]>
Commit | Line | Data |
---|---|---|
fd1cafbb JJ |
1 | /* |
2 | * AppArmor security module | |
3 | * | |
4 | * This file contains AppArmor af_unix fine grained mediation | |
5 | * | |
6 | * Copyright 2014 Canonical Ltd. | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or | |
9 | * modify it under the terms of the GNU General Public License as | |
10 | * published by the Free Software Foundation, version 2 of the | |
11 | * License. | |
12 | */ | |
13 | ||
14 | #include <net/tcp_states.h> | |
15 | ||
16 | #include "include/af_unix.h" | |
17 | #include "include/apparmor.h" | |
18 | #include "include/context.h" | |
19 | #include "include/file.h" | |
20 | #include "include/label.h" | |
21 | #include "include/path.h" | |
22 | #include "include/policy.h" | |
23 | ||
24 | static inline struct sock *aa_sock(struct unix_sock *u) | |
25 | { | |
26 | return &u->sk; | |
27 | } | |
28 | ||
29 | static inline int unix_fs_perm(const char *op, u32 mask, struct aa_label *label, | |
30 | struct unix_sock *u, int flags) | |
31 | { | |
32 | AA_BUG(!label); | |
33 | AA_BUG(!u); | |
34 | AA_BUG(!UNIX_FS(aa_sock(u))); | |
35 | ||
36 | if (unconfined(label) || !LABEL_MEDIATES(label, AA_CLASS_FILE)) | |
37 | return 0; | |
38 | ||
39 | mask &= NET_FS_PERMS; | |
40 | if (!u->path.dentry) { | |
41 | struct path_cond cond = { }; | |
42 | struct aa_perms perms = { }; | |
43 | struct aa_profile *profile; | |
44 | ||
45 | /* socket path has been cleared because it is being shutdown | |
46 | * can only fall back to original sun_path request | |
47 | */ | |
48 | struct aa_sk_ctx *ctx = SK_CTX(&u->sk); | |
49 | if (ctx->path.dentry) | |
50 | return aa_path_perm(op, label, &ctx->path, flags, mask, | |
51 | &cond); | |
52 | return fn_for_each_confined(label, profile, | |
53 | ((flags | profile->path_flags) & PATH_MEDIATE_DELETED) ? | |
54 | __aa_path_perm(op, profile, | |
55 | u->addr->name->sun_path, mask, | |
56 | &cond, flags, &perms) : | |
57 | aa_audit_file(profile, &nullperms, op, mask, | |
58 | u->addr->name->sun_path, NULL, | |
59 | NULL, cond.uid, | |
60 | "Failed name lookup - " | |
61 | "deleted entry", -EACCES)); | |
62 | } else { | |
63 | /* the sunpath may not be valid for this ns so use the path */ | |
64 | struct path_cond cond = { u->path.dentry->d_inode->i_uid, | |
65 | u->path.dentry->d_inode->i_mode | |
66 | }; | |
67 | ||
68 | return aa_path_perm(op, label, &u->path, flags, mask, &cond); | |
69 | } | |
70 | ||
71 | return 0; | |
72 | } | |
73 | ||
74 | /* passing in state returned by PROFILE_MEDIATES_AF */ | |
75 | static unsigned int match_to_prot(struct aa_profile *profile, | |
76 | unsigned int state, int type, int protocol, | |
77 | const char **info) | |
78 | { | |
79 | __be16 buffer[2]; | |
80 | buffer[0] = cpu_to_be16(type); | |
81 | buffer[1] = cpu_to_be16(protocol); | |
82 | state = aa_dfa_match_len(profile->policy.dfa, state, (char *) &buffer, | |
83 | 4); | |
84 | if (!state) | |
85 | *info = "failed type and protocol match"; | |
86 | return state; | |
87 | } | |
88 | ||
89 | static unsigned int match_addr(struct aa_profile *profile, unsigned int state, | |
90 | struct sockaddr_un *addr, int addrlen) | |
91 | { | |
92 | if (addr) | |
93 | /* include leading \0 */ | |
94 | state = aa_dfa_match_len(profile->policy.dfa, state, | |
95 | addr->sun_path, | |
96 | unix_addr_len(addrlen)); | |
97 | else | |
98 | /* anonymous end point */ | |
99 | state = aa_dfa_match_len(profile->policy.dfa, state, "\x01", | |
100 | 1); | |
101 | /* todo change to out of band */ | |
102 | state = aa_dfa_null_transition(profile->policy.dfa, state); | |
103 | return state; | |
104 | } | |
105 | ||
106 | static unsigned int match_to_local(struct aa_profile *profile, | |
107 | unsigned int state, int type, int protocol, | |
108 | struct sockaddr_un *addr, int addrlen, | |
109 | const char **info) | |
110 | { | |
111 | state = match_to_prot(profile, state, type, protocol, info); | |
112 | if (state) { | |
113 | state = match_addr(profile, state, addr, addrlen); | |
114 | if (state) { | |
115 | /* todo: local label matching */ | |
116 | state = aa_dfa_null_transition(profile->policy.dfa, | |
117 | state); | |
118 | if (!state) | |
119 | *info = "failed local label match"; | |
120 | } else | |
121 | *info = "failed local address match"; | |
122 | } | |
123 | ||
124 | return state; | |
125 | } | |
126 | ||
127 | static unsigned int match_to_sk(struct aa_profile *profile, | |
128 | unsigned int state, struct unix_sock *u, | |
129 | const char **info) | |
130 | { | |
131 | struct sockaddr_un *addr = NULL; | |
132 | int addrlen = 0; | |
133 | ||
134 | if (u->addr) { | |
135 | addr = u->addr->name; | |
136 | addrlen = u->addr->len; | |
137 | } | |
138 | ||
139 | return match_to_local(profile, state, u->sk.sk_type, u->sk.sk_protocol, | |
140 | addr, addrlen, info); | |
141 | } | |
142 | ||
143 | #define CMD_ADDR 1 | |
144 | #define CMD_LISTEN 2 | |
145 | #define CMD_OPT 4 | |
146 | ||
147 | static inline unsigned int match_to_cmd(struct aa_profile *profile, | |
148 | unsigned int state, struct unix_sock *u, | |
149 | char cmd, const char **info) | |
150 | { | |
151 | state = match_to_sk(profile, state, u, info); | |
152 | if (state) { | |
153 | state = aa_dfa_match_len(profile->policy.dfa, state, &cmd, 1); | |
154 | if (!state) | |
155 | *info = "failed cmd selection match"; | |
156 | } | |
157 | ||
158 | return state; | |
159 | } | |
160 | ||
161 | static inline unsigned int match_to_peer(struct aa_profile *profile, | |
162 | unsigned int state, | |
163 | struct unix_sock *u, | |
164 | struct sockaddr_un *peer_addr, | |
165 | int peer_addrlen, | |
166 | const char **info) | |
167 | { | |
168 | state = match_to_cmd(profile, state, u, CMD_ADDR, info); | |
169 | if (state) { | |
170 | state = match_addr(profile, state, peer_addr, peer_addrlen); | |
171 | if (!state) | |
172 | *info = "failed peer address match"; | |
173 | } | |
174 | return state; | |
175 | } | |
176 | ||
177 | static int do_perms(struct aa_profile *profile, unsigned int state, u32 request, | |
178 | struct common_audit_data *sa) | |
179 | { | |
180 | struct aa_perms perms; | |
181 | ||
182 | AA_BUG(!profile); | |
183 | ||
184 | aa_compute_perms(profile->policy.dfa, state, &perms); | |
185 | aa_apply_modes_to_perms(profile, &perms); | |
186 | return aa_check_perms(profile, &perms, request, sa, | |
187 | audit_net_cb); | |
188 | } | |
189 | ||
190 | static int match_label(struct aa_profile *profile, struct aa_profile *peer, | |
191 | unsigned int state, u32 request, | |
192 | struct common_audit_data *sa) | |
193 | { | |
194 | AA_BUG(!profile); | |
195 | AA_BUG(!peer); | |
196 | ||
197 | aad(sa)->peer = &peer->label; | |
198 | ||
199 | if (state) { | |
200 | state = aa_dfa_match(profile->policy.dfa, state, | |
201 | peer->base.hname); | |
202 | if (!state) | |
203 | aad(sa)->info = "failed peer label match"; | |
204 | } | |
205 | return do_perms(profile, state, request, sa); | |
206 | } | |
207 | ||
208 | ||
209 | /* unix sock creation comes before we know if the socket will be an fs | |
210 | * socket | |
211 | * v6 - semantics are handled by mapping in profile load | |
212 | * v7 - semantics require sock create for tasks creating an fs socket. | |
213 | */ | |
214 | static int profile_create_perm(struct aa_profile *profile, int family, | |
215 | int type, int protocol) | |
216 | { | |
217 | unsigned int state; | |
218 | DEFINE_AUDIT_NET(sa, OP_CREATE, NULL, family, type, protocol); | |
219 | ||
220 | AA_BUG(!profile); | |
221 | AA_BUG(profile_unconfined(profile)); | |
222 | ||
223 | if ((state = PROFILE_MEDIATES_AF(profile, AF_UNIX))) { | |
224 | state = match_to_prot(profile, state, type, protocol, | |
225 | &aad(&sa)->info); | |
226 | return do_perms(profile, state, AA_MAY_CREATE, &sa); | |
227 | } | |
228 | ||
229 | return aa_profile_af_perm(profile, &sa, AA_MAY_CREATE, family, type); | |
230 | } | |
231 | ||
232 | int aa_unix_create_perm(struct aa_label *label, int family, int type, | |
233 | int protocol) | |
234 | { | |
235 | struct aa_profile *profile; | |
236 | ||
237 | if (unconfined(label)) | |
238 | return 0; | |
239 | ||
240 | return fn_for_each_confined(label, profile, | |
241 | profile_create_perm(profile, family, type, protocol)); | |
242 | } | |
243 | ||
244 | ||
245 | static inline int profile_sk_perm(struct aa_profile *profile, const char *op, | |
246 | u32 request, struct sock *sk) | |
247 | { | |
248 | unsigned int state; | |
249 | DEFINE_AUDIT_SK(sa, op, sk); | |
250 | ||
251 | AA_BUG(!profile); | |
252 | AA_BUG(!sk); | |
253 | AA_BUG(UNIX_FS(sk)); | |
254 | AA_BUG(profile_unconfined(profile)); | |
255 | ||
256 | state = PROFILE_MEDIATES_AF(profile, AF_UNIX); | |
257 | if (state) { | |
258 | state = match_to_sk(profile, state, unix_sk(sk), | |
259 | &aad(&sa)->info); | |
260 | return do_perms(profile, state, request, &sa); | |
261 | } | |
262 | ||
263 | return aa_profile_af_sk_perm(profile, &sa, request, sk); | |
264 | } | |
265 | ||
266 | int aa_unix_label_sk_perm(struct aa_label *label, const char *op, u32 request, | |
267 | struct sock *sk) | |
268 | { | |
269 | struct aa_profile *profile; | |
270 | ||
271 | return fn_for_each_confined(label, profile, | |
272 | profile_sk_perm(profile, op, request, sk)); | |
273 | } | |
274 | ||
275 | static int unix_label_sock_perm(struct aa_label *label, const char *op, u32 request, | |
276 | struct socket *sock) | |
277 | { | |
278 | if (unconfined(label)) | |
279 | return 0; | |
280 | if (UNIX_FS(sock->sk)) | |
281 | return unix_fs_perm(op, request, label, unix_sk(sock->sk), 0); | |
282 | ||
283 | return aa_unix_label_sk_perm(label, op, request, sock->sk); | |
284 | } | |
285 | ||
286 | /* revaliation, get/set attr */ | |
287 | int aa_unix_sock_perm(const char *op, u32 request, struct socket *sock) | |
288 | { | |
289 | struct aa_label *label; | |
290 | int error; | |
291 | ||
292 | label = begin_current_label_crit_section(); | |
293 | error = unix_label_sock_perm(label, op, request, sock); | |
294 | end_current_label_crit_section(label); | |
295 | ||
296 | return error; | |
297 | } | |
298 | ||
299 | static int profile_bind_perm(struct aa_profile *profile, struct sock *sk, | |
300 | struct sockaddr *addr, int addrlen) | |
301 | { | |
302 | unsigned int state; | |
303 | DEFINE_AUDIT_SK(sa, OP_BIND, sk); | |
304 | ||
305 | AA_BUG(!profile); | |
306 | AA_BUG(!sk); | |
307 | AA_BUG(addr->sa_family != AF_UNIX); | |
308 | AA_BUG(profile_unconfined(profile)); | |
309 | AA_BUG(unix_addr_fs(addr, addrlen)); | |
310 | ||
311 | state = PROFILE_MEDIATES_AF(profile, AF_UNIX); | |
312 | if (state) { | |
313 | /* bind for abstract socket */ | |
314 | aad(&sa)->net.addr = unix_addr(addr); | |
315 | aad(&sa)->net.addrlen = addrlen; | |
316 | ||
317 | state = match_to_local(profile, state, | |
318 | sk->sk_type, sk->sk_protocol, | |
319 | unix_addr(addr), addrlen, | |
320 | &aad(&sa)->info); | |
321 | return do_perms(profile, state, AA_MAY_BIND, &sa); | |
322 | } | |
323 | ||
324 | return aa_profile_af_sk_perm(profile, &sa, AA_MAY_BIND, sk); | |
325 | } | |
326 | ||
327 | int aa_unix_bind_perm(struct socket *sock, struct sockaddr *address, | |
328 | int addrlen) | |
329 | { | |
330 | struct aa_profile *profile; | |
331 | struct aa_label *label; | |
332 | int error = 0; | |
333 | ||
334 | label = begin_current_label_crit_section(); | |
335 | /* fs bind is handled by mknod */ | |
336 | if (!(unconfined(label) || unix_addr_fs(address, addrlen))) | |
337 | error = fn_for_each_confined(label, profile, | |
338 | profile_bind_perm(profile, sock->sk, address, | |
339 | addrlen)); | |
340 | end_current_label_crit_section(label); | |
341 | ||
342 | return error; | |
343 | } | |
344 | ||
345 | int aa_unix_connect_perm(struct socket *sock, struct sockaddr *address, | |
346 | int addrlen) | |
347 | { | |
348 | /* unix connections are covered by the | |
349 | * - unix_stream_connect (stream) and unix_may_send hooks (dgram) | |
350 | * - fs connect is handled by open | |
351 | */ | |
352 | return 0; | |
353 | } | |
354 | ||
355 | static int profile_listen_perm(struct aa_profile *profile, struct sock *sk, | |
356 | int backlog) | |
357 | { | |
358 | unsigned int state; | |
359 | DEFINE_AUDIT_SK(sa, OP_LISTEN, sk); | |
360 | ||
361 | AA_BUG(!profile); | |
362 | AA_BUG(!sk); | |
363 | AA_BUG(UNIX_FS(sk)); | |
364 | AA_BUG(profile_unconfined(profile)); | |
365 | ||
366 | state = PROFILE_MEDIATES_AF(profile, AF_UNIX); | |
367 | if (state) { | |
368 | __be16 b = cpu_to_be16(backlog); | |
369 | ||
370 | state = match_to_cmd(profile, state, unix_sk(sk), CMD_LISTEN, | |
371 | &aad(&sa)->info); | |
372 | if (state) { | |
373 | state = aa_dfa_match_len(profile->policy.dfa, state, | |
374 | (char *) &b, 2); | |
375 | if (!state) | |
376 | aad(&sa)->info = "failed listen backlog match"; | |
377 | } | |
378 | return do_perms(profile, state, AA_MAY_LISTEN, &sa); | |
379 | } | |
380 | ||
381 | return aa_profile_af_sk_perm(profile, &sa, AA_MAY_LISTEN, sk); | |
382 | } | |
383 | ||
384 | int aa_unix_listen_perm(struct socket *sock, int backlog) | |
385 | { | |
386 | struct aa_profile *profile; | |
387 | struct aa_label *label; | |
388 | int error = 0; | |
389 | ||
390 | label = begin_current_label_crit_section(); | |
391 | if (!(unconfined(label) || UNIX_FS(sock->sk))) | |
392 | error = fn_for_each_confined(label, profile, | |
393 | profile_listen_perm(profile, sock->sk, | |
394 | backlog)); | |
395 | end_current_label_crit_section(label); | |
396 | ||
397 | return error; | |
398 | } | |
399 | ||
400 | ||
401 | static inline int profile_accept_perm(struct aa_profile *profile, | |
402 | struct sock *sk, | |
403 | struct sock *newsk) | |
404 | { | |
405 | unsigned int state; | |
406 | DEFINE_AUDIT_SK(sa, OP_ACCEPT, sk); | |
407 | ||
408 | AA_BUG(!profile); | |
409 | AA_BUG(!sk); | |
410 | AA_BUG(UNIX_FS(sk)); | |
411 | AA_BUG(profile_unconfined(profile)); | |
412 | ||
413 | state = PROFILE_MEDIATES_AF(profile, AF_UNIX); | |
414 | if (state) { | |
415 | state = match_to_sk(profile, state, unix_sk(sk), | |
416 | &aad(&sa)->info); | |
417 | return do_perms(profile, state, AA_MAY_ACCEPT, &sa); | |
418 | } | |
419 | ||
420 | return aa_profile_af_sk_perm(profile, &sa, AA_MAY_ACCEPT, sk); | |
421 | } | |
422 | ||
423 | /* ability of sock to connect, not peer address binding */ | |
424 | int aa_unix_accept_perm(struct socket *sock, struct socket *newsock) | |
425 | { | |
426 | struct aa_profile *profile; | |
427 | struct aa_label *label; | |
428 | int error = 0; | |
429 | ||
430 | label = begin_current_label_crit_section(); | |
431 | if (!(unconfined(label) || UNIX_FS(sock->sk))) | |
432 | error = fn_for_each_confined(label, profile, | |
433 | profile_accept_perm(profile, sock->sk, | |
434 | newsock->sk)); | |
435 | end_current_label_crit_section(label); | |
436 | ||
437 | return error; | |
438 | } | |
439 | ||
440 | ||
441 | /* dgram handled by unix_may_sendmsg, right to send on stream done at connect | |
442 | * could do per msg unix_stream here | |
443 | */ | |
444 | /* sendmsg, recvmsg */ | |
445 | int aa_unix_msg_perm(const char *op, u32 request, struct socket *sock, | |
446 | struct msghdr *msg, int size) | |
447 | { | |
448 | return 0; | |
449 | } | |
450 | ||
451 | ||
452 | static int profile_opt_perm(struct aa_profile *profile, const char *op, u32 request, | |
453 | struct sock *sk, int level, int optname) | |
454 | { | |
455 | unsigned int state; | |
456 | DEFINE_AUDIT_SK(sa, op, sk); | |
457 | ||
458 | AA_BUG(!profile); | |
459 | AA_BUG(!sk); | |
460 | AA_BUG(UNIX_FS(sk)); | |
461 | AA_BUG(profile_unconfined(profile)); | |
462 | ||
463 | state = PROFILE_MEDIATES_AF(profile, AF_UNIX); | |
464 | if (state) { | |
465 | __be16 b = cpu_to_be16(optname); | |
466 | ||
467 | state = match_to_cmd(profile, state, unix_sk(sk), CMD_OPT, | |
468 | &aad(&sa)->info); | |
469 | if (state) { | |
470 | state = aa_dfa_match_len(profile->policy.dfa, state, | |
471 | (char *) &b, 2); | |
472 | if (!state) | |
473 | aad(&sa)->info = "failed sockopt match"; | |
474 | } | |
475 | return do_perms(profile, state, request, &sa); | |
476 | } | |
477 | ||
478 | return aa_profile_af_sk_perm(profile, &sa, request, sk); | |
479 | } | |
480 | ||
481 | int aa_unix_opt_perm(const char *op, u32 request, struct socket *sock, int level, | |
482 | int optname) | |
483 | { | |
484 | struct aa_profile *profile; | |
485 | struct aa_label *label; | |
486 | int error = 0; | |
487 | ||
488 | label = begin_current_label_crit_section(); | |
489 | if (!(unconfined(label) || UNIX_FS(sock->sk))) | |
490 | error = fn_for_each_confined(label, profile, | |
491 | profile_opt_perm(profile, op, request, | |
492 | sock->sk, level, optname)); | |
493 | end_current_label_crit_section(label); | |
494 | ||
495 | return error; | |
496 | } | |
497 | ||
498 | /* null peer_label is allowed, in which case the peer_sk label is used */ | |
499 | static int profile_peer_perm(struct aa_profile *profile, const char *op, u32 request, | |
500 | struct sock *sk, struct sock *peer_sk, | |
501 | struct aa_label *peer_label, | |
502 | struct common_audit_data *sa) | |
503 | { | |
504 | unsigned int state; | |
505 | ||
506 | AA_BUG(!profile); | |
507 | AA_BUG(profile_unconfined(profile)); | |
508 | AA_BUG(!sk); | |
509 | AA_BUG(!peer_sk); | |
510 | AA_BUG(UNIX_FS(peer_sk)); | |
511 | ||
512 | state = PROFILE_MEDIATES_AF(profile, AF_UNIX); | |
513 | if (state) { | |
514 | struct aa_sk_ctx *peer_ctx = SK_CTX(peer_sk); | |
515 | struct aa_profile *peerp; | |
516 | struct sockaddr_un *addr = NULL; | |
517 | int len = 0; | |
518 | if (unix_sk(peer_sk)->addr) { | |
519 | addr = unix_sk(peer_sk)->addr->name; | |
520 | len = unix_sk(peer_sk)->addr->len; | |
521 | } | |
522 | state = match_to_peer(profile, state, unix_sk(sk), | |
523 | addr, len, &aad(sa)->info); | |
524 | if (!peer_label) | |
525 | peer_label = peer_ctx->label; | |
526 | return fn_for_each_in_ns(peer_label, peerp, | |
527 | match_label(profile, peerp, state, request, | |
528 | sa)); | |
529 | } | |
530 | ||
531 | return aa_profile_af_sk_perm(profile, sa, request, sk); | |
532 | } | |
533 | ||
534 | /** | |
535 | * | |
536 | * Requires: lock held on both @sk and @peer_sk | |
537 | */ | |
538 | int aa_unix_peer_perm(struct aa_label *label, const char *op, u32 request, | |
539 | struct sock *sk, struct sock *peer_sk, | |
540 | struct aa_label *peer_label) | |
541 | { | |
542 | struct unix_sock *peeru = unix_sk(peer_sk); | |
543 | struct unix_sock *u = unix_sk(sk); | |
544 | ||
545 | AA_BUG(!label); | |
546 | AA_BUG(!sk); | |
547 | AA_BUG(!peer_sk); | |
548 | ||
549 | if (UNIX_FS(aa_sock(peeru))) | |
550 | return unix_fs_perm(op, request, label, peeru, 0); | |
551 | else if (UNIX_FS(aa_sock(u))) | |
552 | return unix_fs_perm(op, request, label, u, 0); | |
553 | else { | |
554 | struct aa_profile *profile; | |
555 | DEFINE_AUDIT_SK(sa, op, sk); | |
556 | aad(&sa)->net.peer_sk = peer_sk; | |
557 | ||
558 | /* TODO: ns!!! */ | |
559 | if (!net_eq(sock_net(sk), sock_net(peer_sk))) { | |
560 | ; | |
561 | } | |
562 | ||
563 | if (unconfined(label)) | |
564 | return 0; | |
565 | ||
566 | return fn_for_each_confined(label, profile, | |
567 | profile_peer_perm(profile, op, request, sk, | |
568 | peer_sk, peer_label, &sa)); | |
569 | } | |
570 | } | |
571 | ||
572 | ||
573 | /* from net/unix/af_unix.c */ | |
574 | static void unix_state_double_lock(struct sock *sk1, struct sock *sk2) | |
575 | { | |
576 | if (unlikely(sk1 == sk2) || !sk2) { | |
577 | unix_state_lock(sk1); | |
578 | return; | |
579 | } | |
580 | if (sk1 < sk2) { | |
581 | unix_state_lock(sk1); | |
582 | unix_state_lock_nested(sk2); | |
583 | } else { | |
584 | unix_state_lock(sk2); | |
585 | unix_state_lock_nested(sk1); | |
586 | } | |
587 | } | |
588 | ||
589 | static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2) | |
590 | { | |
591 | if (unlikely(sk1 == sk2) || !sk2) { | |
592 | unix_state_unlock(sk1); | |
593 | return; | |
594 | } | |
595 | unix_state_unlock(sk1); | |
596 | unix_state_unlock(sk2); | |
597 | } | |
598 | ||
599 | int aa_unix_file_perm(struct aa_label *label, const char *op, u32 request, | |
600 | struct socket *sock) | |
601 | { | |
602 | struct sock *peer_sk = NULL; | |
603 | u32 sk_req = request & ~NET_PEER_MASK; | |
604 | int error = 0; | |
605 | ||
606 | AA_BUG(!label); | |
607 | AA_BUG(!sock); | |
608 | AA_BUG(!sock->sk); | |
609 | AA_BUG(sock->sk->sk_family != AF_UNIX); | |
610 | ||
611 | /* TODO: update sock label with new task label */ | |
612 | unix_state_lock(sock->sk); | |
613 | peer_sk = unix_peer(sock->sk); | |
614 | if (peer_sk) | |
615 | sock_hold(peer_sk); | |
616 | if (!unix_connected(sock) && sk_req) { | |
617 | error = unix_label_sock_perm(label, op, sk_req, sock); | |
618 | if (!error) { | |
619 | // update label | |
620 | } | |
621 | } | |
622 | unix_state_unlock(sock->sk); | |
623 | if (!peer_sk) | |
624 | return error; | |
625 | ||
626 | unix_state_double_lock(sock->sk, peer_sk); | |
627 | if (UNIX_FS(sock->sk)) { | |
628 | error = unix_fs_perm(op, request, label, unix_sk(sock->sk), | |
629 | PATH_SOCK_COND); | |
630 | } else if (UNIX_FS(peer_sk)) { | |
631 | error = unix_fs_perm(op, request, label, unix_sk(peer_sk), | |
632 | PATH_SOCK_COND); | |
633 | } else { | |
634 | struct aa_sk_ctx *pctx = SK_CTX(peer_sk); | |
635 | if (sk_req) | |
636 | error = aa_unix_label_sk_perm(label, op, sk_req, | |
637 | sock->sk); | |
638 | last_error(error, | |
639 | xcheck(aa_unix_peer_perm(label, op, | |
640 | MAY_READ | MAY_WRITE, | |
641 | sock->sk, peer_sk, NULL), | |
642 | aa_unix_peer_perm(pctx->label, op, | |
643 | MAY_READ | MAY_WRITE, | |
644 | peer_sk, sock->sk, label))); | |
645 | } | |
646 | ||
647 | unix_state_double_unlock(sock->sk, peer_sk); | |
648 | sock_put(peer_sk); | |
649 | ||
650 | return error; | |
651 | } |