capability.c 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148
  1. /*
  2. * AppArmor security module
  3. *
  4. * This file contains AppArmor capability mediation functions
  5. *
  6. * Copyright (C) 1998-2008 Novell/SUSE
  7. * Copyright 2009-2010 Canonical Ltd.
  8. *
  9. * This program is free software; you can redistribute it and/or
  10. * modify it under the terms of the GNU General Public License as
  11. * published by the Free Software Foundation, version 2 of the
  12. * License.
  13. */
  14. #include <linux/capability.h>
  15. #include <linux/errno.h>
  16. #include <linux/gfp.h>
  17. #include "include/apparmor.h"
  18. #include "include/capability.h"
  19. #include "include/context.h"
  20. #include "include/policy.h"
  21. #include "include/audit.h"
  22. /*
  23. * Table of capability names: we generate it from capabilities.h.
  24. */
  25. #include "capability_names.h"
  26. struct aa_fs_entry aa_fs_entry_caps[] = {
  27. AA_FS_FILE_STRING("mask", AA_FS_CAPS_MASK),
  28. { }
  29. };
  30. struct audit_cache {
  31. struct aa_profile *profile;
  32. kernel_cap_t caps;
  33. };
  34. static DEFINE_PER_CPU(struct audit_cache, audit_cache);
  35. /**
  36. * audit_cb - call back for capability components of audit struct
  37. * @ab - audit buffer (NOT NULL)
  38. * @va - audit struct to audit data from (NOT NULL)
  39. */
  40. static void audit_cb(struct audit_buffer *ab, void *va)
  41. {
  42. struct common_audit_data *sa = va;
  43. audit_log_format(ab, " capname=");
  44. audit_log_untrustedstring(ab, capability_names[sa->u.cap]);
  45. }
  46. /**
  47. * audit_caps - audit a capability
  48. * @profile: profile confining task (NOT NULL)
  49. * @task: task capability test was performed against (NOT NULL)
  50. * @cap: capability tested
  51. * @error: error code returned by test
  52. *
  53. * Do auditing of capability and handle, audit/complain/kill modes switching
  54. * and duplicate message elimination.
  55. *
  56. * Returns: 0 or sa->error on success, error code on failure
  57. */
  58. static int audit_caps(struct aa_profile *profile, struct task_struct *task,
  59. int cap, int error)
  60. {
  61. struct audit_cache *ent;
  62. int type = AUDIT_APPARMOR_AUTO;
  63. struct common_audit_data sa;
  64. struct apparmor_audit_data aad = {0,};
  65. sa.type = LSM_AUDIT_DATA_CAP;
  66. sa.aad = &aad;
  67. sa.u.cap = cap;
  68. sa.aad->tsk = task;
  69. sa.aad->op = OP_CAPABLE;
  70. sa.aad->error = error;
  71. if (likely(!error)) {
  72. /* test if auditing is being forced */
  73. if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
  74. !cap_raised(profile->caps.audit, cap)))
  75. return 0;
  76. type = AUDIT_APPARMOR_AUDIT;
  77. } else if (KILL_MODE(profile) ||
  78. cap_raised(profile->caps.kill, cap)) {
  79. type = AUDIT_APPARMOR_KILL;
  80. } else if (cap_raised(profile->caps.quiet, cap) &&
  81. AUDIT_MODE(profile) != AUDIT_NOQUIET &&
  82. AUDIT_MODE(profile) != AUDIT_ALL) {
  83. /* quiet auditing */
  84. return error;
  85. }
  86. /* Do simple duplicate message elimination */
  87. ent = &get_cpu_var(audit_cache);
  88. if (profile == ent->profile && cap_raised(ent->caps, cap)) {
  89. put_cpu_var(audit_cache);
  90. if (COMPLAIN_MODE(profile))
  91. return complain_error(error);
  92. return error;
  93. } else {
  94. aa_put_profile(ent->profile);
  95. ent->profile = aa_get_profile(profile);
  96. cap_raise(ent->caps, cap);
  97. }
  98. put_cpu_var(audit_cache);
  99. return aa_audit(type, profile, GFP_ATOMIC, &sa, audit_cb);
  100. }
  101. /**
  102. * profile_capable - test if profile allows use of capability @cap
  103. * @profile: profile being enforced (NOT NULL, NOT unconfined)
  104. * @cap: capability to test if allowed
  105. *
  106. * Returns: 0 if allowed else -EPERM
  107. */
  108. static int profile_capable(struct aa_profile *profile, int cap)
  109. {
  110. return cap_raised(profile->caps.allow, cap) ? 0 : -EPERM;
  111. }
  112. /**
  113. * aa_capable - test permission to use capability
  114. * @task: task doing capability test against (NOT NULL)
  115. * @profile: profile confining @task (NOT NULL)
  116. * @cap: capability to be tested
  117. * @audit: whether an audit record should be generated
  118. *
  119. * Look up capability in profile capability set.
  120. *
  121. * Returns: 0 on success, or else an error code.
  122. */
  123. int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap,
  124. int audit)
  125. {
  126. int error = profile_capable(profile, cap);
  127. if (!audit) {
  128. if (COMPLAIN_MODE(profile))
  129. return complain_error(error);
  130. return error;
  131. }
  132. return audit_caps(profile, task, cap, error);
  133. }