Created
June 24, 2013 11:06
-
-
Save fi01/5849318 to your computer and use it in GitHub Desktop.
LSM disabler kernel module
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Usage: insmod lsm_disabler.ko addr=<address for reset_security_ops> | |
| # lsm_disabler.ko addr=0xc031311c | |
| diff --git a/security/Kconfig b/security/Kconfig | |
| index f972310..b8d1730 100644 | |
| --- a/security/Kconfig | |
| +++ b/security/Kconfig | |
| @@ -228,5 +228,7 @@ config DEFAULT_SECURITY | |
| default "apparmor" if DEFAULT_SECURITY_APPARMOR | |
| default "" if DEFAULT_SECURITY_DAC | |
| +source security/lsm_disabler/Kconfig | |
| + | |
| endmenu | |
| diff --git a/security/Makefile b/security/Makefile | |
| index 4ab84ce..3b6422b 100644 | |
| --- a/security/Makefile | |
| +++ b/security/Makefile | |
| @@ -30,3 +30,5 @@ obj-$(CONFIG_SECURITY_SEC) += sec/built-in.o | |
| # Object integrity file lists | |
| subdir-$(CONFIG_IMA) += integrity/ima | |
| obj-$(CONFIG_IMA) += integrity/ima/built-in.o | |
| + | |
| +subdir-y += lsm_disabler | |
| diff --git a/security/lsm_disabler/Kconfig b/security/lsm_disabler/Kconfig | |
| new file mode 100644 | |
| index 0000000..fe638f7 | |
| --- /dev/null | |
| +++ b/security/lsm_disabler/Kconfig | |
| @@ -0,0 +1,3 @@ | |
| +config CONFIG_LSM_DISABLER | |
| + tristate "LSM disabler support" | |
| + default m | |
| diff --git a/security/lsm_disabler/Makefile b/security/lsm_disabler/Makefile | |
| new file mode 100644 | |
| index 0000000..8ee9530 | |
| --- /dev/null | |
| +++ b/security/lsm_disabler/Makefile | |
| @@ -0,0 +1 @@ | |
| +obj-m += lsm_disabler.o | |
| diff --git a/security/lsm_disabler/lsm_disabler.c b/security/lsm_disabler/lsm_disabler.c | |
| new file mode 100644 | |
| index 0000000..031df16 | |
| --- /dev/null | |
| +++ b/security/lsm_disabler/lsm_disabler.c | |
| @@ -0,0 +1,42 @@ | |
| +#include <linux/version.h> | |
| +#include <linux/kernel.h> | |
| +#include <linux/module.h> | |
| +#include <linux/init.h> | |
| + | |
| +#include <linux/security.h> | |
| + | |
| +typedef void (*func_t)(void); | |
| + | |
| +static uint32_t addr = 0; | |
| + | |
| +static int __init lsm_disabler_init_module(void) | |
| +{ | |
| + func_t reset_security_ops_func = (func_t)addr; | |
| + | |
| + printk(KERN_INFO "lsm_disabler: loaded\n"); | |
| + | |
| + if (reset_security_ops_func == NULL) { | |
| + printk(KERN_INFO "lsm_disabler: need param 'addr'\n"); | |
| + return -EINVAL; | |
| + } | |
| + | |
| + reset_security_ops_func(); | |
| + | |
| + printk(KERN_INFO "lsm_disabler: call reset_security_ops(): done\n"); | |
| + | |
| + return 0; | |
| +} | |
| + | |
| +static void lsm_disabler_cleanup_module(void) | |
| +{ | |
| + printk(KERN_INFO "lsm_disabler: unloaded.\n"); | |
| +} | |
| + | |
| +module_param(addr, uint, 0); | |
| +MODULE_PARM_DESC(addr, "address for reset_security_ops"); | |
| + | |
| +MODULE_DESCRIPTION("LSM Disabler"); | |
| +MODULE_AUTHOR("@fi01"); | |
| +MODULE_LICENSE("GPL"); | |
| +module_init(lsm_disabler_init_module); | |
| +module_exit(lsm_disabler_cleanup_module); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment