ipc.c 3.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112
  1. /*
  2. * AppArmor security module
  3. *
  4. * This file contains AppArmor ipc mediation
  5. *
  6. * Copyright (C) 1998-2008 Novell/SUSE
  7. * Copyright 2009-2010 Canonical Ltd.
  8. *
  9. * This program is free software; you can redistribute it and/or
  10. * modify it under the terms of the GNU General Public License as
  11. * published by the Free Software Foundation, version 2 of the
  12. * License.
  13. */
  14. #include <linux/gfp.h>
  15. #include <linux/ptrace.h>
  16. #include "include/audit.h"
  17. #include "include/capability.h"
  18. #include "include/context.h"
  19. #include "include/policy.h"
  20. #include "include/ipc.h"
  21. /* call back to audit ptrace fields */
  22. static void audit_cb(struct audit_buffer *ab, void *va)
  23. {
  24. struct common_audit_data *sa = va;
  25. audit_log_format(ab, " target=");
  26. audit_log_untrustedstring(ab, sa->aad->target);
  27. }
  28. /**
  29. * aa_audit_ptrace - do auditing for ptrace
  30. * @profile: profile being enforced (NOT NULL)
  31. * @target: profile being traced (NOT NULL)
  32. * @error: error condition
  33. *
  34. * Returns: %0 or error code
  35. */
  36. static int aa_audit_ptrace(struct aa_profile *profile,
  37. struct aa_profile *target, int error)
  38. {
  39. struct common_audit_data sa;
  40. struct apparmor_audit_data aad = {0,};
  41. sa.type = LSM_AUDIT_DATA_NONE;
  42. sa.aad = &aad;
  43. aad.op = OP_PTRACE;
  44. aad.target = target;
  45. aad.error = error;
  46. return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_ATOMIC, &sa,
  47. audit_cb);
  48. }
  49. /**
  50. * aa_may_ptrace - test if tracer task can trace the tracee
  51. * @tracer: profile of the task doing the tracing (NOT NULL)
  52. * @tracee: task to be traced
  53. * @mode: whether PTRACE_MODE_READ || PTRACE_MODE_ATTACH
  54. *
  55. * Returns: %0 else error code if permission denied or error
  56. */
  57. int aa_may_ptrace(struct aa_profile *tracer, struct aa_profile *tracee,
  58. unsigned int mode)
  59. {
  60. /* TODO: currently only based on capability, not extended ptrace
  61. * rules,
  62. * Test mode for PTRACE_MODE_READ || PTRACE_MODE_ATTACH
  63. */
  64. if (unconfined(tracer) || tracer == tracee)
  65. return 0;
  66. /* log this capability request */
  67. return aa_capable(tracer, CAP_SYS_PTRACE, 1);
  68. }
  69. /**
  70. * aa_ptrace - do ptrace permission check and auditing
  71. * @tracer: task doing the tracing (NOT NULL)
  72. * @tracee: task being traced (NOT NULL)
  73. * @mode: ptrace mode either PTRACE_MODE_READ || PTRACE_MODE_ATTACH
  74. *
  75. * Returns: %0 else error code if permission denied or error
  76. */
  77. int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee,
  78. unsigned int mode)
  79. {
  80. /*
  81. * tracer can ptrace tracee when
  82. * - tracer is unconfined ||
  83. * - tracer is in complain mode
  84. * - tracer has rules allowing it to trace tracee currently this is:
  85. * - confined by the same profile ||
  86. * - tracer profile has CAP_SYS_PTRACE
  87. */
  88. struct aa_profile *tracer_p = aa_get_task_profile(tracer);
  89. int error = 0;
  90. if (!unconfined(tracer_p)) {
  91. struct aa_profile *tracee_p = aa_get_task_profile(tracee);
  92. error = aa_may_ptrace(tracer_p, tracee_p, mode);
  93. error = aa_audit_ptrace(tracer_p, tracee_p, error);
  94. aa_put_profile(tracee_p);
  95. }
  96. aa_put_profile(tracer_p);
  97. return error;
  98. }