From: Konrad Kuchciak <k.kuchciak@samsung.com>
Date: Fri, 14 Feb 2020 12:30:08 +0000 (+0100)
Subject: Add blacklist parameter
X-Git-Tag: accepted/tizen/unified/20200220.122440~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6292e953e10dbeaa0261a00d8b7d2bb7b2c1ded7;p=platform%2Fcore%2Fsystem%2Fstability-monitor-kmod-rpi3.git

Add blacklist parameter

Blacklist parameter allows to filter out processes
with the specified SMACK label. Up to 10 comma separated
labels may be specified.

Change-Id: Ifba07c610d02b6214086ab666caac0fa5eb2b019
---

diff --git a/config/stability-monitor.conf b/config/stability-monitor.conf
new file mode 100644
index 0000000..f5834d8
--- /dev/null
+++ b/config/stability-monitor.conf
@@ -0,0 +1 @@
+install proc_tsm insmod /usr/lib/stability-monitor/proc-tsm.ko blacklist=System::TEF
diff --git a/kernel/proc-tsm.c b/kernel/proc-tsm.c
index 488fc30..6db4782 100644
--- a/kernel/proc-tsm.c
+++ b/kernel/proc-tsm.c
@@ -20,6 +20,7 @@
  */
 
 #include <linux/module.h>
+#include <linux/moduleparam.h>
 #include <linux/init.h>
 #include <linux/kernel.h>
 
@@ -38,12 +39,16 @@
 #include <linux/fdtable.h>
 #include <linux/math64.h>
 #include <linux/task_io_accounting_ops.h>
+#include <linux/security.h>
 
 #define DEBUG 0
 #define PAGE_TO_KB(x) ((x) << (PAGE_SHIFT - 10))
 
 static struct proc_dir_entry* proc_file;
+static char *blacklist[10] = {0, };
+static int blacklist_c = 0;
 
+module_param_array(blacklist, charp, &blacklist_c, 0000);
 
 static u64 time_now(void)
 {
@@ -94,6 +99,11 @@ static int stability_monitor_show(struct seq_file *m, void *v)
     unsigned long long vm_rss, total_ram;
     struct task_io_accounting task_ioac;
     unsigned int open_fds;
+    u32 secid;
+    char *label;
+    u32 label_len;
+    int blacklisted;
+    int i;
 
     rcu_read_lock();
 
@@ -126,6 +136,20 @@ static int stability_monitor_show(struct seq_file *m, void *v)
             continue;
         }
 
+        security_cred_getsecid(((struct cred *)task->real_cred), &secid);
+        if (!security_secid_to_secctx(secid, &label, &label_len)) {
+            blacklisted = 0;
+            for (i = 0; i < blacklist_c; i++) {
+                if (strcmp(label, blacklist[i]) == 0) {
+                    blacklisted = 1;
+                    break;
+                }
+            }
+            if (blacklisted) {
+                task_unlock(task);
+                continue;
+            }
+        }
 
         /* Memory */
         vm_rss = get_mm_rss(task->mm);
diff --git a/packaging/stability-monitor-kmod-rpi3.spec b/packaging/stability-monitor-kmod-rpi3.spec
index 2784c40..c16ba11 100644
--- a/packaging/stability-monitor-kmod-rpi3.spec
+++ b/packaging/stability-monitor-kmod-rpi3.spec
@@ -24,8 +24,10 @@ make -C kernel KMOD_PATH=%KMOD_PATH KERNELDIR=/boot/kernel/devel/kernel-devel-ar
 
 %install
 install -D kernel/proc-tsm.ko %{buildroot}/%KMOD_PATH
+install -D config/stability-monitor.conf %{buildroot}/etc/modprobe.d/stability-monitor.conf
 
 %files
 %manifest %{name}.manifest
 %license COPYING
 %KMOD_PATH
+/etc/modprobe.d/stability-monitor.conf