LSM analysis and smack Security Policy 1 (excluding Network Control)

1. LSM
The first time I learned about LSM, I learned it from a paper. This paper was very early. It Was Linux security modules: general security support for the Linux kernel, and I didn't quite understand it at the time, as a result, when the work report was reached, Mr Liang gave a few pointers. In fact, LSM is not hard to understand. Here is an example of my life:
Assume that the leader of your organization has sent you to a security department to handle the affairs, and he has written a letter of introduction for you to handle the affairs. You have taken this letter and your ID card with you. At the door of the Security Department, the security guard cut you down and asked you to show the relevant documents. You showed him a letter of introduction and ID card, after reading this, he called the chief of the department and reported the visit to the chief. The chief said that this was the case, so the security guard asked you to go in and handle the affairs. In another situation, the security guard is very smart. When he checks your letter of introduction and ID card and finds these are forged, then he will immediately drive you out.
1. example: from the above example, we found that this is the most common access control. When you go to this security department to perform operations, it is equivalent to a system call, the result of the call is to access this security department. When the system call is just executed, a security guard is inserted to check your identity. This security guard is equivalent to a hook function, this security guard is affiliated with the security department, so the Security Department is equivalent to a security module, which is responsible for managing these hook functions. The security guard first asks the chief when performing the inspection. This section chief is equivalent to the kernel. If the kernel does not approve this access, the security guard will definitely drive you out. That is to say, the security module will definitely reject this access. If the section chief agrees, but the security guard can make his own judgment based on the current situation or the process context (your letter of introduction and ID card), he can approve or deny the visit.
2. What is LSM?

LSM is a Linux security modules. It is a general access control framework. Since it is a framework, that is to say, LSM only provides the access control layout, the security module must implement access control according to this layout, that is, the specific hook function of LSM is implemented. For details about the LSM code, refer to the Linux kernel/security. c, security. h file, which has a very important struct: security_operations. The member of this struct is the pointer to the function, and these pointers point to the specific hook function. The security module must implement Hook Functions and assign the addresses of these hook functions to these function pointers. Is the control mechanism of LSM

It can be seen that the LSM hook is a function inserted somewhere in the kernel function that completes the system function, and this function can terminate or succeed this system call.
3. LSM hook category
LSM hooks can be divided into process hooks, Program Load hooks, IPC hooks, file hooks, and network hooks. These hook functions have completed the process, executable programs, files, IPC, network socket and other access control. Smack is the most mandatory security module. These hook functions must also be implemented.
4. LSM security field (Security Domain)
We know that the essence of LSM hook functions is to implement access control, which requires that processes, files, and other kernel objects have certain security attributes or security information. Therefore, LSM applies to processes, the data struct task_struct, binprm, super_block, inode, msg_msg, and other kernel objects such as executable programs, file systems, pipelines, and messages all add a security field or a security domain, this security field is void
* Security, which is used to point to certain security information, such as security labels. In smack, the security field of LSM is:

One of the process control blocks task_struct is real_cred, and real_cred is the credential structure, which indicates the Security Information of LSM. One of them is void.
* Security.
For example, the task_smack struct contains the Security labels of the Parent and Child processes.
5. register the Security Module
Any security module must not only implement LSM hooks, but also call the kernel function register_security to register itself with LSM. register_security is responsible for setting the security_operations struct variable security_ops, and direct the LSM hook function pointer to the hook function of this security module, so that this security module is called the security decision center. In smack, smack_lsm is a security module. When it implements the hook function, it registers with LSM through the smack_init function, and finally calls the system during initialization.
6. The loss of LSM on computer performance

2. Smack Security Policy
Smack is a simple mandatory and effective access control mechanism. Its simplicity is reflected in the simplicity of its security policy configuration, it is effective because it is based entirely on LSM as its control means to achieve effective control of processes, files, networks and other purposes. Smack security policies are divided into two types. The first is the default smack, which is written in the smack_access.c file. There are five rules in total:
1. Access in any form initiated by the process with the security label "*" is denied;
2. Read or execute requests initiated by processes whose security labels are "^" are allowed;
3. Any read or execution request initiated by any process to the object whose security label is "_" is allowed;

4. Any process initiates any form of requests to objects whose security tags are;

5. If the security labels of the subject and the object are the same, any form of access initiated by the subject to the object will be allowed.
These rules can be found in the smk_access function, for example:

The second type is customized security policies. For example, you can write a line in the security policy configuration file: Subject label.
OBJECT tag access method (read R write W execute x blind write a), then the user can run the smackload tool to write this line of information into the smack Virtual File Load, the Load file is a linked list organized by the smack_rule struct. The smack is used for access control based on the access control linked list.
Three smack access control linked list
In smack. H, a struct smack_rule:

Smack is the form of organizing it into a kernel linked list. Note that smk_access in this structure represents the access mode, which is the integer type. Smack has matched the access mode with the integer type.

The smk_access_entry function is responsible for searching for the access method "may" in the access control linked list "smack_rule" based on the subject and object tags. When the Request Method "request" and "may" initiated by the subject are equal to the latter and the latter, it indicates that may contains the request, which is difficult to understand. For example, if the request is may_read and the request may is may_readwrite
& May = may_read & may_readwrite = may_read & (may_read | may_write) = (may_read & may_read) | (may_read & may_write) = may_read | 0 = may_read (allocation rate of or operations ), now, I understand!
Now there is a question: how does smackload import access rules (subject tag OBJECT tag access method) into the Load file to organize it into a kernel linked list?
This must analyze the smackload code. smackload does two important tasks:
First, call the OPEN function to open the Load file.
Second, call the write function to write access rules to the load file.
Open -----------------> smackfs. C's smk_open_load function -------------> call the seq_open function of the kernel to bind the sequential file with its operation struct load_seq_ops to complete reading and accessing the smack_rule;
Write ------------------> smackfs. in C, the smk_write_load function --------------> call the smk_set_access function (insert rules to the access control list) to insert rules to the access control list. The rules in the access control list are inserted but not deleted.