2 * AppArmor security module
4 * This file contains AppArmor resource mediation and attachment
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
15 #include <linux/audit.h>
16 #include <linux/security.h>
18 #include "include/audit.h"
19 #include "include/context.h"
20 #include "include/resource.h"
21 #include "include/policy.h"
24 * Table of rlimit names: we generate it from resource.h.
26 #include "rlim_names.h"
28 struct aa_sfs_entry aa_sfs_entry_rlimit
[] = {
29 AA_SFS_FILE_STRING("mask", AA_SFS_RLIMIT_MASK
),
33 /* audit callback for resource specific fields */
34 static void audit_cb(struct audit_buffer
*ab
, void *va
)
36 struct common_audit_data
*sa
= va
;
38 audit_log_format(ab
, " rlimit=%s value=%lu",
39 rlim_names
[aad(sa
)->rlim
.rlim
], aad(sa
)->rlim
.max
);
41 audit_log_format(ab
, " peer=");
42 aa_label_xaudit(ab
, labels_ns(aad(sa
)->label
), aad(sa
)->peer
,
43 FLAGS_NONE
, GFP_ATOMIC
);
48 * audit_resource - audit setting resource limit
49 * @profile: profile being enforced (NOT NULL)
50 * @resource: rlimit being auditing
51 * @value: value being set
54 * Returns: 0 or sa->error else other error code on failure
56 static int audit_resource(struct aa_profile
*profile
, unsigned int resource
,
57 unsigned long value
, struct aa_label
*peer
,
58 const char *info
, int error
)
60 DEFINE_AUDIT_DATA(sa
, LSM_AUDIT_DATA_NONE
, OP_SETRLIMIT
);
62 aad(&sa
)->rlim
.rlim
= resource
;
63 aad(&sa
)->rlim
.max
= value
;
64 aad(&sa
)->peer
= peer
;
65 aad(&sa
)->info
= info
;
66 aad(&sa
)->error
= error
;
68 return aa_audit(AUDIT_APPARMOR_AUTO
, profile
, &sa
, audit_cb
);
72 * aa_map_resouce - map compiled policy resource to internal #
73 * @resource: flattened policy resource number
75 * Returns: resource # for the current architecture.
77 * rlimit resource can vary based on architecture, map the compiled policy
78 * resource # to the internal representation for the architecture.
80 int aa_map_resource(int resource
)
82 return rlim_map
[resource
];
85 static int profile_setrlimit(struct aa_profile
*profile
, unsigned int resource
,
86 struct rlimit
*new_rlim
)
90 if (profile
->rlimits
.mask
& (1 << resource
) && new_rlim
->rlim_max
>
91 profile
->rlimits
.limits
[resource
].rlim_max
)
93 return audit_resource(profile
, resource
, new_rlim
->rlim_max
, NULL
, NULL
,
98 * aa_task_setrlimit - test permission to set an rlimit
99 * @label - label confining the task (NOT NULL)
100 * @task - task the resource is being set on
101 * @resource - the resource being set
102 * @new_rlim - the new resource limit (NOT NULL)
104 * Control raising the processes hard limit.
106 * Returns: 0 or error code if setting resource failed
108 int aa_task_setrlimit(struct aa_label
*label
, struct task_struct
*task
,
109 unsigned int resource
, struct rlimit
*new_rlim
)
111 struct aa_profile
*profile
;
112 struct aa_label
*peer
;
116 peer
= aa_get_newest_cred_label(__task_cred(task
));
119 /* TODO: extend resource control to handle other (non current)
120 * profiles. AppArmor rules currently have the implicit assumption
121 * that the task is setting the resource of a task confined with
122 * the same profile or that the task setting the resource of another
123 * task has CAP_SYS_RESOURCE.
127 !aa_capable(label
, CAP_SYS_RESOURCE
, SECURITY_CAP_NOAUDIT
))
128 error
= fn_for_each(label
, profile
,
129 audit_resource(profile
, resource
,
130 new_rlim
->rlim_max
, peer
,
131 "cap_sys_resource", -EACCES
));
133 error
= fn_for_each_confined(label
, profile
,
134 profile_setrlimit(profile
, resource
, new_rlim
));
141 * __aa_transition_rlimits - apply new profile rlimits
142 * @old_l: old label on task (NOT NULL)
143 * @new_l: new label with rlimits to apply (NOT NULL)
145 void __aa_transition_rlimits(struct aa_label
*old_l
, struct aa_label
*new_l
)
147 unsigned int mask
= 0;
148 struct rlimit
*rlim
, *initrlim
;
149 struct aa_profile
*old
, *new;
152 old
= labels_profile(old_l
);
153 new = labels_profile(new_l
);
155 /* for any rlimits the profile controlled, reset the soft limit
156 * to the lesser of the tasks hard limit and the init tasks soft limit
158 label_for_each_confined(i
, old_l
, old
) {
159 if (old
->rlimits
.mask
) {
162 for (j
= 0, mask
= 1; j
< RLIM_NLIMITS
; j
++,
164 if (old
->rlimits
.mask
& mask
) {
165 rlim
= current
->signal
->rlim
+ j
;
166 initrlim
= init_task
.signal
->rlim
+ j
;
167 rlim
->rlim_cur
= min(rlim
->rlim_max
,
174 /* set any new hard limits as dictated by the new profile */
175 label_for_each_confined(i
, new_l
, new) {
178 if (!new->rlimits
.mask
)
180 for (j
= 0, mask
= 1; j
< RLIM_NLIMITS
; j
++, mask
<<= 1) {
181 if (!(new->rlimits
.mask
& mask
))
184 rlim
= current
->signal
->rlim
+ j
;
185 rlim
->rlim_max
= min(rlim
->rlim_max
,
186 new->rlimits
.limits
[j
].rlim_max
);
187 /* soft limit should not exceed hard limit */
188 rlim
->rlim_cur
= min(rlim
->rlim_cur
, rlim
->rlim_max
);