security/apparmor/include/af_unix.h

   1 /*
   2  * AppArmor security module
   3  *
   4  * This file contains AppArmor af_unix fine grained mediation
   5  *
   6  * Copyright 2014 Canonical Ltd.
   7  *
   8  * This program is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU General Public License as
  10  * published by the Free Software Foundation, version 2 of the
  11  * License.
  12  */
  13 #ifndef __AA_AF_UNIX_H
  14
  15 #include <net/af_unix.h>
  16
  17 #include "label.h"
  18 //#include "include/net.h"
  19
  20 #define unix_addr_len(L) ((L) - sizeof(sa_family_t))
  21 #define unix_abstract_name_len(L) (unix_addr_len(L) - 1)
  22 #define unix_abstract_len(U) (unix_abstract_name_len((U)->addr->len))
  23 #define addr_unix_abstract_name(B) ((B)[0] == 0)
  24 #define addr_unix_anonymous(U) (addr_unix_len(U) <= 0)
  25 #define addr_unix_abstract(U) (!addr_unix_anonymous(U) && addr_unix_abstract_name((U)->addr))
  26 //#define unix_addr_fs(U) (!unix_addr_anonymous(U) && !unix_addr_abstract_name((U)->addr))
  27
  28 #define unix_addr(A) ((struct sockaddr_un *)(A))
  29 #define unix_addr_anon(A, L) ((A) && unix_addr_len(L) <= 0)
  30 #define unix_addr_fs(A, L) (!unix_addr_anon(A, L) && !addr_unix_abstract_name(unix_addr(A)->sun_path))
  31
  32 #define UNIX_ANONYMOUS(U) (!unix_sk(U)->addr)
  33 /* from net/unix/af_unix.c */
  34 #define UNIX_ABSTRACT(U) (!UNIX_ANONYMOUS(U) &&                         \
  35                           unix_sk(U)->addr->hash < UNIX_HASH_SIZE)
  36 #define UNIX_FS(U) (!UNIX_ANONYMOUS(U) && unix_sk(U)->addr->name->sun_path[0])
  37 #define unix_peer(sk) (unix_sk(sk)->peer)
  38 #define unix_connected(S) ((S)->state == SS_CONNECTED)
  39
  40 static inline void print_unix_addr(struct sockaddr_un *A, int L)
  41 {
  42         char *buf = (A) ? (char *) &(A)->sun_path : NULL;
  43         int len = unix_addr_len(L);
  44         if (!buf || len <= 0)
  45                 printk(" <anonymous>");
  46         else if (buf[0])
  47                 printk(" %s", buf);
  48         else
  49                 /* abstract name len includes leading \0 */
  50                 printk(" %d @%.*s", len - 1, len - 1, buf+1);
  51 };
  52
  53 /*
  54         printk("%s: %s: f %d, t %d, p %d", __FUNCTION__,                \
  55                #SK ,                                                    \
  56 */
  57 #define print_unix_sk(SK)                                               \
  58 do {                                                                    \
  59         struct unix_sock *u = unix_sk(SK);                              \
  60         printk("%s: f %d, t %d, p %d",  #SK ,                           \
  61                (SK)->sk_family, (SK)->sk_type, (SK)->sk_protocol);      \
  62         if (u->addr)                                                    \
  63                 print_unix_addr(u->addr->name, u->addr->len);           \
  64         else                                                            \
  65                 print_unix_addr(NULL, sizeof(sa_family_t));             \
  66         /* printk("\n");*/                                              \
  67 } while (0)
  68
  69 #define print_sk(SK)                                                    \
  70 do {                                                                    \
  71         if (!(SK)) {                                                    \
  72                 printk("%s: %s is null\n", __FUNCTION__, #SK);          \
  73         } else if ((SK)->sk_family == PF_UNIX) {                        \
  74                 print_unix_sk(SK);                                      \
  75                 printk("\n");                                           \
  76         } else {                                                        \
  77                 printk("%s: %s: family %d\n", __FUNCTION__, #SK ,       \
  78                        (SK)->sk_family);                                \
  79         }                                                               \
  80 } while (0)
  81
  82 #define print_sock_addr(U) \
  83 do {                           \
  84         printk("%s:\n", __FUNCTION__);                                  \
  85         printk("    sock %s:", sock_ctx && sock_ctx->label ? aa_label_printk(sock_ctx->label, GFP_ATOMIC); : "<null>"); print_sk(sock); \
  86         printk("    other %s:", other_ctx && other_ctx->label ? aa_label_printk(other_ctx->label, GFP_ATOMIC); : "<null>"); print_sk(other); \
  87         printk("    new %s", new_ctx && new_ctx->label ? aa_label_printk(new_ctx->label, GFP_ATOMIC); : "<null>"); print_sk(newsk); \
  88 } while (0)
  89
  90
  91
  92
  93 int aa_unix_peer_perm(struct aa_label *label, const char *op, u32 request,
  94                       struct sock *sk, struct sock *peer_sk,
  95                       struct aa_label *peer_label);
  96 int aa_unix_label_sk_perm(struct aa_label *label, const char *op, u32 request,
  97                           struct sock *sk);
  98 int aa_unix_sock_perm(const char *op, u32 request, struct socket *sock);
  99 int aa_unix_create_perm(struct aa_label *label, int family, int type,
 100                         int protocol);
 101 int aa_unix_bind_perm(struct socket *sock, struct sockaddr *address,
 102                       int addrlen);
 103 int aa_unix_connect_perm(struct socket *sock, struct sockaddr *address,
 104                          int addrlen);
 105 int aa_unix_listen_perm(struct socket *sock, int backlog);
 106 int aa_unix_accept_perm(struct socket *sock, struct socket *newsock);
 107 int aa_unix_msg_perm(const char *op, u32 request, struct socket *sock,
 108                      struct msghdr *msg, int size);
 109 int aa_unix_opt_perm(const char *op, u32 request, struct socket *sock, int level,
 110                      int optname);
 111 int aa_unix_file_perm(struct aa_label *label, const char *op, u32 request,
 112                       struct socket *sock);
 113
 114 #endif /* __AA_AF_UNIX_H */