LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Kentaro Takeda <takedakn@nttdata.co.jp>
To: akpm@linux-foundation.org
Cc: linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	Kentaro Takeda <takedakn@nttdata.co.jp>,
	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Subject: [TOMOYO #6 retry 21/21] Add signal hooks at sleepable location.
Date: Wed, 09 Jan 2008 09:53:41 +0900	[thread overview]
Message-ID: <20080109005428.432672212@nttdata.co.jp> (raw)
In-Reply-To: <20080109005320.323184643@nttdata.co.jp>

This patch adds LSM hooks for sending signal.

   * task_kill_unlocked is added in sys_kill
   * task_tkill_unlocked is added in sys_tkill
   * task_tgkill_unlocked is added in sys_tgkill

We know sleepable hooks are racy.
But we want to add sleepable hooks because TOMOYO Linux supports
"delayed enforcing" mode which allows administrator judge interactively.

You can try TOMOYO Linux without this patch, but in that case, you
can't use access control functionality for restricting signal transmission.

Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
 include/linux/security.h |   41 +++++++++++++++++++++++++++++++++++++++++
 kernel/signal.c          |   17 +++++++++++++++++
 security/dummy.c         |   18 ++++++++++++++++++
 security/security.c      |   15 +++++++++++++++
 4 files changed, 91 insertions(+)

--- linux-2.6-mm.orig/include/linux/security.h
+++ linux-2.6-mm/include/linux/security.h
@@ -674,6 +674,25 @@ struct request_sock;
  *	@sig contains the signal value.
  *	@secid contains the sid of the process where the signal originated
  *	Return 0 if permission is granted.
+ * @task_kill_unlocked:
+ *	Check permission before sending signal @sig to the process of @pid
+ *	with sys_kill.
+ *	@pid contains the pid of target process.
+ *	@sig contains the signal value.
+ *	Return 0 if permission is granted.
+ * @task_tkill_unlocked:
+ *	Check permission before sending signal @sig to the process of @pid
+ *	with sys_tkill.
+ *	@pid contains the pid of target process.
+ *	@sig contains the signal value.
+ *	Return 0 if permission is granted.
+ * @task_tgkill_unlocked:
+ *	Check permission before sending signal @sig to the process of @pid
+ *	with sys_tgkill.
+ *	@tgid contains the thread group id.
+ *	@pid contains the pid of target process.
+ *	@sig contains the signal value.
+ *	Return 0 if permission is granted.
  * @task_wait:
  *	Check permission before allowing a process to reap a child process @p
  *	and collect its status information.
@@ -1364,6 +1383,9 @@ struct security_operations {
 	int (*task_movememory) (struct task_struct * p);
 	int (*task_kill) (struct task_struct * p,
 			  struct siginfo * info, int sig, u32 secid);
+	int (*task_kill_unlocked) (int pid, int sig);
+	int (*task_tkill_unlocked) (int pid, int sig);
+	int (*task_tgkill_unlocked) (int tgid, int pid, int sig);
 	int (*task_wait) (struct task_struct * p);
 	int (*task_prctl) (int option, unsigned long arg2,
 			   unsigned long arg3, unsigned long arg4,
@@ -1622,6 +1644,10 @@ int security_task_getscheduler(struct ta
 int security_task_movememory(struct task_struct *p);
 int security_task_kill(struct task_struct *p, struct siginfo *info,
 			int sig, u32 secid);
+#define __HAVE_LSM_TASK_KILL_UNLOCKED
+int security_task_kill_unlocked(int pid, int sig);
+int security_task_tkill_unlocked(int pid, int sig);
+int security_task_tgkill_unlocked(int tgid, int pid, int sig);
 int security_task_wait(struct task_struct *p);
 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 			 unsigned long arg4, unsigned long arg5);
@@ -2168,6 +2194,21 @@ static inline int security_task_kill (st
 	return cap_task_kill(p, info, sig, secid);
 }
 
+static inline int security_task_kill_unlocked(int pid, int sig)
+{
+	return 0;
+}
+
+static inline int security_task_tkill_unlocked(int pid, int sig)
+{
+	return 0;
+}
+
+static inline int security_task_tgkill_unlocked(int tgid, int pid, int sig)
+{
+	return 0;
+}
+
 static inline int security_task_wait (struct task_struct *p)
 {
 	return 0;
--- linux-2.6-mm.orig/kernel/signal.c
+++ linux-2.6-mm/kernel/signal.c
@@ -2219,6 +2219,11 @@ asmlinkage long
 sys_kill(int pid, int sig)
 {
 	struct siginfo info;
+	int ret;
+
+	ret = security_task_kill_unlocked(pid, sig);
+	if (ret)
+		return ret;
 
 	info.si_signo = sig;
 	info.si_errno = 0;
@@ -2274,10 +2279,16 @@ static int do_tkill(int tgid, int pid, i
  */
 asmlinkage long sys_tgkill(int tgid, int pid, int sig)
 {
+	int ret;
+
 	/* This is only valid for single tasks */
 	if (pid <= 0 || tgid <= 0)
 		return -EINVAL;
 
+	ret = security_task_tgkill_unlocked(tgid, pid, sig);
+	if (ret)
+		return ret;
+
 	return do_tkill(tgid, pid, sig);
 }
 
@@ -2287,10 +2298,16 @@ asmlinkage long sys_tgkill(int tgid, int
 asmlinkage long
 sys_tkill(int pid, int sig)
 {
+	int ret;
+
 	/* This is only valid for single tasks */
 	if (pid <= 0)
 		return -EINVAL;
 
+	ret = security_task_tkill_unlocked(pid, sig);
+	if (ret)
+		return ret;
+
 	return do_tkill(0, pid, sig);
 }
 
--- linux-2.6-mm.orig/security/dummy.c
+++ linux-2.6-mm/security/dummy.c
@@ -599,6 +599,21 @@ static int dummy_task_kill (struct task_
 	return 0;
 }
 
+static int dummy_task_kill_unlocked(int pid, int sig)
+{
+	return 0;
+}
+
+static int dummy_task_tkill_unlocked(int pid, int sig)
+{
+	return 0;
+}
+
+static int dummy_task_tgkill_unlocked(int tgid, int pid, int sig)
+{
+	return 0;
+}
+
 static int dummy_task_prctl (int option, unsigned long arg2, unsigned long arg3,
 			     unsigned long arg4, unsigned long arg5)
 {
@@ -1104,6 +1119,9 @@ void security_fixup_ops (struct security
 	set_to_dummy_if_null(ops, task_movememory);
 	set_to_dummy_if_null(ops, task_wait);
 	set_to_dummy_if_null(ops, task_kill);
+	set_to_dummy_if_null(ops, task_kill_unlocked);
+	set_to_dummy_if_null(ops, task_tkill_unlocked);
+	set_to_dummy_if_null(ops, task_tgkill_unlocked);
 	set_to_dummy_if_null(ops, task_prctl);
 	set_to_dummy_if_null(ops, task_reparent_to_init);
  	set_to_dummy_if_null(ops, task_to_inode);
--- linux-2.6-mm.orig/security/security.c
+++ linux-2.6-mm/security/security.c
@@ -682,6 +682,21 @@ int security_task_kill(struct task_struc
 	return security_ops->task_kill(p, info, sig, secid);
 }
 
+int security_task_kill_unlocked(int pid, int sig)
+{
+	return security_ops->task_kill_unlocked(pid, sig);
+}
+
+int security_task_tkill_unlocked(int pid, int sig)
+{
+	return security_ops->task_tkill_unlocked(pid, sig);
+}
+
+int security_task_tgkill_unlocked(int tgid, int pid, int sig)
+{
+	return security_ops->task_tgkill_unlocked(tgid, pid, sig);
+}
+
 int security_task_wait(struct task_struct *p)
 {
 	return security_ops->task_wait(p);

-- 

      parent reply	other threads:[~2008-01-09  1:03 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-01-09  0:53 [TOMOYO #6 retry 00/21] TOMOYO Linux - MAC based on process invocation history Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 01/21] TOMOYO Linux documentation Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 02/21] Add struct vfsmount to struct task_struct Kentaro Takeda
2008-01-15 21:16   ` Serge E. Hallyn
2008-01-16  0:22     ` Kentaro Takeda
2008-01-16 14:39       ` Serge E. Hallyn
2008-01-17  4:55         ` Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 03/21] Add wrapper functions for VFS helper functions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 04/21] Replace VFS with wrapper functions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 05/21] Add packet filtering based on processs security context Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 06/21] Data structures and prototype defitions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 07/21] Memory and pathname management functions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 08/21] Utility functions and policy manipulation interface Kentaro Takeda
2008-01-09  4:25   ` James Morris
2008-01-09  4:29     ` James Morris
2008-01-12  2:06       ` [TOMOYO #6 retry 08/21] Utility functions and policy manipulationinterface Tetsuo Handa
2008-01-12  3:06         ` James Morris
2008-01-12  4:45         ` Greg KH
2008-01-12  7:34           ` [TOMOYO #6 retry 08/21] Utility functions and policymanipulationinterface Tetsuo Handa
2008-01-09  4:31     ` [TOMOYO #6 retry 08/21] Utility functions and policy manipulation interface Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 09/21] Domain transition functions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 10/21] Auditing interface Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 11/21] File access control functions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 12/21] argv0 check functions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 13/21] environment variable name " Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 14/21] Network access control functions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 15/21] Namespace manipulation " Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 16/21] Signal " Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 17/21] Capability access " Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 18/21] LSM adapter functions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 19/21] Conditional permission support Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 20/21] Kconfig and Makefile Kentaro Takeda
2008-01-09  0:53 ` Kentaro Takeda [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080109005428.432672212@nttdata.co.jp \
    --to=takedakn@nttdata.co.jp \
    --cc=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=penguin-kernel@I-love.SAKURA.ne.jp \
    --subject='Re: [TOMOYO #6 retry 21/21] Add signal hooks at sleepable location.' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).