Root/security/apparmor/ipc.c

1/*
2 * AppArmor security module
3 *
4 * This file contains AppArmor ipc mediation
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 */
14
15#include <linux/gfp.h>
16#include <linux/ptrace.h>
17
18#include "include/audit.h"
19#include "include/capability.h"
20#include "include/context.h"
21#include "include/policy.h"
22
23/* call back to audit ptrace fields */
24static void audit_cb(struct audit_buffer *ab, void *va)
25{
26    struct common_audit_data *sa = va;
27    audit_log_format(ab, " target=");
28    audit_log_untrustedstring(ab, sa->aad.target);
29}
30
31/**
32 * aa_audit_ptrace - do auditing for ptrace
33 * @profile: profile being enforced (NOT NULL)
34 * @target: profile being traced (NOT NULL)
35 * @error: error condition
36 *
37 * Returns: %0 or error code
38 */
39static int aa_audit_ptrace(struct aa_profile *profile,
40               struct aa_profile *target, int error)
41{
42    struct common_audit_data sa;
43    COMMON_AUDIT_DATA_INIT(&sa, NONE);
44    sa.aad.op = OP_PTRACE;
45    sa.aad.target = target;
46    sa.aad.error = error;
47
48    return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_ATOMIC, &sa,
49            audit_cb);
50}
51
52/**
53 * aa_may_ptrace - test if tracer task can trace the tracee
54 * @tracer_task: task who will do the tracing (NOT NULL)
55 * @tracer: profile of the task doing the tracing (NOT NULL)
56 * @tracee: task to be traced
57 * @mode: whether PTRACE_MODE_READ || PTRACE_MODE_ATTACH
58 *
59 * Returns: %0 else error code if permission denied or error
60 */
61int aa_may_ptrace(struct task_struct *tracer_task, struct aa_profile *tracer,
62          struct aa_profile *tracee, unsigned int mode)
63{
64    /* TODO: currently only based on capability, not extended ptrace
65     * rules,
66     * Test mode for PTRACE_MODE_READ || PTRACE_MODE_ATTACH
67     */
68
69    if (unconfined(tracer) || tracer == tracee)
70        return 0;
71    /* log this capability request */
72    return aa_capable(tracer_task, tracer, CAP_SYS_PTRACE, 1);
73}
74
75/**
76 * aa_ptrace - do ptrace permission check and auditing
77 * @tracer: task doing the tracing (NOT NULL)
78 * @tracee: task being traced (NOT NULL)
79 * @mode: ptrace mode either PTRACE_MODE_READ || PTRACE_MODE_ATTACH
80 *
81 * Returns: %0 else error code if permission denied or error
82 */
83int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee,
84          unsigned int mode)
85{
86    /*
87     * tracer can ptrace tracee when
88     * - tracer is unconfined ||
89     * - tracer is in complain mode
90     * - tracer has rules allowing it to trace tracee currently this is:
91     * - confined by the same profile ||
92     * - tracer profile has CAP_SYS_PTRACE
93     */
94
95    struct aa_profile *tracer_p;
96    /* cred released below */
97    const struct cred *cred = get_task_cred(tracer);
98    int error = 0;
99    tracer_p = aa_cred_profile(cred);
100
101    if (!unconfined(tracer_p)) {
102        /* lcred released below */
103        const struct cred *lcred = get_task_cred(tracee);
104        struct aa_profile *tracee_p = aa_cred_profile(lcred);
105
106        error = aa_may_ptrace(tracer, tracer_p, tracee_p, mode);
107        error = aa_audit_ptrace(tracer_p, tracee_p, error);
108
109        put_cred(lcred);
110    }
111    put_cred(cred);
112
113    return error;
114}
115

Archive Download this file



interactive