security/apparmor/include/file.h at v5.2-rc3 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / security / apparmor / include / file.h
at v5.2-rc3 6.9 kB view raw
  1/*
  2 * AppArmor security module
  3 *
  4 * This file contains AppArmor file mediation function definitions.
  5 *
  6 * Copyright (C) 1998-2008 Novell/SUSE
  7 * Copyright 2009-2010 Canonical Ltd.
  8 *
  9 * This program is free software; you can redistribute it and/or
 10 * modify it under the terms of the GNU General Public License as
 11 * published by the Free Software Foundation, version 2 of the
 12 * License.
 13 */
 14
 15#ifndef __AA_FILE_H
 16#define __AA_FILE_H
 17
 18#include <linux/spinlock.h>
 19
 20#include "domain.h"
 21#include "match.h"
 22#include "perms.h"
 23
 24struct aa_profile;
 25struct path;
 26
 27#define mask_mode_t(X) (X & (MAY_EXEC | MAY_WRITE | MAY_READ | MAY_APPEND))
 28
 29#define AA_AUDIT_FILE_MASK	(MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND |\
 30				 AA_MAY_CREATE | AA_MAY_DELETE |	\
 31				 AA_MAY_GETATTR | AA_MAY_SETATTR | \
 32				 AA_MAY_CHMOD | AA_MAY_CHOWN | AA_MAY_LOCK | \
 33				 AA_EXEC_MMAP | AA_MAY_LINK)
 34
 35static inline struct aa_file_ctx *file_ctx(struct file *file)
 36{
 37	return file->f_security + apparmor_blob_sizes.lbs_file;
 38}
 39
 40/* struct aa_file_ctx - the AppArmor context the file was opened in
 41 * @lock: lock to update the ctx
 42 * @label: label currently cached on the ctx
 43 * @perms: the permission the file was opened with
 44 */
 45struct aa_file_ctx {
 46	spinlock_t lock;
 47	struct aa_label __rcu *label;
 48	u32 allow;
 49};
 50
 51/**
 52 * aa_alloc_file_ctx - allocate file_ctx
 53 * @label: initial label of task creating the file
 54 * @gfp: gfp flags for allocation
 55 *
 56 * Returns: file_ctx or NULL on failure
 57 */
 58static inline struct aa_file_ctx *aa_alloc_file_ctx(struct aa_label *label,
 59						    gfp_t gfp)
 60{
 61	struct aa_file_ctx *ctx;
 62
 63	ctx = kzalloc(sizeof(struct aa_file_ctx), gfp);
 64	if (ctx) {
 65		spin_lock_init(&ctx->lock);
 66		rcu_assign_pointer(ctx->label, aa_get_label(label));
 67	}
 68	return ctx;
 69}
 70
 71/**
 72 * aa_free_file_ctx - free a file_ctx
 73 * @ctx: file_ctx to free  (MAYBE_NULL)
 74 */
 75static inline void aa_free_file_ctx(struct aa_file_ctx *ctx)
 76{
 77	if (ctx) {
 78		aa_put_label(rcu_access_pointer(ctx->label));
 79		kzfree(ctx);
 80	}
 81}
 82
 83static inline struct aa_label *aa_get_file_label(struct aa_file_ctx *ctx)
 84{
 85	return aa_get_label_rcu(&ctx->label);
 86}
 87
 88/*
 89 * The xindex is broken into 3 parts
 90 * - index - an index into either the exec name table or the variable table
 91 * - exec type - which determines how the executable name and index are used
 92 * - flags - which modify how the destination name is applied
 93 */
 94#define AA_X_INDEX_MASK		0x03ff
 95
 96#define AA_X_TYPE_MASK		0x0c00
 97#define AA_X_TYPE_SHIFT		10
 98#define AA_X_NONE		0x0000
 99#define AA_X_NAME		0x0400	/* use executable name px */
100#define AA_X_TABLE		0x0800	/* use a specified name ->n# */
101
102#define AA_X_UNSAFE		0x1000
103#define AA_X_CHILD		0x2000	/* make >AA_X_NONE apply to children */
104#define AA_X_INHERIT		0x4000
105#define AA_X_UNCONFINED		0x8000
106
107/* need to make conditional which ones are being set */
108struct path_cond {
109	kuid_t uid;
110	umode_t mode;
111};
112
113#define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)
114
115/* FIXME: split perms from dfa and match this to description
116 *        also add delegation info.
117 */
118static inline u16 dfa_map_xindex(u16 mask)
119{
120	u16 old_index = (mask >> 10) & 0xf;
121	u16 index = 0;
122
123	if (mask & 0x100)
124		index |= AA_X_UNSAFE;
125	if (mask & 0x200)
126		index |= AA_X_INHERIT;
127	if (mask & 0x80)
128		index |= AA_X_UNCONFINED;
129
130	if (old_index == 1) {
131		index |= AA_X_UNCONFINED;
132	} else if (old_index == 2) {
133		index |= AA_X_NAME;
134	} else if (old_index == 3) {
135		index |= AA_X_NAME | AA_X_CHILD;
136	} else if (old_index) {
137		index |= AA_X_TABLE;
138		index |= old_index - 4;
139	}
140
141	return index;
142}
143
144/*
145 * map old dfa inline permissions to new format
146 */
147#define dfa_user_allow(dfa, state) (((ACCEPT_TABLE(dfa)[state]) & 0x7f) | \
148				    ((ACCEPT_TABLE(dfa)[state]) & 0x80000000))
149#define dfa_user_audit(dfa, state) ((ACCEPT_TABLE2(dfa)[state]) & 0x7f)
150#define dfa_user_quiet(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 7) & 0x7f)
151#define dfa_user_xindex(dfa, state) \
152	(dfa_map_xindex(ACCEPT_TABLE(dfa)[state] & 0x3fff))
153
154#define dfa_other_allow(dfa, state) ((((ACCEPT_TABLE(dfa)[state]) >> 14) & \
155				      0x7f) |				\
156				     ((ACCEPT_TABLE(dfa)[state]) & 0x80000000))
157#define dfa_other_audit(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 14) & 0x7f)
158#define dfa_other_quiet(dfa, state) \
159	((((ACCEPT_TABLE2(dfa)[state]) >> 7) >> 14) & 0x7f)
160#define dfa_other_xindex(dfa, state) \
161	dfa_map_xindex((ACCEPT_TABLE(dfa)[state] >> 14) & 0x3fff)
162
163int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms,
164		  const char *op, u32 request, const char *name,
165		  const char *target, struct aa_label *tlabel, kuid_t ouid,
166		  const char *info, int error);
167
168/**
169 * struct aa_file_rules - components used for file rule permissions
170 * @dfa: dfa to match path names and conditionals against
171 * @perms: permission table indexed by the matched state accept entry of @dfa
172 * @trans: transition table for indexed by named x transitions
173 *
174 * File permission are determined by matching a path against @dfa and then
175 * then using the value of the accept entry for the matching state as
176 * an index into @perms.  If a named exec transition is required it is
177 * looked up in the transition table.
178 */
179struct aa_file_rules {
180	unsigned int start;
181	struct aa_dfa *dfa;
182	/* struct perms perms; */
183	struct aa_domain trans;
184	/* TODO: add delegate table */
185};
186
187struct aa_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state,
188				    struct path_cond *cond);
189unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start,
190			  const char *name, struct path_cond *cond,
191			  struct aa_perms *perms);
192
193int __aa_path_perm(const char *op, struct aa_profile *profile,
194		   const char *name, u32 request, struct path_cond *cond,
195		   int flags, struct aa_perms *perms);
196int aa_path_perm(const char *op, struct aa_label *label,
197		 const struct path *path, int flags, u32 request,
198		 struct path_cond *cond);
199
200int aa_path_link(struct aa_label *label, struct dentry *old_dentry,
201		 const struct path *new_dir, struct dentry *new_dentry);
202
203int aa_file_perm(const char *op, struct aa_label *label, struct file *file,
204		 u32 request);
205
206void aa_inherit_files(const struct cred *cred, struct files_struct *files);
207
208static inline void aa_free_file_rules(struct aa_file_rules *rules)
209{
210	aa_put_dfa(rules->dfa);
211	aa_free_domain_entries(&rules->trans);
212}
213
214/**
215 * aa_map_file_perms - map file flags to AppArmor permissions
216 * @file: open file to map flags to AppArmor permissions
217 *
218 * Returns: apparmor permission set for the file
219 */
220static inline u32 aa_map_file_to_perms(struct file *file)
221{
222	int flags = file->f_flags;
223	u32 perms = 0;
224
225	if (file->f_mode & FMODE_WRITE)
226		perms |= MAY_WRITE;
227	if (file->f_mode & FMODE_READ)
228		perms |= MAY_READ;
229
230	if ((flags & O_APPEND) && (perms & MAY_WRITE))
231		perms = (perms & ~MAY_WRITE) | MAY_APPEND;
232	/* trunc implies write permission */
233	if (flags & O_TRUNC)
234		perms |= MAY_WRITE;
235	if (flags & O_CREAT)
236		perms |= AA_MAY_CREATE;
237
238	return perms;
239}
240
241#endif /* __AA_FILE_H */