]>
Commit | Line | Data |
---|---|---|
6380bd8d JJ |
1 | /* |
2 | * AppArmor security module | |
3 | * | |
4 | * This file contains AppArmor file mediation function definitions. | |
5 | * | |
6 | * Copyright (C) 1998-2008 Novell/SUSE | |
7 | * Copyright 2009-2010 Canonical Ltd. | |
8 | * | |
9 | * This program is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU General Public License as | |
11 | * published by the Free Software Foundation, version 2 of the | |
12 | * License. | |
13 | */ | |
14 | ||
15 | #ifndef __AA_FILE_H | |
16 | #define __AA_FILE_H | |
17 | ||
190a9518 JJ |
18 | #include <linux/spinlock.h> |
19 | ||
6380bd8d JJ |
20 | #include "domain.h" |
21 | #include "match.h" | |
fc7e0b26 | 22 | #include "perms.h" |
6380bd8d JJ |
23 | |
24 | struct aa_profile; | |
37721e1b | 25 | struct path; |
6380bd8d | 26 | |
e53cfe6c | 27 | #define mask_mode_t(X) (X & (MAY_EXEC | MAY_WRITE | MAY_READ | MAY_APPEND)) |
6380bd8d JJ |
28 | |
29 | #define AA_AUDIT_FILE_MASK (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND |\ | |
30 | AA_MAY_CREATE | AA_MAY_DELETE | \ | |
e53cfe6c | 31 | AA_MAY_GETATTR | AA_MAY_SETATTR | \ |
6380bd8d JJ |
32 | AA_MAY_CHMOD | AA_MAY_CHOWN | AA_MAY_LOCK | \ |
33 | AA_EXEC_MMAP | AA_MAY_LINK) | |
34 | ||
2835a13b JJ |
35 | #define file_ctx(X) ((struct aa_file_ctx *)(X)->f_security) |
36 | ||
af7caa8f | 37 | /* struct aa_file_ctx - the AppArmor context the file was opened in |
190a9518 JJ |
38 | * @lock: lock to update the ctx |
39 | * @label: label currently cached on the ctx | |
af7caa8f | 40 | * @perms: the permission the file was opened with |
af7caa8f JJ |
41 | */ |
42 | struct aa_file_ctx { | |
190a9518 JJ |
43 | spinlock_t lock; |
44 | struct aa_label __rcu *label; | |
e53cfe6c | 45 | u32 allow; |
af7caa8f JJ |
46 | }; |
47 | ||
48 | /** | |
2835a13b JJ |
49 | * aa_alloc_file_ctx - allocate file_ctx |
50 | * @label: initial label of task creating the file | |
af7caa8f JJ |
51 | * @gfp: gfp flags for allocation |
52 | * | |
53 | * Returns: file_ctx or NULL on failure | |
54 | */ | |
190a9518 JJ |
55 | static inline struct aa_file_ctx *aa_alloc_file_ctx(struct aa_label *label, |
56 | gfp_t gfp) | |
af7caa8f | 57 | { |
2835a13b JJ |
58 | struct aa_file_ctx *ctx; |
59 | ||
60 | ctx = kzalloc(sizeof(struct aa_file_ctx), gfp); | |
190a9518 JJ |
61 | if (ctx) { |
62 | spin_lock_init(&ctx->lock); | |
63 | rcu_assign_pointer(ctx->label, aa_get_label(label)); | |
64 | } | |
2835a13b | 65 | return ctx; |
af7caa8f JJ |
66 | } |
67 | ||
68 | /** | |
2835a13b | 69 | * aa_free_file_ctx - free a file_ctx |
af7caa8f JJ |
70 | * @ctx: file_ctx to free (MAYBE_NULL) |
71 | */ | |
2835a13b | 72 | static inline void aa_free_file_ctx(struct aa_file_ctx *ctx) |
af7caa8f | 73 | { |
190a9518 JJ |
74 | if (ctx) { |
75 | aa_put_label(rcu_access_pointer(ctx->label)); | |
af7caa8f | 76 | kzfree(ctx); |
190a9518 JJ |
77 | } |
78 | } | |
79 | ||
80 | static inline struct aa_label *aa_get_file_label(struct aa_file_ctx *ctx) | |
81 | { | |
82 | return aa_get_label_rcu(&ctx->label); | |
af7caa8f JJ |
83 | } |
84 | ||
6380bd8d JJ |
85 | /* |
86 | * The xindex is broken into 3 parts | |
87 | * - index - an index into either the exec name table or the variable table | |
88 | * - exec type - which determines how the executable name and index are used | |
89 | * - flags - which modify how the destination name is applied | |
90 | */ | |
91 | #define AA_X_INDEX_MASK 0x03ff | |
92 | ||
93 | #define AA_X_TYPE_MASK 0x0c00 | |
94 | #define AA_X_TYPE_SHIFT 10 | |
95 | #define AA_X_NONE 0x0000 | |
96 | #define AA_X_NAME 0x0400 /* use executable name px */ | |
97 | #define AA_X_TABLE 0x0800 /* use a specified name ->n# */ | |
98 | ||
99 | #define AA_X_UNSAFE 0x1000 | |
100 | #define AA_X_CHILD 0x2000 /* make >AA_X_NONE apply to children */ | |
101 | #define AA_X_INHERIT 0x4000 | |
102 | #define AA_X_UNCONFINED 0x8000 | |
103 | ||
104 | /* AA_SECURE_X_NEEDED - is passed in the bprm->unsafe field */ | |
105 | #define AA_SECURE_X_NEEDED 0x8000 | |
106 | ||
107 | /* need to make conditional which ones are being set */ | |
108 | struct path_cond { | |
2db81452 | 109 | kuid_t uid; |
6380bd8d JJ |
110 | umode_t mode; |
111 | }; | |
112 | ||
6380bd8d JJ |
113 | #define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill) |
114 | ||
115 | /* FIXME: split perms from dfa and match this to description | |
116 | * also add delegation info. | |
117 | */ | |
118 | static inline u16 dfa_map_xindex(u16 mask) | |
119 | { | |
120 | u16 old_index = (mask >> 10) & 0xf; | |
121 | u16 index = 0; | |
122 | ||
123 | if (mask & 0x100) | |
124 | index |= AA_X_UNSAFE; | |
125 | if (mask & 0x200) | |
126 | index |= AA_X_INHERIT; | |
127 | if (mask & 0x80) | |
128 | index |= AA_X_UNCONFINED; | |
129 | ||
130 | if (old_index == 1) { | |
131 | index |= AA_X_UNCONFINED; | |
132 | } else if (old_index == 2) { | |
133 | index |= AA_X_NAME; | |
134 | } else if (old_index == 3) { | |
135 | index |= AA_X_NAME | AA_X_CHILD; | |
8b964eae | 136 | } else if (old_index) { |
6380bd8d JJ |
137 | index |= AA_X_TABLE; |
138 | index |= old_index - 4; | |
139 | } | |
140 | ||
141 | return index; | |
142 | } | |
143 | ||
144 | /* | |
145 | * map old dfa inline permissions to new format | |
146 | */ | |
147 | #define dfa_user_allow(dfa, state) (((ACCEPT_TABLE(dfa)[state]) & 0x7f) | \ | |
148 | ((ACCEPT_TABLE(dfa)[state]) & 0x80000000)) | |
149 | #define dfa_user_audit(dfa, state) ((ACCEPT_TABLE2(dfa)[state]) & 0x7f) | |
150 | #define dfa_user_quiet(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 7) & 0x7f) | |
151 | #define dfa_user_xindex(dfa, state) \ | |
152 | (dfa_map_xindex(ACCEPT_TABLE(dfa)[state] & 0x3fff)) | |
153 | ||
154 | #define dfa_other_allow(dfa, state) ((((ACCEPT_TABLE(dfa)[state]) >> 14) & \ | |
155 | 0x7f) | \ | |
156 | ((ACCEPT_TABLE(dfa)[state]) & 0x80000000)) | |
157 | #define dfa_other_audit(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 14) & 0x7f) | |
158 | #define dfa_other_quiet(dfa, state) \ | |
159 | ((((ACCEPT_TABLE2(dfa)[state]) >> 7) >> 14) & 0x7f) | |
160 | #define dfa_other_xindex(dfa, state) \ | |
161 | dfa_map_xindex((ACCEPT_TABLE(dfa)[state] >> 14) & 0x3fff) | |
162 | ||
2d679f3c | 163 | int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms, |
ef88a7ac | 164 | const char *op, u32 request, const char *name, |
98c3d182 JJ |
165 | const char *target, struct aa_label *tlabel, kuid_t ouid, |
166 | const char *info, int error); | |
6380bd8d JJ |
167 | |
168 | /** | |
169 | * struct aa_file_rules - components used for file rule permissions | |
170 | * @dfa: dfa to match path names and conditionals against | |
171 | * @perms: permission table indexed by the matched state accept entry of @dfa | |
172 | * @trans: transition table for indexed by named x transitions | |
173 | * | |
174 | * File permission are determined by matching a path against @dfa and then | |
175 | * then using the value of the accept entry for the matching state as | |
176 | * an index into @perms. If a named exec transition is required it is | |
177 | * looked up in the transition table. | |
178 | */ | |
179 | struct aa_file_rules { | |
180 | unsigned int start; | |
181 | struct aa_dfa *dfa; | |
182 | /* struct perms perms; */ | |
183 | struct aa_domain trans; | |
184 | /* TODO: add delegate table */ | |
185 | }; | |
186 | ||
2d679f3c JJ |
187 | struct aa_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state, |
188 | struct path_cond *cond); | |
6380bd8d JJ |
189 | unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, |
190 | const char *name, struct path_cond *cond, | |
2d679f3c | 191 | struct aa_perms *perms); |
6380bd8d | 192 | |
aebd873e JJ |
193 | int __aa_path_perm(const char *op, struct aa_profile *profile, |
194 | const char *name, u32 request, struct path_cond *cond, | |
195 | int flags, struct aa_perms *perms); | |
196 | int aa_path_perm(const char *op, struct aa_label *label, | |
47f6e5cc JJ |
197 | const struct path *path, int flags, u32 request, |
198 | struct path_cond *cond); | |
6380bd8d JJ |
199 | |
200 | int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, | |
3539aaf6 | 201 | const struct path *new_dir, struct dentry *new_dentry); |
6380bd8d | 202 | |
190a9518 | 203 | int aa_file_perm(const char *op, struct aa_label *label, struct file *file, |
6380bd8d JJ |
204 | u32 request); |
205 | ||
192ca6b5 JJ |
206 | void aa_inherit_files(const struct cred *cred, struct files_struct *files); |
207 | ||
6380bd8d JJ |
208 | static inline void aa_free_file_rules(struct aa_file_rules *rules) |
209 | { | |
210 | aa_put_dfa(rules->dfa); | |
211 | aa_free_domain_entries(&rules->trans); | |
212 | } | |
213 | ||
6380bd8d JJ |
214 | /** |
215 | * aa_map_file_perms - map file flags to AppArmor permissions | |
216 | * @file: open file to map flags to AppArmor permissions | |
217 | * | |
218 | * Returns: apparmor permission set for the file | |
219 | */ | |
220 | static inline u32 aa_map_file_to_perms(struct file *file) | |
221 | { | |
53fe8b99 JJ |
222 | int flags = file->f_flags; |
223 | u32 perms = 0; | |
224 | ||
225 | if (file->f_mode & FMODE_WRITE) | |
226 | perms |= MAY_WRITE; | |
227 | if (file->f_mode & FMODE_READ) | |
228 | perms |= MAY_READ; | |
6380bd8d JJ |
229 | |
230 | if ((flags & O_APPEND) && (perms & MAY_WRITE)) | |
231 | perms = (perms & ~MAY_WRITE) | MAY_APPEND; | |
232 | /* trunc implies write permission */ | |
233 | if (flags & O_TRUNC) | |
234 | perms |= MAY_WRITE; | |
235 | if (flags & O_CREAT) | |
236 | perms |= AA_MAY_CREATE; | |
237 | ||
238 | return perms; | |
239 | } | |
240 | ||
241 | #endif /* __AA_FILE_H */ |