capability.c 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144
  1. /*
  2. * AppArmor security module
  3. *
  4. * This file contains AppArmor capability mediation functions
  5. *
  6. * Copyright (C) 1998-2008 Novell/SUSE
  7. * Copyright 2009-2010 Canonical Ltd.
  8. *
  9. * This program is free software; you can redistribute it and/or
  10. * modify it under the terms of the GNU General Public License as
  11. * published by the Free Software Foundation, version 2 of the
  12. * License.
  13. */
  14. #include <linux/capability.h>
  15. #include <linux/errno.h>
  16. #include <linux/gfp.h>
  17. #include "include/apparmor.h"
  18. #include "include/capability.h"
  19. #include "include/context.h"
  20. #include "include/policy.h"
  21. #include "include/audit.h"
  22. /*
  23. * Table of capability names: we generate it from capabilities.h.
  24. */
  25. #include "capability_names.h"
  26. struct aa_fs_entry aa_fs_entry_caps[] = {
  27. AA_FS_FILE_STRING("mask", AA_FS_CAPS_MASK),
  28. { }
  29. };
  30. struct audit_cache {
  31. struct aa_profile *profile;
  32. kernel_cap_t caps;
  33. };
  34. static DEFINE_PER_CPU(struct audit_cache, audit_cache);
  35. /**
  36. * audit_cb - call back for capability components of audit struct
  37. * @ab - audit buffer (NOT NULL)
  38. * @va - audit struct to audit data from (NOT NULL)
  39. */
  40. static void audit_cb(struct audit_buffer *ab, void *va)
  41. {
  42. struct common_audit_data *sa = va;
  43. audit_log_format(ab, " capname=");
  44. audit_log_untrustedstring(ab, capability_names[sa->u.cap]);
  45. }
  46. /**
  47. * audit_caps - audit a capability
  48. * @profile: profile being tested for confinement (NOT NULL)
  49. * @cap: capability tested
  50. * @error: error code returned by test
  51. *
  52. * Do auditing of capability and handle, audit/complain/kill modes switching
  53. * and duplicate message elimination.
  54. *
  55. * Returns: 0 or sa->error on success, error code on failure
  56. */
  57. static int audit_caps(struct aa_profile *profile, int cap, int error)
  58. {
  59. struct audit_cache *ent;
  60. int type = AUDIT_APPARMOR_AUTO;
  61. struct common_audit_data sa;
  62. struct apparmor_audit_data aad = {0,};
  63. sa.type = LSM_AUDIT_DATA_CAP;
  64. sa.aad = &aad;
  65. sa.u.cap = cap;
  66. sa.aad->op = OP_CAPABLE;
  67. sa.aad->error = error;
  68. if (likely(!error)) {
  69. /* test if auditing is being forced */
  70. if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
  71. !cap_raised(profile->caps.audit, cap)))
  72. return 0;
  73. type = AUDIT_APPARMOR_AUDIT;
  74. } else if (KILL_MODE(profile) ||
  75. cap_raised(profile->caps.kill, cap)) {
  76. type = AUDIT_APPARMOR_KILL;
  77. } else if (cap_raised(profile->caps.quiet, cap) &&
  78. AUDIT_MODE(profile) != AUDIT_NOQUIET &&
  79. AUDIT_MODE(profile) != AUDIT_ALL) {
  80. /* quiet auditing */
  81. return error;
  82. }
  83. /* Do simple duplicate message elimination */
  84. ent = &get_cpu_var(audit_cache);
  85. if (profile == ent->profile && cap_raised(ent->caps, cap)) {
  86. put_cpu_var(audit_cache);
  87. if (COMPLAIN_MODE(profile))
  88. return complain_error(error);
  89. return error;
  90. } else {
  91. aa_put_profile(ent->profile);
  92. ent->profile = aa_get_profile(profile);
  93. cap_raise(ent->caps, cap);
  94. }
  95. put_cpu_var(audit_cache);
  96. return aa_audit(type, profile, GFP_ATOMIC, &sa, audit_cb);
  97. }
  98. /**
  99. * profile_capable - test if profile allows use of capability @cap
  100. * @profile: profile being enforced (NOT NULL, NOT unconfined)
  101. * @cap: capability to test if allowed
  102. *
  103. * Returns: 0 if allowed else -EPERM
  104. */
  105. static int profile_capable(struct aa_profile *profile, int cap)
  106. {
  107. return cap_raised(profile->caps.allow, cap) ? 0 : -EPERM;
  108. }
  109. /**
  110. * aa_capable - test permission to use capability
  111. * @profile: profile being tested against (NOT NULL)
  112. * @cap: capability to be tested
  113. * @audit: whether an audit record should be generated
  114. *
  115. * Look up capability in profile capability set.
  116. *
  117. * Returns: 0 on success, or else an error code.
  118. */
  119. int aa_capable(struct aa_profile *profile, int cap, int audit)
  120. {
  121. int error = profile_capable(profile, cap);
  122. if (!audit) {
  123. if (COMPLAIN_MODE(profile))
  124. return complain_error(error);
  125. return error;
  126. }
  127. return audit_caps(profile, cap, error);
  128. }