]>
git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - security/apparmor/lib.c
2 * AppArmor security module
4 * This file contains basic common functions used in AppArmor
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
15 #include <linux/ctype.h>
17 #include <linux/slab.h>
18 #include <linux/string.h>
19 #include <linux/vmalloc.h>
21 #include "include/audit.h"
22 #include "include/apparmor.h"
23 #include "include/lib.h"
24 #include "include/perms.h"
25 #include "include/policy.h"
27 struct aa_perms nullperms
;
28 struct aa_perms allperms
= { .allow
= ALL_PERMS_MASK
,
29 .quiet
= ALL_PERMS_MASK
,
30 .hide
= ALL_PERMS_MASK
};
33 * aa_split_fqname - split a fqname into a profile and namespace name
34 * @fqname: a full qualified name in namespace profile format (NOT NULL)
35 * @ns_name: pointer to portion of the string containing the ns name (NOT NULL)
37 * Returns: profile name or NULL if one is not specified
39 * Split a namespace name from a profile name (see policy.c for naming
40 * description). If a portion of the name is missing it returns NULL for
43 * NOTE: may modify the @fqname string. The pointers returned point
44 * into the @fqname string.
46 char *aa_split_fqname(char *fqname
, char **ns_name
)
48 char *name
= strim(fqname
);
52 char *split
= strchr(&name
[1], ':');
53 *ns_name
= skip_spaces(&name
[1]);
55 /* overwrite ':' with \0 */
57 if (strncmp(split
, "//", 2) == 0)
59 name
= skip_spaces(split
);
61 /* a ns name without a following profile is allowed */
64 if (name
&& *name
== 0)
71 * skipn_spaces - Removes leading whitespace from @str.
72 * @str: The string to be stripped.
74 * Returns a pointer to the first non-whitespace character in @str.
75 * if all whitespace will return NULL
78 const char *skipn_spaces(const char *str
, size_t n
)
80 for (; n
&& isspace(*str
); --n
)
87 const char *aa_splitn_fqname(const char *fqname
, size_t n
, const char **ns_name
,
90 const char *end
= fqname
+ n
;
91 const char *name
= skipn_spaces(fqname
, n
);
98 char *split
= strnchr(&name
[1], end
- &name
[1], ':');
99 *ns_name
= skipn_spaces(&name
[1], end
- &name
[1]);
103 *ns_len
= split
- *ns_name
;
107 if (end
- split
> 1 && strncmp(split
, "//", 2) == 0)
109 name
= skipn_spaces(split
, end
- split
);
111 /* a ns name without a following profile is allowed */
113 *ns_len
= end
- *ns_name
;
116 if (name
&& *name
== 0)
123 * aa_info_message - log a none profile related status message
124 * @str: message to log
126 void aa_info_message(const char *str
)
129 DEFINE_AUDIT_DATA(sa
, LSM_AUDIT_DATA_NONE
, NULL
);
131 aad(&sa
)->info
= str
;
132 aa_audit_msg(AUDIT_APPARMOR_STATUS
, &sa
, NULL
);
134 printk(KERN_INFO
"AppArmor: %s\n", str
);
137 __counted
char *aa_str_alloc(int size
, gfp_t gfp
)
139 struct counted_str
*str
;
141 str
= kmalloc(sizeof(struct counted_str
) + size
, gfp
);
145 kref_init(&str
->count
);
149 void aa_str_kref(struct kref
*kref
)
151 kfree(container_of(kref
, struct counted_str
, count
));
155 const char aa_file_perm_chrs
[] = "xwracd km l ";
156 const char *aa_file_perm_names
[] = {
199 * aa_perm_mask_to_str - convert a perm mask to its short string
200 * @str: character buffer to store string in (at least 10 characters)
201 * @mask: permission mask to convert
203 void aa_perm_mask_to_str(char *str
, const char *chrs
, u32 mask
)
205 unsigned int i
, perm
= 1;
207 for (i
= 0; i
< 32; perm
<<= 1, i
++) {
214 void aa_audit_perm_names(struct audit_buffer
*ab
, const char * const *names
,
217 const char *fmt
= "%s";
218 unsigned int i
, perm
= 1;
221 for (i
= 0; i
< 32; perm
<<= 1, i
++) {
223 audit_log_format(ab
, fmt
, names
[i
]);
232 void aa_audit_perm_mask(struct audit_buffer
*ab
, u32 mask
, const char *chrs
,
233 u32 chrsmask
, const char * const *names
, u32 namesmask
)
237 audit_log_format(ab
, "\"");
238 if ((mask
& chrsmask
) && chrs
) {
239 aa_perm_mask_to_str(str
, chrs
, mask
& chrsmask
);
241 audit_log_format(ab
, "%s", str
);
242 if (mask
& namesmask
)
243 audit_log_format(ab
, " ");
245 if ((mask
& namesmask
) && names
)
246 aa_audit_perm_names(ab
, names
, mask
& namesmask
);
247 audit_log_format(ab
, "\"");
251 * aa_audit_perms_cb - generic callback fn for auditing perms
252 * @ab: audit buffer (NOT NULL)
253 * @va: audit struct to audit values of (NOT NULL)
255 static void aa_audit_perms_cb(struct audit_buffer
*ab
, void *va
)
257 struct common_audit_data
*sa
= va
;
259 if (aad(sa
)->request
) {
260 audit_log_format(ab
, " requested_mask=");
261 aa_audit_perm_mask(ab
, aad(sa
)->request
, aa_file_perm_chrs
,
262 PERMS_CHRS_MASK
, aa_file_perm_names
,
265 if (aad(sa
)->denied
) {
266 audit_log_format(ab
, "denied_mask=");
267 aa_audit_perm_mask(ab
, aad(sa
)->denied
, aa_file_perm_chrs
,
268 PERMS_CHRS_MASK
, aa_file_perm_names
,
271 audit_log_format(ab
, " peer=");
272 aa_label_xaudit(ab
, labels_ns(aad(sa
)->label
), aad(sa
)->peer
,
273 FLAGS_NONE
, GFP_ATOMIC
);
277 * aa_apply_modes_to_perms - apply namespace and profile flags to perms
278 * @profile: that perms where computed from
279 * @perms: perms to apply mode modifiers to
281 * TODO: split into profile and ns based flags for when accumulating perms
283 void aa_apply_modes_to_perms(struct aa_profile
*profile
, struct aa_perms
*perms
)
285 switch (AUDIT_MODE(profile
)) {
287 perms
->audit
= ALL_PERMS_MASK
;
295 case AUDIT_QUIET_DENIED
:
296 perms
->quiet
= ALL_PERMS_MASK
;
300 if (KILL_MODE(profile
))
301 perms
->kill
= ALL_PERMS_MASK
;
302 else if (COMPLAIN_MODE(profile
))
303 perms
->complain
= ALL_PERMS_MASK
;
306 * else if (PROMPT_MODE(profile))
307 * perms->prompt = ALL_PERMS_MASK;
311 static u32
map_other(u32 x
)
313 return ((x
& 0x3) << 8) | /* SETATTR/GETATTR */
314 ((x
& 0x1c) << 18) | /* ACCEPT/BIND/LISTEN */
315 ((x
& 0x60) << 19); /* SETOPT/GETOPT */
318 void aa_compute_perms(struct aa_dfa
*dfa
, unsigned int state
,
319 struct aa_perms
*perms
)
321 *perms
= (struct aa_perms
) {
322 .allow
= dfa_user_allow(dfa
, state
),
323 .audit
= dfa_user_audit(dfa
, state
),
324 .quiet
= dfa_user_quiet(dfa
, state
),
327 /* for v5 perm mapping in the policydb, the other set is used
328 * to extend the general perm set
330 perms
->allow
|= map_other(dfa_other_allow(dfa
, state
)) | AA_MAY_LOCK
;
331 perms
->audit
|= map_other(dfa_other_audit(dfa
, state
));
332 perms
->quiet
|= map_other(dfa_other_quiet(dfa
, state
));
333 // perms->xindex = dfa_user_xindex(dfa, state);
337 * aa_perms_accum_raw - accumulate perms with out masking off overlapping perms
338 * @accum - perms struct to accumulate into
339 * @addend - perms struct to add to @accum
341 void aa_perms_accum_raw(struct aa_perms
*accum
, struct aa_perms
*addend
)
343 accum
->deny
|= addend
->deny
;
344 accum
->allow
&= addend
->allow
& ~addend
->deny
;
345 accum
->audit
|= addend
->audit
& addend
->allow
;
346 accum
->quiet
&= addend
->quiet
& ~addend
->allow
;
347 accum
->kill
|= addend
->kill
& ~addend
->allow
;
348 accum
->stop
|= addend
->stop
& ~addend
->allow
;
349 accum
->complain
|= addend
->complain
& ~addend
->allow
& ~addend
->deny
;
350 accum
->cond
|= addend
->cond
& ~addend
->allow
& ~addend
->deny
;
351 accum
->hide
&= addend
->hide
& ~addend
->allow
;
352 accum
->prompt
|= addend
->prompt
& ~addend
->allow
& ~addend
->deny
;
356 * aa_perms_accum - accumulate perms, masking off overlapping perms
357 * @accum - perms struct to accumulate into
358 * @addend - perms struct to add to @accum
360 void aa_perms_accum(struct aa_perms
*accum
, struct aa_perms
*addend
)
362 accum
->deny
|= addend
->deny
;
363 accum
->allow
&= addend
->allow
& ~accum
->deny
;
364 accum
->audit
|= addend
->audit
& accum
->allow
;
365 accum
->quiet
&= addend
->quiet
& ~accum
->allow
;
366 accum
->kill
|= addend
->kill
& ~accum
->allow
;
367 accum
->stop
|= addend
->stop
& ~accum
->allow
;
368 accum
->complain
|= addend
->complain
& ~accum
->allow
& ~accum
->deny
;
369 accum
->cond
|= addend
->cond
& ~accum
->allow
& ~accum
->deny
;
370 accum
->hide
&= addend
->hide
& ~accum
->allow
;
371 accum
->prompt
|= addend
->prompt
& ~accum
->allow
& ~accum
->deny
;
374 void aa_profile_match_label(struct aa_profile
*profile
, struct aa_label
*label
,
375 int type
, u32 request
, struct aa_perms
*perms
)
377 /* TODO: doesn't yet handle extended types */
380 state
= aa_dfa_next(profile
->policy
.dfa
,
381 profile
->policy
.start
[AA_CLASS_LABEL
],
383 aa_label_match(profile
, label
, state
, false, request
, perms
);
387 /* currently unused */
388 int aa_profile_label_perm(struct aa_profile
*profile
, struct aa_profile
*target
,
389 u32 request
, int type
, u32
*deny
,
390 struct common_audit_data
*sa
)
392 struct aa_perms perms
;
394 aad(sa
)->label
= &profile
->label
;
395 aad(sa
)->peer
= &target
->label
;
396 aad(sa
)->request
= request
;
398 aa_profile_match_label(profile
, &target
->label
, type
, request
, &perms
);
399 aa_apply_modes_to_perms(profile
, &perms
);
400 *deny
|= request
& perms
.deny
;
401 return aa_check_perms(profile
, &perms
, request
, sa
, aa_audit_perms_cb
);
405 * aa_check_perms - do audit mode selection based on perms set
406 * @profile: profile being checked
407 * @perms: perms computed for the request
408 * @request: requested perms
409 * @deny: Returns: explicit deny set
410 * @sa: initialized audit structure (MAY BE NULL if not auditing)
411 * @cb: callback fn for tpye specific fields (MAY BE NULL)
413 * Returns: 0 if permission else error code
415 * Note: profile audit modes need to be set before calling by setting the
416 * perm masks appropriately.
418 * If not auditing then complain mode is not enabled and the
419 * error code will indicate whether there was an explicit deny
420 * with a positive value.
422 int aa_check_perms(struct aa_profile
*profile
, struct aa_perms
*perms
,
423 u32 request
, struct common_audit_data
*sa
,
424 void (*cb
)(struct audit_buffer
*, void *))
427 u32 denied
= request
& (~perms
->allow
| perms
->deny
);
429 if (likely(!denied
)) {
430 /* mask off perms that are not being force audited */
431 request
&= perms
->audit
;
435 type
= AUDIT_APPARMOR_AUDIT
;
440 if (denied
& perms
->kill
)
441 type
= AUDIT_APPARMOR_KILL
;
442 else if (denied
== (denied
& perms
->complain
))
443 type
= AUDIT_APPARMOR_ALLOWED
;
445 type
= AUDIT_APPARMOR_DENIED
;
447 if (denied
== (denied
& perms
->hide
))
450 denied
&= ~perms
->quiet
;
456 aad(sa
)->label
= &profile
->label
;
457 aad(sa
)->request
= request
;
458 aad(sa
)->denied
= denied
;
459 aad(sa
)->error
= error
;
460 aa_audit_msg(type
, sa
, cb
);
463 if (type
== AUDIT_APPARMOR_ALLOWED
)
471 * aa_policy_init - initialize a policy structure
472 * @policy: policy to initialize (NOT NULL)
473 * @prefix: prefix name if any is required. (MAYBE NULL)
474 * @name: name of the policy, init will make a copy of it (NOT NULL)
475 * @gfp: allocation mode
477 * Note: this fn creates a copy of strings passed in
479 * Returns: true if policy init successful
481 bool aa_policy_init(struct aa_policy
*policy
, const char *prefix
,
482 const char *name
, gfp_t gfp
)
486 /* freed by policy_free */
488 hname
= aa_str_alloc(strlen(prefix
) + strlen(name
) + 3, gfp
);
490 sprintf(hname
, "%s//%s", prefix
, name
);
492 hname
= aa_str_alloc(strlen(name
) + 1, gfp
);
498 policy
->hname
= hname
;
499 /* base.name is a substring of fqname */
500 policy
->name
= basename(policy
->hname
);
501 INIT_LIST_HEAD(&policy
->list
);
502 INIT_LIST_HEAD(&policy
->profiles
);
508 * aa_policy_destroy - free the elements referenced by @policy
509 * @policy: policy that is to have its elements freed (NOT NULL)
511 void aa_policy_destroy(struct aa_policy
*policy
)
513 AA_BUG(on_list_rcu(&policy
->profiles
));
514 AA_BUG(on_list_rcu(&policy
->list
));
516 /* don't free name as its a subset of hname */
517 aa_put_str(policy
->hname
);