LSM-Howto: Kernelmodule with non exported functions

Question

I'm currently writing a Linux Kernel module which depends on the Linux Security Modules (LSM) at the moment it is nothing really, I just wanted to print out a simple message whenever a file is opened. The problem is: To register to the hook I need the function register_security, which - I found out after googleing - isn't exported anymore and thus can't be used by loadable kernel modules - only by modules which are compiled directly into the kernel. Of course this makes sense for a security module, but it suckes for me developing. So now the question to you: Is there a way of patching my module into the kernel? I mean, I don't want to recompile my kernel after every bugfix or for every minor change. I could live with rebooting my pc for every new try, but recompiling would take a little bit to long I guess..

Edit: Hm, noone yet :( I just had an idea, maybe someone can tell me if it's good or not: Can't I just add the EXPORT_SYMBOL in the kernel source for the functions I need, then recompile it and then add my code as a module? Of course this would be just for testing and debugging

Answer 1

Can't you just use fsnotify in kernel, or fanotify from user space?

It's not generally a good idea to export functions that the author didn't think it would be a good idea to export. If you call a function that isn't part of the public interface and that function has a side effect, you will probably break things. Besides, your module won't work on other machines, but maybe you don't care about this.

Answer 2

No, there is not. When a symbol is not exported, the in-kernel linker will not be able to find it. But adding the export to the kernel you use for testing should be OK. You can add your module to the export list by adding it to ./include/linux/Kbuild.

Also if testing in (user-mode-linux)[http://user-mode-linux.sourceforge.net/] or in virtual box, recompiling whole kernel might not be that big problem.

Answer 3

This may be a bit late as I see your question a while back. What I found to be a good solution is to write a module that you compile into the kernel and just exports the couple of functions you what to play with.

For example

//REGISTER FILE_PERMISSION
static void k_register_file_permission(int (*my_file_permission) (struct file *file, int mask)) {
  my_file_permission_func = my_file_permission;
}
EXPORT_SYMBOL(k_register_file_permission);

Then you can just call k_register_file_permission from your kernel module, handy durring the development process.

You would also need a function like

int k_file_permission (struct file *file, int mask) {
  if(my_file_permission_func == NULL) 
  {
    //do nothing
  }
  else
  {
    return my_file_permission_func(file, mask);
  }
  return 0;
}

That you would register with the LSM at boot time.