UBUNTU: SAUCE: (no-up) apparmor: rebase of apparmor3.5-beta1 snapshot for 4.8

[mirror_ubuntu-zesty-kernel.git] / security / apparmor / capability.c

diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
index 1101c6f64bb7cb36602957ef2bcbc1538ee8aa63..3c3b69b613734cd0b4ec7f03c43d6f8ec2f13476 100644 (file)
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -53,6 +53,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
 
 /**
  * audit_caps - audit a capability
+ * @sa: audit data
  * @profile: profile being tested for confinement (NOT NULL)
  * @cap: capability tested
  * @error: error code returned by test
@@ -62,17 +63,12 @@ static void audit_cb(struct audit_buffer *ab, void *va)
  *
  * Returns: 0 or sa->error on success,  error code on failure
  */
-static int audit_caps(struct aa_profile *profile, int cap, int error)
+static int audit_caps(struct common_audit_data *sa, struct aa_profile *profile,
+                     int cap, int error)
 {
        struct audit_cache *ent;
        int type = AUDIT_APPARMOR_AUTO;
-       struct common_audit_data sa;
-       struct apparmor_audit_data aad = {0,};
-       sa.type = LSM_AUDIT_DATA_CAP;
-       sa.aad = &aad;
-       sa.u.cap = cap;
-       sa.aad->op = OP_CAPABLE;
-       sa.aad->error = error;
+       aad(sa)->error = error;
 
        if (likely(!error)) {
                /* test if auditing is being forced */
@@ -104,24 +100,44 @@ static int audit_caps(struct aa_profile *profile, int cap, int error)
        }
        put_cpu_var(audit_cache);
 
-       return aa_audit(type, profile, GFP_ATOMIC, &sa, audit_cb);
+       return aa_audit(type, profile, sa, audit_cb);
 }
 
 /**
  * profile_capable - test if profile allows use of capability @cap
  * @profile: profile being enforced    (NOT NULL, NOT unconfined)
  * @cap: capability to test if allowed
+ * @audit: whether an audit record should be generated
+ * @sa: audit data (MAY BE NULL indicating no auditing)
  *
  * Returns: 0 if allowed else -EPERM
  */
-static int profile_capable(struct aa_profile *profile, int cap)
+static int profile_capable(struct aa_profile *profile, int cap, int audit,
+                          struct common_audit_data *sa)
 {
-       return cap_raised(profile->caps.allow, cap) ? 0 : -EPERM;
+       int error;
+
+       if (cap_raised(profile->caps.allow, cap) &&
+           !cap_raised(profile->caps.denied, cap))
+               error = 0;
+       else
+               error = -EPERM;
+
+       if (audit == SECURITY_CAP_NOAUDIT) {
+               if (!COMPLAIN_MODE(profile))
+                      return error;
+              /* audit the cap request in complain mode but note that it
+               * should be optional.
+               */
+              aad(sa)->info = "optional: no audit";
+       }
+
+       return audit_caps(sa, profile, cap, error);
 }
 
 /**
  * aa_capable - test permission to use capability
- * @profile: profile being tested against (NOT NULL)
+ * @label: label being tested for capability (NOT NULL)
  * @cap: capability to be tested
  * @audit: whether an audit record should be generated
  *
@@ -129,15 +145,15 @@ static int profile_capable(struct aa_profile *profile, int cap)
  *
  * Returns: 0 on success, or else an error code.
  */
-int aa_capable(struct aa_profile *profile, int cap, int audit)
+int aa_capable(struct aa_label *label, int cap, int audit)
 {
-       int error = profile_capable(profile, cap);
+       struct aa_profile *profile;
+       int error = 0;
+       DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_CAP, OP_CAPABLE);
+       sa.u.cap = cap;
 
-       if (!audit) {
-               if (COMPLAIN_MODE(profile))
-                       return complain_error(error);
-               return error;
-       }
+       error = fn_for_each_confined(label, profile,
+                       profile_capable(profile, cap, audit, &sa));
 
-       return audit_caps(profile, cap, error);
+       return error;
 }