linux/security/apparmor/capability.c
<<
>>
Prefs
   1/*
   2 * AppArmor security module
   3 *
   4 * This file contains AppArmor capability mediation functions
   5 *
   6 * Copyright (C) 1998-2008 Novell/SUSE
   7 * Copyright 2009-2010 Canonical Ltd.
   8 *
   9 * This program is free software; you can redistribute it and/or
  10 * modify it under the terms of the GNU General Public License as
  11 * published by the Free Software Foundation, version 2 of the
  12 * License.
  13 */
  14
  15#include <linux/capability.h>
  16#include <linux/errno.h>
  17#include <linux/gfp.h>
  18
  19#include "include/apparmor.h"
  20#include "include/capability.h"
  21#include "include/context.h"
  22#include "include/policy.h"
  23#include "include/audit.h"
  24
  25/*
  26 * Table of capability names: we generate it from capabilities.h.
  27 */
  28#include "capability_names.h"
  29
  30struct audit_cache {
  31        struct aa_profile *profile;
  32        kernel_cap_t caps;
  33};
  34
  35static DEFINE_PER_CPU(struct audit_cache, audit_cache);
  36
  37/**
  38 * audit_cb - call back for capability components of audit struct
  39 * @ab - audit buffer   (NOT NULL)
  40 * @va - audit struct to audit data from  (NOT NULL)
  41 */
  42static void audit_cb(struct audit_buffer *ab, void *va)
  43{
  44        struct common_audit_data *sa = va;
  45        audit_log_format(ab, " capname=");
  46        audit_log_untrustedstring(ab, capability_names[sa->u.cap]);
  47}
  48
  49/**
  50 * audit_caps - audit a capability
  51 * @profile: profile confining task (NOT NULL)
  52 * @task: task capability test was performed against (NOT NULL)
  53 * @cap: capability tested
  54 * @error: error code returned by test
  55 *
  56 * Do auditing of capability and handle, audit/complain/kill modes switching
  57 * and duplicate message elimination.
  58 *
  59 * Returns: 0 or sa->error on success,  error code on failure
  60 */
  61static int audit_caps(struct aa_profile *profile, struct task_struct *task,
  62                      int cap, int error)
  63{
  64        struct audit_cache *ent;
  65        int type = AUDIT_APPARMOR_AUTO;
  66        struct common_audit_data sa;
  67        struct apparmor_audit_data aad = {0,};
  68        sa.type = LSM_AUDIT_DATA_CAP;
  69        sa.aad = &aad;
  70        sa.u.cap = cap;
  71        sa.aad->tsk = task;
  72        sa.aad->op = OP_CAPABLE;
  73        sa.aad->error = error;
  74
  75        if (likely(!error)) {
  76                /* test if auditing is being forced */
  77                if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
  78                           !cap_raised(profile->caps.audit, cap)))
  79                        return 0;
  80                type = AUDIT_APPARMOR_AUDIT;
  81        } else if (KILL_MODE(profile) ||
  82                   cap_raised(profile->caps.kill, cap)) {
  83                type = AUDIT_APPARMOR_KILL;
  84        } else if (cap_raised(profile->caps.quiet, cap) &&
  85                   AUDIT_MODE(profile) != AUDIT_NOQUIET &&
  86                   AUDIT_MODE(profile) != AUDIT_ALL) {
  87                /* quiet auditing */
  88                return error;
  89        }
  90
  91        /* Do simple duplicate message elimination */
  92        ent = &get_cpu_var(audit_cache);
  93        if (profile == ent->profile && cap_raised(ent->caps, cap)) {
  94                put_cpu_var(audit_cache);
  95                if (COMPLAIN_MODE(profile))
  96                        return complain_error(error);
  97                return error;
  98        } else {
  99                aa_put_profile(ent->profile);
 100                ent->profile = aa_get_profile(profile);
 101                cap_raise(ent->caps, cap);
 102        }
 103        put_cpu_var(audit_cache);
 104
 105        return aa_audit(type, profile, GFP_ATOMIC, &sa, audit_cb);
 106}
 107
 108/**
 109 * profile_capable - test if profile allows use of capability @cap
 110 * @profile: profile being enforced    (NOT NULL, NOT unconfined)
 111 * @cap: capability to test if allowed
 112 *
 113 * Returns: 0 if allowed else -EPERM
 114 */
 115static int profile_capable(struct aa_profile *profile, int cap)
 116{
 117        return cap_raised(profile->caps.allow, cap) ? 0 : -EPERM;
 118}
 119
 120/**
 121 * aa_capable - test permission to use capability
 122 * @task: task doing capability test against (NOT NULL)
 123 * @profile: profile confining @task (NOT NULL)
 124 * @cap: capability to be tested
 125 * @audit: whether an audit record should be generated
 126 *
 127 * Look up capability in profile capability set.
 128 *
 129 * Returns: 0 on success, or else an error code.
 130 */
 131int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap,
 132               int audit)
 133{
 134        int error = profile_capable(profile, cap);
 135
 136        if (!audit) {
 137                if (COMPLAIN_MODE(profile))
 138                        return complain_error(error);
 139                return error;
 140        }
 141
 142        return audit_caps(profile, task, cap, error);
 143}
 144
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.