I am a beginner in the field of Linux kernel programming. I was studying Linux Security Modules (LSM). The references which I have seen (recent ones) especially this video here, bakes the module written into the kernel itself, and then the entire compiled kernel is installed on say an Ubuntu machine.
I was thinking of writing a program, such that instead of making it into the kernel itself, I could load and unload it as per my need. (Especially to test the correctness of its functionality, easily).
The video which I have mentioned above makes use of security_add_hooks
to bind our function to the security subsystem. But, using the mention of security_add_hooks
and LSM_HOOK_INIT
which in turn uses security_hook_heads
struct, causes an issue when I try to make a .ko
file for this module.
ERROR: modpost: "security_add_hooks" [security/my_test.ko] undefined!
ERROR: modpost: "security_hook_heads" [security/my_test.ko] undefined!
I can understand that security_add_hooks
is a function and has not been exported for use by the modules. So, I tried to EXPORT_SYMBOL(security_add_hooks)
so that my .ko
file can use it.
But another issue arises. Regarding two struct
definitions, security_hook_heads
and security_hook_list
. I simply don't know how to export them. I tried to write a statement EXPORT_SYMBOL(security_hook_heads);
just after the corresponding struct definition as follows, in lsm_hooks.h
:
struct security_hook_heads {
#define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME;
#include "lsm_hook_defs.h"
#undef LSM_HOOK
} __randomize_layout;
EXPORT_SYMBOL(security_hook_heads);
Corresponding to this I get the following error:
./include/linux/lsm_hooks.h:1601:15: error: ‘security_hook_heads’ undeclared here (not in a function)
1601 | EXPORT_SYMBOL(security_hook_heads);
I don't fully understand the meaning of the error, but I feel it is trying to point out that exporting a symbol from a header file is not possible.
So, I could not figure out how to work out this approach. Is there any other easy method available?
I was going through a few old YouTube videos and a few articles, where they make use of functions like register_security
and unregister_security
, but I guess these functions are no longer there in the latest Linux kernel (6.0.0). [As was mentioned in the thread of the following few questions: (1), see the comment to the answer for the previous question, (2)]
You can't do this in a module.
security_add_hooks
is marked with __init
..init.text
).kernel_init
) it calls free_initmem
.So, by the time your module is loaded, security_add_hooks
et. al. are long gone.
If you have to modify security/security.c
to add EXPORT_SYMBOL(security_add_hooks)
, then you are building a custom kernel. So, you might as well just bake your code into the kernel.