aboutsummaryrefslogtreecommitdiffstats
path: root/judgk/judgk_security.h
diff options
context:
space:
mode:
Diffstat (limited to 'judgk/judgk_security.h')
-rw-r--r--judgk/judgk_security.h197
1 files changed, 197 insertions, 0 deletions
diff --git a/judgk/judgk_security.h b/judgk/judgk_security.h
new file mode 100644
index 0000000..16d2534
--- /dev/null
+++ b/judgk/judgk_security.h
@@ -0,0 +1,197 @@
+static int security_init_hook(void);
+static inline void security_hook_rf(struct judgk_proc_info *info);
+
+static unsigned long security_meminfo_ino;
+static unsigned long* security_hook_addr;
+static struct security_operations *ori_sops;
+static struct security_operations hook_sops;
+
+int judgk_security_hook(void);
+int judgk_security_unhook(void);
+
+extern struct judgk_proc_info* judgk_proc_task_lookup(struct task_struct *task);
+
+static int hook_ptrace_access_check(struct task_struct *child,unsigned int mode);
+static int hook_ptrace_traceme(struct task_struct *parent);
+static int hook_capget(struct task_struct *target,kernel_cap_t *effective,kernel_cap_t *inheritable,kernel_cap_t *permitted);
+static int hook_capset(struct cred *new,const struct cred *old,const kernel_cap_t *effective,const kernel_cap_t *inheritable,const kernel_cap_t *permitted);
+//static int hook_capable(const struct cred *cred,struct user_namespace *ns,int cap,int audit);
+static int hook_quotactl(int cmds,int type,int id,struct super_block *sb);
+static int hook_quota_on(struct dentry *dentry);
+static int hook_syslog(int type);
+static int hook_settime(const struct timespec *ts,const struct timezone *tz);
+static int hook_vm_enough_memory(struct mm_struct *mm,long pages);
+//static int hook_bprm_set_creds(struct linux_binprm *bprm);
+//static int hook_bprm_check_security(struct linux_binprm *bprm);
+//static int hook_bprm_secureexec(struct linux_binprm *bprm);
+//static void hook_bprm_committing_creds(struct linux_binprm *bprm);
+//static void hook_bprm_committed_creds(struct linux_binprm *bprm);
+static int hook_sb_alloc_security(struct super_block *sb);
+static void hook_sb_free_security(struct super_block *sb);
+static int hook_sb_copy_data(char *orig,char *copy);
+static int hook_sb_remount(struct super_block *sb,void *data);
+static int hook_sb_kern_mount(struct super_block *sb,int flags,void *data);
+static int hook_sb_show_options(struct seq_file *m,struct super_block *sb);
+static int hook_sb_statfs(struct dentry *dentry);
+static int hook_sb_mount(const char *dev_name,struct path *path,const char *type,unsigned long flags,void *data);
+static int hook_sb_umount(struct vfsmount *mnt,int flags);
+static int hook_sb_pivotroot(struct path *old_path,struct path *new_path);
+static int hook_sb_set_mnt_opts(struct super_block *sb,struct security_mnt_opts *opts);
+static void hook_sb_clone_mnt_opts(const struct super_block *oldsb,struct super_block *newsb);
+static int hook_sb_parse_opts_str(char *options,struct security_mnt_opts *opts);
+static int hook_path_unlink(struct path *dir,struct dentry *dentry);
+static int hook_path_mkdir(struct path *dir,struct dentry *dentry,umode_t mode);
+static int hook_path_rmdir(struct path *dir,struct dentry *dentry);
+static int hook_path_mknod(struct path *dir,struct dentry *dentry,umode_t mode,unsigned int dev);
+static int hook_path_truncate(struct path *path);
+static int hook_path_symlink(struct path *dir,struct dentry *dentry,const char *old_name);
+static int hook_path_link(struct dentry *old_dentry,struct path *new_dir,struct dentry *new_dentry);
+static int hook_path_rename(struct path *old_dir,struct dentry *old_dentry,struct path *new_dir,struct dentry *new_dentry);
+static int hook_path_chmod(struct path *path,umode_t mode);
+static int hook_path_chown(struct path *path,kuid_t uid,kgid_t gid);
+static int hook_path_chroot(struct path *path);
+//static int hook_inode_alloc_security(struct inode *inode);
+//static void hook_inode_free_security(struct inode *inode);
+static int hook_inode_init_security(struct inode *inode,struct inode *dir,const struct qstr *qstr,char **name,void **value,size_t *len);
+static int hook_inode_create(struct inode *dir,struct dentry *dentry,umode_t mode);
+static int hook_inode_link(struct dentry *old_dentry,struct inode *dir,struct dentry *new_dentry);
+static int hook_inode_unlink(struct inode *dir,struct dentry *dentry);
+static int hook_inode_symlink(struct inode *dir,struct dentry *dentry,const char *old_name);
+static int hook_inode_mkdir(struct inode *dir,struct dentry *dentry,umode_t mode);
+static int hook_inode_rmdir(struct inode *dir,struct dentry *dentry);
+static int hook_inode_mknod(struct inode *dir,struct dentry *dentry,umode_t mode,dev_t dev);
+static int hook_inode_rename(struct inode *old_dir,struct dentry *old_dentry,struct inode *new_dir,struct dentry *new_dentry);
+static int hook_inode_readlink(struct dentry *dentry);
+//static int hook_inode_follow_link(struct dentry *dentry,struct nameidata *nd);
+static int hook_inode_permission(struct inode *inode,int mask);
+static int hook_inode_setattr(struct dentry *dentry,struct iattr *attr);
+//static int hook_inode_getattr(struct vfsmount *mnt,struct dentry *dentry);
+static int hook_inode_setxattr(struct dentry *dentry,const char *name,const void *value,size_t size,int flags);
+static void hook_inode_post_setxattr(struct dentry *dentry,const char *name,const void *value,size_t size,int flags);
+static int hook_inode_getxattr(struct dentry *dentry,const char *name);
+static int hook_inode_listxattr(struct dentry *dentry);
+static int hook_inode_removexattr(struct dentry *dentry,const char *name);
+static int hook_inode_need_killpriv(struct dentry *dentry);
+static int hook_inode_killpriv(struct dentry *dentry);
+static int hook_inode_getsecurity(const struct inode *inode,const char *name,void **buffer,bool alloc);
+static int hook_inode_setsecurity(struct inode *inode,const char *name,const void *value,size_t size,int flags);
+static int hook_inode_listsecurity(struct inode *inode,char *buffer,size_t buffer_size);
+static void hook_inode_getsecid(const struct inode *inode,u32 *secid);
+static int hook_file_permission(struct file *file,int mask);
+//static int hook_file_alloc_security(struct file *file);
+//static void hook_file_free_security(struct file *file);
+static int hook_file_ioctl(struct file *file,unsigned int cmd,unsigned long arg);
+//static int hook_mmap_addr(unsigned long addr);
+//static int hook_mmap_file(struct file *file,unsigned long reqprot,unsigned long prot,unsigned long flags);
+//static int hook_file_mprotect(struct vm_area_struct *vma,unsigned long reqprot,unsigned long prot);
+static int hook_file_lock(struct file *file,unsigned int cmd);
+static int hook_file_fcntl(struct file *file,unsigned int cmd,unsigned long arg);
+static int hook_file_set_fowner(struct file *file);
+static int hook_file_send_sigiotask(struct task_struct *tsk,struct fown_struct *fown,int sig);
+static int hook_file_receive(struct file *file);
+static int hook_file_open(struct file *file,const struct cred *cred);
+static int hook_task_create(unsigned long clone_flags);
+//static void hook_task_free(struct task_struct *task);
+static int hook_cred_alloc_blank(struct cred *cred,gfp_t gfp);
+//static void hook_cred_free(struct cred *cred);
+//static int hook_cred_prepare(struct cred *new,const struct cred *old,gfp_t gfp);
+static void hook_cred_transfer(struct cred *new,const struct cred *old);
+static int hook_kernel_act_as(struct cred *new,u32 secid);
+static int hook_kernel_create_files_as(struct cred *new,struct inode *inode);
+static int hook_kernel_module_request(char *kmod_name);
+static int hook_task_fix_setuid(struct cred *new,const struct cred *old,int flags);
+static int hook_task_setpgid(struct task_struct *p,pid_t pgid);
+static int hook_task_getpgid(struct task_struct *p);
+static int hook_task_getsid(struct task_struct *p);
+static void hook_task_getsecid(struct task_struct *p,u32 *secid);
+static int hook_task_setnice(struct task_struct *p,int nice);
+static int hook_task_setioprio(struct task_struct *p,int ioprio);
+static int hook_task_getioprio(struct task_struct *p);
+static int hook_task_setrlimit(struct task_struct *p,unsigned int resource,struct rlimit *new_rlim);
+static int hook_task_setscheduler(struct task_struct *p);
+static int hook_task_getscheduler(struct task_struct *p);
+static int hook_task_movememory(struct task_struct *p);
+static int hook_task_kill(struct task_struct *p,struct siginfo *siginfo,int sig,u32 secid);
+static int hook_task_wait(struct task_struct *p);
+static int hook_task_prctl(int option,unsigned long arg2,unsigned long arg3,unsigned long arg4,unsigned long arg5);
+static void hook_task_to_inode(struct task_struct *p,struct inode *inode);
+static int hook_ipc_permission(struct kern_ipc_perm *ipcp,short flag);
+static void hook_ipc_getsecid(struct kern_ipc_perm *ipcp,u32 *secid);
+static int hook_msg_msg_alloc_security(struct msg_msg *msg);
+static void hook_msg_msg_free_security(struct msg_msg *msg);
+static int hook_msg_queue_alloc_security(struct msg_queue *msq);
+static void hook_msg_queue_free_security(struct msg_queue *msq);
+static int hook_msg_queue_associate(struct msg_queue *msq,int msqflg);
+static int hook_msg_queue_msgctl(struct msg_queue *msq,int cmd);
+static int hook_msg_queue_msgsnd(struct msg_queue *msq,struct msg_msg *msg,int msqflg);
+static int hook_msg_queue_msgrcv(struct msg_queue *msq,struct msg_msg *msg,struct task_struct *target,long type,int mode);
+static int hook_shm_alloc_security(struct shmid_kernel *shp);
+static void hook_shm_free_security(struct shmid_kernel *shp);
+static int hook_shm_associate(struct shmid_kernel *shp,int shmflg);
+static int hook_shm_shmctl(struct shmid_kernel *shp,int cmd);
+static int hook_shm_shmat(struct shmid_kernel *shp,char __user *shmaddr,int shmflg);
+static int hook_sem_alloc_security(struct sem_array *sma);
+static void hook_sem_free_security(struct sem_array *sma);
+static int hook_sem_associate(struct sem_array *sma,int semflg);
+static int hook_sem_semctl(struct sem_array *sma,int cmd);
+static int hook_sem_semop(struct sem_array *sma,struct sembuf *sops,unsigned nsops,int alter);
+static int hook_netlink_send(struct sock *sk,struct sk_buff *skb);
+static void hook_d_instantiate(struct dentry *dentry,struct inode *inode);
+static int hook_getprocattr(struct task_struct *p,char *name,char **value);
+static int hook_setprocattr(struct task_struct *p,char *name,void *value,size_t size);
+static int hook_secid_to_secctx(u32 secid,char **secdata,u32 *seclen);
+static int hook_secctx_to_secid(const char *secdata,u32 seclen,u32 *secid);
+static void hook_release_secctx(char *secdata,u32 seclen);
+static int hook_inode_notifysecctx(struct inode *inode,void *ctx,u32 ctxlen);
+static int hook_inode_setsecctx(struct dentry *dentry,void *ctx,u32 ctxlen);
+static int hook_inode_getsecctx(struct inode *inode,void **ctx,u32 *ctxlen);
+static int hook_unix_stream_connect(struct sock *sock,struct sock *other,struct sock *newsk);
+static int hook_unix_may_send(struct socket *sock,struct socket *other);
+static int hook_socket_create(int family,int type,int protocol,int kern);
+static int hook_socket_post_create(struct socket *sock,int family,int type,int protocol,int kern);
+static int hook_socket_bind(struct socket *sock,struct sockaddr *address,int addrlen);
+static int hook_socket_connect(struct socket *sock,struct sockaddr *address,int addrlen);
+static int hook_socket_listen(struct socket *sock,int backlog);
+static int hook_socket_accept(struct socket *sock,struct socket *newsock);
+static int hook_socket_sendmsg(struct socket *sock,struct msghdr *msg,int size);
+static int hook_socket_recvmsg(struct socket *sock,struct msghdr *msg,int size,int flags);
+static int hook_socket_getsockname(struct socket *sock);
+static int hook_socket_getpeername(struct socket *sock);
+static int hook_socket_getsockopt(struct socket *sock,int level,int optname);
+static int hook_socket_setsockopt(struct socket *sock,int level,int optname);
+static int hook_socket_shutdown(struct socket *sock,int how);
+static int hook_socket_sock_rcv_skb(struct sock *sk,struct sk_buff *skb);
+static int hook_socket_getpeersec_stream(struct socket *sock,char __user *optval,int __user *optlen,unsigned len);
+static int hook_socket_getpeersec_dgram(struct socket *sock,struct sk_buff *skb,u32 *secid);
+static int hook_sk_alloc_security(struct sock *sk,int family,gfp_t priority);
+static void hook_sk_free_security(struct sock *sk);
+static void hook_sk_clone_security(const struct sock *sk,struct sock *newsk);
+static void hook_sk_getsecid(struct sock *sk,u32 *secid);
+static void hook_sock_graft(struct sock *sk,struct socket *parent);
+static int hook_inet_conn_request(struct sock *sk,struct sk_buff *skb,struct request_sock *req);
+static void hook_inet_csk_clone(struct sock *newsk,const struct request_sock *req);
+static void hook_inet_conn_established(struct sock *sk,struct sk_buff *skb);
+static int hook_secmark_relabel_packet(u32 secid);
+static void hook_secmark_refcount_inc(void);
+static void hook_secmark_refcount_dec(void);
+static void hook_req_classify_flow(const struct request_sock *req,struct flowi *fl);
+static int hook_tun_dev_create(void);
+static int hook_tun_dev_attach(struct sock *sk,void *security);
+/*static int hook_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp,struct xfrm_user_sec_ctx *sec_ctx);
+static int hook_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx,struct xfrm_sec_ctx **new_ctx);
+static void hook_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx);
+static int hook_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx);
+static int hook_xfrm_state_alloc_security(struct xfrm_state *x,struct xfrm_user_sec_ctx *sec_ctx,u32 secid);
+static void hook_xfrm_state_free_security(struct xfrm_state *x);
+static int hook_xfrm_state_delete_security(struct xfrm_state *x);
+static int hook_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx,u32 fl_secid,u8 dir);
+static int hook_xfrm_state_pol_flow_match(struct xfrm_state *x,struct xfrm_policy *xp,const struct flowi *fl);
+static int hook_xfrm_decode_session(struct sk_buff *skb,u32 *secid,int ckall);*/
+static int hook_key_alloc(struct key *key,const struct cred *cred,unsigned long flags);
+static void hook_key_free(struct key *key);
+static int hook_key_permission(key_ref_t key_ref,const struct cred *cred,key_perm_t perm);
+static int hook_key_getsecurity(struct key *key,char **_buffer);
+static int hook_audit_rule_init(u32 field,u32 op,char *rulestr,void **lsmrule);
+static int hook_audit_rule_known(struct audit_krule *krule);
+static int hook_audit_rule_match(u32 secid,u32 field,u32 op,void *lsmrule,struct audit_context *actx);
+static void hook_audit_rule_free(void *lsmrule);
generated by cgit (git 2.34.1) at 2025-05-08 22:10:42 +0800