Stateful access control using LSM

Talk (11 December 2007) pdf | odp
Paper (14 December 2007) pdf | TeX

In this project we attempt to maintain state for running processes on the system using the LSM framework. Our initial implementation keeps simple counters and updates files upon creation only. The goal of the project is to show that state can be maintained relatively cheaply thanks to LSM. This code relies heavily on the well documented source of SELinux. Our module is called lsmlgi. Upon compiling and inserting lsmlgi.ko, a proc file is created and the law of the system is set as uninitialized.

[root@lsmlgi ~]# cat /proc/lsmlgi
sid: 1197237533
law:
law not initialized

We load a law using the helper application from userland, lawloader.
[root@lsmlgi ~]# lawloader -f visitor.law
[root@lsmlgi ~]# cat /proc/lsmlgi
sid: 1197237533
law:
law initialized: 1 rules
        500:-1:7:2:15:2

This example law looks like the following before being "compiled" by lawloader:
[root@lsmlgi ~]# cat visitor.law 
user thomas del { tsid != tsid }
In this example the user "thomas" is not permitted to delete files that were created in another session. Only files that have been created during this session are permitted to be deleted. A law like this could be used to allow several users to share a guest or visitor account on the system without fear of the users deleting each others files.

Files

lsmlgi.h
lsmlgi.c
Makefile
lawloader.h
lawloader.c
lsmlgi_def.h