1 /* 2 * AppArmor security module 3 * 4 * This file contains AppArmor capability mediation functions 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License as 11 * published by the Free Software Foundation, version 2 of the 12 * License. 13 */ 14 15 #include <linux/capability.h> 16 #include <linux/errno.h> 17 #include <linux/gfp.h> 18 19 #include "include/apparmor.h" 20 #include "include/capability.h" 21 #include "include/context.h" 22 #include "include/policy.h" 23 #include "include/audit.h" 24 25 /* 26 * Table of capability names: we generate it from capabilities.h. 27 */ 28 #include "capability_names.h" 29 30 struct aa_fs_entry aa_fs_entry_caps[] = { 31 AA_FS_FILE_STRING("mask", AA_FS_CAPS_MASK), 32 { } 33 }; 34 35 struct audit_cache { 36 struct aa_profile *profile; 37 kernel_cap_t caps; 38 }; 39 40 static DEFINE_PER_CPU(struct audit_cache, audit_cache); 41 42 /** 43 * audit_cb - call back for capability components of audit struct 44 * @ab - audit buffer (NOT NULL) 45 * @va - audit struct to audit data from (NOT NULL) 46 */ 47 static void audit_cb(struct audit_buffer *ab, void *va) 48 { 49 struct common_audit_data *sa = va; 50 audit_log_format(ab, " capname="); 51 audit_log_untrustedstring(ab, capability_names[sa->u.cap]); 52 } 53 54 /** 55 * audit_caps - audit a capability 56 * @profile: profile being tested for confinement (NOT NULL) 57 * @cap: capability tested 58 * @error: error code returned by test 59 * 60 * Do auditing of capability and handle, audit/complain/kill modes switching 61 * and duplicate message elimination. 62 * 63 * Returns: 0 or sa->error on success, error code on failure 64 */ 65 static int audit_caps(struct aa_profile *profile, int cap, int error) 66 { 67 struct audit_cache *ent; 68 int type = AUDIT_APPARMOR_AUTO; 69 struct common_audit_data sa; 70 struct apparmor_audit_data aad = {0,}; 71 sa.type = LSM_AUDIT_DATA_CAP; 72 sa.aad = &aad; 73 sa.u.cap = cap; 74 sa.aad->op = OP_CAPABLE; 75 sa.aad->error = error; 76 77 if (likely(!error)) { 78 /* test if auditing is being forced */ 79 if (likely((AUDIT_MODE(profile) != AUDIT_ALL) && 80 !cap_raised(profile->caps.audit, cap))) 81 return 0; 82 type = AUDIT_APPARMOR_AUDIT; 83 } else if (KILL_MODE(profile) || 84 cap_raised(profile->caps.kill, cap)) { 85 type = AUDIT_APPARMOR_KILL; 86 } else if (cap_raised(profile->caps.quiet, cap) && 87 AUDIT_MODE(profile) != AUDIT_NOQUIET && 88 AUDIT_MODE(profile) != AUDIT_ALL) { 89 /* quiet auditing */ 90 return error; 91 } 92 93 /* Do simple duplicate message elimination */ 94 ent = &get_cpu_var(audit_cache); 95 if (profile == ent->profile && cap_raised(ent->caps, cap)) { 96 put_cpu_var(audit_cache); 97 if (COMPLAIN_MODE(profile)) 98 return complain_error(error); 99 return error; 100 } else { 101 aa_put_profile(ent->profile); 102 ent->profile = aa_get_profile(profile); 103 cap_raise(ent->caps, cap); 104 } 105 put_cpu_var(audit_cache); 106 107 return aa_audit(type, profile, GFP_ATOMIC, &sa, audit_cb); 108 } 109 110 /** 111 * profile_capable - test if profile allows use of capability @cap 112 * @profile: profile being enforced (NOT NULL, NOT unconfined) 113 * @cap: capability to test if allowed 114 * 115 * Returns: 0 if allowed else -EPERM 116 */ 117 static int profile_capable(struct aa_profile *profile, int cap) 118 { 119 return cap_raised(profile->caps.allow, cap) ? 0 : -EPERM; 120 } 121 122 /** 123 * aa_capable - test permission to use capability 124 * @profile: profile being tested against (NOT NULL) 125 * @cap: capability to be tested 126 * @audit: whether an audit record should be generated 127 * 128 * Look up capability in profile capability set. 129 * 130 * Returns: 0 on success, or else an error code. 131 */ 132 int aa_capable(struct aa_profile *profile, int cap, int audit) 133 { 134 int error = profile_capable(profile, cap); 135 136 if (!audit) { 137 if (COMPLAIN_MODE(profile)) 138 return complain_error(error); 139 return error; 140 } 141 142 return audit_caps(profile, cap, error); 143 } 144