[PATCH] Bug fixes and cleanup for the BSD Secure Levels LSM

 * Copyright (c) 2001 WireX Communications, Inc <chris@wirex.com>

 * Copyright (c) 2001 Greg Kroah-Hartman <greg@kroah.com>

 * Copyright (c) 2002 International Business Machines <robb@austin.ibm.com>

 * Copyright (c) 2006 Davi E. M. Arnaut <davi.arnaut@gmail.com>

 *

 *	This program is free software; you can redistribute it and/or modify

 *	it under the terms of the GNU General Public License as published by

#include <linux/kobject.h>

#include <linux/crypto.h>

#include <asm/scatterlist.h>

#include <linux/scatterlist.h>

#include <linux/gfp.h>

#include <linux/sysfs.h>

 * people...

 */

static int

plaintext_to_sha1(unsigned char *hash, const char *plaintext, int len)

plaintext_to_sha1(unsigned char *hash, const char *plaintext, unsigned int len)

{

	char *pgVirtAddr;

	struct crypto_tfm *tfm;

	struct scatterlist sg[1];

	struct scatterlist sg;

	if (len > PAGE_SIZE) {

		seclvl_printk(0, KERN_ERR, "Plaintext password too large (%d "

			      "characters).  Largest possible is %lu "

			      "bytes.\n", len, PAGE_SIZE);

		return -ENOMEM;

		return -EINVAL;

	}

	tfm = crypto_alloc_tfm("sha1", CRYPTO_TFM_REQ_MAY_SLEEP);

	if (tfm == NULL) {

		seclvl_printk(0, KERN_ERR,

			      "Failed to load transform for SHA1\n");

		return -ENOSYS;

	}

	// Just get a new page; don't play around with page boundaries

	// and scatterlists.

	pgVirtAddr = (char *)__get_free_page(GFP_KERNEL);

	sg[0].page = virt_to_page(pgVirtAddr);

	sg[0].offset = 0;

	sg[0].length = len;

	strncpy(pgVirtAddr, plaintext, len);

		return -EINVAL;

	}

	sg_init_one(&sg, (u8 *)plaintext, len);

	crypto_digest_init(tfm);

	crypto_digest_update(tfm, sg, 1);

	crypto_digest_update(tfm, &sg, 1);

	crypto_digest_final(tfm, hash);

	crypto_free_tfm(tfm);

	free_page((unsigned long)pgVirtAddr);

	return 0;

}

passwd_write_file(struct file * file, const char __user * buf,

				size_t count, loff_t *ppos)

{

	int i;

	unsigned char tmp[SHA1_DIGEST_SIZE];

	char *page;

	int rc;

	char *p;

	int len;

	unsigned char tmp[SHA1_DIGEST_SIZE];

	if (!*passwd && !*sha1_passwd) {

		seclvl_printk(0, KERN_ERR, "Attempt to password-unlock the "

		return -EINVAL;

	}

	if (count < 0 || count >= PAGE_SIZE)

	if (count >= PAGE_SIZE)

		return -EINVAL;

	if (*ppos != 0)

		return -EINVAL;

	page = (char *)get_zeroed_page(GFP_KERNEL);

	if (!page)

	p = kmalloc(count, GFP_KERNEL);

	if (!p)

		return -ENOMEM;

	len = -EFAULT;

	if (copy_from_user(page, buf, count))

	if (copy_from_user(p, buf, count))

		goto out;

	len = strlen(page);

	len = count;

	/* ``echo "secret" > seclvl/passwd'' includes a newline */

	if (page[len - 1] == '\n')

	if (p[len - 1] == '\n')

		len--;

	/* Hash the password, then compare the hashed values */

	if ((rc = plaintext_to_sha1(tmp, page, len))) {

	if ((len = plaintext_to_sha1(tmp, p, len))) {

		seclvl_printk(0, KERN_ERR, "Error hashing password: rc = "

			      "[%d]\n", rc);

		return rc;

	}

	for (i = 0; i < SHA1_DIGEST_SIZE; i++) {

		if (hashedPassword[i] != tmp[i])

			return -EPERM;

			      "[%d]\n", len);

		goto out;

	}

	len = -EPERM;

	if (memcmp(hashedPassword, tmp, SHA1_DIGEST_SIZE))

		goto out;

	seclvl_printk(0, KERN_INFO,

		      "Password accepted; seclvl reduced to 0.\n");

	seclvl = 0;

	len = count;

out:

	free_page((unsigned long)page);

	kfree (p);

	return len;

}

 */

static int seclvl_ptrace(struct task_struct *parent, struct task_struct *child)

{

	if (seclvl >= 0) {

		if (child->pid == 1) {

	if (seclvl >= 0 && child->pid == 1) {

		seclvl_printk(1, KERN_WARNING, "Attempt to ptrace "

			      "the init process dissallowed in "

			      "secure level %d\n", seclvl);

		return -EPERM;

	}

	}

	return 0;

}

 */

static int seclvl_capable(struct task_struct *tsk, int cap)

{

	int rc = 0;

	/* init can do anything it wants */

	if (tsk->pid == 1)

		return 0;

	switch (seclvl) {

	case 2:

		/* fall through */

	case 1:

		if (cap == CAP_LINUX_IMMUTABLE) {

	if (seclvl > 0) {

		rc = -EPERM;

		if (cap == CAP_LINUX_IMMUTABLE)

			seclvl_printk(1, KERN_WARNING, "Attempt to modify "

				      "the IMMUTABLE and/or APPEND extended "

				      "attribute on a file with the IMMUTABLE "

				      "and/or APPEND extended attribute set "

				      "denied in seclvl [%d]\n", seclvl);

			return -EPERM;

		} else if (cap == CAP_SYS_RAWIO) {	// Somewhat broad...

		else if (cap == CAP_SYS_RAWIO)

			seclvl_printk(1, KERN_WARNING, "Attempt to perform "

				      "raw I/O while in secure level [%d] "

				      "denied\n", seclvl);

			return -EPERM;

		} else if (cap == CAP_NET_ADMIN) {

		else if (cap == CAP_NET_ADMIN)

			seclvl_printk(1, KERN_WARNING, "Attempt to perform "

				      "network administrative task while "

				      "in secure level [%d] denied\n", seclvl);

			return -EPERM;

		} else if (cap == CAP_SETUID) {

		else if (cap == CAP_SETUID)

			seclvl_printk(1, KERN_WARNING, "Attempt to setuid "

				      "while in secure level [%d] denied\n",

				      seclvl);

			return -EPERM;

		} else if (cap == CAP_SETGID) {

		else if (cap == CAP_SETGID)

			seclvl_printk(1, KERN_WARNING, "Attempt to setgid "

				      "while in secure level [%d] denied\n",

				      seclvl);

		} else if (cap == CAP_SYS_MODULE) {

		else if (cap == CAP_SYS_MODULE)

			seclvl_printk(1, KERN_WARNING, "Attempt to perform "

				      "a module operation while in secure "

				      "level [%d] denied\n", seclvl);

			return -EPERM;

		else

			rc = 0;

	}

		break;

	default:

		break;

	if (!rc) {

		if (!(cap_is_fs_cap(cap) ? tsk->fsuid == 0 : tsk->euid == 0))

			rc = -EPERM;

	}

	/* from dummy.c */

	if (cap_is_fs_cap(cap) ? tsk->fsuid == 0 : tsk->euid == 0)

		return 0;	/* capability granted */

	if (rc)

		seclvl_printk(1, KERN_WARNING, "Capability denied\n");

	return -EPERM;		/* capability denied */

	return rc;

}

/**

static void seclvl_file_free_security(struct file *filp)

{

	struct dentry *dentry = filp->f_dentry;

	struct inode *inode = NULL;

	if (dentry) {

		inode = dentry->d_inode;

		seclvl_bd_release(inode);

	}

	if (dentry)

		seclvl_bd_release(dentry->d_inode);

}

/**

 */

static int seclvl_umount(struct vfsmount *mnt, int flags)

{

	if (current->pid == 1)

		return 0;

	if (seclvl == 2) {

	if (current->pid != 1 && seclvl == 2) {

		seclvl_printk(1, KERN_WARNING, "Attempt to unmount in secure "

			      "level %d\n", seclvl);

		return -EPERM;

static int processPassword(void)

{

	int rc = 0;

	hashedPassword[0] = '\0';

	if (*passwd) {

		char *p;

		if (*sha1_passwd) {

			seclvl_printk(0, KERN_ERR, "Error: Both "

				      "passwd and sha1_passwd "

				      "exclusive.\n");

			return -EINVAL;

		}

		if ((rc = plaintext_to_sha1(hashedPassword, passwd,

					    strlen(passwd)))) {

		p = kstrdup(passwd, GFP_KERNEL);

		if (p == NULL)

			return -ENOMEM;

		if ((rc = plaintext_to_sha1(hashedPassword, p, strlen(p))))

			seclvl_printk(0, KERN_ERR, "Error: SHA1 support not "

				      "in kernel\n");

			return rc;

		}

		kfree (p);

		/* All static data goes to the BSS, which zero's the

		 * plaintext password out for us. */

	} else if (*sha1_passwd) {	// Base 16

			sha1_passwd[i + 2] = tmp;

		}

	}

	return 0;

	return rc;

}

/**

static int seclvlfs_register(void)

{

	int rc = 0;

	dir_ino = securityfs_create_dir("seclvl", NULL);

	if (!dir_ino)

		return -EFAULT;

	if (IS_ERR(dir_ino))

		return PTR_ERR(dir_ino);

	seclvl_ino = securityfs_create_file("seclvl", S_IRUGO | S_IWUSR,

				dir_ino, &seclvl, &seclvl_file_ops);

	if (!seclvl_ino)

	if (IS_ERR(seclvl_ino)) {

		rc = PTR_ERR(seclvl_ino);

		goto out_deldir;

	}

	if (*passwd || *sha1_passwd) {

		passwd_ino = securityfs_create_file("passwd", S_IRUGO | S_IWUSR,

				dir_ino, NULL, &passwd_file_ops);

		if (!passwd_ino)

		if (IS_ERR(passwd_ino)) {

			rc = PTR_ERR(passwd_ino);

			goto out_delf;

		}

	return 0;

	}

	return rc;

out_delf:

	securityfs_remove(seclvl_ino);

out_deldir:

	securityfs_remove(dir_ino);

out_delf:

	return rc;

}

static void seclvlfs_unregister(void)

{

	securityfs_remove(seclvl_ino);

	return -EFAULT;

	if (*passwd || *sha1_passwd)

		securityfs_remove(passwd_ino);

	securityfs_remove(dir_ino);

}

/**

static int __init seclvl_init(void)

{

	int rc = 0;

	static char once;

	if (verbosity < 0 || verbosity > 1) {

		printk(KERN_ERR "Error: bad verbosity [%d]; only 0 or 1 "

		       "are valid values\n", verbosity);

			      "module parameter(s): rc = [%d]\n", rc);

		goto exit;

	}

	if ((rc = seclvlfs_register())) {

		seclvl_printk(0, KERN_ERR, "Error registering with sysfs\n");

		goto exit;

	}

	/* register ourselves with the security framework */

	if (register_security(&seclvl_ops)) {

		seclvl_printk(0, KERN_ERR,

			seclvl_printk(0, KERN_ERR, "seclvl: Failure "

				      "registering with primary security "

				      "module.\n");

			seclvlfs_unregister();

			goto exit;

		}		/* if primary module registered */

		secondary = 1;

	}			/* if we registered ourselves with the security framework */

	if ((rc = seclvlfs_register())) {

		seclvl_printk(0, KERN_ERR, "Error registering with sysfs\n");

		goto exit;

	}

	seclvl_printk(0, KERN_INFO, "seclvl: Successfully initialized.\n");

	if (once) {

		once = 1;

		seclvl_printk(0, KERN_INFO, "seclvl is going away. It has been "

				"buggy for ages. Also, be warned that "

				"Securelevels are useless.");

	}

 exit:

	if (rc) {

	if (rc)

		printk(KERN_ERR "seclvl: Error during initialization: rc = "

		       "[%d]\n", rc);

	}

	return rc;

}

 */

static void __exit seclvl_exit(void)

{

	securityfs_remove(seclvl_ino);

	if (*passwd || *sha1_passwd)

		securityfs_remove(passwd_ino);

	securityfs_remove(dir_ino);

	if (secondary == 1) {

	seclvlfs_unregister();

	if (secondary)

		mod_unreg_security(MY_NAME, &seclvl_ops);

	} else if (unregister_security(&seclvl_ops)) {

	else if (unregister_security(&seclvl_ops))

		seclvl_printk(0, KERN_INFO,

			      "seclvl: Failure unregistering with the "

			      "kernel\n");

}

}

module_init(seclvl_init);

module_exit(seclvl_exit);