i have written a tiny module . when i install this one i check in dmesg and /proc/kallsyms.
these files shows that the module is currently running . but when i go for "ohm_inode_permission" kernel security function in /proc/kallsyms it does not show that security operation but
that must be registered along with the registration of module.
i 've attached the source code along with........
i think the problem is while registering the security function ohm_inode_permission (IMHO). but..................
can someone tell me where am i wrong?
--
........................
MOHIT VERMA
#include<linux/init.h>
#include<linux/kernel.h>
#include<linux/tracehook.h>
#include<linux/errno.h>
#include<linux/sched.h>
#include<linux/security.h>
#include<linux/xattr.h>
#include<linux/capability.h>
#include<linux/unistd.h>
#include<linux/mm.h>
#include<linux/mman.h>
#include<linux/slab.h>
#include<linux/pagemap.h>
#include<linux/swap.h>
#include<linux/spinlock.h>
#include<linux/syscalls.h>
#include<linux/file.h>
#include<linux/fdtable.h>
#include<linux/namei.h>
#include<linux/mount.h>
#include<linux/proc_fs.h>
#include<linux/netfilter_ipv4.h>
#include<linux/netfilter_ipv6.h>
#include<linux/tty.h>
#include<net/icmp.h>
#include<net/ip.h>
#include<net/tcp.h>
#include<net/net_namespace.h>
#include<net/netlabel.h>
#include<linux/uaccess.h>
#include<asm/ioctls.h>
#include<asm/atomic.h>
#include<linux/bitops.h>
#include<linux/interrupt.h>
#include<linux/netdevice.h>
#include<linux/netlink.h>
#include<linux/tcp.h>
#include<linux/udp.h>
#include<linux/dccp.h>
#include<linux/quota.h>
#include<linux/un.h>
#include<net/af_unix.h>
#include<linux/parser.h>
#include<linux/nfs_mount.h>
#include<net/ipv6.h>
#include<linux/hugetlb.h>
#include<linux/personality.h>
#include<linux/sysctl.h>
#include<linux/audit.h>
#include<linux/string.h>
#include<linux/mutex.h>
#include<linux/posix-timers.h>
#include<linux/module.h>
#include<net/sock.h>
#include<linux/socket.h>
#include<linux/net.h>
#include<asm/types.h>
#include<linux/netlink.h>
#include<linux/skbuff.h>
#define NETLINK_TEST 17
#define VFW_GROUP 0
#define MSG_SIZE NLMSG_SPACE(256)
static struct sock *nl_sk = NULL;
unsigned char *data_to_log=NULL;
static int pid=0;
/* to send the data in data_to_log to user space via netlink_unicast*/
static void nltest_snd(unsigned char *data_to_log)
{
struct sk_buff *nl_skb;
struct nlmsghdr *nl_hdr;
nl_skb = alloc_skb(MSG_SIZE, in_interrupt() ? GFP_ATOMIC:GFP_KERNEL);
skb_put(nl_skb,MSG_SIZE);
nl_hdr=(struct nlmsghdr *)nl_skb->data;
nl_hdr->nlmsg_len=MSG_SIZE;
nl_hdr->nlmsg_pid=pid;
nl_hdr->nlmsg_flags=0;
strcpy(NLMSG_DATA(nl_hdr), data_to_log);
NETLINK_CB(nl_skb).pid=0;
//NETLINK_CB(nl_skb).dst_pid=pid;
NETLINK_CB(nl_skb).dst_group=VFW_GROUP;
netlink_unicast(nl_sk, nl_skb, pid, 0);
kfree_skb(nl_skb);
}
/*first we check whether module is bind with some pid , if not then we bind the socket with the very
first and last user space process id. and after that if some other process wanna get connected to
socket , we silently quit*/
static void nltest_recv(struct sk_buff *skb)
{
struct nlmsghdr *nlh = NULL;
if(skb == NULL)
{
printk("skb is NULL \n");
return;
}
nlh=(struct nlmsghdr *)skb->data;
if(pid==0)
pid=nlh->nlmsg_pid;/*pid of sending process*/
}
// this function will be called at module intialization time in ohm_init() so that at the
//module start-up we have the socket of new protocol NETLINK_TEST in hand.
//struct sock * netlink_kernel_create (struct net *net, int unit, unsigned int groups,void (*input)
// (struct sk_buff *skb),struct mutex *cb_mutex, struct module *module)
static int nltest_init()
{
struct net *net;
printk(KERN_ALERT "INIT/START: nltest\n");
nl_sk = netlink_kernel_create(net,NETLINK_TEST, VFW_GROUP, nltest_recv, 0,THIS_MODULE);
if (!nl_sk) {
printk(KERN_ALERT "ERROR: nltest  netlink_kernel_create() failed\n");
return 1;
}
else
{
printk(KERN_ALERT "SUCCESS: security module socket created\n");
}
return 0;
}
/* here is the main leverage of LSM security hook i.e inode_permission */
#ifdef CONFIG_SECURITY_OHM
static int ohm_sysctl(ctl_table *table, int op)
{
return 0;
}
#ifndef CONFIG_SECURITY_PATH
#define CONFIG_SECURITY_PATH
static int ohm_inode_permission(struct inode *inode,int mask)
{
/*here 264812 is the inode of /etc/passwd file in my system . so i've hard coded it so that any process if opens this file eventually
* this security hook will be called and then i pass the string to netlink_snd() to pass this to user space process listening to the socket
*to print it.*/
if(inode->i_ino == 264812L)
netlink_snd("OHM: I am watching u\n");
return 0;
}
#endif
static struct security_operations ohm_ops = {
.name = "ohm",
#ifndef SECURITY_PATH
#define SECURITY_PATH
.inode_permission = ohm_inode_permission,
#endif
};
static __init ohm_init(void){
static int err_sock;
/* register the hooks */
if (!security_module_enable(&ohm_ops)) {
return 0;
}
printk(KERN_INFO "Ohm: Initializing.\n");
if((err_sock=nltest_init()) == 0)
{
printk(KERN_ALERT " ERROR: while creating socket notified in ohm_init\n");
}
else if(err_sock==1)
{
printk(KERN_INFO "SUCCESS:in ohm_init socket notified\n");
}
if (register_security(&ohm_ops))
printk("ohm: Unable to register ohm with kernel.\n");
else
printk("ohm: registered with the kernel\n");
return 0;
}
static void __exit ohm_exit(void)
{
printk(KERN_ALERT "EXIT: ohm\n");
sock_release(nl_sk-Â>sk_socket);
return;
}
module_init(ohm_init);
module_exit(ohm_exit);
security_initcall(ohm_init);
//module_exit (ohm_exit);
MODULE_DESCRIPTION("ohm");
MODULE_LICENSE("GPL");
#endif /* CONFIG_SECURITY_OHM */
#include<sys/types.h>
#include<sys/socket.h>
#include<linux/netlink.h>
#include<stdlib.h>
#include<string.h>
#include<stdio.h>
#define MAX_PAYLOAD 1024 /* maximum payload size*/
#define NETLINK_TEST 17
struct sockaddr_nl src_addr, dest_addr;
struct nlmsghdr *nlh = NULL;
struct iovec iov;
int sock_fd;
struct msghdr msg;
void main() {
int opt;
int errno;
sock_fd=socket(PF_NETLINK, SOCK_RAW, NETLINK_KOBJECT_UEVENT);
memset(&src_addr, 0, sizeof(src_addr));
src_addr.nl_family = AF_NETLINK;
src_addr.nl_pid = 0; /* self pid */
src_addr.nl_groups = 0x7;
if((errno=bind(sock_fd, (struct sockaddr*)&src_addr, sizeof(src_addr))) < 0)
{
printf("erorr while binding");
return ;
}
opt = src_addr.nl_groups;
setsockopt(sock_fd, 270, NETLINK_PKTINFO, &opt, sizeof(opt));
memset(&dest_addr, 0, sizeof(dest_addr));
nlh = (struct nlmsghdr *)malloc(NLMSG_SPACE(MAX_PAYLOAD));
memset(nlh, 0, NLMSG_SPACE(MAX_PAYLOAD));
iov.iov_base = (void *)nlh;
iov.iov_len=nlh->nlmsg_len;
msg.msg_name = (void *)&dest_addr;
msg.msg_namelen=sizeof(dest_addr);
msg.msg_iov=&iov;
msg.msg_iovlen=1;
printf("Waiting for message from kernel\n");
/* Read message from kernel */
recvmsg(sock_fd, &msg, MSG_WAITALL);
printf(" Received message payload: %s\n",(char *)NLMSG_DATA(nlh));
close(sock_fd);
}
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
