summaryrefslogtreecommitdiff
path: root/security/apparmor/ipc.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/apparmor/ipc.c')
-rw-r--r--security/apparmor/ipc.c140
1 files changed, 78 insertions, 62 deletions
diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c
index edac790923c3..11e66b5bbc42 100644
--- a/security/apparmor/ipc.c
+++ b/security/apparmor/ipc.c
@@ -4,7 +4,7 @@
* This file contains AppArmor ipc mediation
*
* Copyright (C) 1998-2008 Novell/SUSE
- * Copyright 2009-2010 Canonical Ltd.
+ * Copyright 2009-2017 Canonical Ltd.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
@@ -21,87 +21,103 @@
#include "include/policy.h"
#include "include/ipc.h"
+/**
+ * audit_ptrace_mask - convert mask to permission string
+ * @buffer: buffer to write string to (NOT NULL)
+ * @mask: permission mask to convert
+ */
+static void audit_ptrace_mask(struct audit_buffer *ab, u32 mask)
+{
+ switch (mask) {
+ case MAY_READ:
+ audit_log_string(ab, "read");
+ break;
+ case MAY_WRITE:
+ audit_log_string(ab, "trace");
+ break;
+ case AA_MAY_BE_READ:
+ audit_log_string(ab, "readby");
+ break;
+ case AA_MAY_BE_TRACED:
+ audit_log_string(ab, "tracedby");
+ break;
+ }
+}
+
/* call back to audit ptrace fields */
-static void audit_cb(struct audit_buffer *ab, void *va)
+static void audit_ptrace_cb(struct audit_buffer *ab, void *va)
{
struct common_audit_data *sa = va;
+
+ if (aad(sa)->request & AA_PTRACE_PERM_MASK) {
+ audit_log_format(ab, " requested_mask=");
+ audit_ptrace_mask(ab, aad(sa)->request);
+
+ if (aad(sa)->denied & AA_PTRACE_PERM_MASK) {
+ audit_log_format(ab, " denied_mask=");
+ audit_ptrace_mask(ab, aad(sa)->denied);
+ }
+ }
audit_log_format(ab, " peer=");
- audit_log_untrustedstring(ab, aad(sa)->peer->base.hname);
+ aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer,
+ FLAGS_NONE, GFP_ATOMIC);
}
-/**
- * aa_audit_ptrace - do auditing for ptrace
- * @profile: profile being enforced (NOT NULL)
- * @target: profile being traced (NOT NULL)
- * @error: error condition
- *
- * Returns: %0 or error code
- */
-static int aa_audit_ptrace(struct aa_profile *profile,
- struct aa_profile *target, int error)
+/* TODO: conditionals */
+static int profile_ptrace_perm(struct aa_profile *profile,
+ struct aa_profile *peer, u32 request,
+ struct common_audit_data *sa)
{
- DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, OP_PTRACE);
+ struct aa_perms perms = { };
- aad(&sa)->peer = target;
- aad(&sa)->error = error;
+ /* need because of peer in cross check */
+ if (profile_unconfined(profile) ||
+ !PROFILE_MEDIATES(profile, AA_CLASS_PTRACE))
+ return 0;
- return aa_audit(AUDIT_APPARMOR_AUTO, profile, &sa, audit_cb);
+ aad(sa)->peer = &peer->label;
+ aa_profile_match_label(profile, &peer->label, AA_CLASS_PTRACE, request,
+ &perms);
+ aa_apply_modes_to_perms(profile, &perms);
+ return aa_check_perms(profile, &perms, request, sa, audit_ptrace_cb);
}
-/**
- * aa_may_ptrace - test if tracer task can trace the tracee
- * @tracer: profile of the task doing the tracing (NOT NULL)
- * @tracee: task to be traced
- * @mode: whether PTRACE_MODE_READ || PTRACE_MODE_ATTACH
- *
- * Returns: %0 else error code if permission denied or error
- */
-int aa_may_ptrace(struct aa_profile *tracer, struct aa_profile *tracee,
- unsigned int mode)
+static int cross_ptrace_perm(struct aa_profile *tracer,
+ struct aa_profile *tracee, u32 request,
+ struct common_audit_data *sa)
{
- /* TODO: currently only based on capability, not extended ptrace
- * rules,
- * Test mode for PTRACE_MODE_READ || PTRACE_MODE_ATTACH
- */
-
- if (unconfined(tracer) || tracer == tracee)
+ if (PROFILE_MEDIATES(tracer, AA_CLASS_PTRACE))
+ return xcheck(profile_ptrace_perm(tracer, tracee, request, sa),
+ profile_ptrace_perm(tracee, tracer,
+ request << PTRACE_PERM_SHIFT,
+ sa));
+ /* policy uses the old style capability check for ptrace */
+ if (profile_unconfined(tracer) || tracer == tracee)
return 0;
- /* log this capability request */
- return aa_capable(tracer, CAP_SYS_PTRACE, 1);
+
+ aad(sa)->label = &tracer->label;
+ aad(sa)->peer = &tracee->label;
+ aad(sa)->request = 0;
+ aad(sa)->error = aa_capable(&tracer->label, CAP_SYS_PTRACE, 1);
+
+ return aa_audit(AUDIT_APPARMOR_AUTO, tracer, sa, audit_ptrace_cb);
}
/**
- * aa_ptrace - do ptrace permission check and auditing
- * @tracer: task doing the tracing (NOT NULL)
- * @tracee: task being traced (NOT NULL)
- * @mode: ptrace mode either PTRACE_MODE_READ || PTRACE_MODE_ATTACH
+ * aa_may_ptrace - test if tracer task can trace the tracee
+ * @tracer: label of the task doing the tracing (NOT NULL)
+ * @tracee: task label to be traced
+ * @request: permission request
*
* Returns: %0 else error code if permission denied or error
*/
-int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee,
- unsigned int mode)
+int aa_may_ptrace(struct aa_label *tracer, struct aa_label *tracee,
+ u32 request)
{
- /*
- * tracer can ptrace tracee when
- * - tracer is unconfined ||
- * - tracer is in complain mode
- * - tracer has rules allowing it to trace tracee currently this is:
- * - confined by the same profile ||
- * - tracer profile has CAP_SYS_PTRACE
- */
-
- struct aa_profile *tracer_p = aa_get_task_profile(tracer);
- int error = 0;
-
- if (!unconfined(tracer_p)) {
- struct aa_profile *tracee_p = aa_get_task_profile(tracee);
+ DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, OP_PTRACE);
- error = aa_may_ptrace(tracer_p, tracee_p, mode);
- error = aa_audit_ptrace(tracer_p, tracee_p, error);
+ return xcheck_labels_profiles(tracer, tracee, cross_ptrace_perm,
+ request, &sa);
+}
- aa_put_profile(tracee_p);
- }
- aa_put_profile(tracer_p);
- return error;
-}