xref: /openbmc/linux/security/apparmor/ipc.c (revision f7c35abe)
1 /*
2  * AppArmor security module
3  *
4  * This file contains AppArmor ipc mediation
5  *
6  * Copyright (C) 1998-2008 Novell/SUSE
7  * Copyright 2009-2010 Canonical Ltd.
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License as
11  * published by the Free Software Foundation, version 2 of the
12  * License.
13  */
14 
15 #include <linux/gfp.h>
16 #include <linux/ptrace.h>
17 
18 #include "include/audit.h"
19 #include "include/capability.h"
20 #include "include/context.h"
21 #include "include/policy.h"
22 #include "include/ipc.h"
23 
24 /* call back to audit ptrace fields */
25 static void audit_cb(struct audit_buffer *ab, void *va)
26 {
27 	struct common_audit_data *sa = va;
28 	audit_log_format(ab, " peer=");
29 	audit_log_untrustedstring(ab, aad(sa)->peer->base.hname);
30 }
31 
32 /**
33  * aa_audit_ptrace - do auditing for ptrace
34  * @profile: profile being enforced  (NOT NULL)
35  * @target: profile being traced (NOT NULL)
36  * @error: error condition
37  *
38  * Returns: %0 or error code
39  */
40 static int aa_audit_ptrace(struct aa_profile *profile,
41 			   struct aa_profile *target, int error)
42 {
43 	DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, OP_PTRACE);
44 
45 	aad(&sa)->peer = target;
46 	aad(&sa)->error = error;
47 
48 	return aa_audit(AUDIT_APPARMOR_AUTO, profile, &sa, audit_cb);
49 }
50 
51 /**
52  * aa_may_ptrace - test if tracer task can trace the tracee
53  * @tracer: profile of the task doing the tracing  (NOT NULL)
54  * @tracee: task to be traced
55  * @mode: whether PTRACE_MODE_READ || PTRACE_MODE_ATTACH
56  *
57  * Returns: %0 else error code if permission denied or error
58  */
59 int aa_may_ptrace(struct aa_profile *tracer, struct aa_profile *tracee,
60 		  unsigned int mode)
61 {
62 	/* TODO: currently only based on capability, not extended ptrace
63 	 *       rules,
64 	 *       Test mode for PTRACE_MODE_READ || PTRACE_MODE_ATTACH
65 	 */
66 
67 	if (unconfined(tracer) || tracer == tracee)
68 		return 0;
69 	/* log this capability request */
70 	return aa_capable(tracer, CAP_SYS_PTRACE, 1);
71 }
72 
73 /**
74  * aa_ptrace - do ptrace permission check and auditing
75  * @tracer: task doing the tracing (NOT NULL)
76  * @tracee: task being traced (NOT NULL)
77  * @mode: ptrace mode either PTRACE_MODE_READ || PTRACE_MODE_ATTACH
78  *
79  * Returns: %0 else error code if permission denied or error
80  */
81 int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee,
82 	      unsigned int mode)
83 {
84 	/*
85 	 * tracer can ptrace tracee when
86 	 * - tracer is unconfined ||
87 	 *   - tracer is in complain mode
88 	 *   - tracer has rules allowing it to trace tracee currently this is:
89 	 *       - confined by the same profile ||
90 	 *       - tracer profile has CAP_SYS_PTRACE
91 	 */
92 
93 	struct aa_profile *tracer_p = aa_get_task_profile(tracer);
94 	int error = 0;
95 
96 	if (!unconfined(tracer_p)) {
97 		struct aa_profile *tracee_p = aa_get_task_profile(tracee);
98 
99 		error = aa_may_ptrace(tracer_p, tracee_p, mode);
100 		error = aa_audit_ptrace(tracer_p, tracee_p, error);
101 
102 		aa_put_profile(tracee_p);
103 	}
104 	aa_put_profile(tracer_p);
105 
106 	return error;
107 }
108