xref: /openbmc/linux/security/apparmor/include/task.h (revision 9c6d26df1fae6ad4718d51c48e6517913304ed27)
1 /*
2  * AppArmor security module
3  *
4  * This file contains AppArmor task related definitions and mediation
5  *
6  * Copyright 2017 Canonical Ltd.
7  *
8  * This program is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU General Public License as
10  * published by the Free Software Foundation, version 2 of the
11  * License.
12  */
13 
14 #ifndef __AA_TASK_H
15 #define __AA_TASK_H
16 
17 #define task_ctx(X) ((X)->security)
18 
19 /*
20  * struct aa_task_ctx - information for current task label change
21  * @nnp: snapshot of label at time of no_new_privs
22  * @onexec: profile to transition to on next exec  (MAY BE NULL)
23  * @previous: profile the task may return to     (MAY BE NULL)
24  * @token: magic value the task must know for returning to @previous_profile
25  */
26 struct aa_task_ctx {
27 	struct aa_label *nnp;
28 	struct aa_label *onexec;
29 	struct aa_label *previous;
30 	u64 token;
31 };
32 
33 int aa_replace_current_label(struct aa_label *label);
34 int aa_set_current_onexec(struct aa_label *label, bool stack);
35 int aa_set_current_hat(struct aa_label *label, u64 token);
36 int aa_restore_previous_label(u64 cookie);
37 struct aa_label *aa_get_task_label(struct task_struct *task);
38 
39 /**
40  * aa_alloc_task_ctx - allocate a new task_ctx
41  * @flags: gfp flags for allocation
42  *
43  * Returns: allocated buffer or NULL on failure
44  */
45 static inline struct aa_task_ctx *aa_alloc_task_ctx(gfp_t flags)
46 {
47 	return kzalloc(sizeof(struct aa_task_ctx), flags);
48 }
49 
50 /**
51  * aa_free_task_ctx - free a task_ctx
52  * @ctx: task_ctx to free (MAYBE NULL)
53  */
54 static inline void aa_free_task_ctx(struct aa_task_ctx *ctx)
55 {
56 	if (ctx) {
57 		aa_put_label(ctx->nnp);
58 		aa_put_label(ctx->previous);
59 		aa_put_label(ctx->onexec);
60 
61 		kzfree(ctx);
62 	}
63 }
64 
65 /**
66  * aa_dup_task_ctx - duplicate a task context, incrementing reference counts
67  * @new: a blank task context      (NOT NULL)
68  * @old: the task context to copy  (NOT NULL)
69  */
70 static inline void aa_dup_task_ctx(struct aa_task_ctx *new,
71 				   const struct aa_task_ctx *old)
72 {
73 	*new = *old;
74 	aa_get_label(new->nnp);
75 	aa_get_label(new->previous);
76 	aa_get_label(new->onexec);
77 }
78 
79 /**
80  * aa_clear_task_ctx_trans - clear transition tracking info from the ctx
81  * @ctx: task context to clear (NOT NULL)
82  */
83 static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx)
84 {
85 	AA_BUG(!ctx);
86 
87 	aa_put_label(ctx->previous);
88 	aa_put_label(ctx->onexec);
89 	ctx->previous = NULL;
90 	ctx->onexec = NULL;
91 	ctx->token = 0;
92 }
93 
94 #endif /* __AA_TASK_H */
95