1 /* 2 * AppArmor security module 3 * 4 * This file contains AppArmor resource mediation and attachment 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License as 11 * published by the Free Software Foundation, version 2 of the 12 * License. 13 */ 14 15 #include <linux/audit.h> 16 17 #include "include/audit.h" 18 #include "include/context.h" 19 #include "include/resource.h" 20 #include "include/policy.h" 21 22 /* 23 * Table of rlimit names: we generate it from resource.h. 24 */ 25 #include "rlim_names.h" 26 27 struct aa_fs_entry aa_fs_entry_rlimit[] = { 28 AA_FS_FILE_STRING("mask", AA_FS_RLIMIT_MASK), 29 { } 30 }; 31 32 /* audit callback for resource specific fields */ 33 static void audit_cb(struct audit_buffer *ab, void *va) 34 { 35 struct common_audit_data *sa = va; 36 37 audit_log_format(ab, " rlimit=%s value=%lu", 38 rlim_names[aad(sa)->rlim.rlim], aad(sa)->rlim.max); 39 } 40 41 /** 42 * audit_resource - audit setting resource limit 43 * @profile: profile being enforced (NOT NULL) 44 * @resoure: rlimit being auditing 45 * @value: value being set 46 * @error: error value 47 * 48 * Returns: 0 or sa->error else other error code on failure 49 */ 50 static int audit_resource(struct aa_profile *profile, unsigned int resource, 51 unsigned long value, int error) 52 { 53 DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, OP_SETRLIMIT); 54 55 aad(&sa)->rlim.rlim = resource; 56 aad(&sa)->rlim.max = value; 57 aad(&sa)->error = error; 58 return aa_audit(AUDIT_APPARMOR_AUTO, profile, &sa, audit_cb); 59 } 60 61 /** 62 * aa_map_resouce - map compiled policy resource to internal # 63 * @resource: flattened policy resource number 64 * 65 * Returns: resource # for the current architecture. 66 * 67 * rlimit resource can vary based on architecture, map the compiled policy 68 * resource # to the internal representation for the architecture. 69 */ 70 int aa_map_resource(int resource) 71 { 72 return rlim_map[resource]; 73 } 74 75 /** 76 * aa_task_setrlimit - test permission to set an rlimit 77 * @profile - profile confining the task (NOT NULL) 78 * @task - task the resource is being set on 79 * @resource - the resource being set 80 * @new_rlim - the new resource limit (NOT NULL) 81 * 82 * Control raising the processes hard limit. 83 * 84 * Returns: 0 or error code if setting resource failed 85 */ 86 int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task, 87 unsigned int resource, struct rlimit *new_rlim) 88 { 89 struct aa_profile *task_profile; 90 int error = 0; 91 92 rcu_read_lock(); 93 task_profile = aa_get_profile(aa_cred_profile(__task_cred(task))); 94 rcu_read_unlock(); 95 96 /* TODO: extend resource control to handle other (non current) 97 * profiles. AppArmor rules currently have the implicit assumption 98 * that the task is setting the resource of a task confined with 99 * the same profile or that the task setting the resource of another 100 * task has CAP_SYS_RESOURCE. 101 */ 102 if ((profile != task_profile && 103 aa_capable(profile, CAP_SYS_RESOURCE, 1)) || 104 (profile->rlimits.mask & (1 << resource) && 105 new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max)) 106 error = -EACCES; 107 108 aa_put_profile(task_profile); 109 110 return audit_resource(profile, resource, new_rlim->rlim_max, error); 111 } 112 113 /** 114 * __aa_transition_rlimits - apply new profile rlimits 115 * @old: old profile on task (NOT NULL) 116 * @new: new profile with rlimits to apply (NOT NULL) 117 */ 118 void __aa_transition_rlimits(struct aa_profile *old, struct aa_profile *new) 119 { 120 unsigned int mask = 0; 121 struct rlimit *rlim, *initrlim; 122 int i; 123 124 /* for any rlimits the profile controlled reset the soft limit 125 * to the less of the tasks hard limit and the init tasks soft limit 126 */ 127 if (old->rlimits.mask) { 128 for (i = 0, mask = 1; i < RLIM_NLIMITS; i++, mask <<= 1) { 129 if (old->rlimits.mask & mask) { 130 rlim = current->signal->rlim + i; 131 initrlim = init_task.signal->rlim + i; 132 rlim->rlim_cur = min(rlim->rlim_max, 133 initrlim->rlim_cur); 134 } 135 } 136 } 137 138 /* set any new hard limits as dictated by the new profile */ 139 if (!new->rlimits.mask) 140 return; 141 for (i = 0, mask = 1; i < RLIM_NLIMITS; i++, mask <<= 1) { 142 if (!(new->rlimits.mask & mask)) 143 continue; 144 145 rlim = current->signal->rlim + i; 146 rlim->rlim_max = min(rlim->rlim_max, 147 new->rlimits.limits[i].rlim_max); 148 /* soft limit should not exceed hard limit */ 149 rlim->rlim_cur = min(rlim->rlim_cur, rlim->rlim_max); 150 } 151 } 152