文内容参考:

LSM(Linux Security Modules)框架原理解析_lsm linux_pwl999的博客-CSDN博客

特此致谢!

三、LSM回调的注册

上回书留了一个扣子:file_open函数指针指向了谁?又是什么时候被赋值的?

要弄清楚这个问题,先来看一下LSM_HOOK_INIT。LSM_HOOK_INIT是一个宏,在include/linux/lsm_hooks.h中定义,代码如下:

/*
 * Initializing a security_hook_list structure takes
 * up a lot of space in a source file. This macro takes
 * care of the common case and reduces the amount of
 * text involved.
 */
#define LSM_HOOK_INIT(HEAD, HOOK) \
	{ .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } }

各个安全模块中都有调用LSM_HOOK_INIT宏(也可以说是函数)。

  • SELinux

security/selinux/hooks.c中:

LSM_HOOK_INIT(file_open, selinux_file_open),

 展开后为:

{ .head = &security_hook_heads.file_open, .hook = { .file_open = selinux_file_open } },
  • AppArmor

security/apparmor/lsm.c中:

LSM_HOOK_INIT(file_open, apparmor_file_open),

展开后为:

{ .head = &security_hook_heads.file_open, .hook = { .file_open = apparmor_file_open } },
  • Smack

security/smack/smack_lsm.c中:

LSM_HOOK_INIT(file_open, smack_file_open),

 展开后为:

{ .head = &security_hook_heads.file_open, .hook = { .file_open = smack_file_open } },
  • TOYOMO

security/tomoyo/tomoyo.c中:

LSM_HOOK_INIT(file_open, tomoyo_file_open),

展开后为:

{ .head = &security_hook_heads.file_open, .hook = { .file_open = toyomo_file_open } },

 Landlock

security/landlock/fs.c中:

LSM_HOOK_INIT(file_open, hook_file_open),

展开后为:

​{ .head = &security_hook_heads.file_open, .hook = { .file_open = hook_file_open } },

security_hook_heads以及其类型struct security_hook_heads前文已介绍过,这里不再赘述。

下面以SELinux和AppArmor为例,分别看一下selinux_file_open和apparmor_file_open的实现。

selinux_file_open在security/selinux/hooks.c中,代码如下:

static int selinux_file_open(struct file *file)
{
	struct file_security_struct *fsec;
	struct inode_security_struct *isec;

	fsec = selinux_file(file);
	isec = inode_security(file_inode(file));
	/*
	 * Save inode label and policy sequence number
	 * at open-time so that selinux_file_permission
	 * can determine whether revalidation is necessary.
	 * Task label is already saved in the file security
	 * struct as its SID.
	 */
	fsec->isid = isec->sid;
	fsec->pseqno = avc_policy_seqno(&selinux_state);
	/*
	 * Since the inode label or policy seqno may have changed
	 * between the selinux_inode_permission check and the saving
	 * of state above, recheck that access is still permitted.
	 * Otherwise, access might never be revalidated against the
	 * new inode label or new policy.
	 * This check is not redundant - do not remove.
	 */
	return file_path_has_perm(file->f_cred, file, open_file_to_av(file));
}

apparmor_file_open在security/apparmor/lsm.c中,代码如下:

static int apparmor_file_open(struct file *file)
{
	struct aa_file_ctx *fctx = file_ctx(file);
	struct aa_label *label;
	int error = 0;

	if (!path_mediated_fs(file->f_path.dentry))
		return 0;

	/* If in exec, permission is handled by bprm hooks.
	 * Cache permissions granted by the previous exec check, with
	 * implicit read and executable mmap which are required to
	 * actually execute the image.
	 */
	if (current->in_execve) {
		fctx->allow = MAY_EXEC | MAY_READ | AA_EXEC_MMAP;
		return 0;
	}

	label = aa_get_newest_cred_label(file->f_cred);
	if (!unconfined(label)) {
		struct user_namespace *mnt_userns = file_mnt_user_ns(file);
		struct inode *inode = file_inode(file);
		struct path_cond cond = {
			i_uid_into_mnt(mnt_userns, inode),
			inode->i_mode
		};

		error = aa_path_perm(OP_OPEN, label, &file->f_path, 0,
				     aa_map_file_to_perms(file), &cond);
		/* todo cache full allowed permissions set and state */
		fctx->allow = aa_map_file_to_perms(file);
	}
	aa_put_label(label);

	return error;
}

你可能感兴趣的:(系统安全,LSM,LSM,系统安全)