从hook点到策略点
SEAndroid 利用LSM模块实施MAC访问控制,LSM模块在内核中设置很多的hook点,对资源的访问会重定向到SElinux的函数策略执行函数,接下来以create_socket为例,分析从hook点到策略点的流程:
/goldfish/net/socket.c
static int _sock_create(struct net *net,int family, int type,
int protocol,struct socket **res,int kern)
{
...
//此处为hook点,进行MAC访问控制检查
err=security_socket_create(family, type,protocol,kerm);
//err为1,则权限检查的结果为denied
if(err)
return err;
...
}
security_socket_create函数的声明如下:
/goldfish/include/linux/security.h
int security_socket_create(int family, int type, int protocol, int kern);
security_socket_create函数的实现如下:
/goldfish/security/security.c
...
struct security_operations *security_ops;
...
int security_socket_create(int family, int type, int protocol, int kern)
{
return secur