RE: [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions.

[masanobu2.koike]

On Saturday, March 03, 2018 5:22 PM, Tetsuo Handa wrote:
> Masanobu Koike wrote:
> > On Friday, March 02, 2018 12:43 AM, Casey Schaufler wrote:
> > > On 2/28/2018 11:38 PM, Masanobu Koike wrote:
> > > > @@ -264,6 +266,9 @@ choice
> > > > config DEFAULT_SECURITY_APPARMOR
> > > > bool "AppArmor" if SECURITY_APPARMOR=y
> > > >
> > > > +   config DEFAULT_SECURITY_WHITEEGRET
> > > > +   bool "WhiteEgret" if SECURITY_WHITEEGRET=y
> > > > +
> > >
> > > I don't see this module using any security blobs. Is there
> > > a reason you're not making this a minor (like yama) module
> > > instead of a major (like AppArmor) module?
> >
> > Thank you for your suggestion.
> > We are now developing WhiteEgret on the environment
> > it works certainly.
> >
> 
> ??? What Casey suggested is effectively
> 
> --
> --- a/security/whiteegret/init.c
> +++ b/security/whiteegret/init.c
> @@ -48,9 +48,6 @@ static int __init we_init(void)
>  {
>   int rc;
> 
> - if (!security_module_enable("whiteegret"))
> - return 0;
> -
>   security_add_hooks(we_hooks, ARRAY_SIZE(we_hooks),
> "whiteegret");
> 
>   rc = we_specific_init();
> --
> 
> , isn't it? Unlike Yama, adding whiteegret_add_hooks() to security_init()
> is not useful, for security_init() is called too early to create securityfs
> entries for WhiteEgret.
> 
> Current version uses security= parameter as a switch for enabling/disabling
> WhiteEgret, doesn't it? If WhiteEgret does not use security= as a switch,
> is some other switch (e.g. __setup()) expected?

Sorry for the delay.
Thank you for your comment and suggestion.
I'll make this module a minor one in the
next version.

Masanobu Koike

RE: [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions.

[masanobu2.koike]

On Saturday, March 03, 2018 5:22 PM, Tetsuo Handa wrote:
> Masanobu Koike wrote:
> > On Friday, March 02, 2018 12:43 AM, Casey Schaufler wrote:
> > > On 2/28/2018 11:38 PM, Masanobu Koike wrote:
> > > > @@ -264,6 +266,9 @@ choice
> > > > config DEFAULT_SECURITY_APPARMOR
> > > > bool "AppArmor" if SECURITY_APPARMOR=y
> > > >
> > > > +   config DEFAULT_SECURITY_WHITEEGRET
> > > > +   bool "WhiteEgret" if SECURITY_WHITEEGRET=y
> > > > +
> > >
> > > I don't see this module using any security blobs. Is there
> > > a reason you're not making this a minor (like yama) module
> > > instead of a major (like AppArmor) module?
> >
> > Thank you for your suggestion.
> > We are now developing WhiteEgret on the environment
> > it works certainly.
> >
> 
> ??? What Casey suggested is effectively
> 
> --
> --- a/security/whiteegret/init.c
> +++ b/security/whiteegret/init.c
> @@ -48,9 +48,6 @@ static int __init we_init(void)
>  {
>   int rc;
> 
> - if (!security_module_enable("whiteegret"))
> - return 0;
> -
>   security_add_hooks(we_hooks, ARRAY_SIZE(we_hooks),
> "whiteegret");
> 
>   rc = we_specific_init();
> --
> 
> , isn't it? Unlike Yama, adding whiteegret_add_hooks() to security_init()
> is not useful, for security_init() is called too early to create securityfs
> entries for WhiteEgret.
> 
> Current version uses security= parameter as a switch for enabling/disabling
> WhiteEgret, doesn't it? If WhiteEgret does not use security= as a switch,
> is some other switch (e.g. __setup()) expected?

Sorry for the delay.
Thank you for your comment and suggestion.
I'll make this module a minor one in the
next version.

Masanobu Koike

Re: [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions.

[Tetsuo Handa]

Masanobu Koike wrote:
> On Friday, March 02, 2018 12:43 AM, Casey Schaufler wrote:
> > On 2/28/2018 11:38 PM, Masanobu Koike wrote:
> > > @@ -264,6 +266,9 @@ choice
> > >   config DEFAULT_SECURITY_APPARMOR
> > >   bool "AppArmor" if SECURITY_APPARMOR=y
> > >
> > > + config DEFAULT_SECURITY_WHITEEGRET
> > > + bool "WhiteEgret" if SECURITY_WHITEEGRET=y
> > > +
> > 
> > I don't see this module using any security blobs. Is there
> > a reason you're not making this a minor (like yama) module
> > instead of a major (like AppArmor) module?
> 
> Thank you for your suggestion.
> We are now developing WhiteEgret on the environment
> it works certainly.
> 

??? What Casey suggested is effectively

--
--- a/security/whiteegret/init.c
+++ b/security/whiteegret/init.c
@@ -48,9 +48,6 @@ static int __init we_init(void)
 {
int rc;
 
-   if (!security_module_enable("whiteegret"))
-   return 0;
-
security_add_hooks(we_hooks, ARRAY_SIZE(we_hooks), "whiteegret");
 
rc = we_specific_init();
--

, isn't it? Unlike Yama, adding whiteegret_add_hooks() to security_init()
is not useful, for security_init() is called too early to create securityfs
entries for WhiteEgret.

Current version uses security= parameter as a switch for enabling/disabling
WhiteEgret, doesn't it? If WhiteEgret does not use security= as a switch,
is some other switch (e.g. __setup()) expected?

Re: [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions.

[Tetsuo Handa]

Masanobu Koike wrote:
> On Friday, March 02, 2018 12:43 AM, Casey Schaufler wrote:
> > On 2/28/2018 11:38 PM, Masanobu Koike wrote:
> > > @@ -264,6 +266,9 @@ choice
> > >   config DEFAULT_SECURITY_APPARMOR
> > >   bool "AppArmor" if SECURITY_APPARMOR=y
> > >
> > > + config DEFAULT_SECURITY_WHITEEGRET
> > > + bool "WhiteEgret" if SECURITY_WHITEEGRET=y
> > > +
> > 
> > I don't see this module using any security blobs. Is there
> > a reason you're not making this a minor (like yama) module
> > instead of a major (like AppArmor) module?
> 
> Thank you for your suggestion.
> We are now developing WhiteEgret on the environment
> it works certainly.
> 

??? What Casey suggested is effectively

--
--- a/security/whiteegret/init.c
+++ b/security/whiteegret/init.c
@@ -48,9 +48,6 @@ static int __init we_init(void)
 {
int rc;
 
-   if (!security_module_enable("whiteegret"))
-   return 0;
-
security_add_hooks(we_hooks, ARRAY_SIZE(we_hooks), "whiteegret");
 
rc = we_specific_init();
--

, isn't it? Unlike Yama, adding whiteegret_add_hooks() to security_init()
is not useful, for security_init() is called too early to create securityfs
entries for WhiteEgret.

Current version uses security= parameter as a switch for enabling/disabling
WhiteEgret, doesn't it? If WhiteEgret does not use security= as a switch,
is some other switch (e.g. __setup()) expected?

RE: [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions.

[masanobu2.koike]

On Friday, March 02, 2018 12:43 AM, Casey Schaufler wrote:
> On 2/28/2018 11:38 PM, Masanobu Koike wrote:
> > This RFC provides implementation of WhiteEgret.
> >
> > Signed-off-by: Masanobu Koike 
> > ---
> >  security/Kconfig   |   6 +
> >  security/Makefile  |   2 +
> >  security/whiteegret/Kconfig|  11 ++
> >  security/whiteegret/Makefile   |   2 +
> >  security/whiteegret/init.c |  75 ++
> >  security/whiteegret/main.c | 251
> +
> >  security/whiteegret/request.c  | 151 
> >  security/whiteegret/request.h  |  52 +++
> >  security/whiteegret/we.h   |  66 +
> >  security/whiteegret/we_fs.c| 280
> +
> >  security/whiteegret/we_fs.h|  23 +++
> >  security/whiteegret/we_fs_common.h |  36 +
> >  12 files changed, 955 insertions(+)
> >  create mode 100644 security/whiteegret/Kconfig
> >  create mode 100644 security/whiteegret/Makefile
> >  create mode 100644 security/whiteegret/init.c
> >  create mode 100644 security/whiteegret/main.c
> >  create mode 100644 security/whiteegret/request.c
> >  create mode 100644 security/whiteegret/request.h
> >  create mode 100644 security/whiteegret/we.h
> >  create mode 100644 security/whiteegret/we_fs.c
> >  create mode 100644 security/whiteegret/we_fs.h
> >  create mode 100644 security/whiteegret/we_fs_common.h
> >
> > diff --git a/security/Kconfig b/security/Kconfig
> > index c4302067a3ad..f17fefecaf84 100644
> > --- a/security/Kconfig
> > +++ b/security/Kconfig
> > @@ -237,6 +237,7 @@ source security/tomoyo/Kconfig
> >  source security/apparmor/Kconfig
> >  source security/loadpin/Kconfig
> >  source security/yama/Kconfig
> > +source security/whiteegret/Kconfig
> >
> >  source security/integrity/Kconfig
> >
> > @@ -246,6 +247,7 @@ choice
> > default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
> > default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
> > default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
> > +   default DEFAULT_SECURITY_WHITEEGRET if SECURITY_WHITEEGRET
> > default DEFAULT_SECURITY_DAC
> >
> > help
> > @@ -264,6 +266,9 @@ choice
> > config DEFAULT_SECURITY_APPARMOR
> > bool "AppArmor" if SECURITY_APPARMOR=y
> >
> > +   config DEFAULT_SECURITY_WHITEEGRET
> > +   bool "WhiteEgret" if SECURITY_WHITEEGRET=y
> > +
> 
> I don't see this module using any security blobs. Is there
> a reason you're not making this a minor (like yama) module
> instead of a major (like AppArmor) module?

Thank you for your suggestion.
We are now developing WhiteEgret on the environment
it works certainly.

Masanobu Koike

> 
> > config DEFAULT_SECURITY_DAC
> > bool "Unix Discretionary Access Controls"
> >
> > @@ -275,6 +280,7 @@ config DEFAULT_SECURITY
> > default "smack" if DEFAULT_SECURITY_SMACK
> > default "tomoyo" if DEFAULT_SECURITY_TOMOYO
> > default "apparmor" if DEFAULT_SECURITY_APPARMOR
> > +   default "whiteegret" if DEFAULT_SECURITY_WHITEEGRET
> > default "" if DEFAULT_SECURITY_DAC
> >
> >  endmenu
> > diff --git a/security/Makefile b/security/Makefile
> > index 4d2d3782ddef..3a8249c77288 100644
> > --- a/security/Makefile
> > +++ b/security/Makefile
> > @@ -10,6 +10,7 @@ subdir-$(CONFIG_SECURITY_TOMOYO)+= tomoyo
> >  subdir-$(CONFIG_SECURITY_APPARMOR) += apparmor
> >  subdir-$(CONFIG_SECURITY_YAMA) += yama
> >  subdir-$(CONFIG_SECURITY_LOADPIN)  += loadpin
> > +subdir-$(CONFIG_SECURITY_WHITEEGRET)   += whiteegret
> >
> >  # always enable default capabilities
> >  obj-y  += commoncap.o
> > @@ -25,6 +26,7 @@ obj-$(CONFIG_SECURITY_TOMOYO) +=
> tomoyo/
> >  obj-$(CONFIG_SECURITY_APPARMOR)+= apparmor/
> >  obj-$(CONFIG_SECURITY_YAMA)+= yama/
> >  obj-$(CONFIG_SECURITY_LOADPIN) += loadpin/
> > +obj-$(CONFIG_SECURITY_WHITEEGRET)  += whiteegret/
> >  obj-$(CONFIG_CGROUP_DEVICE)+= device_cgroup.o
> >
> >  # Object integrity file lists
> > diff --git a/security/whiteegret/Kconfig b/security/whiteegret/Kconfig
> > new file mode 100644
> > index ..32845977745f
> > --- /dev/null
> > +++ b/security/whiteegret/Kconfig
> > @@ -0,0 +1,11 @@
> > +config SECURITY_WHITEEGRET
> > +bool "WhiteEgret support"
> > +depends on SECURITY
> > +default n
> > +help
> > + This enables the WhiteEgret security module.
> > + WhiteEgret provides a whitelisting execution control
> capability,
> > + which helps stop the execution of unauthorized software
> > + such as malware.
> > + You will also need a user application and an execution whitelist.
> > +  If you are unsure how to answer this question, answer N.
> > diff --git a/security/whiteegret/Makefile
> b/security/whiteegret/Makefile
> > new file mode 

RE: [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions.

[masanobu2.koike]

On Friday, March 02, 2018 12:43 AM, Casey Schaufler wrote:
> On 2/28/2018 11:38 PM, Masanobu Koike wrote:
> > This RFC provides implementation of WhiteEgret.
> >
> > Signed-off-by: Masanobu Koike 
> > ---
> >  security/Kconfig   |   6 +
> >  security/Makefile  |   2 +
> >  security/whiteegret/Kconfig|  11 ++
> >  security/whiteegret/Makefile   |   2 +
> >  security/whiteegret/init.c |  75 ++
> >  security/whiteegret/main.c | 251
> +
> >  security/whiteegret/request.c  | 151 
> >  security/whiteegret/request.h  |  52 +++
> >  security/whiteegret/we.h   |  66 +
> >  security/whiteegret/we_fs.c| 280
> +
> >  security/whiteegret/we_fs.h|  23 +++
> >  security/whiteegret/we_fs_common.h |  36 +
> >  12 files changed, 955 insertions(+)
> >  create mode 100644 security/whiteegret/Kconfig
> >  create mode 100644 security/whiteegret/Makefile
> >  create mode 100644 security/whiteegret/init.c
> >  create mode 100644 security/whiteegret/main.c
> >  create mode 100644 security/whiteegret/request.c
> >  create mode 100644 security/whiteegret/request.h
> >  create mode 100644 security/whiteegret/we.h
> >  create mode 100644 security/whiteegret/we_fs.c
> >  create mode 100644 security/whiteegret/we_fs.h
> >  create mode 100644 security/whiteegret/we_fs_common.h
> >
> > diff --git a/security/Kconfig b/security/Kconfig
> > index c4302067a3ad..f17fefecaf84 100644
> > --- a/security/Kconfig
> > +++ b/security/Kconfig
> > @@ -237,6 +237,7 @@ source security/tomoyo/Kconfig
> >  source security/apparmor/Kconfig
> >  source security/loadpin/Kconfig
> >  source security/yama/Kconfig
> > +source security/whiteegret/Kconfig
> >
> >  source security/integrity/Kconfig
> >
> > @@ -246,6 +247,7 @@ choice
> > default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
> > default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
> > default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
> > +   default DEFAULT_SECURITY_WHITEEGRET if SECURITY_WHITEEGRET
> > default DEFAULT_SECURITY_DAC
> >
> > help
> > @@ -264,6 +266,9 @@ choice
> > config DEFAULT_SECURITY_APPARMOR
> > bool "AppArmor" if SECURITY_APPARMOR=y
> >
> > +   config DEFAULT_SECURITY_WHITEEGRET
> > +   bool "WhiteEgret" if SECURITY_WHITEEGRET=y
> > +
> 
> I don't see this module using any security blobs. Is there
> a reason you're not making this a minor (like yama) module
> instead of a major (like AppArmor) module?

Thank you for your suggestion.
We are now developing WhiteEgret on the environment
it works certainly.

Masanobu Koike

> 
> > config DEFAULT_SECURITY_DAC
> > bool "Unix Discretionary Access Controls"
> >
> > @@ -275,6 +280,7 @@ config DEFAULT_SECURITY
> > default "smack" if DEFAULT_SECURITY_SMACK
> > default "tomoyo" if DEFAULT_SECURITY_TOMOYO
> > default "apparmor" if DEFAULT_SECURITY_APPARMOR
> > +   default "whiteegret" if DEFAULT_SECURITY_WHITEEGRET
> > default "" if DEFAULT_SECURITY_DAC
> >
> >  endmenu
> > diff --git a/security/Makefile b/security/Makefile
> > index 4d2d3782ddef..3a8249c77288 100644
> > --- a/security/Makefile
> > +++ b/security/Makefile
> > @@ -10,6 +10,7 @@ subdir-$(CONFIG_SECURITY_TOMOYO)+= tomoyo
> >  subdir-$(CONFIG_SECURITY_APPARMOR) += apparmor
> >  subdir-$(CONFIG_SECURITY_YAMA) += yama
> >  subdir-$(CONFIG_SECURITY_LOADPIN)  += loadpin
> > +subdir-$(CONFIG_SECURITY_WHITEEGRET)   += whiteegret
> >
> >  # always enable default capabilities
> >  obj-y  += commoncap.o
> > @@ -25,6 +26,7 @@ obj-$(CONFIG_SECURITY_TOMOYO) +=
> tomoyo/
> >  obj-$(CONFIG_SECURITY_APPARMOR)+= apparmor/
> >  obj-$(CONFIG_SECURITY_YAMA)+= yama/
> >  obj-$(CONFIG_SECURITY_LOADPIN) += loadpin/
> > +obj-$(CONFIG_SECURITY_WHITEEGRET)  += whiteegret/
> >  obj-$(CONFIG_CGROUP_DEVICE)+= device_cgroup.o
> >
> >  # Object integrity file lists
> > diff --git a/security/whiteegret/Kconfig b/security/whiteegret/Kconfig
> > new file mode 100644
> > index ..32845977745f
> > --- /dev/null
> > +++ b/security/whiteegret/Kconfig
> > @@ -0,0 +1,11 @@
> > +config SECURITY_WHITEEGRET
> > +bool "WhiteEgret support"
> > +depends on SECURITY
> > +default n
> > +help
> > + This enables the WhiteEgret security module.
> > + WhiteEgret provides a whitelisting execution control
> capability,
> > + which helps stop the execution of unauthorized software
> > + such as malware.
> > + You will also need a user application and an execution whitelist.
> > +  If you are unsure how to answer this question, answer N.
> > diff --git a/security/whiteegret/Makefile
> b/security/whiteegret/Makefile
> > new file mode 100644
> > index 

Re: [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions.

[Casey Schaufler]

On 2/28/2018 11:38 PM, Masanobu Koike wrote:
> This RFC provides implementation of WhiteEgret.
>
> Signed-off-by: Masanobu Koike 
> ---
>  security/Kconfig   |   6 +
>  security/Makefile  |   2 +
>  security/whiteegret/Kconfig|  11 ++
>  security/whiteegret/Makefile   |   2 +
>  security/whiteegret/init.c |  75 ++
>  security/whiteegret/main.c | 251 +
>  security/whiteegret/request.c  | 151 
>  security/whiteegret/request.h  |  52 +++
>  security/whiteegret/we.h   |  66 +
>  security/whiteegret/we_fs.c| 280 
> +
>  security/whiteegret/we_fs.h|  23 +++
>  security/whiteegret/we_fs_common.h |  36 +
>  12 files changed, 955 insertions(+)
>  create mode 100644 security/whiteegret/Kconfig
>  create mode 100644 security/whiteegret/Makefile
>  create mode 100644 security/whiteegret/init.c
>  create mode 100644 security/whiteegret/main.c
>  create mode 100644 security/whiteegret/request.c
>  create mode 100644 security/whiteegret/request.h
>  create mode 100644 security/whiteegret/we.h
>  create mode 100644 security/whiteegret/we_fs.c
>  create mode 100644 security/whiteegret/we_fs.h
>  create mode 100644 security/whiteegret/we_fs_common.h
>
> diff --git a/security/Kconfig b/security/Kconfig
> index c4302067a3ad..f17fefecaf84 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -237,6 +237,7 @@ source security/tomoyo/Kconfig
>  source security/apparmor/Kconfig
>  source security/loadpin/Kconfig
>  source security/yama/Kconfig
> +source security/whiteegret/Kconfig
>  
>  source security/integrity/Kconfig
>  
> @@ -246,6 +247,7 @@ choice
>   default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
>   default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
>   default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
> + default DEFAULT_SECURITY_WHITEEGRET if SECURITY_WHITEEGRET
>   default DEFAULT_SECURITY_DAC
>  
>   help
> @@ -264,6 +266,9 @@ choice
>   config DEFAULT_SECURITY_APPARMOR
>   bool "AppArmor" if SECURITY_APPARMOR=y
>  
> + config DEFAULT_SECURITY_WHITEEGRET
> + bool "WhiteEgret" if SECURITY_WHITEEGRET=y
> +

I don't see this module using any security blobs. Is there
a reason you're not making this a minor (like yama) module
instead of a major (like AppArmor) module?

>   config DEFAULT_SECURITY_DAC
>   bool "Unix Discretionary Access Controls"
>  
> @@ -275,6 +280,7 @@ config DEFAULT_SECURITY
>   default "smack" if DEFAULT_SECURITY_SMACK
>   default "tomoyo" if DEFAULT_SECURITY_TOMOYO
>   default "apparmor" if DEFAULT_SECURITY_APPARMOR
> + default "whiteegret" if DEFAULT_SECURITY_WHITEEGRET
>   default "" if DEFAULT_SECURITY_DAC
>  
>  endmenu
> diff --git a/security/Makefile b/security/Makefile
> index 4d2d3782ddef..3a8249c77288 100644
> --- a/security/Makefile
> +++ b/security/Makefile
> @@ -10,6 +10,7 @@ subdir-$(CONFIG_SECURITY_TOMOYO)+= tomoyo
>  subdir-$(CONFIG_SECURITY_APPARMOR)   += apparmor
>  subdir-$(CONFIG_SECURITY_YAMA)   += yama
>  subdir-$(CONFIG_SECURITY_LOADPIN)+= loadpin
> +subdir-$(CONFIG_SECURITY_WHITEEGRET) += whiteegret
>  
>  # always enable default capabilities
>  obj-y+= commoncap.o
> @@ -25,6 +26,7 @@ obj-$(CONFIG_SECURITY_TOMOYO)   += tomoyo/
>  obj-$(CONFIG_SECURITY_APPARMOR)  += apparmor/
>  obj-$(CONFIG_SECURITY_YAMA)  += yama/
>  obj-$(CONFIG_SECURITY_LOADPIN)   += loadpin/
> +obj-$(CONFIG_SECURITY_WHITEEGRET)+= whiteegret/
>  obj-$(CONFIG_CGROUP_DEVICE)  += device_cgroup.o
>  
>  # Object integrity file lists
> diff --git a/security/whiteegret/Kconfig b/security/whiteegret/Kconfig
> new file mode 100644
> index ..32845977745f
> --- /dev/null
> +++ b/security/whiteegret/Kconfig
> @@ -0,0 +1,11 @@
> +config SECURITY_WHITEEGRET
> +bool "WhiteEgret support"
> +depends on SECURITY
> +default n
> +help
> +   This enables the WhiteEgret security module.
> +   WhiteEgret provides a whitelisting execution control capability,
> +   which helps stop the execution of unauthorized software
> +   such as malware.
> +   You will also need a user application and an execution whitelist.
> +  If you are unsure how to answer this question, answer N.
> diff --git a/security/whiteegret/Makefile b/security/whiteegret/Makefile
> new file mode 100644
> index ..16bd3afd9324
> --- /dev/null
> +++ b/security/whiteegret/Makefile
> @@ -0,0 +1,2 @@
> +obj-$(CONFIG_SECURITY_WHITEEGRET) += whiteegret.o
> +whiteegret-y := init.o main.o request.o we_fs.o
> diff --git a/security/whiteegret/init.c b/security/whiteegret/init.c
> new file mode 100644
> index ..3691cca6bc27
> --- 

Re: [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions.

[Casey Schaufler]

On 2/28/2018 11:38 PM, Masanobu Koike wrote:
> This RFC provides implementation of WhiteEgret.
>
> Signed-off-by: Masanobu Koike 
> ---
>  security/Kconfig   |   6 +
>  security/Makefile  |   2 +
>  security/whiteegret/Kconfig|  11 ++
>  security/whiteegret/Makefile   |   2 +
>  security/whiteegret/init.c |  75 ++
>  security/whiteegret/main.c | 251 +
>  security/whiteegret/request.c  | 151 
>  security/whiteegret/request.h  |  52 +++
>  security/whiteegret/we.h   |  66 +
>  security/whiteegret/we_fs.c| 280 
> +
>  security/whiteegret/we_fs.h|  23 +++
>  security/whiteegret/we_fs_common.h |  36 +
>  12 files changed, 955 insertions(+)
>  create mode 100644 security/whiteegret/Kconfig
>  create mode 100644 security/whiteegret/Makefile
>  create mode 100644 security/whiteegret/init.c
>  create mode 100644 security/whiteegret/main.c
>  create mode 100644 security/whiteegret/request.c
>  create mode 100644 security/whiteegret/request.h
>  create mode 100644 security/whiteegret/we.h
>  create mode 100644 security/whiteegret/we_fs.c
>  create mode 100644 security/whiteegret/we_fs.h
>  create mode 100644 security/whiteegret/we_fs_common.h
>
> diff --git a/security/Kconfig b/security/Kconfig
> index c4302067a3ad..f17fefecaf84 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -237,6 +237,7 @@ source security/tomoyo/Kconfig
>  source security/apparmor/Kconfig
>  source security/loadpin/Kconfig
>  source security/yama/Kconfig
> +source security/whiteegret/Kconfig
>  
>  source security/integrity/Kconfig
>  
> @@ -246,6 +247,7 @@ choice
>   default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
>   default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
>   default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
> + default DEFAULT_SECURITY_WHITEEGRET if SECURITY_WHITEEGRET
>   default DEFAULT_SECURITY_DAC
>  
>   help
> @@ -264,6 +266,9 @@ choice
>   config DEFAULT_SECURITY_APPARMOR
>   bool "AppArmor" if SECURITY_APPARMOR=y
>  
> + config DEFAULT_SECURITY_WHITEEGRET
> + bool "WhiteEgret" if SECURITY_WHITEEGRET=y
> +

I don't see this module using any security blobs. Is there
a reason you're not making this a minor (like yama) module
instead of a major (like AppArmor) module?

>   config DEFAULT_SECURITY_DAC
>   bool "Unix Discretionary Access Controls"
>  
> @@ -275,6 +280,7 @@ config DEFAULT_SECURITY
>   default "smack" if DEFAULT_SECURITY_SMACK
>   default "tomoyo" if DEFAULT_SECURITY_TOMOYO
>   default "apparmor" if DEFAULT_SECURITY_APPARMOR
> + default "whiteegret" if DEFAULT_SECURITY_WHITEEGRET
>   default "" if DEFAULT_SECURITY_DAC
>  
>  endmenu
> diff --git a/security/Makefile b/security/Makefile
> index 4d2d3782ddef..3a8249c77288 100644
> --- a/security/Makefile
> +++ b/security/Makefile
> @@ -10,6 +10,7 @@ subdir-$(CONFIG_SECURITY_TOMOYO)+= tomoyo
>  subdir-$(CONFIG_SECURITY_APPARMOR)   += apparmor
>  subdir-$(CONFIG_SECURITY_YAMA)   += yama
>  subdir-$(CONFIG_SECURITY_LOADPIN)+= loadpin
> +subdir-$(CONFIG_SECURITY_WHITEEGRET) += whiteegret
>  
>  # always enable default capabilities
>  obj-y+= commoncap.o
> @@ -25,6 +26,7 @@ obj-$(CONFIG_SECURITY_TOMOYO)   += tomoyo/
>  obj-$(CONFIG_SECURITY_APPARMOR)  += apparmor/
>  obj-$(CONFIG_SECURITY_YAMA)  += yama/
>  obj-$(CONFIG_SECURITY_LOADPIN)   += loadpin/
> +obj-$(CONFIG_SECURITY_WHITEEGRET)+= whiteegret/
>  obj-$(CONFIG_CGROUP_DEVICE)  += device_cgroup.o
>  
>  # Object integrity file lists
> diff --git a/security/whiteegret/Kconfig b/security/whiteegret/Kconfig
> new file mode 100644
> index ..32845977745f
> --- /dev/null
> +++ b/security/whiteegret/Kconfig
> @@ -0,0 +1,11 @@
> +config SECURITY_WHITEEGRET
> +bool "WhiteEgret support"
> +depends on SECURITY
> +default n
> +help
> +   This enables the WhiteEgret security module.
> +   WhiteEgret provides a whitelisting execution control capability,
> +   which helps stop the execution of unauthorized software
> +   such as malware.
> +   You will also need a user application and an execution whitelist.
> +  If you are unsure how to answer this question, answer N.
> diff --git a/security/whiteegret/Makefile b/security/whiteegret/Makefile
> new file mode 100644
> index ..16bd3afd9324
> --- /dev/null
> +++ b/security/whiteegret/Makefile
> @@ -0,0 +1,2 @@
> +obj-$(CONFIG_SECURITY_WHITEEGRET) += whiteegret.o
> +whiteegret-y := init.o main.o request.o we_fs.o
> diff --git a/security/whiteegret/init.c b/security/whiteegret/init.c
> new file mode 100644
> index ..3691cca6bc27
> --- /dev/null
> +++