LXR linux/security/apparmor/ipc.c

   1/*
   2 * AppArmor security module
   3 *
   4 * This file contains AppArmor ipc mediation
   5 *
   6 * Copyright (C) 1998-2008 Novell/SUSE
   7 * Copyright 2009-2010 Canonical Ltd.
   8 *
   9 * This program is free software; you can redistribute it and/or
  10 * modify it under the terms of the GNU General Public License as
  11 * published by the Free Software Foundation, version 2 of the
  12 * License.
  13 */
  14
  15#include <linux/gfp.h>
  16#include <linux/ptrace.h>
  17
  18#include "include/audit.h"
  19#include "include/capability.h"
  20#include "include/context.h"
  21#include "include/policy.h"
  22#include "include/ipc.h"
  23
  24/* call back to audit ptrace fields */
  25static void audit_cb(struct audit_buffer *ab, void *va)
  26{
  27        struct common_audit_data *sa = va;
  28        audit_log_format(ab, " target=");
  29        audit_log_untrustedstring(ab, sa->aad->target);
  30}
  31
  32/**
  33 * aa_audit_ptrace - do auditing for ptrace
  34 * @profile: profile being enforced  (NOT NULL)
  35 * @target: profile being traced (NOT NULL)
  36 * @error: error condition
  37 *
  38 * Returns: %0 or error code
  39 */
  40static int aa_audit_ptrace(struct aa_profile *profile,
  41                           struct aa_profile *target, int error)
  42{
  43        struct common_audit_data sa;
  44        struct apparmor_audit_data aad = {0,};
  45        sa.type = LSM_AUDIT_DATA_NONE;
  46        sa.aad = &aad;
  47        aad.op = OP_PTRACE;
  48        aad.target = target;
  49        aad.error = error;
  50
  51        return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_ATOMIC, &sa,
  52                        audit_cb);
  53}
  54
  55/**
  56 * aa_may_ptrace - test if tracer task can trace the tracee
  57 * @tracer: profile of the task doing the tracing  (NOT NULL)
  58 * @tracee: task to be traced
  59 * @mode: whether PTRACE_MODE_READ || PTRACE_MODE_ATTACH
  60 *
  61 * Returns: %0 else error code if permission denied or error
  62 */
  63int aa_may_ptrace(struct aa_profile *tracer, struct aa_profile *tracee,
  64                  unsigned int mode)
  65{
  66        /* TODO: currently only based on capability, not extended ptrace
  67         *       rules,
  68         *       Test mode for PTRACE_MODE_READ || PTRACE_MODE_ATTACH
  69         */
  70
  71        if (unconfined(tracer) || tracer == tracee)
  72                return 0;
  73        /* log this capability request */
  74        return aa_capable(tracer, CAP_SYS_PTRACE, 1);
  75}
  76
  77/**
  78 * aa_ptrace - do ptrace permission check and auditing
  79 * @tracer: task doing the tracing (NOT NULL)
  80 * @tracee: task being traced (NOT NULL)
  81 * @mode: ptrace mode either PTRACE_MODE_READ || PTRACE_MODE_ATTACH
  82 *
  83 * Returns: %0 else error code if permission denied or error
  84 */
  85int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee,
  86              unsigned int mode)
  87{
  88        /*
  89         * tracer can ptrace tracee when
  90         * - tracer is unconfined ||
  91         *   - tracer is in complain mode
  92         *   - tracer has rules allowing it to trace tracee currently this is:
  93         *       - confined by the same profile ||
  94         *       - tracer profile has CAP_SYS_PTRACE
  95         */
  96
  97        struct aa_profile *tracer_p = aa_get_task_profile(tracer);
  98        int error = 0;
  99
 100        if (!unconfined(tracer_p)) {
 101                struct aa_profile *tracee_p = aa_get_task_profile(tracee);
 102
 103                error = aa_may_ptrace(tracer_p, tracee_p, mode);
 104                error = aa_audit_ptrace(tracer_p, tracee_p, error);
 105
 106                aa_put_profile(tracee_p);
 107        }
 108        aa_put_profile(tracer_p);
 109
 110        return error;
 111}
 112