´Êñ¤ÊLSM
ºÇ½ª¹¹¿·¡§
lupinthe4th 2011ǯ06·î19Æü(Æü) 23:26:58ÍúÎò
¢£ Android Kernel ¤Î¥Ó¥ë¥ÉÊýË¡
°Ê²¼¤Î¥µ¥¤¥È¤ò»²¾È
http://monoist.atmarkit.co.jp/mn/articles/1008/03/...
¢£ Kernel Config ¤ÎÀßÄê
$ make menuconfig
¤Ç°Ê²¼¤ÎÀßÄê¤ò¹Ô¤¦¡£
CONFIG_SECURITY=y
¢£ ¥½¡¼¥¹¤Î¹½À®
common/security
¢£ ¥½¡¼¥¹¤Î½¤Àµ
°Ê²¼¤Î¥µ¥¤¥È¤ò»²¾È
http://monoist.atmarkit.co.jp/mn/articles/1008/03/...
¢£ Kernel Config ¤ÎÀßÄê
$ make menuconfig
¤Ç°Ê²¼¤ÎÀßÄê¤ò¹Ô¤¦¡£
Security options ---> [*] Enable different security models¾åµ¤ò͸ú¤Ë¤¹¤ë¤È¡¢°Ê²¼¤ÎConfigÀßÄ꤬͸ú¤Ë¤Ê¤ê¤Þ¤¹¡£
CONFIG_SECURITY=y
¢£ ¥½¡¼¥¹¤Î¹½À®
common/security
Kconfig Makefile capability.c commoncap.c ¡ù security.c ¡ù
¢£ ¥½¡¼¥¹¤Î½¤Àµ
/*
* Secuer LSM module
*
* Baseed on Root Plug sample LSM module
* Copyright (C) 2002 Greg Kroah-Hartman <greg@kroah.com>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation, version 2 of the
* License.
*
*/
#include <linux/kernel.h>
#include <linux/security.h>
static int sec_ptrace_may_access(struct task_struct *child, unsigned int mode)
{
printk(KERN_INFO "sec_ptrace_may_access Called\n");
return -EPERM;
}
static int sec_ptrace_traceme(struct task_struct *parent)
{
printk(KERN_INFO "sec_ptrace_traceme Called\n");
return -EPERM;
}
static struct security_operations sec_security_ops = {
.ptrace_may_access = sec_ptrace_may_access,
.ptrace_traceme = sec_ptrace_traceme,
};
static int __init sec_init (void)
{
if (register_security (&sec_security_ops)) {
printk (KERN_INFO "Failure registering Secure LSM with the kernel\n");
return -EINVAL;
}
printk (KERN_INFO "SEC LSM module initialized\n");
return 0;
}
security_initcall (sec_init);
¥³¥á¥ó¥È¤ò¤«¤¯