From c1e992b99603a84d7debb188542b64f2d9232c07 Mon Sep 17 00:00:00 2001
From: "wzt.wzt@gmail.com" <wzt.wzt@gmail.com>
Date: Fri, 26 Feb 2010 22:49:55 +0800
Subject: Security: Add __init to register_security to disable load a security
 module on runtime

LSM framework doesn't allow to load a security module on runtime, it must be loaded on boot time.
but in security/security.c:
int register_security(struct security_operations *ops)
{
        ...
        if (security_ops != &default_security_ops)
                return -EAGAIN;
        ...
}
if security_ops == &default_security_ops, it can access to register a security module. If selinux is enabled,
other security modules can't register, but if selinux is disabled on boot time, the security_ops was set to
default_security_ops, LSM allows other kernel modules to use register_security() to register a not trust
security module. For example:

disable selinux on boot time(selinux=0).

#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/init.h>
#include <linux/version.h>
#include <linux/string.h>
#include <linux/list.h>
#include <linux/security.h>

MODULE_LICENSE("GPL");
MODULE_AUTHOR("wzt");

extern int register_security(struct security_operations *ops);
int (*new_register_security)(struct security_operations *ops);

int rootkit_bprm_check_security(struct linux_binprm *bprm)
{
        return 0;
}

struct security_operations rootkit_ops = {
                .bprm_check_security = rootkit_bprm_check_security,
};

static int rootkit_init(void)
{
        printk("Load LSM rootkit module.\n");

	/* cat /proc/kallsyms | grep register_security */
        new_register_security = 0xc0756689;
        if (new_register_security(&rootkit_ops)) {
                printk("Can't register rootkit module.\n");
                return 0;
        }
        printk("Register rootkit module ok.\n");

        return 0;
}

static void rootkit_exit(void)
{
        printk("Unload LSM rootkit module.\n");
}

module_init(rootkit_init);
module_exit(rootkit_exit);

Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/security.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index 122b748d0f4c..7da630a8c065 100644
--- a/security/security.c
+++ b/security/security.c
@@ -110,7 +110,7 @@ int __init security_module_enable(struct security_operations *ops)
  * If there is already a security module registered with the kernel,
  * an error will be returned.  Otherwise %0 is returned on success.
  */
-int register_security(struct security_operations *ops)
+int __init register_security(struct security_operations *ops)
 {
 	if (verify(ops)) {
 		printk(KERN_DEBUG "%s could not verify "
-- 
cgit v1.2.3


From 353633100d8d684ac0acae4ce93fb833f92881f4 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Wed, 7 Apr 2010 15:14:15 -0400
Subject: security: remove sb_check_sb hooks

Unused hook.  Remove it.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/security.c | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index b98334b0a576..a0bee70ed4b6 100644
--- a/security/security.c
+++ b/security/security.c
@@ -306,11 +306,6 @@ int security_sb_mount(char *dev_name, struct path *path,
 	return security_ops->sb_mount(dev_name, path, type, flags, data);
 }
 
-int security_sb_check_sb(struct vfsmount *mnt, struct path *path)
-{
-	return security_ops->sb_check_sb(mnt, path);
-}
-
 int security_sb_umount(struct vfsmount *mnt, int flags)
 {
 	return security_ops->sb_umount(mnt, flags);
-- 
cgit v1.2.3


From 231923bd0e06cba69f7c2028f4a68602b8d22160 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Wed, 7 Apr 2010 15:14:21 -0400
Subject: security: remove dead hook sb_umount_close

Unused hook.  Remove.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/security.c | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index a0bee70ed4b6..591c25fd430f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -311,11 +311,6 @@ int security_sb_umount(struct vfsmount *mnt, int flags)
 	return security_ops->sb_umount(mnt, flags);
 }
 
-void security_sb_umount_close(struct vfsmount *mnt)
-{
-	security_ops->sb_umount_close(mnt);
-}
-
 void security_sb_umount_busy(struct vfsmount *mnt)
 {
 	security_ops->sb_umount_busy(mnt);
-- 
cgit v1.2.3


From 4b61d12c84293ac061909f27f567c1905e4d90e3 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Wed, 7 Apr 2010 15:14:27 -0400
Subject: security: remove dead hook sb_umount_busy

Unused hook.  Remove.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/security.c | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index 591c25fd430f..c1341fbe98ca 100644
--- a/security/security.c
+++ b/security/security.c
@@ -311,11 +311,6 @@ int security_sb_umount(struct vfsmount *mnt, int flags)
 	return security_ops->sb_umount(mnt, flags);
 }
 
-void security_sb_umount_busy(struct vfsmount *mnt)
-{
-	security_ops->sb_umount_busy(mnt);
-}
-
 void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data)
 {
 	security_ops->sb_post_remount(mnt, flags, data);
-- 
cgit v1.2.3


From 82dab10453d65ad9ca551de5b8925673ca05c7e9 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Wed, 7 Apr 2010 15:14:33 -0400
Subject: security: remove dead hook sb_post_remount

Unused hook.  Remove.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/security.c | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index c1341fbe98ca..d9538d98736b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -311,11 +311,6 @@ int security_sb_umount(struct vfsmount *mnt, int flags)
 	return security_ops->sb_umount(mnt, flags);
 }
 
-void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data)
-{
-	security_ops->sb_post_remount(mnt, flags, data);
-}
-
 void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint)
 {
 	security_ops->sb_post_addmount(mnt, mountpoint);
-- 
cgit v1.2.3


From 3db291017753e539af64c8bab373785f34e43ed2 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Wed, 7 Apr 2010 15:14:39 -0400
Subject: security: remove dead hook sb_post_addmount

Unused hook.  Remove.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/security.c | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index d9538d98736b..6a8e5411d7a0 100644
--- a/security/security.c
+++ b/security/security.c
@@ -311,11 +311,6 @@ int security_sb_umount(struct vfsmount *mnt, int flags)
 	return security_ops->sb_umount(mnt, flags);
 }
 
-void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint)
-{
-	security_ops->sb_post_addmount(mnt, mountpoint);
-}
-
 int security_sb_pivotroot(struct path *old_path, struct path *new_path)
 {
 	return security_ops->sb_pivotroot(old_path, new_path);
-- 
cgit v1.2.3


From 91a9420f5826db482030c21eca8c507271bbc441 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Wed, 7 Apr 2010 15:14:45 -0400
Subject: security: remove dead hook sb_post_pivotroot

Unused hook.  Remove.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/security.c | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index 6a8e5411d7a0..5223fa408271 100644
--- a/security/security.c
+++ b/security/security.c
@@ -316,11 +316,6 @@ int security_sb_pivotroot(struct path *old_path, struct path *new_path)
 	return security_ops->sb_pivotroot(old_path, new_path);
 }
 
-void security_sb_post_pivotroot(struct path *old_path, struct path *new_path)
-{
-	security_ops->sb_post_pivotroot(old_path, new_path);
-}
-
 int security_sb_set_mnt_opts(struct super_block *sb,
 				struct security_mnt_opts *opts)
 {
-- 
cgit v1.2.3


From 9d5ed77dadc66a72b40419c91df942adfa55a102 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Wed, 7 Apr 2010 15:14:50 -0400
Subject: security: remove dead hook inode_delete

Unused hook.  Remove.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/security.c | 7 -------
 1 file changed, 7 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index 5223fa408271..c65b0bca05bb 100644
--- a/security/security.c
+++ b/security/security.c
@@ -550,13 +550,6 @@ int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
 	return security_ops->inode_getattr(mnt, dentry);
 }
 
-void security_inode_delete(struct inode *inode)
-{
-	if (unlikely(IS_PRIVATE(inode)))
-		return;
-	security_ops->inode_delete(inode);
-}
-
 int security_inode_setxattr(struct dentry *dentry, const char *name,
 			    const void *value, size_t size, int flags)
 {
-- 
cgit v1.2.3


From 0968d0060a3c885e53d453380266c7792a55d302 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Wed, 7 Apr 2010 15:14:56 -0400
Subject: security: remove dead hook cred_commit

Unused hook.  Remove.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/security.c | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index c65b0bca05bb..6e5942653d4f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -712,11 +712,6 @@ int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp)
 	return security_ops->cred_prepare(new, old, gfp);
 }
 
-void security_commit_creds(struct cred *new, const struct cred *old)
-{
-	security_ops->cred_commit(new, old);
-}
-
 void security_transfer_creds(struct cred *new, const struct cred *old)
 {
 	security_ops->cred_transfer(new, old);
-- 
cgit v1.2.3


From 43ed8c3b4573d5f5cd314937fee63b4ab046ac5f Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Wed, 7 Apr 2010 15:15:02 -0400
Subject: security: remove dead hook task_setuid

Unused hook.  Remove.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/security.c | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index 6e5942653d4f..3900da3da87b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -732,11 +732,6 @@ int security_kernel_module_request(char *kmod_name)
 	return security_ops->kernel_module_request(kmod_name);
 }
 
-int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
-{
-	return security_ops->task_setuid(id0, id1, id2, flags);
-}
-
 int security_task_fix_setuid(struct cred *new, const struct cred *old,
 			     int flags)
 {
-- 
cgit v1.2.3


From 06ad187e280e725e356c62c3a30ddcd01564f8be Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Wed, 7 Apr 2010 15:15:08 -0400
Subject: security: remove dead hook task_setgid

Unused hook.  Remove.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/security.c | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index 3900da3da87b..1e35dd669209 100644
--- a/security/security.c
+++ b/security/security.c
@@ -738,11 +738,6 @@ int security_task_fix_setuid(struct cred *new, const struct cred *old,
 	return security_ops->task_fix_setuid(new, old, flags);
 }
 
-int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
-{
-	return security_ops->task_setgid(id0, id1, id2, flags);
-}
-
 int security_task_setpgid(struct task_struct *p, pid_t pgid)
 {
 	return security_ops->task_setpgid(p, pgid);
-- 
cgit v1.2.3


From 6307f8fee295b364716d28686df6e69c2fee751a Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Wed, 7 Apr 2010 15:15:13 -0400
Subject: security: remove dead hook task_setgroups

Unused hook.  Remove.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/security.c | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index 1e35dd669209..5cf9ca6890f6 100644
--- a/security/security.c
+++ b/security/security.c
@@ -759,11 +759,6 @@ void security_task_getsecid(struct task_struct *p, u32 *secid)
 }
 EXPORT_SYMBOL(security_task_getsecid);
 
-int security_task_setgroups(struct group_info *group_info)
-{
-	return security_ops->task_setgroups(group_info);
-}
-
 int security_task_setnice(struct task_struct *p, int nice)
 {
 	return security_ops->task_setnice(p, nice);
-- 
cgit v1.2.3


From 3011a344cdcda34cdbcb40c3fb3d1a6e89954abb Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Wed, 7 Apr 2010 15:15:19 -0400
Subject: security: remove dead hook key_session_to_parent

Unused hook.  Remove.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/security.c | 7 -------
 1 file changed, 7 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index 5cf9ca6890f6..490f77753b2d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1262,13 +1262,6 @@ int security_key_getsecurity(struct key *key, char **_buffer)
 	return security_ops->key_getsecurity(key, _buffer);
 }
 
-int security_key_session_to_parent(const struct cred *cred,
-				   const struct cred *parent_cred,
-				   struct key *key)
-{
-	return security_ops->key_session_to_parent(cred, parent_cred, key);
-}
-
 #endif	/* CONFIG_KEYS */
 
 #ifdef CONFIG_AUDIT
-- 
cgit v1.2.3


From 05b90496f2f366b9d3eea468351888ddf010782a Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Wed, 7 Apr 2010 15:15:25 -0400
Subject: security: remove dead hook acct

Unused hook.  Remove.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/security.c | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index 490f77753b2d..8585019a1a59 100644
--- a/security/security.c
+++ b/security/security.c
@@ -190,11 +190,6 @@ int security_real_capable_noaudit(struct task_struct *tsk, int cap)
 	return ret;
 }
 
-int security_acct(struct file *file)
-{
-	return security_ops->acct(file);
-}
-
 int security_sysctl(struct ctl_table *table, int op)
 {
 	return security_ops->sysctl(table, op);
-- 
cgit v1.2.3


From c80901f2755c582e3096e6708028a8daca59e6e2 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Fri, 14 May 2010 12:01:26 +0900
Subject: LSM: Add __init to fixup function.

register_security() became __init function.
So do verify() and security_fixup_ops().

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/security.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index 8585019a1a59..351942a4ca0e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -23,14 +23,14 @@ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
 	CONFIG_DEFAULT_SECURITY;
 
 /* things that live in capability.c */
-extern void security_fixup_ops(struct security_operations *ops);
+extern void __init security_fixup_ops(struct security_operations *ops);
 
 static struct security_operations *security_ops;
 static struct security_operations default_security_ops = {
 	.name	= "default",
 };
 
-static inline int verify(struct security_operations *ops)
+static inline int __init verify(struct security_operations *ops)
 {
 	/* verify the security_operations structure exists */
 	if (!ops)
-- 
cgit v1.2.3