[mirror_ubuntu-artful-kernel.git] / security / apparmor / capability.c

/*
 * AppArmor security module
 *
 * This file contains AppArmor capability mediation functions
 *
 * Copyright (C) 1998-2008 Novell/SUSE
 * Copyright 2009-2010 Canonical Ltd.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation, version 2 of the
 * License.
 */

#include <linux/capability.h>
#include <linux/errno.h>
#include <linux/gfp.h>
#include <linux/security.h>

#include "include/apparmor.h"
#include "include/capability.h"
#include "include/context.h"
#include "include/policy.h"
#include "include/audit.h"

/*
 * Table of capability names: we generate it from capabilities.h.
 */
#include "capability_names.h"

struct aa_fs_entry aa_fs_entry_caps[] = {
	AA_FS_FILE_STRING("mask", AA_FS_CAPS_MASK),
	{ }
};

struct audit_cache {
	struct aa_profile *profile;
	kernel_cap_t caps;
};

static DEFINE_PER_CPU(struct audit_cache, audit_cache);

/**
 * audit_cb - call back for capability components of audit struct
 * @ab - audit buffer   (NOT NULL)
 * @va - audit struct to audit data from  (NOT NULL)
 */
static void audit_cb(struct audit_buffer *ab, void *va)
{
	struct common_audit_data *sa = va;
	audit_log_format(ab, " capname=");
	audit_log_untrustedstring(ab, capability_names[sa->u.cap]);
}

/**
 * audit_caps - audit a capability
 * @profile: profile being tested for confinement (NOT NULL)
 * @cap: capability tested
 @audit: whether an audit record should be generated
 * @error: error code returned by test
 *
 * Do auditing of capability and handle, audit/complain/kill modes switching
 * and duplicate message elimination.
 *
 * Returns: 0 or sa->error on success,  error code on failure
 */
static int audit_caps(struct aa_profile *profile, int cap, int audit,
		      int error)
{
	struct audit_cache *ent;
	int type = AUDIT_APPARMOR_AUTO;
	DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_CAP, OP_CAPABLE);
	sa.u.cap = cap;
	aad(&sa)->error = error;
	if (audit == SECURITY_CAP_NOAUDIT)
		aad(&sa)->info = "optional: no audit";

	if (likely(!error)) {
		/* test if auditing is being forced */
		if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
			   !cap_raised(profile->caps.audit, cap)))
			return 0;
		type = AUDIT_APPARMOR_AUDIT;
	} else if (KILL_MODE(profile) ||
		   cap_raised(profile->caps.kill, cap)) {
		type = AUDIT_APPARMOR_KILL;
	} else if (cap_raised(profile->caps.quiet, cap) &&
		   AUDIT_MODE(profile) != AUDIT_NOQUIET &&
		   AUDIT_MODE(profile) != AUDIT_ALL) {
		/* quiet auditing */
		return error;
	}

	/* Do simple duplicate message elimination */
	ent = &get_cpu_var(audit_cache);
	if (profile == ent->profile && cap_raised(ent->caps, cap)) {
		put_cpu_var(audit_cache);
		if (COMPLAIN_MODE(profile))
			return complain_error(error);
		return error;
	} else {
		aa_put_profile(ent->profile);
		ent->profile = aa_get_profile(profile);
		cap_raise(ent->caps, cap);
	}
	put_cpu_var(audit_cache);

	return aa_audit(type, profile, &sa, audit_cb);
}

/**
 * profile_capable - test if profile allows use of capability @cap
 * @profile: profile being enforced    (NOT NULL, NOT unconfined)
 * @cap: capability to test if allowed
 *
 * Returns: 0 if allowed else -EPERM
 */
static int profile_capable(struct aa_profile *profile, int cap)
{
	return cap_raised(profile->caps.allow, cap) ? 0 : -EPERM;
}

/**
 * aa_capable - test permission to use capability
 * @profile: profile being tested against (NOT NULL)
 * @cap: capability to be tested
 * @audit: whether an audit record should be generated
 *
 * Look up capability in profile capability set.
 *
 * Returns: 0 on success, or else an error code.
 */
int aa_capable(struct aa_profile *profile, int cap, int audit)
{
	int error = profile_capable(profile, cap);

	if (audit == SECURITY_CAP_NOAUDIT) {
		if (!COMPLAIN_MODE(profile))
			return error;
	}

	return audit_caps(profile, cap, audit, error);
}
Commit	Line	Data
0ed3b28a JJ	1	/*
	2	* AppArmor security module
	3	*
	4	* This file contains AppArmor capability mediation functions
	5	*
	6	* Copyright (C) 1998-2008 Novell/SUSE
	7	* Copyright 2009-2010 Canonical Ltd.
	8	*
	9	* This program is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU General Public License as
	11	* published by the Free Software Foundation, version 2 of the
	12	* License.
	13	*/
	14
	15	#include <linux/capability.h>
	16	#include <linux/errno.h>
	17	#include <linux/gfp.h>
12eb87d5	18	#include <linux/security.h>
0ed3b28a JJ	19
	20	#include "include/apparmor.h"
	21	#include "include/capability.h"
	22	#include "include/context.h"
	23	#include "include/policy.h"
	24	#include "include/audit.h"
	25
	26	/*
	27	* Table of capability names: we generate it from capabilities.h.
	28	*/
	29	#include "capability_names.h"
	30
84f1f787 JJ	31	struct aa_fs_entry aa_fs_entry_caps[] = {
	32	AA_FS_FILE_STRING("mask", AA_FS_CAPS_MASK),
	33	{ }
	34	};
	35
0ed3b28a JJ	36	struct audit_cache {
	37	struct aa_profile *profile;
	38	kernel_cap_t caps;
	39	};
	40
	41	static DEFINE_PER_CPU(struct audit_cache, audit_cache);
	42
	43	/**
	44	* audit_cb - call back for capability components of audit struct
	45	* @ab - audit buffer (NOT NULL)
	46	* @va - audit struct to audit data from (NOT NULL)
	47	*/
	48	static void audit_cb(struct audit_buffer ab, void va)
	49	{
	50	struct common_audit_data *sa = va;
	51	audit_log_format(ab, " capname=");
	52	audit_log_untrustedstring(ab, capability_names[sa->u.cap]);
	53	}
	54
	55	/**
	56	* audit_caps - audit a capability
dd0c6e86	57	* @profile: profile being tested for confinement (NOT NULL)
0ed3b28a	58	* @cap: capability tested
12eb87d5	59	@audit: whether an audit record should be generated
0ed3b28a JJ	60	* @error: error code returned by test
	61	*
	62	* Do auditing of capability and handle, audit/complain/kill modes switching
	63	* and duplicate message elimination.
	64	*
	65	* Returns: 0 or sa->error on success, error code on failure
	66	*/
12eb87d5 JJ	67	static int audit_caps(struct aa_profile *profile, int cap, int audit,
12eb87d5 JJ	68	int error)
0ed3b28a JJ	69	{
	70	struct audit_cache *ent;
	71	int type = AUDIT_APPARMOR_AUTO;
ef88a7ac	72	DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_CAP, OP_CAPABLE);
0ed3b28a	73	sa.u.cap = cap;
ef88a7ac	74	aad(&sa)->error = error;
12eb87d5 JJ	75	if (audit == SECURITY_CAP_NOAUDIT)
12eb87d5 JJ	76	aad(&sa)->info = "optional: no audit";
0ed3b28a JJ	77
	78	if (likely(!error)) {
	79	/* test if auditing is being forced */
	80	if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
	81	!cap_raised(profile->caps.audit, cap)))
	82	return 0;
	83	type = AUDIT_APPARMOR_AUDIT;
	84	} else if (KILL_MODE(profile) \|\|
	85	cap_raised(profile->caps.kill, cap)) {
	86	type = AUDIT_APPARMOR_KILL;
	87	} else if (cap_raised(profile->caps.quiet, cap) &&
	88	AUDIT_MODE(profile) != AUDIT_NOQUIET &&
	89	AUDIT_MODE(profile) != AUDIT_ALL) {
	90	/* quiet auditing */
	91	return error;
	92	}
	93
	94	/* Do simple duplicate message elimination */
	95	ent = &get_cpu_var(audit_cache);
	96	if (profile == ent->profile && cap_raised(ent->caps, cap)) {
	97	put_cpu_var(audit_cache);
	98	if (COMPLAIN_MODE(profile))
	99	return complain_error(error);
	100	return error;
	101	} else {
	102	aa_put_profile(ent->profile);
	103	ent->profile = aa_get_profile(profile);
	104	cap_raise(ent->caps, cap);
	105	}
	106	put_cpu_var(audit_cache);
	107
ef88a7ac	108	return aa_audit(type, profile, &sa, audit_cb);
0ed3b28a JJ	109	}
	110
	111	/**
	112	* profile_capable - test if profile allows use of capability @cap
	113	* @profile: profile being enforced (NOT NULL, NOT unconfined)
	114	* @cap: capability to test if allowed
	115	*
	116	* Returns: 0 if allowed else -EPERM
	117	*/
	118	static int profile_capable(struct aa_profile *profile, int cap)
	119	{
	120	return cap_raised(profile->caps.allow, cap) ? 0 : -EPERM;
	121	}
	122
	123	/**
	124	* aa_capable - test permission to use capability
dd0c6e86	125	* @profile: profile being tested against (NOT NULL)
0ed3b28a JJ	126	* @cap: capability to be tested
	127	* @audit: whether an audit record should be generated
	128	*
	129	* Look up capability in profile capability set.
	130	*
	131	* Returns: 0 on success, or else an error code.
	132	*/
dd0c6e86	133	int aa_capable(struct aa_profile *profile, int cap, int audit)
0ed3b28a JJ	134	{
	135	int error = profile_capable(profile, cap);
	136
12eb87d5 JJ	137	if (audit == SECURITY_CAP_NOAUDIT) {
	138	if (!COMPLAIN_MODE(profile))
	139	return error;
0ed3b28a JJ	140	}
0ed3b28a JJ	141
12eb87d5	142	return audit_caps(profile, cap, audit, error);
0ed3b28a	143	}