]>
Commit | Line | Data |
---|---|---|
6380bd8d JJ |
1 | /* |
2 | * AppArmor security module | |
3 | * | |
4 | * This file contains AppArmor file mediation function definitions. | |
5 | * | |
6 | * Copyright (C) 1998-2008 Novell/SUSE | |
7 | * Copyright 2009-2010 Canonical Ltd. | |
8 | * | |
9 | * This program is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU General Public License as | |
11 | * published by the Free Software Foundation, version 2 of the | |
12 | * License. | |
13 | */ | |
14 | ||
15 | #ifndef __AA_FILE_H | |
16 | #define __AA_FILE_H | |
17 | ||
80594fc2 JJ |
18 | #include <linux/spinlock.h> |
19 | ||
6380bd8d JJ |
20 | #include "domain.h" |
21 | #include "match.h" | |
80594fc2 JJ |
22 | #include "label.h" |
23 | #include "perms.h" | |
6380bd8d JJ |
24 | |
25 | struct aa_profile; | |
37721e1b | 26 | struct path; |
6380bd8d | 27 | |
80594fc2 | 28 | #define mask_mode_t(X) (X & (MAY_EXEC | MAY_WRITE | MAY_READ | MAY_APPEND)) |
6380bd8d JJ |
29 | |
30 | #define AA_AUDIT_FILE_MASK (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND |\ | |
31 | AA_MAY_CREATE | AA_MAY_DELETE | \ | |
80594fc2 | 32 | AA_MAY_GETATTR | AA_MAY_SETATTR | \ |
6380bd8d JJ |
33 | AA_MAY_CHMOD | AA_MAY_CHOWN | AA_MAY_LOCK | \ |
34 | AA_EXEC_MMAP | AA_MAY_LINK) | |
35 | ||
80594fc2 JJ |
36 | #define file_ctx(X) ((struct aa_file_ctx *)(X)->f_security) |
37 | ||
38 | /* struct aa_file_ctx - the AppArmor context the file was opened in | |
39 | * @lock: lock to update the ctx | |
40 | * @label: label currently cached on the ctx | |
41 | * @perms: the permission the file was opened with | |
42 | */ | |
43 | struct aa_file_ctx { | |
44 | spinlock_t lock; | |
45 | struct aa_label __rcu *label; | |
46 | u32 allow; | |
47 | }; | |
48 | ||
49 | /** | |
50 | * aa_alloc_file_ctx - allocate file_ctx | |
51 | * @label: initial label of task creating the file | |
52 | * @gfp: gfp flags for allocation | |
53 | * | |
54 | * Returns: file_ctx or NULL on failure | |
55 | */ | |
56 | static inline struct aa_file_ctx *aa_alloc_file_ctx(struct aa_label *label, gfp_t gfp) | |
57 | { | |
58 | struct aa_file_ctx *ctx; | |
59 | ||
60 | ctx = kzalloc(sizeof(struct aa_file_ctx), gfp); | |
61 | if (ctx) { | |
62 | spin_lock_init(&ctx->lock); | |
63 | rcu_assign_pointer(ctx->label, aa_get_label(label)); | |
64 | } | |
65 | return ctx; | |
66 | } | |
67 | ||
68 | /** | |
69 | * aa_free_file_ctx - free a file_ctx | |
70 | * @ctx: file_ctx to free (MAYBE_NULL) | |
71 | */ | |
72 | static inline void aa_free_file_ctx(struct aa_file_ctx *ctx) | |
73 | { | |
74 | if (ctx) { | |
75 | aa_put_label(rcu_access_pointer(ctx->label)); | |
76 | kzfree(ctx); | |
77 | } | |
78 | } | |
79 | ||
80 | static inline struct aa_label *aa_get_file_label(struct aa_file_ctx *ctx) | |
81 | { | |
82 | return aa_get_label_rcu(&ctx->label); | |
83 | } | |
84 | ||
85 | #define inode_ctx(X) (X)->i_security | |
86 | ||
6380bd8d JJ |
87 | /* |
88 | * The xindex is broken into 3 parts | |
89 | * - index - an index into either the exec name table or the variable table | |
90 | * - exec type - which determines how the executable name and index are used | |
91 | * - flags - which modify how the destination name is applied | |
92 | */ | |
93 | #define AA_X_INDEX_MASK 0x03ff | |
94 | ||
95 | #define AA_X_TYPE_MASK 0x0c00 | |
96 | #define AA_X_TYPE_SHIFT 10 | |
97 | #define AA_X_NONE 0x0000 | |
98 | #define AA_X_NAME 0x0400 /* use executable name px */ | |
99 | #define AA_X_TABLE 0x0800 /* use a specified name ->n# */ | |
100 | ||
101 | #define AA_X_UNSAFE 0x1000 | |
102 | #define AA_X_CHILD 0x2000 /* make >AA_X_NONE apply to children */ | |
103 | #define AA_X_INHERIT 0x4000 | |
104 | #define AA_X_UNCONFINED 0x8000 | |
105 | ||
106 | /* AA_SECURE_X_NEEDED - is passed in the bprm->unsafe field */ | |
107 | #define AA_SECURE_X_NEEDED 0x8000 | |
108 | ||
109 | /* need to make conditional which ones are being set */ | |
110 | struct path_cond { | |
2db81452 | 111 | kuid_t uid; |
6380bd8d JJ |
112 | umode_t mode; |
113 | }; | |
114 | ||
6380bd8d JJ |
115 | #define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill) |
116 | ||
117 | /* FIXME: split perms from dfa and match this to description | |
118 | * also add delegation info. | |
119 | */ | |
120 | static inline u16 dfa_map_xindex(u16 mask) | |
121 | { | |
122 | u16 old_index = (mask >> 10) & 0xf; | |
123 | u16 index = 0; | |
124 | ||
125 | if (mask & 0x100) | |
126 | index |= AA_X_UNSAFE; | |
127 | if (mask & 0x200) | |
128 | index |= AA_X_INHERIT; | |
129 | if (mask & 0x80) | |
130 | index |= AA_X_UNCONFINED; | |
131 | ||
132 | if (old_index == 1) { | |
133 | index |= AA_X_UNCONFINED; | |
134 | } else if (old_index == 2) { | |
135 | index |= AA_X_NAME; | |
136 | } else if (old_index == 3) { | |
137 | index |= AA_X_NAME | AA_X_CHILD; | |
8b964eae | 138 | } else if (old_index) { |
6380bd8d JJ |
139 | index |= AA_X_TABLE; |
140 | index |= old_index - 4; | |
141 | } | |
142 | ||
143 | return index; | |
144 | } | |
145 | ||
146 | /* | |
147 | * map old dfa inline permissions to new format | |
148 | */ | |
149 | #define dfa_user_allow(dfa, state) (((ACCEPT_TABLE(dfa)[state]) & 0x7f) | \ | |
150 | ((ACCEPT_TABLE(dfa)[state]) & 0x80000000)) | |
151 | #define dfa_user_audit(dfa, state) ((ACCEPT_TABLE2(dfa)[state]) & 0x7f) | |
152 | #define dfa_user_quiet(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 7) & 0x7f) | |
153 | #define dfa_user_xindex(dfa, state) \ | |
154 | (dfa_map_xindex(ACCEPT_TABLE(dfa)[state] & 0x3fff)) | |
155 | ||
156 | #define dfa_other_allow(dfa, state) ((((ACCEPT_TABLE(dfa)[state]) >> 14) & \ | |
157 | 0x7f) | \ | |
158 | ((ACCEPT_TABLE(dfa)[state]) & 0x80000000)) | |
159 | #define dfa_other_audit(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 14) & 0x7f) | |
160 | #define dfa_other_quiet(dfa, state) \ | |
161 | ((((ACCEPT_TABLE2(dfa)[state]) >> 7) >> 14) & 0x7f) | |
162 | #define dfa_other_xindex(dfa, state) \ | |
163 | dfa_map_xindex((ACCEPT_TABLE(dfa)[state] >> 14) & 0x3fff) | |
164 | ||
80594fc2 JJ |
165 | int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms, |
166 | const char *op, u32 request, const char *name, const char *target, struct aa_label *tlabel, | |
167 | kuid_t ouid, const char *info, int error); | |
6380bd8d JJ |
168 | |
169 | /** | |
170 | * struct aa_file_rules - components used for file rule permissions | |
171 | * @dfa: dfa to match path names and conditionals against | |
172 | * @perms: permission table indexed by the matched state accept entry of @dfa | |
173 | * @trans: transition table for indexed by named x transitions | |
174 | * | |
175 | * File permission are determined by matching a path against @dfa and then | |
176 | * then using the value of the accept entry for the matching state as | |
177 | * an index into @perms. If a named exec transition is required it is | |
178 | * looked up in the transition table. | |
179 | */ | |
180 | struct aa_file_rules { | |
181 | unsigned int start; | |
182 | struct aa_dfa *dfa; | |
183 | /* struct perms perms; */ | |
184 | struct aa_domain trans; | |
185 | /* TODO: add delegate table */ | |
186 | }; | |
187 | ||
80594fc2 JJ |
188 | struct aa_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state, |
189 | struct path_cond *cond); | |
6380bd8d JJ |
190 | unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, |
191 | const char *name, struct path_cond *cond, | |
80594fc2 | 192 | struct aa_perms *perms); |
6380bd8d | 193 | |
89faea0e JJ |
194 | int __aa_path_perm(const char *op, struct aa_profile *profile, |
195 | const char *name, u32 request, struct path_cond *cond, | |
196 | int flags, struct aa_perms *perms); | |
80594fc2 JJ |
197 | int aa_path_perm(const char *op, struct aa_label *label, |
198 | const struct path *path, int flags, u32 request, | |
199 | struct path_cond *cond); | |
6380bd8d | 200 | |
80594fc2 | 201 | int aa_path_link(struct aa_label *label, struct dentry *old_dentry, |
3539aaf6 | 202 | const struct path *new_dir, struct dentry *new_dentry); |
6380bd8d | 203 | |
80594fc2 | 204 | int aa_file_perm(const char *op, struct aa_label *label, struct file *file, |
6380bd8d JJ |
205 | u32 request); |
206 | ||
80594fc2 JJ |
207 | void aa_inherit_files(const struct cred *cred, struct files_struct *files); |
208 | ||
6380bd8d JJ |
209 | static inline void aa_free_file_rules(struct aa_file_rules *rules) |
210 | { | |
211 | aa_put_dfa(rules->dfa); | |
212 | aa_free_domain_entries(&rules->trans); | |
213 | } | |
214 | ||
6380bd8d JJ |
215 | /** |
216 | * aa_map_file_perms - map file flags to AppArmor permissions | |
217 | * @file: open file to map flags to AppArmor permissions | |
218 | * | |
219 | * Returns: apparmor permission set for the file | |
220 | */ | |
221 | static inline u32 aa_map_file_to_perms(struct file *file) | |
222 | { | |
53fe8b99 JJ |
223 | int flags = file->f_flags; |
224 | u32 perms = 0; | |
225 | ||
226 | if (file->f_mode & FMODE_WRITE) | |
227 | perms |= MAY_WRITE; | |
228 | if (file->f_mode & FMODE_READ) | |
229 | perms |= MAY_READ; | |
6380bd8d JJ |
230 | |
231 | if ((flags & O_APPEND) && (perms & MAY_WRITE)) | |
232 | perms = (perms & ~MAY_WRITE) | MAY_APPEND; | |
233 | /* trunc implies write permission */ | |
234 | if (flags & O_TRUNC) | |
235 | perms |= MAY_WRITE; | |
236 | if (flags & O_CREAT) | |
237 | perms |= AA_MAY_CREATE; | |
238 | ||
239 | return perms; | |
240 | } | |
241 | ||
242 | #endif /* __AA_FILE_H */ |