veridian_kernel/security/
mod.rs

1//! Security infrastructure for VeridianOS
2
3//! This module provides comprehensive security features including:
4//! - Cryptographic primitives
5//! - Mandatory Access Control (MAC)
6//! - Security audit framework
7//! - Secure boot verification
8
9pub mod audit;
10pub mod audit_enhanced;
11pub mod auth;
12pub mod boot;
13pub mod dilithium;
14pub mod fuzzing;
15pub mod kaslr;
16pub mod mac;
17pub mod memory_protection;
18pub mod smep_smap;
19pub mod spectre;
20pub mod stack_canary;
21pub mod tpm;
22pub mod tpm_commands;
23
24use crate::error::KernelError;
25
26/// Security context for processes
27#[derive(Debug, Clone, Copy, PartialEq, Eq)]
28pub struct SecurityContext {
29    /// Security label/domain
30    pub label: &'static str,
31    /// User ID
32    pub uid: u32,
33    /// Group ID
34    pub gid: u32,
35    /// Security level
36    pub level: SecurityLevel,
37}
38
39/// Security levels for multi-level security (MLS)
40#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord)]
41pub enum SecurityLevel {
42    Unclassified = 0,
43    Confidential = 1,
44    Secret = 2,
45    TopSecret = 3,
46}
47
48impl SecurityContext {
49    /// Create a new security context
50    pub const fn new(label: &'static str, uid: u32, gid: u32, level: SecurityLevel) -> Self {
51        Self {
52            label,
53            uid,
54            gid,
55            level,
56        }
57    }
58
59    /// Check if this context can access another context
60    pub fn can_access(&self, target: &SecurityContext, access: AccessType) -> bool {
61        // Check MAC policy
62        if !mac::check_access(self.label, target.label, access) {
63            return false;
64        }
65
66        // Check MLS: no read-up, no write-down
67        match access {
68            AccessType::Read => self.level >= target.level,
69            AccessType::Write => self.level <= target.level,
70            AccessType::Execute => self.level == target.level,
71        }
72    }
73}
74
75/// Access types for security checks
76#[derive(Debug, Clone, Copy, PartialEq, Eq)]
77pub enum AccessType {
78    Read,
79    Write,
80    Execute,
81}
82
83/// Initialize security subsystem
84pub fn init() -> Result<(), KernelError> {
85    kprintln!("[SECURITY] Initializing security subsystem...");
86
87    memory_protection::init()?;
88    kprintln!("[SECURITY] memory_protection done");
89
90    auth::init()?;
91    kprintln!("[SECURITY] auth done");
92
93    tpm::init()?;
94    kprintln!("[SECURITY] tpm done");
95
96    mac::init()?;
97    kprintln!("[SECURITY] mac done");
98
99    audit::init()?;
100    kprintln!("[SECURITY] audit done");
101
102    boot::verify()?;
103    kprintln!("[SECURITY] boot verify done");
104
105    smep_smap::init()?;
106    kprintln!("[SECURITY] smep_smap done");
107
108    spectre::init()?;
109    kprintln!("[SECURITY] spectre done");
110
111    kaslr::init()?;
112    kprintln!("[SECURITY] kaslr done");
113
114    stack_canary::init()?;
115    kprintln!("[SECURITY] stack_canary done");
116
117    kprintln!("[SECURITY] Security subsystem initialized successfully");
118    Ok(())
119}
120
121#[cfg(test)]
122mod tests {
123    use super::*;
124
125    #[test]
126    fn test_security_context() {
127        let ctx1 = SecurityContext::new("user_t", 1000, 1000, SecurityLevel::Unclassified);
128        let ctx2 = SecurityContext::new("system_t", 0, 0, SecurityLevel::Secret);
129
130        // User can read unclassified
131        assert!(ctx1.can_access(&ctx1, AccessType::Read));
132
133        // User cannot read secret (no read-up)
134        assert!(!ctx1.can_access(&ctx2, AccessType::Read));
135
136        // System can read unclassified (read-down allowed)
137        assert!(ctx2.can_access(&ctx1, AccessType::Read));
138    }
139}
veridian_kernel/security/mod.rs

veridian_kernel/security/
mod.rs
