LSM在Linux中的实现方式

LSM(Linux Secure Model)一种轻量级访问控制机制.

其实现方式有如在系统调用中加入一个后门....

方式如下:

static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt,
     struct file *f,
     int (*open)(struct inode *, struct file *),
     const struct cred *cred)
{
 struct inode *inode;
 int error;

...............................................................

error = security_dentry_open(f, cred);   //LSM机制实现方式,在此加入了一个LSM函数.

//security_dentry_open的实现如下,相当于一个接口,对一个函数指针再

//封装一下.

//只返回是与否,这样的控制信息.
 if (error)
  goto cleanup_all;

................................................................

return f;

cleanup_all:
 .................................................................
 return ERR_PTR(error);
}
//========简单封装一个指针结构体===========================

int security_dentry_open(struct file *file, const struct cred *cred)
{
 int ret;

ret = security_ops->dentry_open(file, cred);
 if (ret)
  return ret;

return fsnotify_perm(file, MAY_OPEN);
}

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/25014.html