xref: /openbmc/linux/security/apparmor/include/task.h (revision 2874c5fd) 
1 /*
2  * AppArmor security module
3  *
4  * This file contains AppArmor task related definitions and mediation
5  *
6  * Copyright 2017 Canonical Ltd.
7  *
8  * This program is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU General Public License as
10  * published by the Free Software Foundation, version 2 of the
11  * License.
12  */
13 
14 #ifndef __AA_TASK_H
15 #define __AA_TASK_H
16 
17 static inline struct aa_task_ctx *task_ctx(struct task_struct *task)
18 {
19 	return task->security + apparmor_blob_sizes.lbs_task;
20 }
21 
22 /*
23  * struct aa_task_ctx - information for current task label change
24  * @nnp: snapshot of label at time of no_new_privs
25  * @onexec: profile to transition to on next exec  (MAY BE NULL)
26  * @previous: profile the task may return to     (MAY BE NULL)
27  * @token: magic value the task must know for returning to @previous_profile
28  */
29 struct aa_task_ctx {
30 	struct aa_label *nnp;
31 	struct aa_label *onexec;
32 	struct aa_label *previous;
33 	u64 token;
34 };
35 
36 int aa_replace_current_label(struct aa_label *label);
37 int aa_set_current_onexec(struct aa_label *label, bool stack);
38 int aa_set_current_hat(struct aa_label *label, u64 token);
39 int aa_restore_previous_label(u64 cookie);
40 struct aa_label *aa_get_task_label(struct task_struct *task);
41 
42 /**
43  * aa_free_task_ctx - free a task_ctx
44  * @ctx: task_ctx to free (MAYBE NULL)
45  */
46 static inline void aa_free_task_ctx(struct aa_task_ctx *ctx)
47 {
48 	if (ctx) {
49 		aa_put_label(ctx->nnp);
50 		aa_put_label(ctx->previous);
51 		aa_put_label(ctx->onexec);
52 	}
53 }
54 
55 /**
56  * aa_dup_task_ctx - duplicate a task context, incrementing reference counts
57  * @new: a blank task context      (NOT NULL)
58  * @old: the task context to copy  (NOT NULL)
59  */
60 static inline void aa_dup_task_ctx(struct aa_task_ctx *new,
61 				   const struct aa_task_ctx *old)
62 {
63 	*new = *old;
64 	aa_get_label(new->nnp);
65 	aa_get_label(new->previous);
66 	aa_get_label(new->onexec);
67 }
68 
69 /**
70  * aa_clear_task_ctx_trans - clear transition tracking info from the ctx
71  * @ctx: task context to clear (NOT NULL)
72  */
73 static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx)
74 {
75 	AA_BUG(!ctx);
76 
77 	aa_put_label(ctx->previous);
78 	aa_put_label(ctx->onexec);
79 	ctx->previous = NULL;
80 	ctx->onexec = NULL;
81 	ctx->token = 0;
82 }
83 
84 #endif /* __AA_TASK_H */
85