]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * AppArmor security module | |
3 | * | |
4 | * This file contains AppArmor file mediation function definitions. | |
5 | * | |
6 | * Copyright (C) 1998-2008 Novell/SUSE | |
7 | * Copyright 2009-2010 Canonical Ltd. | |
8 | * | |
9 | * This program is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU General Public License as | |
11 | * published by the Free Software Foundation, version 2 of the | |
12 | * License. | |
13 | */ | |
14 | ||
15 | #ifndef __AA_FILE_H | |
16 | #define __AA_FILE_H | |
17 | ||
18 | #include <linux/spinlock.h> | |
19 | ||
20 | #include "domain.h" | |
21 | #include "match.h" | |
22 | #include "perms.h" | |
23 | ||
24 | struct aa_profile; | |
25 | struct path; | |
26 | ||
27 | #define mask_mode_t(X) (X & (MAY_EXEC | MAY_WRITE | MAY_READ | MAY_APPEND)) | |
28 | ||
29 | #define AA_AUDIT_FILE_MASK (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND |\ | |
30 | AA_MAY_CREATE | AA_MAY_DELETE | \ | |
31 | AA_MAY_GETATTR | AA_MAY_SETATTR | \ | |
32 | AA_MAY_CHMOD | AA_MAY_CHOWN | AA_MAY_LOCK | \ | |
33 | AA_EXEC_MMAP | AA_MAY_LINK) | |
34 | ||
35 | #define file_ctx(X) apparmor_file(X) | |
36 | ||
37 | /* struct aa_file_ctx - the AppArmor context the file was opened in | |
38 | * @lock: lock to update the ctx | |
39 | * @label: label currently cached on the ctx | |
40 | * @perms: the permission the file was opened with | |
41 | */ | |
42 | struct aa_file_ctx { | |
43 | spinlock_t lock; | |
44 | struct aa_label __rcu *label; | |
45 | u32 allow; | |
46 | }; | |
47 | ||
48 | /** | |
49 | * aa_alloc_file_ctx - allocate file_ctx | |
50 | * @label: initial label of task creating the file | |
51 | * @gfp: gfp flags for allocation | |
52 | * | |
53 | * Returns: file_ctx or NULL on failure | |
54 | */ | |
55 | static inline struct aa_file_ctx *aa_alloc_file_ctx(struct aa_label *label, | |
56 | gfp_t gfp) | |
57 | { | |
58 | struct aa_file_ctx *ctx; | |
59 | ||
60 | ctx = kzalloc(sizeof(struct aa_file_ctx), gfp); | |
61 | if (ctx) { | |
62 | spin_lock_init(&ctx->lock); | |
63 | rcu_assign_pointer(ctx->label, aa_get_label(label)); | |
64 | } | |
65 | return ctx; | |
66 | } | |
67 | ||
68 | /** | |
69 | * aa_free_file_ctx - free a file_ctx | |
70 | * @ctx: file_ctx to free (MAYBE_NULL) | |
71 | */ | |
72 | static inline void aa_free_file_ctx(struct aa_file_ctx *ctx) | |
73 | { | |
74 | if (ctx) { | |
75 | aa_put_label(rcu_access_pointer(ctx->label)); | |
76 | kzfree(ctx); | |
77 | } | |
78 | } | |
79 | ||
80 | static inline struct aa_label *aa_get_file_label(struct aa_file_ctx *ctx) | |
81 | { | |
82 | return aa_get_label_rcu(&ctx->label); | |
83 | } | |
84 | ||
85 | /* | |
86 | * The xindex is broken into 3 parts | |
87 | * - index - an index into either the exec name table or the variable table | |
88 | * - exec type - which determines how the executable name and index are used | |
89 | * - flags - which modify how the destination name is applied | |
90 | */ | |
91 | #define AA_X_INDEX_MASK 0x03ff | |
92 | ||
93 | #define AA_X_TYPE_MASK 0x0c00 | |
94 | #define AA_X_TYPE_SHIFT 10 | |
95 | #define AA_X_NONE 0x0000 | |
96 | #define AA_X_NAME 0x0400 /* use executable name px */ | |
97 | #define AA_X_TABLE 0x0800 /* use a specified name ->n# */ | |
98 | ||
99 | #define AA_X_UNSAFE 0x1000 | |
100 | #define AA_X_CHILD 0x2000 /* make >AA_X_NONE apply to children */ | |
101 | #define AA_X_INHERIT 0x4000 | |
102 | #define AA_X_UNCONFINED 0x8000 | |
103 | ||
104 | /* need to make conditional which ones are being set */ | |
105 | struct path_cond { | |
106 | kuid_t uid; | |
107 | umode_t mode; | |
108 | }; | |
109 | ||
110 | #define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill) | |
111 | ||
112 | /* FIXME: split perms from dfa and match this to description | |
113 | * also add delegation info. | |
114 | */ | |
115 | static inline u16 dfa_map_xindex(u16 mask) | |
116 | { | |
117 | u16 old_index = (mask >> 10) & 0xf; | |
118 | u16 index = 0; | |
119 | ||
120 | if (mask & 0x100) | |
121 | index |= AA_X_UNSAFE; | |
122 | if (mask & 0x200) | |
123 | index |= AA_X_INHERIT; | |
124 | if (mask & 0x80) | |
125 | index |= AA_X_UNCONFINED; | |
126 | ||
127 | if (old_index == 1) { | |
128 | index |= AA_X_UNCONFINED; | |
129 | } else if (old_index == 2) { | |
130 | index |= AA_X_NAME; | |
131 | } else if (old_index == 3) { | |
132 | index |= AA_X_NAME | AA_X_CHILD; | |
133 | } else if (old_index) { | |
134 | index |= AA_X_TABLE; | |
135 | index |= old_index - 4; | |
136 | } | |
137 | ||
138 | return index; | |
139 | } | |
140 | ||
141 | /* | |
142 | * map old dfa inline permissions to new format | |
143 | */ | |
144 | #define dfa_user_allow(dfa, state) (((ACCEPT_TABLE(dfa)[state]) & 0x7f) | \ | |
145 | ((ACCEPT_TABLE(dfa)[state]) & 0x80000000)) | |
146 | #define dfa_user_audit(dfa, state) ((ACCEPT_TABLE2(dfa)[state]) & 0x7f) | |
147 | #define dfa_user_quiet(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 7) & 0x7f) | |
148 | #define dfa_user_xindex(dfa, state) \ | |
149 | (dfa_map_xindex(ACCEPT_TABLE(dfa)[state] & 0x3fff)) | |
150 | ||
151 | #define dfa_other_allow(dfa, state) ((((ACCEPT_TABLE(dfa)[state]) >> 14) & \ | |
152 | 0x7f) | \ | |
153 | ((ACCEPT_TABLE(dfa)[state]) & 0x80000000)) | |
154 | #define dfa_other_audit(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 14) & 0x7f) | |
155 | #define dfa_other_quiet(dfa, state) \ | |
156 | ((((ACCEPT_TABLE2(dfa)[state]) >> 7) >> 14) & 0x7f) | |
157 | #define dfa_other_xindex(dfa, state) \ | |
158 | dfa_map_xindex((ACCEPT_TABLE(dfa)[state] >> 14) & 0x3fff) | |
159 | ||
160 | int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms, | |
161 | const char *op, u32 request, const char *name, | |
162 | const char *target, struct aa_label *tlabel, kuid_t ouid, | |
163 | const char *info, int error); | |
164 | ||
165 | /** | |
166 | * struct aa_file_rules - components used for file rule permissions | |
167 | * @dfa: dfa to match path names and conditionals against | |
168 | * @perms: permission table indexed by the matched state accept entry of @dfa | |
169 | * @trans: transition table for indexed by named x transitions | |
170 | * | |
171 | * File permission are determined by matching a path against @dfa and then | |
172 | * then using the value of the accept entry for the matching state as | |
173 | * an index into @perms. If a named exec transition is required it is | |
174 | * looked up in the transition table. | |
175 | */ | |
176 | struct aa_file_rules { | |
177 | unsigned int start; | |
178 | struct aa_dfa *dfa; | |
179 | /* struct perms perms; */ | |
180 | struct aa_domain trans; | |
181 | /* TODO: add delegate table */ | |
182 | }; | |
183 | ||
184 | struct aa_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state, | |
185 | struct path_cond *cond); | |
186 | unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, | |
187 | const char *name, struct path_cond *cond, | |
188 | struct aa_perms *perms); | |
189 | ||
190 | int __aa_path_perm(const char *op, struct aa_profile *profile, | |
191 | const char *name, u32 request, struct path_cond *cond, | |
192 | int flags, struct aa_perms *perms); | |
193 | int aa_path_perm(const char *op, struct aa_label *label, | |
194 | const struct path *path, int flags, u32 request, | |
195 | struct path_cond *cond); | |
196 | ||
197 | int aa_path_link(struct aa_label *label, struct dentry *old_dentry, | |
198 | const struct path *new_dir, struct dentry *new_dentry); | |
199 | ||
200 | int aa_file_perm(const char *op, struct aa_label *label, struct file *file, | |
201 | u32 request); | |
202 | ||
203 | void aa_inherit_files(const struct cred *cred, struct files_struct *files); | |
204 | ||
205 | static inline void aa_free_file_rules(struct aa_file_rules *rules) | |
206 | { | |
207 | aa_put_dfa(rules->dfa); | |
208 | aa_free_domain_entries(&rules->trans); | |
209 | } | |
210 | ||
211 | /** | |
212 | * aa_map_file_perms - map file flags to AppArmor permissions | |
213 | * @file: open file to map flags to AppArmor permissions | |
214 | * | |
215 | * Returns: apparmor permission set for the file | |
216 | */ | |
217 | static inline u32 aa_map_file_to_perms(struct file *file) | |
218 | { | |
219 | int flags = file->f_flags; | |
220 | u32 perms = 0; | |
221 | ||
222 | if (file->f_mode & FMODE_WRITE) | |
223 | perms |= MAY_WRITE; | |
224 | if (file->f_mode & FMODE_READ) | |
225 | perms |= MAY_READ; | |
226 | ||
227 | if ((flags & O_APPEND) && (perms & MAY_WRITE)) | |
228 | perms = (perms & ~MAY_WRITE) | MAY_APPEND; | |
229 | /* trunc implies write permission */ | |
230 | if (flags & O_TRUNC) | |
231 | perms |= MAY_WRITE; | |
232 | if (flags & O_CREAT) | |
233 | perms |= AA_MAY_CREATE; | |
234 | ||
235 | return perms; | |
236 | } | |
237 | ||
238 | #endif /* __AA_FILE_H */ |