]>
git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - security/apparmor/lib.c
2 * AppArmor security module
4 * This file contains basic common functions used in AppArmor
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
15 #include <linux/ctype.h>
17 #include <linux/slab.h>
18 #include <linux/string.h>
19 #include <linux/vmalloc.h>
21 #include "include/audit.h"
22 #include "include/apparmor.h"
23 #include "include/lib.h"
24 #include "include/perms.h"
25 #include "include/policy.h"
27 struct aa_perms nullperms
;
28 struct aa_perms allperms
= { .allow
= ALL_PERMS_MASK
,
29 .quiet
= ALL_PERMS_MASK
,
30 .hide
= ALL_PERMS_MASK
};
33 * aa_split_fqname - split a fqname into a profile and namespace name
34 * @fqname: a full qualified name in namespace profile format (NOT NULL)
35 * @ns_name: pointer to portion of the string containing the ns name (NOT NULL)
37 * Returns: profile name or NULL if one is not specified
39 * Split a namespace name from a profile name (see policy.c for naming
40 * description). If a portion of the name is missing it returns NULL for
43 * NOTE: may modify the @fqname string. The pointers returned point
44 * into the @fqname string.
46 char *aa_split_fqname(char *fqname
, char **ns_name
)
48 char *name
= strim(fqname
);
52 char *split
= strchr(&name
[1], ':');
53 *ns_name
= skip_spaces(&name
[1]);
55 /* overwrite ':' with \0 */
57 if (strncmp(split
, "//", 2) == 0)
59 name
= skip_spaces(split
);
61 /* a ns name without a following profile is allowed */
64 if (name
&& *name
== 0)
71 * skipn_spaces - Removes leading whitespace from @str.
72 * @str: The string to be stripped.
74 * Returns a pointer to the first non-whitespace character in @str.
75 * if all whitespace will return NULL
78 const char *skipn_spaces(const char *str
, size_t n
)
80 for (; n
&& isspace(*str
); --n
)
87 const char *aa_splitn_fqname(const char *fqname
, size_t n
, const char **ns_name
,
90 const char *end
= fqname
+ n
;
91 const char *name
= skipn_spaces(fqname
, n
);
100 char *split
= strnchr(&name
[1], end
- &name
[1], ':');
101 *ns_name
= skipn_spaces(&name
[1], end
- &name
[1]);
105 *ns_len
= split
- *ns_name
;
109 if (end
- split
> 1 && strncmp(split
, "//", 2) == 0)
111 name
= skipn_spaces(split
, end
- split
);
113 /* a ns name without a following profile is allowed */
115 *ns_len
= end
- *ns_name
;
118 if (name
&& *name
== 0)
125 * aa_info_message - log a none profile related status message
126 * @str: message to log
128 void aa_info_message(const char *str
)
131 DEFINE_AUDIT_DATA(sa
, LSM_AUDIT_DATA_NONE
, NULL
);
133 aad(&sa
)->info
= str
;
134 aa_audit_msg(AUDIT_APPARMOR_STATUS
, &sa
, NULL
);
136 printk(KERN_INFO
"AppArmor: %s\n", str
);
139 __counted
char *aa_str_alloc(int size
, gfp_t gfp
)
141 struct counted_str
*str
;
143 str
= kmalloc(sizeof(struct counted_str
) + size
, gfp
);
147 kref_init(&str
->count
);
151 void aa_str_kref(struct kref
*kref
)
153 kfree(container_of(kref
, struct counted_str
, count
));
157 const char aa_file_perm_chrs
[] = "xwracd km l ";
158 const char *aa_file_perm_names
[] = {
201 * aa_perm_mask_to_str - convert a perm mask to its short string
202 * @str: character buffer to store string in (at least 10 characters)
203 * @mask: permission mask to convert
205 void aa_perm_mask_to_str(char *str
, const char *chrs
, u32 mask
)
207 unsigned int i
, perm
= 1;
209 for (i
= 0; i
< 32; perm
<<= 1, i
++) {
216 void aa_audit_perm_names(struct audit_buffer
*ab
, const char * const *names
,
219 const char *fmt
= "%s";
220 unsigned int i
, perm
= 1;
223 for (i
= 0; i
< 32; perm
<<= 1, i
++) {
225 audit_log_format(ab
, fmt
, names
[i
]);
234 void aa_audit_perm_mask(struct audit_buffer
*ab
, u32 mask
, const char *chrs
,
235 u32 chrsmask
, const char * const *names
, u32 namesmask
)
239 audit_log_format(ab
, "\"");
240 if ((mask
& chrsmask
) && chrs
) {
241 aa_perm_mask_to_str(str
, chrs
, mask
& chrsmask
);
243 audit_log_format(ab
, "%s", str
);
244 if (mask
& namesmask
)
245 audit_log_format(ab
, " ");
247 if ((mask
& namesmask
) && names
)
248 aa_audit_perm_names(ab
, names
, mask
& namesmask
);
249 audit_log_format(ab
, "\"");
253 * aa_audit_perms_cb - generic callback fn for auditing perms
254 * @ab: audit buffer (NOT NULL)
255 * @va: audit struct to audit values of (NOT NULL)
257 static void aa_audit_perms_cb(struct audit_buffer
*ab
, void *va
)
259 struct common_audit_data
*sa
= va
;
261 if (aad(sa
)->request
) {
262 audit_log_format(ab
, " requested_mask=");
263 aa_audit_perm_mask(ab
, aad(sa
)->request
, aa_file_perm_chrs
,
264 PERMS_CHRS_MASK
, aa_file_perm_names
,
267 if (aad(sa
)->denied
) {
268 audit_log_format(ab
, "denied_mask=");
269 aa_audit_perm_mask(ab
, aad(sa
)->denied
, aa_file_perm_chrs
,
270 PERMS_CHRS_MASK
, aa_file_perm_names
,
273 audit_log_format(ab
, " peer=");
274 aa_label_xaudit(ab
, labels_ns(aad(sa
)->label
), aad(sa
)->peer
,
275 FLAGS_NONE
, GFP_ATOMIC
);
279 * aa_apply_modes_to_perms - apply namespace and profile flags to perms
280 * @profile: that perms where computed from
281 * @perms: perms to apply mode modifiers to
283 * TODO: split into profile and ns based flags for when accumulating perms
285 void aa_apply_modes_to_perms(struct aa_profile
*profile
, struct aa_perms
*perms
)
287 switch (AUDIT_MODE(profile
)) {
289 perms
->audit
= ALL_PERMS_MASK
;
297 case AUDIT_QUIET_DENIED
:
298 perms
->quiet
= ALL_PERMS_MASK
;
302 if (KILL_MODE(profile
))
303 perms
->kill
= ALL_PERMS_MASK
;
304 else if (COMPLAIN_MODE(profile
))
305 perms
->complain
= ALL_PERMS_MASK
;
308 * else if (PROMPT_MODE(profile))
309 * perms->prompt = ALL_PERMS_MASK;
313 static u32
map_other(u32 x
)
315 return ((x
& 0x3) << 8) | /* SETATTR/GETATTR */
316 ((x
& 0x1c) << 18) | /* ACCEPT/BIND/LISTEN */
317 ((x
& 0x60) << 19); /* SETOPT/GETOPT */
320 void aa_compute_perms(struct aa_dfa
*dfa
, unsigned int state
,
321 struct aa_perms
*perms
)
323 *perms
= (struct aa_perms
) {
324 .allow
= dfa_user_allow(dfa
, state
),
325 .audit
= dfa_user_audit(dfa
, state
),
326 .quiet
= dfa_user_quiet(dfa
, state
),
329 /* for v5 perm mapping in the policydb, the other set is used
330 * to extend the general perm set
332 perms
->allow
|= map_other(dfa_other_allow(dfa
, state
)) | AA_MAY_LOCK
;
333 perms
->audit
|= map_other(dfa_other_audit(dfa
, state
));
334 perms
->quiet
|= map_other(dfa_other_quiet(dfa
, state
));
335 // perms->xindex = dfa_user_xindex(dfa, state);
339 * aa_perms_accum_raw - accumulate perms with out masking off overlapping perms
340 * @accum - perms struct to accumulate into
341 * @addend - perms struct to add to @accum
343 void aa_perms_accum_raw(struct aa_perms
*accum
, struct aa_perms
*addend
)
345 accum
->deny
|= addend
->deny
;
346 accum
->allow
&= addend
->allow
& ~addend
->deny
;
347 accum
->audit
|= addend
->audit
& addend
->allow
;
348 accum
->quiet
&= addend
->quiet
& ~addend
->allow
;
349 accum
->kill
|= addend
->kill
& ~addend
->allow
;
350 accum
->stop
|= addend
->stop
& ~addend
->allow
;
351 accum
->complain
|= addend
->complain
& ~addend
->allow
& ~addend
->deny
;
352 accum
->cond
|= addend
->cond
& ~addend
->allow
& ~addend
->deny
;
353 accum
->hide
&= addend
->hide
& ~addend
->allow
;
354 accum
->prompt
|= addend
->prompt
& ~addend
->allow
& ~addend
->deny
;
358 * aa_perms_accum - accumulate perms, masking off overlapping perms
359 * @accum - perms struct to accumulate into
360 * @addend - perms struct to add to @accum
362 void aa_perms_accum(struct aa_perms
*accum
, struct aa_perms
*addend
)
364 accum
->deny
|= addend
->deny
;
365 accum
->allow
&= addend
->allow
& ~accum
->deny
;
366 accum
->audit
|= addend
->audit
& accum
->allow
;
367 accum
->quiet
&= addend
->quiet
& ~accum
->allow
;
368 accum
->kill
|= addend
->kill
& ~accum
->allow
;
369 accum
->stop
|= addend
->stop
& ~accum
->allow
;
370 accum
->complain
|= addend
->complain
& ~accum
->allow
& ~accum
->deny
;
371 accum
->cond
|= addend
->cond
& ~accum
->allow
& ~accum
->deny
;
372 accum
->hide
&= addend
->hide
& ~accum
->allow
;
373 accum
->prompt
|= addend
->prompt
& ~accum
->allow
& ~accum
->deny
;
376 void aa_profile_match_label(struct aa_profile
*profile
, struct aa_label
*label
,
377 int type
, u32 request
, struct aa_perms
*perms
)
379 /* TODO: doesn't yet handle extended types */
382 state
= aa_dfa_next(profile
->policy
.dfa
,
383 profile
->policy
.start
[AA_CLASS_LABEL
],
385 aa_label_match(profile
, label
, state
, false, request
, perms
);
389 /* currently unused */
390 int aa_profile_label_perm(struct aa_profile
*profile
, struct aa_profile
*target
,
391 u32 request
, int type
, u32
*deny
,
392 struct common_audit_data
*sa
)
394 struct aa_perms perms
;
396 aad(sa
)->label
= &profile
->label
;
397 aad(sa
)->peer
= &target
->label
;
398 aad(sa
)->request
= request
;
400 aa_profile_match_label(profile
, &target
->label
, type
, request
, &perms
);
401 aa_apply_modes_to_perms(profile
, &perms
);
402 *deny
|= request
& perms
.deny
;
403 return aa_check_perms(profile
, &perms
, request
, sa
, aa_audit_perms_cb
);
407 * aa_check_perms - do audit mode selection based on perms set
408 * @profile: profile being checked
409 * @perms: perms computed for the request
410 * @request: requested perms
411 * @deny: Returns: explicit deny set
412 * @sa: initialized audit structure (MAY BE NULL if not auditing)
413 * @cb: callback fn for tpye specific fields (MAY BE NULL)
415 * Returns: 0 if permission else error code
417 * Note: profile audit modes need to be set before calling by setting the
418 * perm masks appropriately.
420 * If not auditing then complain mode is not enabled and the
421 * error code will indicate whether there was an explicit deny
422 * with a positive value.
424 int aa_check_perms(struct aa_profile
*profile
, struct aa_perms
*perms
,
425 u32 request
, struct common_audit_data
*sa
,
426 void (*cb
)(struct audit_buffer
*, void *))
429 u32 denied
= request
& (~perms
->allow
| perms
->deny
);
431 if (likely(!denied
)) {
432 /* mask off perms that are not being force audited */
433 request
&= perms
->audit
;
437 type
= AUDIT_APPARMOR_AUDIT
;
442 if (denied
& perms
->kill
)
443 type
= AUDIT_APPARMOR_KILL
;
444 else if (denied
== (denied
& perms
->complain
))
445 type
= AUDIT_APPARMOR_ALLOWED
;
447 type
= AUDIT_APPARMOR_DENIED
;
449 if (denied
== (denied
& perms
->hide
))
452 denied
&= ~perms
->quiet
;
458 aad(sa
)->label
= &profile
->label
;
459 aad(sa
)->request
= request
;
460 aad(sa
)->denied
= denied
;
461 aad(sa
)->error
= error
;
462 aa_audit_msg(type
, sa
, cb
);
465 if (type
== AUDIT_APPARMOR_ALLOWED
)
473 * aa_policy_init - initialize a policy structure
474 * @policy: policy to initialize (NOT NULL)
475 * @prefix: prefix name if any is required. (MAYBE NULL)
476 * @name: name of the policy, init will make a copy of it (NOT NULL)
477 * @gfp: allocation mode
479 * Note: this fn creates a copy of strings passed in
481 * Returns: true if policy init successful
483 bool aa_policy_init(struct aa_policy
*policy
, const char *prefix
,
484 const char *name
, gfp_t gfp
)
488 /* freed by policy_free */
490 hname
= aa_str_alloc(strlen(prefix
) + strlen(name
) + 3, gfp
);
492 sprintf(hname
, "%s//%s", prefix
, name
);
494 hname
= aa_str_alloc(strlen(name
) + 1, gfp
);
500 policy
->hname
= hname
;
501 /* base.name is a substring of fqname */
502 policy
->name
= basename(policy
->hname
);
503 INIT_LIST_HEAD(&policy
->list
);
504 INIT_LIST_HEAD(&policy
->profiles
);
510 * aa_policy_destroy - free the elements referenced by @policy
511 * @policy: policy that is to have its elements freed (NOT NULL)
513 void aa_policy_destroy(struct aa_policy
*policy
)
515 AA_BUG(on_list_rcu(&policy
->profiles
));
516 AA_BUG(on_list_rcu(&policy
->list
));
518 /* don't free name as its a subset of hname */
519 aa_put_str(policy
->hname
);