]>
Commit | Line | Data |
---|---|---|
6380bd8d JJ |
1 | /* |
2 | * AppArmor security module | |
3 | * | |
4 | * This file contains AppArmor file mediation function definitions. | |
5 | * | |
6 | * Copyright (C) 1998-2008 Novell/SUSE | |
7 | * Copyright 2009-2010 Canonical Ltd. | |
8 | * | |
9 | * This program is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU General Public License as | |
11 | * published by the Free Software Foundation, version 2 of the | |
12 | * License. | |
13 | */ | |
14 | ||
15 | #ifndef __AA_FILE_H | |
16 | #define __AA_FILE_H | |
17 | ||
6380bd8d JJ |
18 | #include "domain.h" |
19 | #include "match.h" | |
fc7e0b26 | 20 | #include "perms.h" |
6380bd8d JJ |
21 | |
22 | struct aa_profile; | |
37721e1b | 23 | struct path; |
6380bd8d | 24 | |
e53cfe6c | 25 | #define mask_mode_t(X) (X & (MAY_EXEC | MAY_WRITE | MAY_READ | MAY_APPEND)) |
6380bd8d JJ |
26 | |
27 | #define AA_AUDIT_FILE_MASK (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND |\ | |
28 | AA_MAY_CREATE | AA_MAY_DELETE | \ | |
e53cfe6c | 29 | AA_MAY_GETATTR | AA_MAY_SETATTR | \ |
6380bd8d JJ |
30 | AA_MAY_CHMOD | AA_MAY_CHOWN | AA_MAY_LOCK | \ |
31 | AA_EXEC_MMAP | AA_MAY_LINK) | |
32 | ||
2835a13b JJ |
33 | #define file_ctx(X) ((struct aa_file_ctx *)(X)->f_security) |
34 | ||
af7caa8f JJ |
35 | /* struct aa_file_ctx - the AppArmor context the file was opened in |
36 | * @perms: the permission the file was opened with | |
37 | * | |
38 | * The file_ctx could currently be directly stored in file->f_security | |
39 | * as the profile reference is now stored in the f_cred. However the | |
40 | * ctx struct will expand in the future so we keep the struct. | |
41 | */ | |
42 | struct aa_file_ctx { | |
e53cfe6c | 43 | u32 allow; |
af7caa8f JJ |
44 | }; |
45 | ||
46 | /** | |
2835a13b JJ |
47 | * aa_alloc_file_ctx - allocate file_ctx |
48 | * @label: initial label of task creating the file | |
af7caa8f JJ |
49 | * @gfp: gfp flags for allocation |
50 | * | |
51 | * Returns: file_ctx or NULL on failure | |
52 | */ | |
2835a13b | 53 | static inline struct aa_file_ctx *aa_alloc_file_ctx(gfp_t gfp) |
af7caa8f | 54 | { |
2835a13b JJ |
55 | struct aa_file_ctx *ctx; |
56 | ||
57 | ctx = kzalloc(sizeof(struct aa_file_ctx), gfp); | |
58 | ||
59 | return ctx; | |
af7caa8f JJ |
60 | } |
61 | ||
62 | /** | |
2835a13b | 63 | * aa_free_file_ctx - free a file_ctx |
af7caa8f JJ |
64 | * @ctx: file_ctx to free (MAYBE_NULL) |
65 | */ | |
2835a13b | 66 | static inline void aa_free_file_ctx(struct aa_file_ctx *ctx) |
af7caa8f JJ |
67 | { |
68 | if (ctx) | |
69 | kzfree(ctx); | |
70 | } | |
71 | ||
6380bd8d JJ |
72 | /* |
73 | * The xindex is broken into 3 parts | |
74 | * - index - an index into either the exec name table or the variable table | |
75 | * - exec type - which determines how the executable name and index are used | |
76 | * - flags - which modify how the destination name is applied | |
77 | */ | |
78 | #define AA_X_INDEX_MASK 0x03ff | |
79 | ||
80 | #define AA_X_TYPE_MASK 0x0c00 | |
81 | #define AA_X_TYPE_SHIFT 10 | |
82 | #define AA_X_NONE 0x0000 | |
83 | #define AA_X_NAME 0x0400 /* use executable name px */ | |
84 | #define AA_X_TABLE 0x0800 /* use a specified name ->n# */ | |
85 | ||
86 | #define AA_X_UNSAFE 0x1000 | |
87 | #define AA_X_CHILD 0x2000 /* make >AA_X_NONE apply to children */ | |
88 | #define AA_X_INHERIT 0x4000 | |
89 | #define AA_X_UNCONFINED 0x8000 | |
90 | ||
91 | /* AA_SECURE_X_NEEDED - is passed in the bprm->unsafe field */ | |
92 | #define AA_SECURE_X_NEEDED 0x8000 | |
93 | ||
94 | /* need to make conditional which ones are being set */ | |
95 | struct path_cond { | |
2db81452 | 96 | kuid_t uid; |
6380bd8d JJ |
97 | umode_t mode; |
98 | }; | |
99 | ||
6380bd8d JJ |
100 | #define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill) |
101 | ||
102 | /* FIXME: split perms from dfa and match this to description | |
103 | * also add delegation info. | |
104 | */ | |
105 | static inline u16 dfa_map_xindex(u16 mask) | |
106 | { | |
107 | u16 old_index = (mask >> 10) & 0xf; | |
108 | u16 index = 0; | |
109 | ||
110 | if (mask & 0x100) | |
111 | index |= AA_X_UNSAFE; | |
112 | if (mask & 0x200) | |
113 | index |= AA_X_INHERIT; | |
114 | if (mask & 0x80) | |
115 | index |= AA_X_UNCONFINED; | |
116 | ||
117 | if (old_index == 1) { | |
118 | index |= AA_X_UNCONFINED; | |
119 | } else if (old_index == 2) { | |
120 | index |= AA_X_NAME; | |
121 | } else if (old_index == 3) { | |
122 | index |= AA_X_NAME | AA_X_CHILD; | |
8b964eae | 123 | } else if (old_index) { |
6380bd8d JJ |
124 | index |= AA_X_TABLE; |
125 | index |= old_index - 4; | |
126 | } | |
127 | ||
128 | return index; | |
129 | } | |
130 | ||
131 | /* | |
132 | * map old dfa inline permissions to new format | |
133 | */ | |
134 | #define dfa_user_allow(dfa, state) (((ACCEPT_TABLE(dfa)[state]) & 0x7f) | \ | |
135 | ((ACCEPT_TABLE(dfa)[state]) & 0x80000000)) | |
136 | #define dfa_user_audit(dfa, state) ((ACCEPT_TABLE2(dfa)[state]) & 0x7f) | |
137 | #define dfa_user_quiet(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 7) & 0x7f) | |
138 | #define dfa_user_xindex(dfa, state) \ | |
139 | (dfa_map_xindex(ACCEPT_TABLE(dfa)[state] & 0x3fff)) | |
140 | ||
141 | #define dfa_other_allow(dfa, state) ((((ACCEPT_TABLE(dfa)[state]) >> 14) & \ | |
142 | 0x7f) | \ | |
143 | ((ACCEPT_TABLE(dfa)[state]) & 0x80000000)) | |
144 | #define dfa_other_audit(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 14) & 0x7f) | |
145 | #define dfa_other_quiet(dfa, state) \ | |
146 | ((((ACCEPT_TABLE2(dfa)[state]) >> 7) >> 14) & 0x7f) | |
147 | #define dfa_other_xindex(dfa, state) \ | |
148 | dfa_map_xindex((ACCEPT_TABLE(dfa)[state] >> 14) & 0x3fff) | |
149 | ||
2d679f3c | 150 | int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms, |
ef88a7ac | 151 | const char *op, u32 request, const char *name, |
2db81452 | 152 | const char *target, kuid_t ouid, const char *info, int error); |
6380bd8d JJ |
153 | |
154 | /** | |
155 | * struct aa_file_rules - components used for file rule permissions | |
156 | * @dfa: dfa to match path names and conditionals against | |
157 | * @perms: permission table indexed by the matched state accept entry of @dfa | |
158 | * @trans: transition table for indexed by named x transitions | |
159 | * | |
160 | * File permission are determined by matching a path against @dfa and then | |
161 | * then using the value of the accept entry for the matching state as | |
162 | * an index into @perms. If a named exec transition is required it is | |
163 | * looked up in the transition table. | |
164 | */ | |
165 | struct aa_file_rules { | |
166 | unsigned int start; | |
167 | struct aa_dfa *dfa; | |
168 | /* struct perms perms; */ | |
169 | struct aa_domain trans; | |
170 | /* TODO: add delegate table */ | |
171 | }; | |
172 | ||
2d679f3c JJ |
173 | struct aa_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state, |
174 | struct path_cond *cond); | |
6380bd8d JJ |
175 | unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, |
176 | const char *name, struct path_cond *cond, | |
2d679f3c | 177 | struct aa_perms *perms); |
6380bd8d | 178 | |
47f6e5cc JJ |
179 | int aa_path_perm(const char *op, struct aa_profile *profile, |
180 | const struct path *path, int flags, u32 request, | |
181 | struct path_cond *cond); | |
6380bd8d JJ |
182 | |
183 | int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, | |
3539aaf6 | 184 | const struct path *new_dir, struct dentry *new_dentry); |
6380bd8d | 185 | |
47f6e5cc | 186 | int aa_file_perm(const char *op, struct aa_profile *profile, struct file *file, |
6380bd8d JJ |
187 | u32 request); |
188 | ||
192ca6b5 JJ |
189 | void aa_inherit_files(const struct cred *cred, struct files_struct *files); |
190 | ||
6380bd8d JJ |
191 | static inline void aa_free_file_rules(struct aa_file_rules *rules) |
192 | { | |
193 | aa_put_dfa(rules->dfa); | |
194 | aa_free_domain_entries(&rules->trans); | |
195 | } | |
196 | ||
6380bd8d JJ |
197 | /** |
198 | * aa_map_file_perms - map file flags to AppArmor permissions | |
199 | * @file: open file to map flags to AppArmor permissions | |
200 | * | |
201 | * Returns: apparmor permission set for the file | |
202 | */ | |
203 | static inline u32 aa_map_file_to_perms(struct file *file) | |
204 | { | |
53fe8b99 JJ |
205 | int flags = file->f_flags; |
206 | u32 perms = 0; | |
207 | ||
208 | if (file->f_mode & FMODE_WRITE) | |
209 | perms |= MAY_WRITE; | |
210 | if (file->f_mode & FMODE_READ) | |
211 | perms |= MAY_READ; | |
6380bd8d JJ |
212 | |
213 | if ((flags & O_APPEND) && (perms & MAY_WRITE)) | |
214 | perms = (perms & ~MAY_WRITE) | MAY_APPEND; | |
215 | /* trunc implies write permission */ | |
216 | if (flags & O_TRUNC) | |
217 | perms |= MAY_WRITE; | |
218 | if (flags & O_CREAT) | |
219 | perms |= AA_MAY_CREATE; | |
220 | ||
221 | return perms; | |
222 | } | |
223 | ||
224 | #endif /* __AA_FILE_H */ |