Re: [PATCH 3/7] SLIM main patch

On Tue, 12 Sep 2006 10:57:45 -0700
Kylene Jo Hall <kjhall@xxxxxxxxxx> wrote:

SLIM is an LSM module which provides an enhanced low water-mark
integrity and high water-mark secrecy mandatory access control
model.


trivial things:


--- linux-2.6.18/security/slim/slm_main.c 1969-12-31 16:00:00.000000000 -0800
+++ linux-2.6.17-working/security/slim/slm_main.c 2006-09-06 11:49:09.000000000 -0700
@@ -0,0 +1,1378 @@
+/*
+ * SLIM - Simple Linux Integrity Module
+ *
+ * Copyright (C) 2005,2006 IBM Corporation
+ * Author: Mimi Zohar <zohar@xxxxxxxxxx>
+ * Kylene Hall <kjhall@xxxxxxxxxx>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2 of the License.
+ */
+
+#include <linux/mman.h>
+#include <linux/config.h>
+#include <linux/kernel.h>
+#include <linux/security.h>
+#include <linux/integrity.h>
+#include <linux/proc_fs.h>
+#include <linux/socket.h>
+#include <linux/fs.h>
+#include <linux/file.h>
+#include <linux/namei.h>
+#include <linux/mm.h>
+#include <linux/shm.h>
+#include <linux/ipc.h>
+#include <linux/errno.h>
+#include <linux/xattr.h>
+#include <net/sock.h>
+
+#include "slim.h"
+
+#define XATTR_NAME "security.slim.level"
+
+#define ZERO_STR "0"
+#define UNTRUSTED_STR "UNTRUSTED"
+#define USER_STR "USER"
+#define SYSTEM_STR "SYSTEM"
+
+char *slm_iac_str[] = {
+ ZERO_STR,
+ UNTRUSTED_STR,
+ USER_STR,
+ SYSTEM_STR
+};

Could this be made static?

+static char *get_token(char *buf_start, char *buf_end, char delimiter,
+ int *token_len)
+{
+ char *bufp = buf_start;
+ char *token = NULL;
+
+ while (!token && (bufp < buf_end)) { /* Get start of token */
+ switch (*bufp) {
+ case ' ':
+ case '\n':
+ case '\t':
+ bufp++;
+ break;
+ case '#':
+ while ((*bufp != '\n') && (bufp++ < buf_end)) ;

newline needed here.

+
+/*
+ * Determine if a file is opened with write permissions.
+ */
+static int has_file_wperm(struct slm_file_xattr *cur_level)
+{
+ int i, j = 0;
+ struct files_struct *files = current->files;
+ unsigned long fd = 0;
+ struct fdtable *fdt;
+ struct file *file;
+ int rc = 0;
+
+ if (is_kernel_thread(current))
+ return 0;
+
+ if (!files || !cur_level)
+ return 0;
+
+ spin_lock(&files->file_lock);
+ fdt = files_fdtable(files);
+
+ for (;;) {
+ i = j * __NFDBITS;
+ if (i >= fdt->max_fdset || i >= fdt->max_fds)
+ break;
+ fd = fdt->open_fds->fds_bits[j++];
+ while (fd) {
+ if (fd & 1) {
+ file = fdt->fd[i++];
+ if (file)
+ rc = mark_has_file_wperm(file,
+ cur_level);
+ }
+ fd >>= 1;
+ }
+ }
+ spin_unlock(&files->file_lock);
+ return rc;
+}

Could we use a more meaningful identifier than `j' here? Perhaps `i' too?


+#define EXEMPT_STR "EXEMPT"
+static enum slm_iac_level parse_iac(char *token)
+{
+ int iac;
+
+ if (strncmp(token, EXEMPT_STR, strlen(EXEMPT_STR)) == 0)
+ return SLM_IAC_EXEMPT;
+ for (iac = 0; iac < sizeof(slm_iac_str) / sizeof(char *); iac++) {

ARRAY_SIZE()

+ if (strncmp(token, slm_iac_str[iac], strlen(slm_iac_str[iac]))
+ == 0)
+ return iac;
+ }
+ return SLM_IAC_ERROR;
+}
+

...

+
+static inline int slm_getprocattr(struct task_struct *tsk,
+ char *name, void *value, size_t size)

It's rather pointless to declare a function inline and to then only refer to
it via a pointer-to-function. Please review all inlinings.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages

  • Re: [PATCH 3/7] SLIM main patch
    ... integrity and high water-mark secrecy mandatory access control ... * SLIM - Simple Linux Integrity Module ... * it under the terms of the GNU General Public License as published by ...
    (Linux-Kernel)
  • [PATCH -rt] panic on SLIM + selinux
    ... If you have both SLIM and selinux compiled into your kernel selinux will panic ... if it can't register itself. ... The Simple Linux Integrity Module implements a modified low water-mark ...
    (Linux-Kernel)