apparmor: fix capability to not use the current task, during reporting

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Mediation is based off of the cred but auditing includes the current
task which may not be related to the actual request.

Signed-off-by: John Johansen <john.johansen@canonical.com>

John Johansen 12 years ago dd0c6e86 50b719f8

+15 -22

6 changed files

expand all

security

apparmor

capability.c

domain.c

include

capability.h

ipc.h

ipc.c

lsm.c

+5 -10

security/apparmor/capability.c

··· 53 53 54 54 /** 55 55 * audit_caps - audit a capability 56 - * @profile: profile confining task (NOT NULL) 57 - * @task: task capability test was performed against (NOT NULL) 56 + * @profile: profile being tested for confinement (NOT NULL) 58 57 * @cap: capability tested 59 58 * @error: error code returned by test 60 59 * ··· 62 63 * 63 64 * Returns: 0 or sa->error on success, error code on failure 64 65 */ 65 - static int audit_caps(struct aa_profile *profile, struct task_struct *task, 66 - int cap, int error) 66 + static int audit_caps(struct aa_profile *profile, int cap, int error) 67 67 { 68 68 struct audit_cache *ent; 69 69 int type = AUDIT_APPARMOR_AUTO; ··· 71 73 sa.type = LSM_AUDIT_DATA_CAP; 72 74 sa.aad = &aad; 73 75 sa.u.cap = cap; 74 - sa.aad->tsk = task; 75 76 sa.aad->op = OP_CAPABLE; 76 77 sa.aad->error = error; 77 78 ··· 121 124 122 125 /** 123 126 * aa_capable - test permission to use capability 124 - * @task: task doing capability test against (NOT NULL) 125 - * @profile: profile confining @task (NOT NULL) 127 + * @profile: profile being tested against (NOT NULL) 126 128 * @cap: capability to be tested 127 129 * @audit: whether an audit record should be generated 128 130 * ··· 129 133 * 130 134 * Returns: 0 on success, or else an error code. 131 135 */ 132 - int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap, 133 - int audit) 136 + int aa_capable(struct aa_profile *profile, int cap, int audit) 134 137 { 135 138 int error = profile_capable(profile, cap); 136 139 ··· 139 144 return error; 140 145 } 141 146 142 - return audit_caps(profile, task, cap, error); 147 + return audit_caps(profile, cap, error); 143 148 }

+1 -1

security/apparmor/domain.c

··· 75 75 if (!tracer || unconfined(tracerp)) 76 76 goto out; 77 77 78 - error = aa_may_ptrace(tracer, tracerp, to_profile, PTRACE_MODE_ATTACH); 78 + error = aa_may_ptrace(tracerp, to_profile, PTRACE_MODE_ATTACH); 79 79 80 80 out: 81 81 rcu_read_unlock();

+2 -3

security/apparmor/include/capability.h

··· 4 4 * This file contains AppArmor capability mediation definitions. 5 5 * 6 6 * Copyright (C) 1998-2008 Novell/SUSE 7 - * Copyright 2009-2010 Canonical Ltd. 7 + * Copyright 2009-2013 Canonical Ltd. 8 8 * 9 9 * This program is free software; you can redistribute it and/or 10 10 * modify it under the terms of the GNU General Public License as ··· 38 38 39 39 extern struct aa_fs_entry aa_fs_entry_caps[]; 40 40 41 - int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap, 42 - int audit); 41 + int aa_capable(struct aa_profile *profile, int cap, int audit); 43 42 44 43 static inline void aa_free_cap_rules(struct aa_caps *caps) 45 44 {

+2 -2

security/apparmor/include/ipc.h

··· 19 19 20 20 struct aa_profile; 21 21 22 - int aa_may_ptrace(struct task_struct *tracer_task, struct aa_profile *tracer, 23 - struct aa_profile *tracee, unsigned int mode); 22 + int aa_may_ptrace(struct aa_profile *tracer, struct aa_profile *tracee, 23 + unsigned int mode); 24 24 25 25 int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee, 26 26 unsigned int mode);

+4 -5

security/apparmor/ipc.c

··· 54 54 55 55 /** 56 56 * aa_may_ptrace - test if tracer task can trace the tracee 57 - * @tracer_task: task who will do the tracing (NOT NULL) 58 57 * @tracer: profile of the task doing the tracing (NOT NULL) 59 58 * @tracee: task to be traced 60 59 * @mode: whether PTRACE_MODE_READ || PTRACE_MODE_ATTACH 61 60 * 62 61 * Returns: %0 else error code if permission denied or error 63 62 */ 64 - int aa_may_ptrace(struct task_struct *tracer_task, struct aa_profile *tracer, 65 - struct aa_profile *tracee, unsigned int mode) 63 + int aa_may_ptrace(struct aa_profile *tracer, struct aa_profile *tracee, 64 + unsigned int mode) 66 65 { 67 66 /* TODO: currently only based on capability, not extended ptrace 68 67 * rules, ··· 71 72 if (unconfined(tracer) || tracer == tracee) 72 73 return 0; 73 74 /* log this capability request */ 74 - return aa_capable(tracer_task, tracer, CAP_SYS_PTRACE, 1); 75 + return aa_capable(tracer, CAP_SYS_PTRACE, 1); 75 76 } 76 77 77 78 /** ··· 100 101 if (!unconfined(tracer_p)) { 101 102 struct aa_profile *tracee_p = aa_get_task_profile(tracee); 102 103 103 - error = aa_may_ptrace(tracer, tracer_p, tracee_p, mode); 104 + error = aa_may_ptrace(tracer_p, tracee_p, mode); 104 105 error = aa_audit_ptrace(tracer_p, tracee_p, error); 105 106 106 107 aa_put_profile(tracee_p);

+1 -1

security/apparmor/lsm.c

··· 145 145 if (!error) { 146 146 profile = aa_cred_profile(cred); 147 147 if (!unconfined(profile)) 148 - error = aa_capable(current, profile, cap, audit); 148 + error = aa_capable(profile, cap, audit); 149 149 } 150 150 return error; 151 151 }