LSM内核源代码分析与测试（二）

LSM内核相关源代码分析见：http://blog.csdn.net/lwyeluo/article/details/55215686

本文修改内核代码来测试自定义的安全模块

测试

操作系统ubuntu14.04，内核版本3.13

在ima代码里创建一个新文件，路径为

security/integrity/ima/ima.hooks.c

/*
* ima_hooks.c
*
*  Created on: Feb 15, 2017
*      Author: Wu Luo
*/
#include <linux/security.h>
#include <linux/sysctl.h>
#include <linux/ptrace.h>
#include <linux/prctl.h>
#include <linux/ratelimit.h>
#include <linux/workqueue.h>
#include <linux/file.h>
#include <linux/fs.h>
#include <linux/dcache.h>
#include <linux/path.h>

int test_file_permission(struct file *file, int mask)
{
char *name = file->f_path.dentry->d_name.name;

if(!strcmp(name, "test.txt"))
{
file->f_flags |= O_RDONLY;
printk("[Wu Luo][DEBUG]you can have your control code here!\n");
}
return 0;
}

static struct security_operations test_security_ops = {
.name =                 "test",
.file_permission =      test_file_permission,
};

static __init int test_init(void)
{
printk("[Wu Luo][DEBUG]enter test init!\n");

if (register_security(&test_security_ops))
printk("[Wu Luo][DEBUG]Test: kernel registration failed.\n");

return 0;
}

security_initcall(test_init);

在同目录的Makefile里，

ima-y

项最后加入ima_hooks.o

在

security/security.c::register_security

中加入调试信息

int __init register_security(struct security_operations *ops)
{
printk("[Wu Luo] enter register_security[name=%s]!\n", ops->name);

if (verify(ops)) {
printk(KERN_DEBUG "%s could not verify "
"security_operations structure.\n", __func__);
return -EINVAL;
}

printk("[Wu Luo] verify succeed!\n");

if (security_ops != &default_security_ops)
return -EAGAIN;

printk("[Wu Luo] allocate security_ops!\n");

security_ops = ops;

return 0;
}

在grub.cfg中启动IMA：

sed -i "/linux\t/s/$/& ima_tcb ima_template=\"ima\" ima_hash=\"sha1\"/g" /boot/grub/grub.cfg

重新编译内核，进入编译之后的内核系统，dmesg查看打印的信息

root@BlockIMATest:~# dmesg | grep "Wu Luo"
[    0.000323] [Wu Luo] enter register_security[name=apparmor]!
[    0.000325] [Wu Luo] verify succeed!
[    0.000326] [Wu Luo] allocate security_ops!
[    0.000334] [Wu Luo][DEBUG]enter test init!
[    0.000335] [Wu Luo] enter register_security[name=test]!
[    0.000336] [Wu Luo] verify succeed!
[    0.000337] [Wu Luo][DEBUG]Test: kernel registration failed.

可以看到由于apparmor已经注册过，导致test注册失败，那我们先暂时把apparmor关闭吧

查看

security/apparmor/Kconfig

，发现：

config SECURITY_APPARMOR_BOOTPARAM_VALUE
int "AppArmor boot parameter default value"
depends on SECURITY_APPARMOR
range 0 1
default 1
help
This option sets the default value for the kernel parameter
'apparmor', which allows AppArmor to be enabled or disabled
at boot.  If this option is set to 0 (zero), the AppArmor
kernel parameter will default to 0, disabling AppArmor at
boot.  If this option is set to 1 (one), the AppArmor
kernel parameter will default to 1, enabling AppArmor at
boot.

If you are unsure how to answer this question, answer 1.

在make menuconfig后，先执行以下命令，将AppArmor boot parameter default value设置为0，然后再编译内核。其中

${obj_dir}

为内核源码目录

sed -i "s/\(CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=\).*/\10/g" ${obj_dir}/.config

进入重新编译的内核之后dmesg可以看到钩子成功注册：

root@BlockIMATest:~# dmesg | grep "Wu Luo"
[    0.000095] [Wu Luo][DEBUG]enter test init!
[    0.000096] [Wu Luo] enter register_security[name=test]!
[    0.000097] [Wu Luo] verify succeed!
[    0.000098] [Wu Luo] allocate security_ops!

再cat test.txt，发现打印信息！

root@BlockIMATest:~# touch test.txt
root@BlockIMATest:~# cat test.txt
root@BlockIMATest:~# dmesg | grep "Wu Luo"

...
[  253.010935] [Wu Luo][DEBUG]you can have your control code here!