2 * AppArmor security module
4 * This file contains AppArmor capability mediation functions
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
15 #include <linux/capability.h>
16 #include <linux/errno.h>
17 #include <linux/gfp.h>
19 #include "include/apparmor.h"
20 #include "include/capability.h"
21 #include "include/context.h"
22 #include "include/policy.h"
23 #include "include/audit.h"
26 * Table of capability names: we generate it from capabilities.h.
28 #include "capability_names.h"
31 struct aa_profile
*profile
;
35 static DEFINE_PER_CPU(struct audit_cache
, audit_cache
);
38 * audit_cb - call back for capability components of audit struct
39 * @ab - audit buffer (NOT NULL)
40 * @va - audit struct to audit data from (NOT NULL)
42 static void audit_cb(struct audit_buffer
*ab
, void *va
)
44 struct common_audit_data
*sa
= va
;
45 audit_log_format(ab
, " capname=");
46 audit_log_untrustedstring(ab
, capability_names
[sa
->u
.cap
]);
50 * audit_caps - audit a capability
51 * @profile: profile confining task (NOT NULL)
52 * @task: task capability test was performed against (NOT NULL)
53 * @cap: capability tested
54 * @error: error code returned by test
56 * Do auditing of capability and handle, audit/complain/kill modes switching
57 * and duplicate message elimination.
59 * Returns: 0 or sa->error on success, error code on failure
61 static int audit_caps(struct aa_profile
*profile
, struct task_struct
*task
,
64 struct audit_cache
*ent
;
65 int type
= AUDIT_APPARMOR_AUTO
;
66 struct common_audit_data sa
;
67 struct apparmor_audit_data aad
= {0,};
68 sa
.type
= LSM_AUDIT_DATA_CAP
;
72 sa
.aad
->op
= OP_CAPABLE
;
73 sa
.aad
->error
= error
;
76 /* test if auditing is being forced */
77 if (likely((AUDIT_MODE(profile
) != AUDIT_ALL
) &&
78 !cap_raised(profile
->caps
.audit
, cap
)))
80 type
= AUDIT_APPARMOR_AUDIT
;
81 } else if (KILL_MODE(profile
) ||
82 cap_raised(profile
->caps
.kill
, cap
)) {
83 type
= AUDIT_APPARMOR_KILL
;
84 } else if (cap_raised(profile
->caps
.quiet
, cap
) &&
85 AUDIT_MODE(profile
) != AUDIT_NOQUIET
&&
86 AUDIT_MODE(profile
) != AUDIT_ALL
) {
91 /* Do simple duplicate message elimination */
92 ent
= &get_cpu_var(audit_cache
);
93 if (profile
== ent
->profile
&& cap_raised(ent
->caps
, cap
)) {
94 put_cpu_var(audit_cache
);
95 if (COMPLAIN_MODE(profile
))
96 return complain_error(error
);
99 aa_put_profile(ent
->profile
);
100 ent
->profile
= aa_get_profile(profile
);
101 cap_raise(ent
->caps
, cap
);
103 put_cpu_var(audit_cache
);
105 return aa_audit(type
, profile
, GFP_ATOMIC
, &sa
, audit_cb
);
109 * profile_capable - test if profile allows use of capability @cap
110 * @profile: profile being enforced (NOT NULL, NOT unconfined)
111 * @cap: capability to test if allowed
113 * Returns: 0 if allowed else -EPERM
115 static int profile_capable(struct aa_profile
*profile
, int cap
)
117 return cap_raised(profile
->caps
.allow
, cap
) ? 0 : -EPERM
;
121 * aa_capable - test permission to use capability
122 * @task: task doing capability test against (NOT NULL)
123 * @profile: profile confining @task (NOT NULL)
124 * @cap: capability to be tested
125 * @audit: whether an audit record should be generated
127 * Look up capability in profile capability set.
129 * Returns: 0 on success, or else an error code.
131 int aa_capable(struct task_struct
*task
, struct aa_profile
*profile
, int cap
,
134 int error
= profile_capable(profile
, cap
);
137 if (COMPLAIN_MODE(profile
))
138 return complain_error(error
);
142 return audit_caps(profile
, task
, cap
, error
);