[linux-2.6-block.git] / security / apparmor / ipc.c

/*
 * AppArmor security module
 *
 * This file contains AppArmor ipc mediation
 *
 * Copyright (C) 1998-2008 Novell/SUSE
 * Copyright 2009-2010 Canonical Ltd.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation, version 2 of the
 * License.
 */

#include <linux/gfp.h>
#include <linux/ptrace.h>

#include "include/audit.h"
#include "include/capability.h"
#include "include/context.h"
#include "include/policy.h"
#include "include/ipc.h"

/* call back to audit ptrace fields */
static void audit_cb(struct audit_buffer *ab, void *va)
{
	struct common_audit_data *sa = va;
	audit_log_format(ab, " target=");
	audit_log_untrustedstring(ab, sa->aad.target);
}

/**
 * aa_audit_ptrace - do auditing for ptrace
 * @profile: profile being enforced  (NOT NULL)
 * @target: profile being traced (NOT NULL)
 * @error: error condition
 *
 * Returns: %0 or error code
 */
static int aa_audit_ptrace(struct aa_profile *profile,
			   struct aa_profile *target, int error)
{
	struct common_audit_data sa;
	COMMON_AUDIT_DATA_INIT(&sa, NONE);
	sa.aad.op = OP_PTRACE;
	sa.aad.target = target;
	sa.aad.error = error;

	return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_ATOMIC, &sa,
			audit_cb);
}

/**
 * aa_may_ptrace - test if tracer task can trace the tracee
 * @tracer_task: task who will do the tracing  (NOT NULL)
 * @tracer: profile of the task doing the tracing  (NOT NULL)
 * @tracee: task to be traced
 * @mode: whether PTRACE_MODE_READ || PTRACE_MODE_ATTACH
 *
 * Returns: %0 else error code if permission denied or error
 */
int aa_may_ptrace(struct task_struct *tracer_task, struct aa_profile *tracer,
		  struct aa_profile *tracee, unsigned int mode)
{
	/* TODO: currently only based on capability, not extended ptrace
	 *       rules,
	 *       Test mode for PTRACE_MODE_READ || PTRACE_MODE_ATTACH
	 */

	if (unconfined(tracer) || tracer == tracee)
		return 0;
	/* log this capability request */
	return aa_capable(tracer_task, tracer, CAP_SYS_PTRACE, 1);
}

/**
 * aa_ptrace - do ptrace permission check and auditing
 * @tracer: task doing the tracing (NOT NULL)
 * @tracee: task being traced (NOT NULL)
 * @mode: ptrace mode either PTRACE_MODE_READ || PTRACE_MODE_ATTACH
 *
 * Returns: %0 else error code if permission denied or error
 */
int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee,
	      unsigned int mode)
{
	/*
	 * tracer can ptrace tracee when
	 * - tracer is unconfined ||
	 *   - tracer is in complain mode
	 *   - tracer has rules allowing it to trace tracee currently this is:
	 *       - confined by the same profile ||
	 *       - tracer profile has CAP_SYS_PTRACE
	 */

	struct aa_profile *tracer_p;
	/* cred released below */
	const struct cred *cred = get_task_cred(tracer);
	int error = 0;
	tracer_p = aa_cred_profile(cred);

	if (!unconfined(tracer_p)) {
		/* lcred released below */
		const struct cred *lcred = get_task_cred(tracee);
		struct aa_profile *tracee_p = aa_cred_profile(lcred);

		error = aa_may_ptrace(tracer, tracer_p, tracee_p, mode);
		error = aa_audit_ptrace(tracer_p, tracee_p, error);

		put_cred(lcred);
	}
	put_cred(cred);

	return error;
}
Commit	Line	Data
0ed3b28a JJ	1	/*
	2	* AppArmor security module
	3	*
	4	* This file contains AppArmor ipc mediation
	5	*
	6	* Copyright (C) 1998-2008 Novell/SUSE
	7	* Copyright 2009-2010 Canonical Ltd.
	8	*
	9	* This program is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU General Public License as
	11	* published by the Free Software Foundation, version 2 of the
	12	* License.
	13	*/
	14
	15	#include <linux/gfp.h>
	16	#include <linux/ptrace.h>
	17
	18	#include "include/audit.h"
	19	#include "include/capability.h"
	20	#include "include/context.h"
	21	#include "include/policy.h"
33f8bf58	22	#include "include/ipc.h"
0ed3b28a JJ	23
	24	/* call back to audit ptrace fields */
	25	static void audit_cb(struct audit_buffer ab, void va)
	26	{
	27	struct common_audit_data *sa = va;
	28	audit_log_format(ab, " target=");
	29	audit_log_untrustedstring(ab, sa->aad.target);
	30	}
	31
	32	/**
	33	* aa_audit_ptrace - do auditing for ptrace
	34	* @profile: profile being enforced (NOT NULL)
	35	* @target: profile being traced (NOT NULL)
	36	* @error: error condition
	37	*
	38	* Returns: %0 or error code
	39	*/
	40	static int aa_audit_ptrace(struct aa_profile *profile,
	41	struct aa_profile *target, int error)
	42	{
	43	struct common_audit_data sa;
	44	COMMON_AUDIT_DATA_INIT(&sa, NONE);
	45	sa.aad.op = OP_PTRACE;
	46	sa.aad.target = target;
	47	sa.aad.error = error;
	48
	49	return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_ATOMIC, &sa,
	50	audit_cb);
	51	}
	52
	53	/**
	54	* aa_may_ptrace - test if tracer task can trace the tracee
	55	* @tracer_task: task who will do the tracing (NOT NULL)
	56	* @tracer: profile of the task doing the tracing (NOT NULL)
	57	* @tracee: task to be traced
	58	* @mode: whether PTRACE_MODE_READ \|\| PTRACE_MODE_ATTACH
	59	*
	60	* Returns: %0 else error code if permission denied or error
	61	*/
	62	int aa_may_ptrace(struct task_struct tracer_task, struct aa_profile tracer,
	63	struct aa_profile *tracee, unsigned int mode)
	64	{
	65	/* TODO: currently only based on capability, not extended ptrace
	66	* rules,
	67	* Test mode for PTRACE_MODE_READ \|\| PTRACE_MODE_ATTACH
	68	*/
	69
	70	if (unconfined(tracer) \|\| tracer == tracee)
	71	return 0;
	72	/* log this capability request */
	73	return aa_capable(tracer_task, tracer, CAP_SYS_PTRACE, 1);
	74	}
	75
	76	/**
	77	* aa_ptrace - do ptrace permission check and auditing
	78	* @tracer: task doing the tracing (NOT NULL)
	79	* @tracee: task being traced (NOT NULL)
	80	* @mode: ptrace mode either PTRACE_MODE_READ \|\| PTRACE_MODE_ATTACH
	81	*
	82	* Returns: %0 else error code if permission denied or error
	83	*/
	84	int aa_ptrace(struct task_struct tracer, struct task_struct tracee,
	85	unsigned int mode)
	86	{
87	/*
88	* tracer can ptrace tracee when
89	* - tracer is unconfined \|\|
90	* - tracer is in complain mode
91	* - tracer has rules allowing it to trace tracee currently this is:
92	* - confined by the same profile \|\|
93	* - tracer profile has CAP_SYS_PTRACE
94	*/
95
96	struct aa_profile *tracer_p;
97	/* cred released below */
98	const struct cred *cred = get_task_cred(tracer);
99	int error = 0;
100	tracer_p = aa_cred_profile(cred);
101
102	if (!unconfined(tracer_p)) {
103	/* lcred released below */
77c80e6b	104	const struct cred *lcred = get_task_cred(tracee);
0ed3b28a JJ	105	struct aa_profile *tracee_p = aa_cred_profile(lcred);
	106
	107	error = aa_may_ptrace(tracer, tracer_p, tracee_p, mode);
	108	error = aa_audit_ptrace(tracer_p, tracee_p, error);
	109
	110	put_cred(lcred);
	111	}
	112	put_cred(cred);
	113
	114	return error;
	115	}