Add blacklist parameter

author Konrad Kuchciak <k.kuchciak@samsung.com>

Fri, 14 Feb 2020 12:30:08 +0000 (13:30 +0100)

committer Konrad Kuchciak <k.kuchciak@samsung.com>

Tue, 18 Feb 2020 07:50:20 +0000 (08:50 +0100)
author Konrad Kuchciak <k.kuchciak@samsung.com>
Fri, 14 Feb 2020 12:30:08 +0000 (13:30 +0100)
committer Konrad Kuchciak <k.kuchciak@samsung.com>
Tue, 18 Feb 2020 07:50:20 +0000 (08:50 +0100)
diff --git a/config/stability-monitor.conf b/config/stability-monitor.conf

new file mode 100644 (file)

index 0000000..f5834d8
--- /dev/null
+++ b/config/stability-monitor.conf
@@ -0,0 +1 @@
+install proc_tsm insmod /usr/lib/stability-monitor/proc-tsm.ko blacklist=System::TEF
diff --git a/kernel/proc-tsm.c b/kernel/proc-tsm.c

index 488fc30..6db4782 100644 (file)
--- a/kernel/proc-tsm.c
+++ b/kernel/proc-tsm.c
@@ -20,6 +20,7 @@
   */
  
  #include <linux/module.h>
+#include <linux/moduleparam.h>
  #include <linux/init.h>
  #include <linux/kernel.h>
  
@@ -38,12 +39,16 @@
  #include <linux/fdtable.h>
  #include <linux/math64.h>
  #include <linux/task_io_accounting_ops.h>
+#include <linux/security.h>
  
  #define DEBUG 0
  #define PAGE_TO_KB(x) ((x) << (PAGE_SHIFT - 10))
  
  static struct proc_dir_entry* proc_file;
+static char *blacklist[10] = {0, };
+static int blacklist_c = 0;
  
+module_param_array(blacklist, charp, &blacklist_c, 0000);
  
  static u64 time_now(void)
  {
@@ -94,6 +99,11 @@ static int stability_monitor_show(struct seq_file *m, void *v)
      unsigned long long vm_rss, total_ram;
      struct task_io_accounting task_ioac;
      unsigned int open_fds;
+    u32 secid;
+    char *label;
+    u32 label_len;
+    int blacklisted;
+    int i;
  
      rcu_read_lock();
  
@@ -126,6 +136,20 @@ static int stability_monitor_show(struct seq_file *m, void *v)
              continue;
          }
  
+        security_cred_getsecid(((struct cred *)task->real_cred), &secid);
+        if (!security_secid_to_secctx(secid, &label, &label_len)) {
+            blacklisted = 0;
+            for (i = 0; i < blacklist_c; i++) {
+                if (strcmp(label, blacklist[i]) == 0) {
+                    blacklisted = 1;
+                    break;
+                }
+            }
+            if (blacklisted) {
+                task_unlock(task);
+                continue;
+            }
+        }
  
          /* Memory */
          vm_rss = get_mm_rss(task->mm);
diff --git a/packaging/stability-monitor-kmod-rpi3.spec b/packaging/stability-monitor-kmod-rpi3.spec

index 2784c40..c16ba11 100644 (file)
--- a/packaging/stability-monitor-kmod-rpi3.spec
+++ b/packaging/stability-monitor-kmod-rpi3.spec
@@ -24,8 +24,10 @@ make -C kernel KMOD_PATH=%KMOD_PATH KERNELDIR=/boot/kernel/devel/kernel-devel-ar
  
  %install
  install -D kernel/proc-tsm.ko %{buildroot}/%KMOD_PATH
+install -D config/stability-monitor.conf %{buildroot}/etc/modprobe.d/stability-monitor.conf
  
  %files
  %manifest %{name}.manifest
  %license COPYING
  %KMOD_PATH
+/etc/modprobe.d/stability-monitor.conf
author	Konrad Kuchciak <k.kuchciak@samsung.com>
	Fri, 14 Feb 2020 12:30:08 +0000 (13:30 +0100)
committer	Konrad Kuchciak <k.kuchciak@samsung.com>
	Tue, 18 Feb 2020 07:50:20 +0000 (08:50 +0100)
config/stability-monitor.conf	[new file with mode: 0644]	patch \| blob
kernel/proc-tsm.c		patch \| blob \| history
packaging/stability-monitor-kmod-rpi3.spec		patch \| blob \| history