2 * AppArmor security module
4 * This file contains AppArmor capability mediation functions
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
15 #include <linux/capability.h>
16 #include <linux/errno.h>
17 #include <linux/gfp.h>
19 #include "include/apparmor.h"
20 #include "include/capability.h"
21 #include "include/context.h"
22 #include "include/policy.h"
23 #include "include/audit.h"
26 * Table of capability names: we generate it from capabilities.h.
28 #include "capability_names.h"
30 struct aa_fs_entry aa_fs_entry_caps
[] = {
31 AA_FS_FILE_STRING("mask", AA_FS_CAPS_MASK
),
36 struct aa_profile
*profile
;
40 static DEFINE_PER_CPU(struct audit_cache
, audit_cache
);
43 * audit_cb - call back for capability components of audit struct
44 * @ab - audit buffer (NOT NULL)
45 * @va - audit struct to audit data from (NOT NULL)
47 static void audit_cb(struct audit_buffer
*ab
, void *va
)
49 struct common_audit_data
*sa
= va
;
50 audit_log_format(ab
, " capname=");
51 audit_log_untrustedstring(ab
, capability_names
[sa
->u
.cap
]);
55 * audit_caps - audit a capability
57 * @profile: profile being tested for confinement (NOT NULL)
58 * @cap: capability tested
59 * @error: error code returned by test
61 * Do auditing of capability and handle, audit/complain/kill modes switching
62 * and duplicate message elimination.
64 * Returns: 0 or sa->error on success, error code on failure
66 static int audit_caps(struct common_audit_data
*sa
, struct aa_profile
*profile
,
69 struct audit_cache
*ent
;
70 int type
= AUDIT_APPARMOR_AUTO
;
71 aad(sa
)->error
= error
;
74 /* test if auditing is being forced */
75 if (likely((AUDIT_MODE(profile
) != AUDIT_ALL
) &&
76 !cap_raised(profile
->caps
.audit
, cap
)))
78 type
= AUDIT_APPARMOR_AUDIT
;
79 } else if (KILL_MODE(profile
) ||
80 cap_raised(profile
->caps
.kill
, cap
)) {
81 type
= AUDIT_APPARMOR_KILL
;
82 } else if (cap_raised(profile
->caps
.quiet
, cap
) &&
83 AUDIT_MODE(profile
) != AUDIT_NOQUIET
&&
84 AUDIT_MODE(profile
) != AUDIT_ALL
) {
89 /* Do simple duplicate message elimination */
90 ent
= &get_cpu_var(audit_cache
);
91 if (profile
== ent
->profile
&& cap_raised(ent
->caps
, cap
)) {
92 put_cpu_var(audit_cache
);
93 if (COMPLAIN_MODE(profile
))
94 return complain_error(error
);
97 aa_put_profile(ent
->profile
);
98 ent
->profile
= aa_get_profile(profile
);
99 cap_raise(ent
->caps
, cap
);
101 put_cpu_var(audit_cache
);
103 return aa_audit(type
, profile
, sa
, audit_cb
);
107 * profile_capable - test if profile allows use of capability @cap
108 * @profile: profile being enforced (NOT NULL, NOT unconfined)
109 * @cap: capability to test if allowed
110 * @audit: whether an audit record should be generated
111 * @sa: audit data (MAY BE NULL indicating no auditing)
113 * Returns: 0 if allowed else -EPERM
115 static int profile_capable(struct aa_profile
*profile
, int cap
, int audit
,
116 struct common_audit_data
*sa
)
120 if (cap_raised(profile
->caps
.allow
, cap
) &&
121 !cap_raised(profile
->caps
.denied
, cap
))
126 if (audit
== SECURITY_CAP_NOAUDIT
) {
127 if (!COMPLAIN_MODE(profile
))
129 /* audit the cap request in complain mode but note that it
130 * should be optional.
132 aad(sa
)->info
= "optional: no audit";
135 return audit_caps(sa
, profile
, cap
, error
);
139 * aa_capable - test permission to use capability
140 * @label: label being tested for capability (NOT NULL)
141 * @cap: capability to be tested
142 * @audit: whether an audit record should be generated
144 * Look up capability in profile capability set.
146 * Returns: 0 on success, or else an error code.
148 int aa_capable(struct aa_label
*label
, int cap
, int audit
)
150 struct aa_profile
*profile
;
152 DEFINE_AUDIT_DATA(sa
, LSM_AUDIT_DATA_CAP
, OP_CAPABLE
);
155 error
= fn_for_each_confined(label
, profile
,
156 profile_capable(profile
, cap
, audit
, &sa
));