Skip to content

cloud-kernel
cloud-kernel

openanolis / cloud-kernel
大约 1 年 前同步成功

通知 155
Star 36
Fork 7
cloud-kernel
cloud-kernel

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
root_plug.c 2.4 KB
Newer Older
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 
/*
 * Root Plug sample LSM module
 *
 * Originally written for a Linux Journal.
 *
 * Copyright (C) 2002 Greg Kroah-Hartman <greg@kroah.com>
 *
 * Prevents any programs running with egid == 0 if a specific USB device
 * is not present in the system.  Yes, it can be gotten around, but is a
 * nice starting point for people to play with, and learn the LSM
 * interface.
 *
 * If you want to turn this into something with a semblance of security,
 * you need to hook the task_* functions also.
 *
 * See http://www.linuxjournal.com/article.php?sid=6279 for more information
 * about this code.
 *
 *	This program is free software; you can redistribute it and/or
 *	modify it under the terms of the GNU General Public License as
 *	published by the Free Software Foundation, version 2 of the
 *	License.
 */

#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/security.h>
#include <linux/usb.h>
J
security: Convert LSM into a static interface  
James Morris 已提交
29 
#include <linux/moduleparam.h>
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 

/* default is a generic type of usb to serial converter */
static int vendor_id = 0x0557;
static int product_id = 0x2008;

module_param(vendor_id, uint, 0400);
module_param(product_id, uint, 0400);

/* should we print out debug messages */
static int debug = 0;

module_param(debug, bool, 0600);

#define MY_NAME "root_plug"

#define root_dbg(fmt, arg...)					\
	do {							\
		if (debug)					\
			printk(KERN_DEBUG "%s: %s: " fmt ,	\
H
security: replace remaining __FUNCTION__ occurrences  
Harvey Harrison 已提交
49 
				MY_NAME , __func__ , 	\
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
50 51 52 53 54 55 56 57 
				## arg);			\
	} while (0)

static int rootplug_bprm_check_security (struct linux_binprm *bprm)
{
	struct usb_device *dev;

	root_dbg("file %s, e_uid = %d, e_gid = %d\n",
D
CRED: Make execve() take advantage of copy-on-write credentials  
David Howells 已提交
58 
		 bprm->filename, bprm->cred->euid, bprm->cred->egid);
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
59
D
CRED: Make execve() take advantage of copy-on-write credentials  
David Howells 已提交
60 
	if (bprm->cred->egid == 0) {
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 
		dev = usb_find_device(vendor_id, product_id);
		if (!dev) {
			root_dbg("e_gid = 0, and device not found, "
				 "task not allowed to run...\n");
			return -EPERM;
		}
		usb_put_dev(dev);
	}

	return 0;
}

static struct security_operations rootplug_security_ops = {
	.bprm_check_security =		rootplug_bprm_check_security,
};

static int __init rootplug_init (void)
{
	/* register ourselves with the security framework */
	if (register_security (&rootplug_security_ops)) {
		printk (KERN_INFO 
			"Failure registering Root Plug module with the kernel\n");
			return -EINVAL;
	}
	printk (KERN_INFO "Root Plug module initialized, "
		"vendor_id = %4.4x, product id = %4.4x\n", vendor_id, product_id);
	return 0;
}

security_initcall (rootplug_init);