security/security.c

   1 /*
   2  * Security plug functions
   3  *
   4  * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
   5  * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
   6  * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
   7  *
   8  *      This program is free software; you can redistribute it and/or modify
   9  *      it under the terms of the GNU General Public License as published by
  10  *      the Free Software Foundation; either version 2 of the License, or
  11  *      (at your option) any later version.
  12  */
  13
  14 #include <linux/config.h>
  15 #include <linux/module.h>
  16 #include <linux/init.h>
  17 #include <linux/kernel.h>
  18 #include <linux/sched.h>
  19 #include <linux/security.h>
  20
  21 #define SECURITY_SCAFFOLD_VERSION       "1.0.0"
  22
  23 extern struct security_operations dummy_security_ops;   /* lives in dummy.c */
  24
  25 struct security_operations *security_ops;       /* Initialized to NULL */
  26
  27 /* This macro checks that all pointers in a struct are non-NULL.  It
  28  * can be fooled by struct padding for object tile alignment and when
  29  * pointers to data and pointers to functions aren't the same size.
  30  * Yes it's ugly, we'll replace it if it becomes a problem.
  31  */
  32 #define VERIFY_STRUCT(struct_type, s, e) \
  33         do { \
  34                 unsigned long * __start = (unsigned long *)(s); \
  35                 unsigned long * __end = __start + \
  36                                 sizeof(struct_type)/sizeof(unsigned long *); \
  37                 while (__start != __end) { \
  38                         if (!*__start) { \
  39                                 printk(KERN_INFO "%s is missing something\n",\
  40                                         #struct_type); \
  41                                 e++; \
  42                                 break; \
  43                         } \
  44                         __start++; \
  45                 } \
  46         } while (0)
  47
  48 static int inline verify (struct security_operations *ops)
  49 {
  50         int err;
  51
  52         /* verify the security_operations structure exists */
  53         if (!ops) {
  54                 printk (KERN_INFO "Passed a NULL security_operations "
  55                         "pointer, %s failed.\n", __FUNCTION__);
  56                 return -EINVAL;
  57         }
  58
  59         /* Perform a little sanity checking on our inputs */
  60         err = 0;
  61
  62         /* This first check scans the whole security_ops struct for
  63          * missing structs or functions.
  64          *
  65          * (There is no further check now, but will leave as is until
  66          *  the lazy registration stuff is done -- JM).
  67          */
  68         VERIFY_STRUCT(struct security_operations, ops, err);
  69
  70         if (err) {
  71                 printk (KERN_INFO "Not enough functions specified in the "
  72                         "security_operation structure, %s failed.\n",
  73                         __FUNCTION__);
  74                 return -EINVAL;
  75         }
  76         return 0;
  77 }
  78
  79 /**
  80  * security_scaffolding_startup - initialzes the security scaffolding framework
  81  *
  82  * This should be called early in the kernel initialization sequence.
  83  */
  84 int security_scaffolding_startup (void)
  85 {
  86         printk (KERN_INFO "Security Scaffold v" SECURITY_SCAFFOLD_VERSION
  87                 " initialized\n");
  88
  89         security_ops = &dummy_security_ops;
  90
  91         return 0;
  92 }
  93
  94 /**
  95  * register_security - registers a security framework with the kernel
  96  * @ops: a pointer to the struct security_options that is to be registered
  97  *
  98  * This function is to allow a security module to register itself with the
  99  * kernel security subsystem.  Some rudimentary checking is done on the @ops
 100  * value passed to this function.  A call to unregister_security() should be
 101  * done to remove this security_options structure from the kernel.
 102  *
 103  * If the @ops structure does not contain function pointers for all hooks in
 104  * the structure, or there is already a security module registered with the
 105  * kernel, an error will be returned.  Otherwise 0 is returned on success.
 106  */
 107 int register_security (struct security_operations *ops)
 108 {
 109
 110         if (verify (ops)) {
 111                 printk (KERN_INFO "%s could not verify "
 112                         "security_operations structure.\n", __FUNCTION__);
 113                 return -EINVAL;
 114         }
 115         if (security_ops != &dummy_security_ops) {
 116                 printk (KERN_INFO "There is already a security "
 117                         "framework initialized, %s failed.\n", __FUNCTION__);
 118                 return -EINVAL;
 119         }
 120
 121         security_ops = ops;
 122
 123         return 0;
 124 }
 125
 126 /**
 127  * unregister_security - unregisters a security framework with the kernel
 128  * @ops: a pointer to the struct security_options that is to be registered
 129  *
 130  * This function removes a struct security_operations variable that had
 131  * previously been registered with a successful call to register_security().
 132  *
 133  * If @ops does not match the valued previously passed to register_security()
 134  * an error is returned.  Otherwise the default security options is set to the
 135  * the dummy_security_ops structure, and 0 is returned.
 136  */
 137 int unregister_security (struct security_operations *ops)
 138 {
 139         if (ops != security_ops) {
 140                 printk (KERN_INFO "%s: trying to unregister "
 141                         "a security_opts structure that is not "
 142                         "registered, failing.\n", __FUNCTION__);
 143                 return -EINVAL;
 144         }
 145
 146         security_ops = &dummy_security_ops;
 147
 148         return 0;
 149 }
 150
 151 /**
 152  * mod_reg_security - allows security modules to be "stacked"
 153  * @name: a pointer to a string with the name of the security_options to be registered
 154  * @ops: a pointer to the struct security_options that is to be registered
 155  *
 156  * This function allows security modules to be stacked if the currently loaded
 157  * security module allows this to happen.  It passes the @name and @ops to the
 158  * register_security function of the currently loaded security module.
 159  *
 160  * The return value depends on the currently loaded security module, with 0 as
 161  * success.
 162  */
 163 int mod_reg_security (const char *name, struct security_operations *ops)
 164 {
 165         if (verify (ops)) {
 166                 printk (KERN_INFO "%s could not verify "
 167                         "security operations.\n", __FUNCTION__);
 168                 return -EINVAL;
 169         }
 170
 171         if (ops == security_ops) {
 172                 printk (KERN_INFO "%s security operations "
 173                         "already registered.\n", __FUNCTION__);
 174                 return -EINVAL;
 175         }
 176
 177         return security_ops->register_security (name, ops);
 178 }
 179
 180 /**
 181  * mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded
 182  * @name: a pointer to a string with the name of the security_options to be removed
 183  * @ops: a pointer to the struct security_options that is to be removed
 184  *
 185  * This function allows security modules that have been successfully registered
 186  * with a call to mod_reg_security() to be unloaded from the system.
 187  * This calls the currently loaded security module's unregister_security() call
 188  * with the @name and @ops variables.
 189  *
 190  * The return value depends on the currently loaded security module, with 0 as
 191  * success.
 192  */
 193 int mod_unreg_security (const char *name, struct security_operations *ops)
 194 {
 195         if (ops == security_ops) {
 196                 printk (KERN_INFO "%s invalid attempt to unregister "
 197                         " primary security ops.\n", __FUNCTION__);
 198                 return -EINVAL;
 199         }
 200
 201         return security_ops->unregister_security (name, ops);
 202 }
 203
 204 /**
 205  * capable - calls the currently loaded security module's capable() function with the specified capability
 206  * @cap: the requested capability level.
 207  *
 208  * This function calls the currently loaded security module's cabable()
 209  * function with a pointer to the current task and the specified @cap value.
 210  *
 211  * This allows the security module to implement the capable function call
 212  * however it chooses to.
 213  */
 214 int capable (int cap)
 215 {
 216         if (security_ops->capable (current, cap)) {
 217                 /* capability denied */
 218                 return 0;
 219         }
 220
 221         /* capability granted */
 222         current->flags |= PF_SUPERPRIV;
 223         return 1;
 224 }
 225
 226 /**
 227  * sys_security - security syscall multiplexor.
 228  * @id: module id
 229  * @call: call identifier
 230  * @args: arg list for call
 231  *
 232  * Similar to sys_socketcall.  Can use id to help identify which module user
 233  * app is talking to.  The recommended convention for creating the
 234  * hexadecimal id value is:
 235  * 'echo "Name_of_module" | md5sum | cut -c -8'.
 236  * By following this convention, there's no need for a central registry.
 237  */
 238 asmlinkage long sys_security (unsigned int id, unsigned int call,
 239                               unsigned long *args)
 240 {
 241         return security_ops->sys_security (id, call, args);
 242 }
 243
 244 EXPORT_SYMBOL (register_security);
 245 EXPORT_SYMBOL (unregister_security);
 246 EXPORT_SYMBOL (mod_reg_security);
 247 EXPORT_SYMBOL (mod_unreg_security);
 248 EXPORT_SYMBOL (capable);
 249 EXPORT_SYMBOL (security_ops);