The SELinux module sends out a netlink broadcast to any listening sockets. I'm wondering if it's possible to listen for netlink broadcast from within another kernel module?
From SELinux netlink code:
netlink_broadcast(selnl, skb, 0, SELNLGRP_AVC, GFP_USER);
解决方案
I found that you can listen for netlink data through the use of regular sockets. And, yes, it's possible in kernel-space.
You basically need to create and bind to a socket:
struct sock *sock = NULL;
struct sockaddr_nl addr = { 0 };
/* Create a netlink socket for SELinux traffic */
int rc = sock_create_kern(AF_NETLINK, SOCK_RAW, NETLINK_SELINUX,
&ctx.sock);
if (rc)
return rc;
addr.nl_family = AF_NETLINK;
addr.nl_pid = 0;
addr.nl_groups = SELNLGRP_AVC;
rc = kernel_bind(ctx.sock, (struct sockaddr *) &addr, sizeof(addr));
if (rc)
return rc;
/* Setup socket callback */
sock = ctx.sock->sk;
sock->sk_data_ready = netlink_data_ready;
sock->sk_allocation = GFP_KERNEL;
To receive the data:
static void netlink_data_ready(struct sock *sk, int bytes)
{
struct sk_buff *skb = NULL;
struct nlmsghdr *nlh = NULL;
int rc = 0;
/* Receive the data packet (blocking) */
skb = skb_recv_datagram(sk, 0, 0, &rc);
if (rc) {
printk(KERN_ERROR "Failed on skb_recv_datagram(). rc=%d.", -rc);
return;
}
nlh = (struct nlmsghdr *) skb->data;
if (!nlh || !NLMSG_OK(nlh, bytes)) {
printk(KERN_ERROR "Invalid netlink header data.");
return;
}
if (nlh->nlmsg_type == SELNL_MSG_POLICYLOAD ||
nlh->nlmsg_type == SELNL_MSG_SETENFORCE) {
/* Insert code here */
}
}
1103
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
