]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - security/apparmor/ipc.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
UBUNTU: Ubuntu-raspi2-4.10.0-1000.2
[mirror_ubuntu-zesty-kernel.git] / security / apparmor / ipc.c
1 /*
2 * AppArmor security module
3 *
4 * This file contains AppArmor ipc mediation
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2013 Canonical Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 */
14
15 #include <linux/gfp.h>
16 #include <linux/ptrace.h>
17
18 #include "include/audit.h"
19 #include "include/capability.h"
20 #include "include/context.h"
21 #include "include/policy.h"
22 #include "include/ipc.h"
23 #include "include/sig_names.h"
24
25 /**
26 * audit_ptrace_mask - convert mask to permission string
27 * @buffer: buffer to write string to (NOT NULL)
28 * @mask: permission mask to convert
29 */
30 static void audit_ptrace_mask(struct audit_buffer *ab, u32 mask)
31 {
32 switch (mask) {
33 case MAY_READ:
34 audit_log_string(ab, "read");
35 break;
36 case MAY_WRITE:
37 audit_log_string(ab, "trace");
38 break;
39 case AA_MAY_BE_READ:
40 audit_log_string(ab, "readby");
41 break;
42 case AA_MAY_BE_TRACED:
43 audit_log_string(ab, "tracedby");
44 break;
45 }
46 }
47
48 /* call back to audit ptrace fields */
49 static void audit_ptrace_cb(struct audit_buffer *ab, void *va)
50 {
51 struct common_audit_data *sa = va;
52
53 if (aad(sa)->request & AA_PTRACE_PERM_MASK) {
54 audit_log_format(ab, " requested_mask=");
55 audit_ptrace_mask(ab, aad(sa)->request);
56
57 if (aad(sa)->denied & AA_PTRACE_PERM_MASK) {
58 audit_log_format(ab, " denied_mask=");
59 audit_ptrace_mask(ab, aad(sa)->denied);
60 }
61 }
62 audit_log_format(ab, " peer=");
63 aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer,
64 FLAGS_NONE, GFP_ATOMIC);
65 }
66
67 /* TODO: conditionals */
68 static int profile_ptrace_perm(struct aa_profile *profile,
69 struct aa_profile *peer, u32 request,
70 struct common_audit_data *sa)
71 {
72 struct aa_perms perms = { };
73
74 /* need because of peer in cross check */
75 if (profile_unconfined(profile) ||
76 !PROFILE_MEDIATES(profile, AA_CLASS_PTRACE))
77 return 0;
78
79 aad(sa)->peer = &peer->label;
80 aa_profile_match_label(profile, &peer->label, AA_CLASS_PTRACE, request,
81 &perms);
82 aa_apply_modes_to_perms(profile, &perms);
83 return aa_check_perms(profile, &perms, request, sa, audit_ptrace_cb);
84 }
85
86 static int cross_ptrace_perm(struct aa_profile *tracer,
87 struct aa_profile *tracee, u32 request,
88 struct common_audit_data *sa)
89 {
90 if (PROFILE_MEDIATES(tracer, AA_CLASS_PTRACE))
91 return xcheck(profile_ptrace_perm(tracer, tracee, request, sa),
92 profile_ptrace_perm(tracee, tracer,
93 request << PTRACE_PERM_SHIFT,
94 sa));
95 /* policy uses the old style capability check for ptrace */
96 if (profile_unconfined(tracer) || tracer == tracee)
97 return 0;
98
99 aad(sa)->label = &tracer->label;
100 aad(sa)->peer = &tracee->label;
101 aad(sa)->request = 0;
102 aad(sa)->error = aa_capable(&tracer->label, CAP_SYS_PTRACE, 1);
103 return aa_audit(AUDIT_APPARMOR_AUTO, tracer, sa, audit_ptrace_cb);
104 }
105
106 /**
107 * aa_may_ptrace - test if tracer task can trace the tracee
108 * @tracer: label of the task doing the tracing (NOT NULL)
109 * @tracee: task label to be traced
110 * @request: permission request
111 *
112 * Returns: %0 else error code if permission denied or error
113 */
114 int aa_may_ptrace(struct aa_label *tracer, struct aa_label *tracee,
115 u32 request)
116 {
117 DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, OP_PTRACE);
118
119 return xcheck_labels_profiles(tracer, tracee, cross_ptrace_perm,
120 request, &sa);
121 }
122
123
124 static inline int map_signal_num(int sig)
125 {
126 if (sig > SIGRTMAX)
127 return SIGUNKNOWN;
128 else if (sig >= SIGRTMIN)
129 return sig - SIGRTMIN + 128; /* rt sigs mapped to 128 */
130 else if (sig <= MAXMAPPED_SIG)
131 return sig_map[sig];
132 return SIGUNKNOWN;
133 }
134
135 /**
136 * audit_file_mask - convert mask to permission string
137 * @buffer: buffer to write string to (NOT NULL)
138 * @mask: permission mask to convert
139 */
140 static void audit_signal_mask(struct audit_buffer *ab, u32 mask)
141 {
142 if (mask & MAY_READ)
143 audit_log_string(ab, "receive");
144 if (mask & MAY_WRITE)
145 audit_log_string(ab, "send");
146 }
147
148 /**
149 * audit_cb - call back for signal specific audit fields
150 * @ab: audit_buffer (NOT NULL)
151 * @va: audit struct to audit values of (NOT NULL)
152 */
153 static void audit_signal_cb(struct audit_buffer *ab, void *va)
154 {
155 struct common_audit_data *sa = va;
156
157 if (aad(sa)->request & AA_SIGNAL_PERM_MASK) {
158 audit_log_format(ab, " requested_mask=");
159 audit_signal_mask(ab, aad(sa)->request);
160 if (aad(sa)->denied & AA_SIGNAL_PERM_MASK) {
161 audit_log_format(ab, " denied_mask=");
162 audit_signal_mask(ab, aad(sa)->denied);
163 }
164 }
165 if (aad(sa)->signal <= MAXMAPPED_SIG)
166 audit_log_format(ab, " signal=%s", sig_names[aad(sa)->signal]);
167 else
168 audit_log_format(ab, " signal=rtmin+%d",
169 aad(sa)->signal - 128);
170 audit_log_format(ab, " peer=");
171 aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer,
172 FLAGS_NONE, GFP_ATOMIC);
173 }
174
175 /* TODO: update to handle compound name&name2, conditionals */
176 static void profile_match_signal(struct aa_profile *profile, const char *label,
177 int signal, struct aa_perms *perms)
178 {
179 unsigned int state;
180 /* TODO: secondary cache check <profile, profile, perm> */
181 state = aa_dfa_next(profile->policy.dfa,
182 profile->policy.start[AA_CLASS_SIGNAL],
183 signal);
184 state = aa_dfa_match(profile->policy.dfa, state, label);
185 aa_compute_perms(profile->policy.dfa, state, perms);
186 }
187
188 static int profile_signal_perm(struct aa_profile *profile,
189 struct aa_profile *peer, u32 request,
190 struct common_audit_data *sa)
191 {
192 struct aa_perms perms;
193
194 if (profile_unconfined(profile) ||
195 !PROFILE_MEDIATES(profile, AA_CLASS_SIGNAL))
196 return 0;
197
198 aad(sa)->peer = &peer->label;
199 profile_match_signal(profile, aa_peer_name(peer), aad(sa)->signal,
200 &perms);
201 aa_apply_modes_to_perms(profile, &perms);
202 return aa_check_perms(profile, &perms, request, sa, audit_signal_cb);
203 }
204
205 static int aa_signal_cross_perm(struct aa_profile *sender,
206 struct aa_profile *target,
207 struct common_audit_data *sa)
208 {
209 return xcheck(profile_signal_perm(sender, target, MAY_WRITE, sa),
210 profile_signal_perm(target, sender, MAY_READ, sa));
211 }
212
213 int aa_may_signal(struct aa_label *sender, struct aa_label *target, int sig)
214 {
215 DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, OP_SIGNAL);
216 aad(&sa)->signal = map_signal_num(sig);
217 return xcheck_labels_profiles(sender, target, aa_signal_cross_perm,
218 &sa);
219 }
ubuntu-zesty-kernel mirror