Custom LSM: getting a null pointer dereference when trying to access a task security blob
Denis Obrezkov
denisobrezkov at gmail.com
Mon Jan 24 21:51:40 UTC 2022
>
> I'm curious about the value provided by KeyLock.
>
disclaimer: it's mostly for educational purposes, a part of my phd studies.
The main idea behind KeyLock is to be intuitive for an end-user. So, a
user should be able to attach "lock" labels to files (objects). A file
security context might look like: "label1(rw), label2(wx)"
Also, a user should be able to attach "key" labels to tasks (subjects).
So, the context of a task might look: "label5(r), label2(xt)"
A subject will have access to an object if it has all the keys for all
the locks:
Task (subj) | File (obj) | Access provided
-----------------------------------------------------------------------
lbl1(rw),lbl2(rx) | lbl1(rwx),lbl2(rwx) | yes: r
lbl1(rw),lbl2(rwx) | lbl1(wx),lbl2(r) | no (see masks)
lbl1(rwx),lbl3(rwx) | lbl1(rwx),lbl2(rwx) | no (no 'lbl2' key)
As you can see, actions like r, w, x are also accounted. So, firstly, in
order to provide access we should:
1. check that all "locks" have corresponding "keys"
2. logically summarize all permissions for each "key-lock" pair:
from the first example above
lbl1(rw) + lbl1(rwx) -> rw
lbl2(rx) + lbl2(rwx) -> rx
rw + rx -> r
So, with that system we can get rig of a rules file. Also, there is a
chance that it would be easier to use for non-IT people.
P.S. I know that it is possible to do similar things in SMACK, but for
educational purposes I decided to implement it in kernel code.
P.P.S. I tried to do it using SELinux and its policy languages but it
was too complicated for me.
--
Regards, Denis Obrezkov
More information about the Linux-security-module-archive
mailing list