LSM内核源代码分析与测试(二)
LSM内核相关源代码分析见:http://blog.csdn.net/lwyeluo/article/details/55215686本文修改内核代码来测试自定义的安全模块测试操作系统ubuntu14.04,内核版本3.13在ima代码里创建一个新文件,路径为security/integrity/ima/ima.hooks.c/** ima_hooks.c**Created on
·
LSM内核相关源代码分析见:http://blog.csdn.net/lwyeluo/article/details/55215686
本文修改内核代码来测试自定义的安全模块
测试
操作系统ubuntu14.04,内核版本3.13
- 在ima代码里创建一个新文件,路径为
security/integrity/ima/ima.hooks.c
/*
* ima_hooks.c
*
* Created on: Feb 15, 2017
* Author: Wu Luo
*/
#include <linux/security.h>
#include <linux/sysctl.h>
#include <linux/ptrace.h>
#include <linux/prctl.h>
#include <linux/ratelimit.h>
#include <linux/workqueue.h>
#include <linux/file.h>
#include <linux/fs.h>
#include <linux/dcache.h>
#include <linux/path.h>
int test_file_permission(struct file *file, int mask)
{
char *name = file->f_path.dentry->d_name.name;
if(!strcmp(name, "test.txt"))
{
file->f_flags |= O_RDONLY;
printk("[Wu Luo][DEBUG]you can have your control code here!\n");
}
return 0;
}
static struct security_operations test_security_ops = {
.name = "test",
.file_permission = test_file_permission,
};
static __init int test_init(void)
{
printk("[Wu Luo][DEBUG]enter test init!\n");
if (register_security(&test_security_ops))
printk("[Wu Luo][DEBUG]Test: kernel registration failed.\n");
return 0;
}
security_initcall(test_init);
- 在同目录的Makefile里,
ima-y
项最后加入ima_hooks.o - 在
security/security.c::register_security
中加入调试信息
int __init register_security(struct security_operations *ops)
{
printk("[Wu Luo] enter register_security[name=%s]!\n", ops->name);
if (verify(ops)) {
printk(KERN_DEBUG "%s could not verify "
"security_operations structure.\n", __func__);
return -EINVAL;
}
printk("[Wu Luo] verify succeed!\n");
if (security_ops != &default_security_ops)
return -EAGAIN;
printk("[Wu Luo] allocate security_ops!\n");
security_ops = ops;
return 0;
}
- 在grub.cfg中启动IMA:
sed -i "/linux\t/s/$/& ima_tcb ima_template=\"ima\" ima_hash=\"sha1\"/g" /boot/grub/grub.cfg
- 重新编译内核,进入编译之后的内核系统,dmesg查看打印的信息
root@BlockIMATest:~# dmesg | grep "Wu Luo"
[ 0.000323] [Wu Luo] enter register_security[name=apparmor]!
[ 0.000325] [Wu Luo] verify succeed!
[ 0.000326] [Wu Luo] allocate security_ops!
[ 0.000334] [Wu Luo][DEBUG]enter test init!
[ 0.000335] [Wu Luo] enter register_security[name=test]!
[ 0.000336] [Wu Luo] verify succeed!
[ 0.000337] [Wu Luo][DEBUG]Test: kernel registration failed.
可以看到由于apparmor已经注册过,导致test注册失败,那我们先暂时把apparmor关闭吧
查看security/apparmor/Kconfig
,发现:
config SECURITY_APPARMOR_BOOTPARAM_VALUE
int "AppArmor boot parameter default value"
depends on SECURITY_APPARMOR
range 0 1
default 1
help
This option sets the default value for the kernel parameter
'apparmor', which allows AppArmor to be enabled or disabled
at boot. If this option is set to 0 (zero), the AppArmor
kernel parameter will default to 0, disabling AppArmor at
boot. If this option is set to 1 (one), the AppArmor
kernel parameter will default to 1, enabling AppArmor at
boot.
If you are unsure how to answer this question, answer 1.
在make menuconfig后,先执行以下命令,将AppArmor boot parameter default value设置为0,然后再编译内核。其中${obj_dir}
为内核源码目录
sed -i "s/\(CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=\).*/\10/g" ${obj_dir}/.config
进入重新编译的内核之后dmesg可以看到钩子成功注册:
root@BlockIMATest:~# dmesg | grep "Wu Luo"
[ 0.000095] [Wu Luo][DEBUG]enter test init!
[ 0.000096] [Wu Luo] enter register_security[name=test]!
[ 0.000097] [Wu Luo] verify succeed!
[ 0.000098] [Wu Luo] allocate security_ops!
再cat test.txt,发现打印信息!
root@BlockIMATest:~# touch test.txt
root@BlockIMATest:~# cat test.txt
root@BlockIMATest:~# dmesg | grep "Wu Luo"
...
[ 253.010935] [Wu Luo][DEBUG]you can have your control code here!
开放原子开发者工作坊旨在鼓励更多人参与开源活动,与志同道合的开发者们相互交流开发经验、分享开发心得、获取前沿技术趋势。工作坊有多种形式的开发者活动,如meetup、训练营等,主打技术交流,干货满满,真诚地邀请各位开发者共同参与!
更多推荐
已为社区贡献1条内容
所有评论(0)