security/apparmor/capability.c

   1 /*
   2  * AppArmor security module
   3  *
   4  * This file contains AppArmor capability mediation functions
   5  *
   6  * Copyright (C) 1998-2008 Novell/SUSE
   7  * Copyright 2009-2010 Canonical Ltd.
   8  *
   9  * This program is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU General Public License as
  11  * published by the Free Software Foundation, version 2 of the
  12  * License.
  13  */
  14
  15 #include <linux/capability.h>
  16 #include <linux/errno.h>
  17 #include <linux/gfp.h>
  18 #include <linux/security.h>
  19
  20 #include "include/apparmor.h"
  21 #include "include/capability.h"
  22 #include "include/context.h"
  23 #include "include/policy.h"
  24 #include "include/audit.h"
  25
  26 /*
  27  * Table of capability names: we generate it from capabilities.h.
  28  */
  29 #include "capability_names.h"
  30
  31 struct aa_fs_entry aa_fs_entry_caps[] = {
  32         AA_FS_FILE_STRING("mask", AA_FS_CAPS_MASK),
  33         { }
  34 };
  35
  36 struct audit_cache {
  37         struct aa_profile *profile;
  38         kernel_cap_t caps;
  39 };
  40
  41 static DEFINE_PER_CPU(struct audit_cache, audit_cache);
  42
  43 /**
  44  * audit_cb - call back for capability components of audit struct
  45  * @ab - audit buffer   (NOT NULL)
  46  * @va - audit struct to audit data from  (NOT NULL)
  47  */
  48 static void audit_cb(struct audit_buffer *ab, void *va)
  49 {
  50         struct common_audit_data *sa = va;
  51         audit_log_format(ab, " capname=");
  52         audit_log_untrustedstring(ab, capability_names[sa->u.cap]);
  53 }
  54
  55 /**
  56  * audit_caps - audit a capability
  57  * @profile: profile being tested for confinement (NOT NULL)
  58  * @cap: capability tested
  59  @audit: whether an audit record should be generated
  60  * @error: error code returned by test
  61  *
  62  * Do auditing of capability and handle, audit/complain/kill modes switching
  63  * and duplicate message elimination.
  64  *
  65  * Returns: 0 or sa->error on success,  error code on failure
  66  */
  67 static int audit_caps(struct aa_profile *profile, int cap, int audit,
  68                       int error)
  69 {
  70         struct audit_cache *ent;
  71         int type = AUDIT_APPARMOR_AUTO;
  72         DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_CAP, OP_CAPABLE);
  73         sa.u.cap = cap;
  74         aad(&sa)->error = error;
  75         if (audit == SECURITY_CAP_NOAUDIT)
  76                 aad(&sa)->info = "optional: no audit";
  77
  78         if (likely(!error)) {
  79                 /* test if auditing is being forced */
  80                 if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
  81                            !cap_raised(profile->caps.audit, cap)))
  82                         return 0;
  83                 type = AUDIT_APPARMOR_AUDIT;
  84         } else if (KILL_MODE(profile) ||
  85                    cap_raised(profile->caps.kill, cap)) {
  86                 type = AUDIT_APPARMOR_KILL;
  87         } else if (cap_raised(profile->caps.quiet, cap) &&
  88                    AUDIT_MODE(profile) != AUDIT_NOQUIET &&
  89                    AUDIT_MODE(profile) != AUDIT_ALL) {
  90                 /* quiet auditing */
  91                 return error;
  92         }
  93
  94         /* Do simple duplicate message elimination */
  95         ent = &get_cpu_var(audit_cache);
  96         if (profile == ent->profile && cap_raised(ent->caps, cap)) {
  97                 put_cpu_var(audit_cache);
  98                 if (COMPLAIN_MODE(profile))
  99                         return complain_error(error);
 100                 return error;
 101         } else {
 102                 aa_put_profile(ent->profile);
 103                 ent->profile = aa_get_profile(profile);
 104                 cap_raise(ent->caps, cap);
 105         }
 106         put_cpu_var(audit_cache);
 107
 108         return aa_audit(type, profile, &sa, audit_cb);
 109 }
 110
 111 /**
 112  * profile_capable - test if profile allows use of capability @cap
 113  * @profile: profile being enforced    (NOT NULL, NOT unconfined)
 114  * @cap: capability to test if allowed
 115  *
 116  * Returns: 0 if allowed else -EPERM
 117  */
 118 static int profile_capable(struct aa_profile *profile, int cap)
 119 {
 120         return cap_raised(profile->caps.allow, cap) ? 0 : -EPERM;
 121 }
 122
 123 /**
 124  * aa_capable - test permission to use capability
 125  * @profile: profile being tested against (NOT NULL)
 126  * @cap: capability to be tested
 127  * @audit: whether an audit record should be generated
 128  *
 129  * Look up capability in profile capability set.
 130  *
 131  * Returns: 0 on success, or else an error code.
 132  */
 133 int aa_capable(struct aa_profile *profile, int cap, int audit)
 134 {
 135         int error = profile_capable(profile, cap);
 136
 137         if (audit == SECURITY_CAP_NOAUDIT) {
 138                 if (!COMPLAIN_MODE(profile))
 139                         return error;
 140         }
 141
 142         return audit_caps(profile, cap, audit, error);
 143 }