sp project 4 new smack rules - tizen wiki · linux kernel development project 0 tizen porting to...
TRANSCRIPT
![Page 1: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/1.jpg)
1
SP Project 4 New SMACK Rules
![Page 2: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/2.jpg)
Tizen project flow
2
Tizen dev. environment
build
Tizen application
development
Tizen security : SMACK
Tizen platform
development
Linux kernel
development
Project 0 Tizen porting to Odroid-U3
Project 1 Tizen web application development
Project 2 Basic SMACK features
Project 3 SMACK security rule modify
Project 4 New SMACK rules
![Page 3: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/3.jpg)
Overview
File in the hole
3
File File
Open
After 3 seconds…
Bomb!
![Page 4: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/4.jpg)
Overview
Part 1. Tizen platform development • Platform provides SMACK interface
Part 2. Linux kernel development • Kernel provides basic SMACK operations
4
User
Tizen platform
Linux kernel
![Page 5: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/5.jpg)
Part 1. Tizen Platform Development
5
![Page 6: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/6.jpg)
Objective
Create a new “vi” command, “smackvi”
6
$ smackvi File.txt
$ chsmack –a “(@)” File.txt
$ smackvi File.txt
• Read File.txt like “vi” Clear console Show contents of File.txt Input ‘q’ to quit
• Update smack label of File.txt “(@)” is pre-defined label string
• Read File.txt like “vi” smackvi checks if the label is “(@)” Count down… Kill itself
![Page 7: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/7.jpg)
Demo
7
$ smackvi File.txt
![Page 8: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/8.jpg)
Hints
1. Get into “smack” directory in Tizen platform
2. Modify “smack/utils/Makefile.am”
8
![Page 9: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/9.jpg)
Hints
3. vi smack/utils/smackvi.c • Your own source code
• Refer other utils such as chsmack.c, smackctl.c
4. GBS build and transmit generated rpm files to Odroid • Review “How to port, Project 1” section
5. Install rpm files • ~/GBS-ROOT/local/repos/tizen2.2/armv7l/RPMS
• There are rpm files you have compiled
• “sdb push” and install smack-…armv7l.rpm
9
![Page 10: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/10.jpg)
Requirement
smackvi.c source code
10
![Page 11: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/11.jpg)
Part 2. Linux Kernel Development
11
![Page 12: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/12.jpg)
Objective
Create a new rule that kills the running process
12
$ chsmack –a “#” File.txt • Update smack label of File.txt
“#” is pre-defined label string
$ vi File.txt • Open File.txt
You should be able to read the contents See the open file disappear after 3 seconds
$ chsmack –a “#” Image.jpg • Update smack label of File.txt
“#” is pre-defined label string
Run “File manager” and open Image.jpg (using VU)
• Open Image.jpg You should be able to see the picture See the open image disappear after 3 seconds
![Page 13: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/13.jpg)
Demo
13
Lable “#”
![Page 14: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/14.jpg)
Demo
14
![Page 15: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/15.jpg)
Demo
15
![Page 16: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/16.jpg)
Implementation Overview
16
User File System Open file
SMACK
Check label
If the label is “#”
Timer Wait 3 sec background and callback
Signal
Kill the process that opened the file with label “#”
![Page 17: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/17.jpg)
Hints
1. Get into Linux kernel directory
2. Modify do_sys_open() in fs/open.c • Seek the best spot to locate “security_file_permission()”
• “security_file_permission()” is in “security/security.c”
17
![Page 18: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/18.jpg)
Hints
3. Modify smack_file_permission() in security/smack/smack_lsm.c
• Luckily, this function is not used by SMACK (dummy function)
• You should consider how to change struct file* to struct inode*
• smk_of_inode(struct inode* ) returns object(file) label string
• To setup a timer…
− Include <linux/timer.h>
− Declare a global struct timer_list variable
− setup_timer( ) connects timer and call back function
− mod_timer( ) runs timer background
and after some time, executes call back function
18
![Page 19: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/19.jpg)
Hints
4. Generate a call back function at “security/smack/smack_lsm.c”
• This function will kill the process that opened the file
• To kill the file…
− Include <linux/signal.h>
− Refer sys_kill() in “kernel/signal.c” (SYSCALL_DEFINE2)
19
Migrate to your callback!
![Page 20: SP Project 4 New SMACK Rules - Tizen Wiki · Linux kernel development Project 0 Tizen porting to Odroid-U3 Project 1 web application development Project 2 Basic SMACK features Project](https://reader033.vdocument.in/reader033/viewer/2022042812/5fabf594b931ca21275a6736/html5/thumbnails/20.jpg)
Hints
5. Compile kernel and put zImage in boot partition
• Refer previous project (project 1)
20