1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25#include <linux/kernel.h>
26#include <linux/init.h>
27#include <linux/security.h>
28#include <linux/usb.h>
29#include <linux/moduleparam.h>
30
31
32static int secondary;
33
34
35static int vendor_id = 0x0557;
36static int product_id = 0x2008;
37
38module_param(vendor_id, uint, 0400);
39module_param(product_id, uint, 0400);
40
41
42static int debug = 0;
43
44module_param(debug, bool, 0600);
45
46#define MY_NAME "root_plug"
47
48#define root_dbg(fmt, arg...) \
49 do { \
50 if (debug) \
51 printk(KERN_DEBUG "%s: %s: " fmt , \
52 MY_NAME , __FUNCTION__ , \
53 ## arg); \
54 } while (0)
55
56static int rootplug_bprm_check_security (struct linux_binprm *bprm)
57{
58 struct usb_device *dev;
59
60 root_dbg("file %s, e_uid = %d, e_gid = %d\n",
61 bprm->filename, bprm->e_uid, bprm->e_gid);
62
63 if (bprm->e_gid == 0) {
64 dev = usb_find_device(vendor_id, product_id);
65 if (!dev) {
66 root_dbg("e_gid = 0, and device not found, "
67 "task not allowed to run...\n");
68 return -EPERM;
69 }
70 usb_put_dev(dev);
71 }
72
73 return 0;
74}
75
76static struct security_operations rootplug_security_ops = {
77
78 .ptrace = cap_ptrace,
79 .capget = cap_capget,
80 .capset_check = cap_capset_check,
81 .capset_set = cap_capset_set,
82 .capable = cap_capable,
83
84 .bprm_apply_creds = cap_bprm_apply_creds,
85 .bprm_set_security = cap_bprm_set_security,
86
87 .task_post_setuid = cap_task_post_setuid,
88 .task_reparent_to_init = cap_task_reparent_to_init,
89
90 .bprm_check_security = rootplug_bprm_check_security,
91};
92
93static int __init rootplug_init (void)
94{
95
96 if (register_security (&rootplug_security_ops)) {
97 printk (KERN_INFO
98 "Failure registering Root Plug module with the kernel\n");
99
100 if (mod_reg_security (MY_NAME, &rootplug_security_ops)) {
101 printk (KERN_INFO "Failure registering Root Plug "
102 " module with primary security module.\n");
103 return -EINVAL;
104 }
105 secondary = 1;
106 }
107 printk (KERN_INFO "Root Plug module initialized, "
108 "vendor_id = %4.4x, product id = %4.4x\n", vendor_id, product_id);
109 return 0;
110}
111
112security_initcall (rootplug_init);
113