]>
Commit | Line | Data |
---|---|---|
80594fc2 JJ |
1 | /* |
2 | * AppArmor security module | |
3 | * | |
4 | * This file contains AppArmor af_unix fine grained mediation | |
5 | * | |
6 | * Copyright 2014 Canonical Ltd. | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or | |
9 | * modify it under the terms of the GNU General Public License as | |
10 | * published by the Free Software Foundation, version 2 of the | |
11 | * License. | |
12 | */ | |
13 | ||
14 | #include <net/tcp_states.h> | |
15 | ||
16 | #include "include/af_unix.h" | |
17 | #include "include/apparmor.h" | |
18 | #include "include/context.h" | |
19 | #include "include/file.h" | |
20 | #include "include/label.h" | |
21 | #include "include/path.h" | |
22 | #include "include/policy.h" | |
23 | ||
24 | static inline struct sock *aa_sock(struct unix_sock *u) | |
25 | { | |
26 | return &u->sk; | |
27 | } | |
28 | ||
29 | static inline int unix_fs_perm(const char *op, u32 mask, struct aa_label *label, | |
30 | struct unix_sock *u, int flags) | |
31 | { | |
32 | AA_BUG(!label); | |
33 | AA_BUG(!u); | |
34 | AA_BUG(!UNIX_FS(aa_sock(u))); | |
35 | ||
36 | if (unconfined(label) || !LABEL_MEDIATES(label, AA_CLASS_FILE)) | |
37 | return 0; | |
38 | ||
39 | mask &= NET_FS_PERMS; | |
40 | if (!u->path.dentry) { | |
41 | struct path_cond cond = { }; | |
42 | struct aa_perms perms = { }; | |
43 | struct aa_profile *profile; | |
44 | ||
45 | /* socket path has been cleared because it is being shutdown | |
46 | * can only fall back to original sun_path request | |
47 | */ | |
48 | struct aa_sk_ctx *ctx = SK_CTX(&u->sk); | |
49 | if (ctx->path.dentry) | |
50 | return aa_path_perm(op, label, &ctx->path, flags, mask, | |
51 | &cond); | |
52 | return fn_for_each_confined(label, profile, | |
53 | ((flags | profile->path_flags) & PATH_MEDIATE_DELETED) ? | |
54 | __aa_path_perm(op, profile, | |
55 | u->addr->name->sun_path, mask, | |
56 | &cond, flags, &perms) : | |
57 | aa_audit_file(profile, &nullperms, op, mask, | |
58 | u->addr->name->sun_path, NULL, | |
59 | NULL, cond.uid, | |
60 | "Failed name lookup - " | |
61 | "deleted entry", -EACCES)); | |
62 | } else { | |
63 | /* the sunpath may not be valid for this ns so use the path */ | |
64 | struct path_cond cond = { u->path.dentry->d_inode->i_uid, | |
65 | u->path.dentry->d_inode->i_mode | |
66 | }; | |
67 | ||
68 | return aa_path_perm(op, label, &u->path, flags, mask, &cond); | |
69 | } | |
70 | ||
71 | return 0; | |
72 | } | |
73 | ||
74 | /* passing in state returned by PROFILE_MEDIATES_AF */ | |
75 | static unsigned int match_to_prot(struct aa_profile *profile, | |
76 | unsigned int state, int type, int protocol, | |
77 | const char **info) | |
78 | { | |
79 | u16 buffer[2]; | |
80 | buffer[0] = cpu_to_be16(type); | |
81 | buffer[1] = cpu_to_be16(protocol); | |
82 | state = aa_dfa_match_len(profile->policy.dfa, state, (char *) &buffer, | |
83 | 4); | |
84 | if (!state) | |
85 | *info = "failed type and protocol match"; | |
86 | return state; | |
87 | } | |
88 | ||
89 | static unsigned int match_addr(struct aa_profile *profile, unsigned int state, | |
90 | struct sockaddr_un *addr, int addrlen) | |
91 | { | |
92 | if (addr) | |
93 | /* include leading \0 */ | |
94 | state = aa_dfa_match_len(profile->policy.dfa, state, | |
95 | addr->sun_path, | |
96 | unix_addr_len(addrlen)); | |
97 | else | |
98 | /* anonymous end point */ | |
99 | state = aa_dfa_match_len(profile->policy.dfa, state, "\x01", | |
100 | 1); | |
101 | /* todo change to out of band */ | |
102 | state = aa_dfa_null_transition(profile->policy.dfa, state); | |
103 | return state; | |
104 | } | |
105 | ||
106 | static unsigned int match_to_local(struct aa_profile *profile, | |
107 | unsigned int state, int type, int protocol, | |
108 | struct sockaddr_un *addr, int addrlen, | |
109 | const char **info) | |
110 | { | |
111 | state = match_to_prot(profile, state, type, protocol, info); | |
112 | if (state) { | |
113 | state = match_addr(profile, state, addr, addrlen); | |
114 | if (state) { | |
115 | /* todo: local label matching */ | |
116 | state = aa_dfa_null_transition(profile->policy.dfa, | |
117 | state); | |
118 | if (!state) | |
119 | *info = "failed local label match"; | |
120 | } else | |
121 | *info = "failed local address match"; | |
122 | } | |
123 | ||
124 | return state; | |
125 | } | |
126 | ||
127 | static unsigned int match_to_sk(struct aa_profile *profile, | |
128 | unsigned int state, struct unix_sock *u, | |
129 | const char **info) | |
130 | { | |
131 | struct sockaddr_un *addr = NULL; | |
132 | int addrlen = 0; | |
133 | ||
134 | if (u->addr) { | |
135 | addr = u->addr->name; | |
136 | addrlen = u->addr->len; | |
137 | } | |
138 | ||
139 | return match_to_local(profile, state, u->sk.sk_type, u->sk.sk_protocol, | |
140 | addr, addrlen, info); | |
141 | } | |
142 | ||
143 | #define CMD_ADDR 1 | |
144 | #define CMD_LISTEN 2 | |
145 | #define CMD_OPT 4 | |
146 | ||
147 | static inline unsigned int match_to_cmd(struct aa_profile *profile, | |
148 | unsigned int state, struct unix_sock *u, | |
149 | char cmd, const char **info) | |
150 | { | |
151 | state = match_to_sk(profile, state, u, info); | |
152 | if (state) { | |
153 | state = aa_dfa_match_len(profile->policy.dfa, state, &cmd, 1); | |
154 | if (!state) | |
155 | *info = "failed cmd selection match"; | |
156 | } | |
157 | ||
158 | return state; | |
159 | } | |
160 | ||
161 | static inline unsigned int match_to_peer(struct aa_profile *profile, | |
162 | unsigned int state, | |
163 | struct unix_sock *u, | |
164 | struct sockaddr_un *peer_addr, | |
165 | int peer_addrlen, | |
166 | const char **info) | |
167 | { | |
168 | state = match_to_cmd(profile, state, u, CMD_ADDR, info); | |
169 | if (state) { | |
170 | state = match_addr(profile, state, peer_addr, peer_addrlen); | |
171 | if (!state) | |
172 | *info = "failed peer address match"; | |
173 | } | |
174 | return state; | |
175 | } | |
176 | ||
177 | static int do_perms(struct aa_profile *profile, unsigned int state, u32 request, | |
178 | struct common_audit_data *sa) | |
179 | { | |
180 | struct aa_perms perms; | |
181 | ||
182 | AA_BUG(!profile); | |
183 | ||
184 | aa_compute_perms(profile->policy.dfa, state, &perms); | |
185 | aa_apply_modes_to_perms(profile, &perms); | |
186 | return aa_check_perms(profile, &perms, request, sa, | |
187 | audit_net_cb); | |
188 | } | |
189 | ||
190 | static int match_label(struct aa_profile *profile, struct aa_profile *peer, | |
191 | unsigned int state, u32 request, | |
192 | struct common_audit_data *sa) | |
193 | { | |
194 | AA_BUG(!profile); | |
195 | AA_BUG(!peer); | |
196 | ||
197 | aad(sa)->peer = &peer->label; | |
198 | ||
199 | if (state) { | |
200 | state = aa_dfa_match(profile->policy.dfa, state, aa_peer_name(peer)); | |
201 | if (!state) | |
202 | aad(sa)->info = "failed peer label match"; | |
203 | } | |
204 | return do_perms(profile, state, request, sa); | |
205 | } | |
206 | ||
207 | ||
208 | /* unix sock creation comes before we know if the socket will be an fs | |
209 | * socket | |
210 | * v6 - semantics are handled by mapping in profile load | |
211 | * v7 - semantics require sock create for tasks creating an fs socket. | |
212 | */ | |
213 | static int profile_create_perm(struct aa_profile *profile, int family, | |
214 | int type, int protocol) | |
215 | { | |
216 | unsigned int state; | |
217 | DEFINE_AUDIT_NET(sa, OP_CREATE, NULL, family, type, protocol); | |
218 | ||
219 | AA_BUG(!profile); | |
220 | AA_BUG(profile_unconfined(profile)); | |
221 | ||
222 | if ((state = PROFILE_MEDIATES_AF(profile, AF_UNIX))) { | |
223 | state = match_to_prot(profile, state, type, protocol, | |
224 | &aad(&sa)->info); | |
225 | return do_perms(profile, state, AA_MAY_CREATE, &sa); | |
226 | } | |
227 | ||
228 | return aa_profile_af_perm(profile, &sa, AA_MAY_CREATE, family, type); | |
229 | } | |
230 | ||
231 | int aa_unix_create_perm(struct aa_label *label, int family, int type, | |
232 | int protocol) | |
233 | { | |
234 | struct aa_profile *profile; | |
235 | ||
236 | if (unconfined(label)) | |
237 | return 0; | |
238 | ||
239 | return fn_for_each_confined(label, profile, | |
240 | profile_create_perm(profile, family, type, protocol)); | |
241 | } | |
242 | ||
243 | ||
244 | static inline int profile_sk_perm(struct aa_profile *profile, const char *op, | |
245 | u32 request, struct sock *sk) | |
246 | { | |
247 | unsigned int state; | |
248 | DEFINE_AUDIT_SK(sa, op, sk); | |
249 | ||
250 | AA_BUG(!profile); | |
251 | AA_BUG(!sk); | |
252 | AA_BUG(UNIX_FS(sk)); | |
253 | AA_BUG(profile_unconfined(profile)); | |
254 | ||
255 | state = PROFILE_MEDIATES_AF(profile, AF_UNIX); | |
256 | if (state) { | |
257 | state = match_to_sk(profile, state, unix_sk(sk), | |
258 | &aad(&sa)->info); | |
259 | return do_perms(profile, state, request, &sa); | |
260 | } | |
261 | ||
262 | return aa_profile_af_sk_perm(profile, &sa, request, sk); | |
263 | } | |
264 | ||
265 | int aa_unix_label_sk_perm(struct aa_label *label, const char *op, u32 request, | |
266 | struct sock *sk) | |
267 | { | |
268 | struct aa_profile *profile; | |
269 | ||
270 | return fn_for_each_confined(label, profile, | |
271 | profile_sk_perm(profile, op, request, sk)); | |
272 | } | |
273 | ||
274 | static int unix_label_sock_perm(struct aa_label *label, const char *op, u32 request, | |
275 | struct socket *sock) | |
276 | { | |
277 | if (unconfined(label)) | |
278 | return 0; | |
279 | if (UNIX_FS(sock->sk)) | |
280 | return unix_fs_perm(op, request, label, unix_sk(sock->sk), 0); | |
281 | ||
282 | return aa_unix_label_sk_perm(label, op, request, sock->sk); | |
283 | } | |
284 | ||
285 | /* revaliation, get/set attr */ | |
286 | int aa_unix_sock_perm(const char *op, u32 request, struct socket *sock) | |
287 | { | |
288 | struct aa_label *label = aa_begin_current_label(DO_UPDATE); | |
289 | int error = unix_label_sock_perm(label, op, request, sock); | |
290 | aa_end_current_label(label); | |
291 | ||
292 | return error; | |
293 | } | |
294 | ||
295 | static int profile_bind_perm(struct aa_profile *profile, struct sock *sk, | |
296 | struct sockaddr *addr, int addrlen) | |
297 | { | |
298 | unsigned int state; | |
299 | DEFINE_AUDIT_SK(sa, OP_BIND, sk); | |
300 | ||
301 | AA_BUG(!profile); | |
302 | AA_BUG(!sk); | |
303 | AA_BUG(addr->sa_family != AF_UNIX); | |
304 | AA_BUG(profile_unconfined(profile)); | |
305 | AA_BUG(unix_addr_fs(addr, addrlen)); | |
306 | ||
307 | state = PROFILE_MEDIATES_AF(profile, AF_UNIX); | |
308 | if (state) { | |
309 | /* bind for abstract socket */ | |
310 | aad(&sa)->net.addr = unix_addr(addr); | |
311 | aad(&sa)->net.addrlen = addrlen; | |
312 | ||
313 | state = match_to_local(profile, state, | |
314 | sk->sk_type, sk->sk_protocol, | |
315 | unix_addr(addr), addrlen, | |
316 | &aad(&sa)->info); | |
317 | return do_perms(profile, state, AA_MAY_BIND, &sa); | |
318 | } | |
319 | ||
320 | return aa_profile_af_sk_perm(profile, &sa, AA_MAY_BIND, sk); | |
321 | } | |
322 | ||
323 | int aa_unix_bind_perm(struct socket *sock, struct sockaddr *address, | |
324 | int addrlen) | |
325 | { | |
326 | struct aa_profile *profile; | |
327 | struct aa_label *label = aa_begin_current_label(DO_UPDATE); | |
328 | int error = 0; | |
329 | ||
330 | /* fs bind is handled by mknod */ | |
331 | if (!(unconfined(label) || unix_addr_fs(address, addrlen))) | |
332 | error = fn_for_each_confined(label, profile, | |
333 | profile_bind_perm(profile, sock->sk, address, | |
334 | addrlen)); | |
335 | aa_end_current_label(label); | |
336 | ||
337 | return error; | |
338 | } | |
339 | ||
340 | int aa_unix_connect_perm(struct socket *sock, struct sockaddr *address, | |
341 | int addrlen) | |
342 | { | |
343 | /* unix connections are covered by the | |
344 | * - unix_stream_connect (stream) and unix_may_send hooks (dgram) | |
345 | * - fs connect is handled by open | |
346 | */ | |
347 | return 0; | |
348 | } | |
349 | ||
350 | static int profile_listen_perm(struct aa_profile *profile, struct sock *sk, | |
351 | int backlog) | |
352 | { | |
353 | unsigned int state; | |
354 | DEFINE_AUDIT_SK(sa, OP_LISTEN, sk); | |
355 | ||
356 | AA_BUG(!profile); | |
357 | AA_BUG(!sk); | |
358 | AA_BUG(UNIX_FS(sk)); | |
359 | AA_BUG(profile_unconfined(profile)); | |
360 | ||
361 | state = PROFILE_MEDIATES_AF(profile, AF_UNIX); | |
362 | if (state) { | |
363 | u16 b = cpu_to_be16(backlog); | |
364 | ||
365 | state = match_to_cmd(profile, state, unix_sk(sk), CMD_LISTEN, | |
366 | &aad(&sa)->info); | |
367 | if (state) { | |
368 | state = aa_dfa_match_len(profile->policy.dfa, state, | |
369 | (char *) &b, 2); | |
370 | if (!state) | |
371 | aad(&sa)->info = "failed listen backlog match"; | |
372 | } | |
373 | return do_perms(profile, state, AA_MAY_LISTEN, &sa); | |
374 | } | |
375 | ||
376 | return aa_profile_af_sk_perm(profile, &sa, AA_MAY_LISTEN, sk); | |
377 | } | |
378 | ||
379 | int aa_unix_listen_perm(struct socket *sock, int backlog) | |
380 | { | |
381 | struct aa_profile *profile; | |
382 | struct aa_label *label = aa_begin_current_label(DO_UPDATE); | |
383 | int error = 0; | |
384 | ||
385 | if (!(unconfined(label) || UNIX_FS(sock->sk))) | |
386 | error = fn_for_each_confined(label, profile, | |
387 | profile_listen_perm(profile, sock->sk, | |
388 | backlog)); | |
389 | aa_end_current_label(label); | |
390 | ||
391 | return error; | |
392 | } | |
393 | ||
394 | ||
395 | static inline int profile_accept_perm(struct aa_profile *profile, | |
396 | struct sock *sk, | |
397 | struct sock *newsk) | |
398 | { | |
399 | unsigned int state; | |
400 | DEFINE_AUDIT_SK(sa, OP_ACCEPT, sk); | |
401 | ||
402 | AA_BUG(!profile); | |
403 | AA_BUG(!sk); | |
404 | AA_BUG(UNIX_FS(sk)); | |
405 | AA_BUG(profile_unconfined(profile)); | |
406 | ||
407 | state = PROFILE_MEDIATES_AF(profile, AF_UNIX); | |
408 | if (state) { | |
409 | state = match_to_sk(profile, state, unix_sk(sk), | |
410 | &aad(&sa)->info); | |
411 | return do_perms(profile, state, AA_MAY_ACCEPT, &sa); | |
412 | } | |
413 | ||
414 | return aa_profile_af_sk_perm(profile, &sa, AA_MAY_ACCEPT, sk); | |
415 | } | |
416 | ||
417 | /* ability of sock to connect, not peer address binding */ | |
418 | int aa_unix_accept_perm(struct socket *sock, struct socket *newsock) | |
419 | { | |
420 | struct aa_profile *profile; | |
421 | struct aa_label *label = aa_begin_current_label(DO_UPDATE); | |
422 | int error = 0; | |
423 | ||
424 | if (!(unconfined(label) || UNIX_FS(sock->sk))) | |
425 | error = fn_for_each_confined(label, profile, | |
426 | profile_accept_perm(profile, sock->sk, | |
427 | newsock->sk)); | |
428 | aa_end_current_label(label); | |
429 | ||
430 | return error; | |
431 | } | |
432 | ||
433 | ||
434 | /* dgram handled by unix_may_sendmsg, right to send on stream done at connect | |
435 | * could do per msg unix_stream here | |
436 | */ | |
437 | /* sendmsg, recvmsg */ | |
438 | int aa_unix_msg_perm(const char *op, u32 request, struct socket *sock, | |
439 | struct msghdr *msg, int size) | |
440 | { | |
441 | return 0; | |
442 | } | |
443 | ||
444 | ||
445 | static int profile_opt_perm(struct aa_profile *profile, const char *op, u32 request, | |
446 | struct sock *sk, int level, int optname) | |
447 | { | |
448 | unsigned int state; | |
449 | DEFINE_AUDIT_SK(sa, op, sk); | |
450 | ||
451 | AA_BUG(!profile); | |
452 | AA_BUG(!sk); | |
453 | AA_BUG(UNIX_FS(sk)); | |
454 | AA_BUG(profile_unconfined(profile)); | |
455 | ||
456 | state = PROFILE_MEDIATES_AF(profile, AF_UNIX); | |
457 | if (state) { | |
458 | u16 b = cpu_to_be16(optname); | |
459 | ||
460 | state = match_to_cmd(profile, state, unix_sk(sk), CMD_OPT, | |
461 | &aad(&sa)->info); | |
462 | if (state) { | |
463 | state = aa_dfa_match_len(profile->policy.dfa, state, | |
464 | (char *) &b, 2); | |
465 | if (!state) | |
466 | aad(&sa)->info = "failed sockopt match"; | |
467 | } | |
468 | return do_perms(profile, state, request, &sa); | |
469 | } | |
470 | ||
471 | return aa_profile_af_sk_perm(profile, &sa, request, sk); | |
472 | } | |
473 | ||
474 | int aa_unix_opt_perm(const char *op, u32 request, struct socket *sock, int level, | |
475 | int optname) | |
476 | { | |
477 | struct aa_profile *profile; | |
478 | struct aa_label *label = aa_begin_current_label(DO_UPDATE); | |
479 | int error = 0; | |
480 | ||
481 | if (!(unconfined(label) || UNIX_FS(sock->sk))) | |
482 | error = fn_for_each_confined(label, profile, | |
483 | profile_opt_perm(profile, op, request, | |
484 | sock->sk, level, optname)); | |
485 | aa_end_current_label(label); | |
486 | ||
487 | return error; | |
488 | } | |
489 | ||
490 | /* null peer_label is allowed, in which case the peer_sk label is used */ | |
491 | static int profile_peer_perm(struct aa_profile *profile, const char *op, u32 request, | |
492 | struct sock *sk, struct sock *peer_sk, | |
493 | struct aa_label *peer_label, | |
494 | struct common_audit_data *sa) | |
495 | { | |
496 | unsigned int state; | |
497 | ||
498 | AA_BUG(!profile); | |
499 | AA_BUG(profile_unconfined(profile)); | |
500 | AA_BUG(!sk); | |
501 | AA_BUG(!peer_sk); | |
502 | AA_BUG(UNIX_FS(peer_sk)); | |
503 | ||
504 | state = PROFILE_MEDIATES_AF(profile, AF_UNIX); | |
505 | if (state) { | |
506 | struct aa_sk_ctx *peer_ctx = SK_CTX(peer_sk); | |
507 | struct aa_profile *peerp; | |
508 | struct sockaddr_un *addr = NULL; | |
509 | int len = 0; | |
510 | if (unix_sk(peer_sk)->addr) { | |
511 | addr = unix_sk(peer_sk)->addr->name; | |
512 | len = unix_sk(peer_sk)->addr->len; | |
513 | } | |
514 | state = match_to_peer(profile, state, unix_sk(sk), | |
515 | addr, len, &aad(sa)->info); | |
516 | if (!peer_label) | |
517 | peer_label = peer_ctx->label; | |
1c1bc45a | 518 | return fn_for_each_in_ns(peer_label, peerp, |
80594fc2 JJ |
519 | match_label(profile, peerp, state, request, |
520 | sa)); | |
521 | } | |
522 | ||
523 | return aa_profile_af_sk_perm(profile, sa, request, sk); | |
524 | } | |
525 | ||
526 | /** | |
527 | * | |
528 | * Requires: lock held on both @sk and @peer_sk | |
529 | */ | |
530 | int aa_unix_peer_perm(struct aa_label *label, const char *op, u32 request, | |
531 | struct sock *sk, struct sock *peer_sk, | |
532 | struct aa_label *peer_label) | |
533 | { | |
534 | struct unix_sock *peeru = unix_sk(peer_sk); | |
535 | struct unix_sock *u = unix_sk(sk); | |
536 | ||
537 | AA_BUG(!label); | |
538 | AA_BUG(!sk); | |
539 | AA_BUG(!peer_sk); | |
540 | ||
541 | if (UNIX_FS(aa_sock(peeru))) | |
542 | return unix_fs_perm(op, request, label, peeru, 0); | |
543 | else if (UNIX_FS(aa_sock(u))) | |
544 | return unix_fs_perm(op, request, label, u, 0); | |
545 | else { | |
546 | struct aa_profile *profile; | |
547 | DEFINE_AUDIT_SK(sa, op, sk); | |
548 | aad(&sa)->net.peer_sk = peer_sk; | |
549 | ||
550 | /* TODO: ns!!! */ | |
551 | if (!net_eq(sock_net(sk), sock_net(peer_sk))) { | |
552 | ; | |
553 | } | |
554 | ||
555 | if (unconfined(label)) | |
556 | return 0; | |
557 | ||
558 | return fn_for_each_confined(label, profile, | |
559 | profile_peer_perm(profile, op, request, sk, | |
560 | peer_sk, peer_label, &sa)); | |
561 | } | |
562 | } | |
563 | ||
564 | ||
565 | /* from net/unix/af_unix.c */ | |
566 | static void unix_state_double_lock(struct sock *sk1, struct sock *sk2) | |
567 | { | |
568 | if (unlikely(sk1 == sk2) || !sk2) { | |
569 | unix_state_lock(sk1); | |
570 | return; | |
571 | } | |
572 | if (sk1 < sk2) { | |
573 | unix_state_lock(sk1); | |
574 | unix_state_lock_nested(sk2); | |
575 | } else { | |
576 | unix_state_lock(sk2); | |
577 | unix_state_lock_nested(sk1); | |
578 | } | |
579 | } | |
580 | ||
581 | static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2) | |
582 | { | |
583 | if (unlikely(sk1 == sk2) || !sk2) { | |
584 | unix_state_unlock(sk1); | |
585 | return; | |
586 | } | |
587 | unix_state_unlock(sk1); | |
588 | unix_state_unlock(sk2); | |
589 | } | |
590 | ||
591 | int aa_unix_file_perm(struct aa_label *label, const char *op, u32 request, | |
592 | struct socket *sock) | |
593 | { | |
594 | struct sock *peer_sk = NULL; | |
595 | u32 sk_req = request & ~NET_PEER_MASK; | |
596 | int error = 0; | |
597 | ||
598 | AA_BUG(!label); | |
599 | AA_BUG(!sock); | |
600 | AA_BUG(!sock->sk); | |
601 | AA_BUG(sock->sk->sk_family != AF_UNIX); | |
602 | ||
603 | /* TODO: update sock label with new task label */ | |
604 | unix_state_lock(sock->sk); | |
605 | peer_sk = unix_peer(sock->sk); | |
606 | if (peer_sk) | |
607 | sock_hold(peer_sk); | |
608 | if (!unix_connected(sock) && sk_req) { | |
609 | error = unix_label_sock_perm(label, op, sk_req, sock); | |
610 | if (!error) { | |
611 | // update label | |
612 | } | |
613 | } | |
614 | unix_state_unlock(sock->sk); | |
615 | if (!peer_sk) | |
616 | return error; | |
617 | ||
618 | unix_state_double_lock(sock->sk, peer_sk); | |
619 | if (UNIX_FS(sock->sk)) { | |
620 | error = unix_fs_perm(op, request, label, unix_sk(sock->sk), | |
621 | PATH_SOCK_COND); | |
622 | } else if (UNIX_FS(peer_sk)) { | |
623 | error = unix_fs_perm(op, request, label, unix_sk(peer_sk), | |
624 | PATH_SOCK_COND); | |
625 | } else { | |
626 | struct aa_sk_ctx *pctx = SK_CTX(peer_sk); | |
627 | if (sk_req) | |
628 | error = aa_unix_label_sk_perm(label, op, sk_req, | |
629 | sock->sk); | |
630 | last_error(error, | |
631 | xcheck(aa_unix_peer_perm(label, op, | |
632 | MAY_READ | MAY_WRITE, | |
633 | sock->sk, peer_sk, NULL), | |
634 | aa_unix_peer_perm(pctx->label, op, | |
635 | MAY_READ | MAY_WRITE, | |
636 | peer_sk, sock->sk, label))); | |
637 | } | |
638 | ||
639 | unix_state_double_unlock(sock->sk, peer_sk); | |
640 | sock_put(peer_sk); | |
641 | ||
642 | return error; | |
643 | } |