]> git.ipfire.org Git - thirdparty/kernel/stable.git/blame - security/apparmor/lsm.c
projects / thirdparty / kernel / stable.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
apparmor: change op from int to const char *
[thirdparty/kernel/stable.git] / security / apparmor / lsm.c
CommitLineData
b5e95b48
JJ		 1/*
2 * AppArmor security module
3 *
4 * This file contains AppArmor LSM hooks.
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 */
14
3c4ed7bd 15#include <linux/lsm_hooks.h>
b5e95b48
JJ		 16#include <linux/moduleparam.h>
17#include <linux/mm.h>
18#include <linux/mman.h>
19#include <linux/mount.h>
20#include <linux/namei.h>
21#include <linux/ptrace.h>
22#include <linux/ctype.h>
23#include <linux/sysctl.h>
24#include <linux/audit.h>
3486740a 25#include <linux/user_namespace.h>
b5e95b48
JJ		 26#include <net/sock.h>
27
28#include "include/apparmor.h"
29#include "include/apparmorfs.h"
30#include "include/audit.h"
31#include "include/capability.h"
32#include "include/context.h"
33#include "include/file.h"
34#include "include/ipc.h"
35#include "include/path.h"
36#include "include/policy.h"
cff281f6 37#include "include/policy_ns.h"
b5e95b48
JJ		 38#include "include/procattr.h"
39
40/* Flag indicating whether initialization completed */
41int apparmor_initialized __initdata;
42
43/*
44 * LSM hook functions
45 */
46
47/*
55a26ebf 48 * free the associated aa_task_ctx and put its profiles
b5e95b48
JJ		 49 */
50static void apparmor_cred_free(struct cred *cred)
51{
55a26ebf
JJ		 52 aa_free_task_context(cred_ctx(cred));
53 cred_ctx(cred) = NULL;
b5e95b48
JJ		 54}
55
56/*
57 * allocate the apparmor part of blank credentials
58 */
59static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp)
60{
61 /* freed by apparmor_cred_free */
55a26ebf
JJ		 62 struct aa_task_ctx *ctx = aa_alloc_task_context(gfp);
63
64 if (!ctx)
b5e95b48
JJ		 65 return -ENOMEM;
66
55a26ebf 67 cred_ctx(cred) = ctx;
b5e95b48
JJ		 68 return 0;
69}
70
71/*
55a26ebf 72 * prepare new aa_task_ctx for modification by prepare_cred block
b5e95b48
JJ		 73 */
74static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
75 gfp_t gfp)
76{
77 /* freed by apparmor_cred_free */
55a26ebf
JJ		 78 struct aa_task_ctx *ctx = aa_alloc_task_context(gfp);
79
80 if (!ctx)
b5e95b48
JJ		 81 return -ENOMEM;
82
55a26ebf
JJ		 83 aa_dup_task_context(ctx, cred_ctx(old));
84 cred_ctx(new) = ctx;
b5e95b48
JJ		 85 return 0;
86}
87
88/*
89 * transfer the apparmor data to a blank set of creds
90 */
91static void apparmor_cred_transfer(struct cred *new, const struct cred *old)
92{
55a26ebf
JJ		 93 const struct aa_task_ctx *old_ctx = cred_ctx(old);
94 struct aa_task_ctx *new_ctx = cred_ctx(new);
b5e95b48 95
55a26ebf 96 aa_dup_task_context(new_ctx, old_ctx);
b5e95b48
JJ		 97}
98
99static int apparmor_ptrace_access_check(struct task_struct *child,
100 unsigned int mode)
101{
b5e95b48
JJ		 102 return aa_ptrace(current, child, mode);
103}
104
105static int apparmor_ptrace_traceme(struct task_struct *parent)
106{
b5e95b48
JJ		 107 return aa_ptrace(parent, current, PTRACE_MODE_ATTACH);
108}
109
110/* Derived from security/commoncap.c:cap_capget */
111static int apparmor_capget(struct task_struct *target, kernel_cap_t *effective,
112 kernel_cap_t *inheritable, kernel_cap_t *permitted)
113{
114 struct aa_profile *profile;
115 const struct cred *cred;
116
117 rcu_read_lock();
118 cred = __task_cred(target);
119 profile = aa_cred_profile(cred);
120
b1d9e6b0
CS		 121 /*
122 * cap_capget is stacked ahead of this and will
123 * initialize effective and permitted.
124 */
25e75dff 125 if (!unconfined(profile) && !COMPLAIN_MODE(profile)) {
b5e95b48
JJ		 126 *effective = cap_intersect(*effective, profile->caps.allow);
127 *permitted = cap_intersect(*permitted, profile->caps.allow);
128 }
129 rcu_read_unlock();
130
131 return 0;
132}
133
6a9de491
EP		 134static int apparmor_capable(const struct cred *cred, struct user_namespace *ns,
135 int cap, int audit)
b5e95b48
JJ		 136{
137 struct aa_profile *profile;
b1d9e6b0
CS		 138 int error = 0;
139
140 profile = aa_cred_profile(cred);
141 if (!unconfined(profile))
142 error = aa_capable(profile, cap, audit);
b5e95b48
JJ		 143 return error;
144}
145
146/**
147 * common_perm - basic common permission check wrapper fn for paths
148 * @op: operation being checked
149 * @path: path to check permission of (NOT NULL)
150 * @mask: requested permissions mask
151 * @cond: conditional info for the permission request (NOT NULL)
152 *
153 * Returns: %0 else error code if error or permission denied
154 */
47f6e5cc 155static int common_perm(const char *op, const struct path *path, u32 mask,
b5e95b48
JJ		 156 struct path_cond *cond)
157{
158 struct aa_profile *profile;
159 int error = 0;
160
161 profile = __aa_current_profile();
162 if (!unconfined(profile))
163 error = aa_path_perm(op, profile, path, 0, mask, cond);
164
165 return error;
166}
167
168/**
169 * common_perm_dir_dentry - common permission wrapper when path is dir, dentry
170 * @op: operation being checked
171 * @dir: directory of the dentry (NOT NULL)
172 * @dentry: dentry to check (NOT NULL)
173 * @mask: requested permissions mask
174 * @cond: conditional info for the permission request (NOT NULL)
175 *
176 * Returns: %0 else error code if error or permission denied
177 */
47f6e5cc 178static int common_perm_dir_dentry(const char *op, const struct path *dir,
b5e95b48
JJ		 179 struct dentry *dentry, u32 mask,
180 struct path_cond *cond)
181{
8486adf0 182 struct path path = { .mnt = dir->mnt, .dentry = dentry };
b5e95b48
JJ		 183
184 return common_perm(op, &path, mask, cond);
185}
186
187/**
741aca71 188 * common_perm_path - common permission wrapper when mnt, dentry
b5e95b48 189 * @op: operation being checked
741aca71 190 * @path: location to check (NOT NULL)
b5e95b48
JJ		 191 * @mask: requested permissions mask
192 *
193 * Returns: %0 else error code if error or permission denied
194 */
47f6e5cc
JJ		 195static inline int common_perm_path(const char *op, const struct path *path,
196 u32 mask)
b5e95b48 197{
741aca71
AV		 198 struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
199 d_backing_inode(path->dentry)->i_mode
b5e95b48 200 };
efeee83a 201 if (!path_mediated_fs(path->dentry))
741aca71 202 return 0;
b5e95b48 203
741aca71 204 return common_perm(op, path, mask, &cond);
b5e95b48
JJ		 205}
206
207/**
208 * common_perm_rm - common permission wrapper for operations doing rm
209 * @op: operation being checked
210 * @dir: directory that the dentry is in (NOT NULL)
211 * @dentry: dentry being rm'd (NOT NULL)
212 * @mask: requested permission mask
213 *
214 * Returns: %0 else error code if error or permission denied
215 */
47f6e5cc 216static int common_perm_rm(const char *op, const struct path *dir,
b5e95b48
JJ		 217 struct dentry *dentry, u32 mask)
218{
c6f493d6 219 struct inode *inode = d_backing_inode(dentry);
b5e95b48
JJ		 220 struct path_cond cond = { };
221
efeee83a 222 if (!inode || !path_mediated_fs(dentry))
b5e95b48
JJ		 223 return 0;
224
225 cond.uid = inode->i_uid;
226 cond.mode = inode->i_mode;
227
228 return common_perm_dir_dentry(op, dir, dentry, mask, &cond);
229}
230
231/**
232 * common_perm_create - common permission wrapper for operations doing create
233 * @op: operation being checked
234 * @dir: directory that dentry will be created in (NOT NULL)
235 * @dentry: dentry to create (NOT NULL)
236 * @mask: request permission mask
237 * @mode: created file mode
238 *
239 * Returns: %0 else error code if error or permission denied
240 */
47f6e5cc 241static int common_perm_create(const char *op, const struct path *dir,
d6b49f7a 242 struct dentry *dentry, u32 mask, umode_t mode)
b5e95b48
JJ		 243{
244 struct path_cond cond = { current_fsuid(), mode };
245
efeee83a 246 if (!path_mediated_fs(dir->dentry))
b5e95b48
JJ		 247 return 0;
248
249 return common_perm_dir_dentry(op, dir, dentry, mask, &cond);
250}
251
989f74e0 252static int apparmor_path_unlink(const struct path *dir, struct dentry *dentry)
b5e95b48
JJ		 253{
254 return common_perm_rm(OP_UNLINK, dir, dentry, AA_MAY_DELETE);
255}
256
d3607752 257static int apparmor_path_mkdir(const struct path *dir, struct dentry *dentry,
4572befe 258 umode_t mode)
b5e95b48
JJ		 259{
260 return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE,
261 S_IFDIR);
262}
263
989f74e0 264static int apparmor_path_rmdir(const struct path *dir, struct dentry *dentry)
b5e95b48
JJ		 265{
266 return common_perm_rm(OP_RMDIR, dir, dentry, AA_MAY_DELETE);
267}
268
d3607752 269static int apparmor_path_mknod(const struct path *dir, struct dentry *dentry,
04fc66e7 270 umode_t mode, unsigned int dev)
b5e95b48
JJ		 271{
272 return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode);
273}
274
81f4c506 275static int apparmor_path_truncate(const struct path *path)
b5e95b48 276{
741aca71 277 return common_perm_path(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE);
b5e95b48
JJ		 278}
279
d3607752 280static int apparmor_path_symlink(const struct path *dir, struct dentry *dentry,
b5e95b48
JJ		 281 const char *old_name)
282{
283 return common_perm_create(OP_SYMLINK, dir, dentry, AA_MAY_CREATE,
284 S_IFLNK);
285}
286
3ccee46a 287static int apparmor_path_link(struct dentry *old_dentry, const struct path *new_dir,
b5e95b48
JJ		 288 struct dentry *new_dentry)
289{
290 struct aa_profile *profile;
291 int error = 0;
292
efeee83a 293 if (!path_mediated_fs(old_dentry))
b5e95b48
JJ		 294 return 0;
295
296 profile = aa_current_profile();
297 if (!unconfined(profile))
298 error = aa_path_link(profile, old_dentry, new_dir, new_dentry);
299 return error;
300}
301
3ccee46a
AV		 302static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_dentry,
303 const struct path *new_dir, struct dentry *new_dentry)
b5e95b48
JJ		 304{
305 struct aa_profile *profile;
306 int error = 0;
307
efeee83a 308 if (!path_mediated_fs(old_dentry))
b5e95b48
JJ		 309 return 0;
310
311 profile = aa_current_profile();
312 if (!unconfined(profile)) {
8486adf0
KC		 313 struct path old_path = { .mnt = old_dir->mnt,
314 .dentry = old_dentry };
315 struct path new_path = { .mnt = new_dir->mnt,
316 .dentry = new_dentry };
c6f493d6
DH		 317 struct path_cond cond = { d_backing_inode(old_dentry)->i_uid,
318 d_backing_inode(old_dentry)->i_mode
b5e95b48
JJ		 319 };
320
321 error = aa_path_perm(OP_RENAME_SRC, profile, &old_path, 0,
322 MAY_READ | AA_MAY_META_READ | MAY_WRITE |
323 AA_MAY_META_WRITE | AA_MAY_DELETE,
324 &cond);
325 if (!error)
326 error = aa_path_perm(OP_RENAME_DEST, profile, &new_path,
327 0, MAY_WRITE | AA_MAY_META_WRITE |
328 AA_MAY_CREATE, &cond);
329
330 }
331 return error;
332}
333
be01f9f2 334static int apparmor_path_chmod(const struct path *path, umode_t mode)
b5e95b48 335{
741aca71 336 return common_perm_path(OP_CHMOD, path, AA_MAY_CHMOD);
b5e95b48
JJ		 337}
338
7fd25dac 339static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
b5e95b48 340{
741aca71 341 return common_perm_path(OP_CHOWN, path, AA_MAY_CHOWN);
b5e95b48
JJ		 342}
343
3f7036a0 344static int apparmor_inode_getattr(const struct path *path)
b5e95b48 345{
741aca71 346 return common_perm_path(OP_GETATTR, path, AA_MAY_META_READ);
b5e95b48
JJ		 347}
348
83d49856 349static int apparmor_file_open(struct file *file, const struct cred *cred)
b5e95b48 350{
55a26ebf 351 struct aa_file_ctx *fctx = file->f_security;
b5e95b48
JJ		 352 struct aa_profile *profile;
353 int error = 0;
354
efeee83a 355 if (!path_mediated_fs(file->f_path.dentry))
b5e95b48
JJ		 356 return 0;
357
358 /* If in exec, permission is handled by bprm hooks.
359 * Cache permissions granted by the previous exec check, with
360 * implicit read and executable mmap which are required to
361 * actually execute the image.
362 */
363 if (current->in_execve) {
55a26ebf 364 fctx->allow = MAY_EXEC | MAY_READ | AA_EXEC_MMAP;
b5e95b48
JJ		 365 return 0;
366 }
367
368 profile = aa_cred_profile(cred);
369 if (!unconfined(profile)) {
496ad9aa 370 struct inode *inode = file_inode(file);
b5e95b48
JJ		 371 struct path_cond cond = { inode->i_uid, inode->i_mode };
372
373 error = aa_path_perm(OP_OPEN, profile, &file->f_path, 0,
374 aa_map_file_to_perms(file), &cond);
375 /* todo cache full allowed permissions set and state */
55a26ebf 376 fctx->allow = aa_map_file_to_perms(file);
b5e95b48
JJ		 377 }
378
379 return error;
380}
381
382static int apparmor_file_alloc_security(struct file *file)
383{
384 /* freed by apparmor_file_free_security */
385 file->f_security = aa_alloc_file_context(GFP_KERNEL);
386 if (!file->f_security)
387 return -ENOMEM;
388 return 0;
389
390}
391
392static void apparmor_file_free_security(struct file *file)
393{
55a26ebf 394 struct aa_file_ctx *ctx = file->f_security;
b5e95b48 395
55a26ebf 396 aa_free_file_context(ctx);
b5e95b48
JJ		 397}
398
47f6e5cc 399static int common_file_perm(const char *op, struct file *file, u32 mask)
b5e95b48 400{
55a26ebf 401 struct aa_file_ctx *fctx = file->f_security;
b5e95b48
JJ		 402 struct aa_profile *profile, *fprofile = aa_cred_profile(file->f_cred);
403 int error = 0;
404
405 BUG_ON(!fprofile);
406
407 if (!file->f_path.mnt ||
efeee83a 408 !path_mediated_fs(file->f_path.dentry))
b5e95b48
JJ		 409 return 0;
410
411 profile = __aa_current_profile();
412
413 /* revalidate access, if task is unconfined, or the cached cred
414 * doesn't match or if the request is for more permissions than
415 * was granted.
416 *
417 * Note: the test for !unconfined(fprofile) is to handle file
418 * delegation from unconfined tasks
419 */
420 if (!unconfined(profile) && !unconfined(fprofile) &&
55a26ebf 421 ((fprofile != profile) || (mask & ~fctx->allow)))
b5e95b48
JJ		 422 error = aa_file_perm(op, profile, file, mask);
423
424 return error;
425}
426
427static int apparmor_file_permission(struct file *file, int mask)
428{
429 return common_file_perm(OP_FPERM, file, mask);
430}
431
432static int apparmor_file_lock(struct file *file, unsigned int cmd)
433{
434 u32 mask = AA_MAY_LOCK;
435
436 if (cmd == F_WRLCK)
437 mask |= MAY_WRITE;
438
439 return common_file_perm(OP_FLOCK, file, mask);
440}
441
47f6e5cc 442static int common_mmap(const char *op, struct file *file, unsigned long prot,
b5e95b48
JJ		 443 unsigned long flags)
444{
b5e95b48
JJ		 445 int mask = 0;
446
447 if (!file || !file->f_security)
448 return 0;
449
450 if (prot & PROT_READ)
451 mask |= MAY_READ;
452 /*
453 * Private mappings don't require write perms since they don't
454 * write back to the files
455 */
456 if ((prot & PROT_WRITE) && !(flags & MAP_PRIVATE))
457 mask |= MAY_WRITE;
458 if (prot & PROT_EXEC)
459 mask |= AA_EXEC_MMAP;
460
b5e95b48
JJ		 461 return common_file_perm(op, file, mask);
462}
463
e5467859
AV		 464static int apparmor_mmap_file(struct file *file, unsigned long reqprot,
465 unsigned long prot, unsigned long flags)
b5e95b48 466{
b5e95b48
JJ		 467 return common_mmap(OP_FMMAP, file, prot, flags);
468}
469
470static int apparmor_file_mprotect(struct vm_area_struct *vma,
471 unsigned long reqprot, unsigned long prot)
472{
473 return common_mmap(OP_FMPROT, vma->vm_file, prot,
474 !(vma->vm_flags & VM_SHARED) ? MAP_PRIVATE : 0);
475}
476
477static int apparmor_getprocattr(struct task_struct *task, char *name,
478 char **value)
479{
480 int error = -ENOENT;
b5e95b48
JJ		 481 /* released below */
482 const struct cred *cred = get_task_cred(task);
55a26ebf 483 struct aa_task_ctx *ctx = cred_ctx(cred);
77b071b3 484 struct aa_profile *profile = NULL;
b5e95b48
JJ		 485
486 if (strcmp(name, "current") == 0)
55a26ebf
JJ		 487 profile = aa_get_newest_profile(ctx->profile);
488 else if (strcmp(name, "prev") == 0 && ctx->previous)
489 profile = aa_get_newest_profile(ctx->previous);
490 else if (strcmp(name, "exec") == 0 && ctx->onexec)
491 profile = aa_get_newest_profile(ctx->onexec);
b5e95b48
JJ		 492 else
493 error = -EINVAL;
494
77b071b3
JJ		 495 if (profile)
496 error = aa_getprocattr(profile, value);
497
498 aa_put_profile(profile);
b5e95b48
JJ		 499 put_cred(cred);
500
501 return error;
502}
503
504static int apparmor_setprocattr(struct task_struct *task, char *name,
505 void *value, size_t size)
506{
3eea57c2
JJ		 507 struct common_audit_data sa;
508 struct apparmor_audit_data aad = {0,};
e89b8081 509 char *command, *largs = NULL, *args = value;
b5e95b48
JJ		 510 size_t arg_size;
511 int error;
512
513 if (size == 0)
514 return -EINVAL;
b5e95b48
JJ		 515 /* task can only write its own attributes */
516 if (current != task)
517 return -EACCES;
518
e89b8081
VN		 519 /* AppArmor requires that the buffer must be null terminated atm */
520 if (args[size - 1] != '\0') {
521 /* null terminate */
522 largs = args = kmalloc(size + 1, GFP_KERNEL);
523 if (!args)
524 return -ENOMEM;
525 memcpy(args, value, size);
526 args[size] = '\0';
527 }
528
529 error = -EINVAL;
b5e95b48
JJ		 530 args = strim(args);
531 command = strsep(&args, " ");
532 if (!args)
e89b8081 533 goto out;
b5e95b48
JJ		 534 args = skip_spaces(args);
535 if (!*args)
e89b8081 536 goto out;
b5e95b48 537
d4d03f74 538 arg_size = size - (args - (largs ? largs : (char *) value));
b5e95b48
JJ		 539 if (strcmp(name, "current") == 0) {
540 if (strcmp(command, "changehat") == 0) {
541 error = aa_setprocattr_changehat(args, arg_size,
542 !AA_DO_TEST);
543 } else if (strcmp(command, "permhat") == 0) {
544 error = aa_setprocattr_changehat(args, arg_size,
545 AA_DO_TEST);
546 } else if (strcmp(command, "changeprofile") == 0) {
547 error = aa_setprocattr_changeprofile(args, !AA_ONEXEC,
548 !AA_DO_TEST);
549 } else if (strcmp(command, "permprofile") == 0) {
550 error = aa_setprocattr_changeprofile(args, !AA_ONEXEC,
551 AA_DO_TEST);
3eea57c2
JJ		 552 } else
553 goto fail;
b5e95b48 554 } else if (strcmp(name, "exec") == 0) {
3eea57c2
JJ		 555 if (strcmp(command, "exec") == 0)
556 error = aa_setprocattr_changeprofile(args, AA_ONEXEC,
557 !AA_DO_TEST);
558 else
559 goto fail;
560 } else
b5e95b48 561 /* only support the "current" and "exec" process attributes */
e89b8081 562 goto fail;
3eea57c2 563
b5e95b48
JJ		 564 if (!error)
565 error = size;
e89b8081
VN		 566out:
567 kfree(largs);
b5e95b48 568 return error;
3eea57c2
JJ		 569
570fail:
571 sa.type = LSM_AUDIT_DATA_NONE;
572 sa.aad = &aad;
573 aad.profile = aa_current_profile();
574 aad.op = OP_SETPROCATTR;
575 aad.info = name;
e89b8081 576 aad.error = error = -EINVAL;
3eea57c2 577 aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL);
e89b8081 578 goto out;
b5e95b48
JJ		 579}
580
7cb4dc9f
JS		 581static int apparmor_task_setrlimit(struct task_struct *task,
582 unsigned int resource, struct rlimit *new_rlim)
b5e95b48 583{
1780f2d3 584 struct aa_profile *profile = __aa_current_profile();
b5e95b48
JJ		 585 int error = 0;
586
587 if (!unconfined(profile))
3a2dc838 588 error = aa_task_setrlimit(profile, task, resource, new_rlim);
b5e95b48
JJ		 589
590 return error;
591}
592
b1d9e6b0 593static struct security_hook_list apparmor_hooks[] = {
e20b043a
CS		 594 LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check),
595 LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme),
596 LSM_HOOK_INIT(capget, apparmor_capget),
597 LSM_HOOK_INIT(capable, apparmor_capable),
598
599 LSM_HOOK_INIT(path_link, apparmor_path_link),
600 LSM_HOOK_INIT(path_unlink, apparmor_path_unlink),
601 LSM_HOOK_INIT(path_symlink, apparmor_path_symlink),
602 LSM_HOOK_INIT(path_mkdir, apparmor_path_mkdir),
603 LSM_HOOK_INIT(path_rmdir, apparmor_path_rmdir),
604 LSM_HOOK_INIT(path_mknod, apparmor_path_mknod),
605 LSM_HOOK_INIT(path_rename, apparmor_path_rename),
606 LSM_HOOK_INIT(path_chmod, apparmor_path_chmod),
607 LSM_HOOK_INIT(path_chown, apparmor_path_chown),
608 LSM_HOOK_INIT(path_truncate, apparmor_path_truncate),
609 LSM_HOOK_INIT(inode_getattr, apparmor_inode_getattr),
610
611 LSM_HOOK_INIT(file_open, apparmor_file_open),
612 LSM_HOOK_INIT(file_permission, apparmor_file_permission),
613 LSM_HOOK_INIT(file_alloc_security, apparmor_file_alloc_security),
614 LSM_HOOK_INIT(file_free_security, apparmor_file_free_security),
615 LSM_HOOK_INIT(mmap_file, apparmor_mmap_file),
e20b043a
CS		 616 LSM_HOOK_INIT(file_mprotect, apparmor_file_mprotect),
617 LSM_HOOK_INIT(file_lock, apparmor_file_lock),
618
619 LSM_HOOK_INIT(getprocattr, apparmor_getprocattr),
620 LSM_HOOK_INIT(setprocattr, apparmor_setprocattr),
621
622 LSM_HOOK_INIT(cred_alloc_blank, apparmor_cred_alloc_blank),
623 LSM_HOOK_INIT(cred_free, apparmor_cred_free),
624 LSM_HOOK_INIT(cred_prepare, apparmor_cred_prepare),
625 LSM_HOOK_INIT(cred_transfer, apparmor_cred_transfer),
626
627 LSM_HOOK_INIT(bprm_set_creds, apparmor_bprm_set_creds),
628 LSM_HOOK_INIT(bprm_committing_creds, apparmor_bprm_committing_creds),
629 LSM_HOOK_INIT(bprm_committed_creds, apparmor_bprm_committed_creds),
630 LSM_HOOK_INIT(bprm_secureexec, apparmor_bprm_secureexec),
631
632 LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit),
b5e95b48
JJ		 633};
634
635/*
636 * AppArmor sysfs module parameters
637 */
638
101d6c82
SR		 639static int param_set_aabool(const char *val, const struct kernel_param *kp);
640static int param_get_aabool(char *buffer, const struct kernel_param *kp);
b8aa09fd 641#define param_check_aabool param_check_bool
9c27847d 642static const struct kernel_param_ops param_ops_aabool = {
6a4c2643 643 .flags = KERNEL_PARAM_OPS_FL_NOARG,
101d6c82
SR		 644 .set = param_set_aabool,
645 .get = param_get_aabool
646};
b5e95b48 647
101d6c82
SR		 648static int param_set_aauint(const char *val, const struct kernel_param *kp);
649static int param_get_aauint(char *buffer, const struct kernel_param *kp);
b8aa09fd 650#define param_check_aauint param_check_uint
9c27847d 651static const struct kernel_param_ops param_ops_aauint = {
101d6c82
SR		 652 .set = param_set_aauint,
653 .get = param_get_aauint
654};
b5e95b48 655
101d6c82
SR		 656static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp);
657static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp);
b8aa09fd 658#define param_check_aalockpolicy param_check_bool
9c27847d 659static const struct kernel_param_ops param_ops_aalockpolicy = {
6a4c2643 660 .flags = KERNEL_PARAM_OPS_FL_NOARG,
101d6c82
SR		 661 .set = param_set_aalockpolicy,
662 .get = param_get_aalockpolicy
663};
b5e95b48
JJ		 664
665static int param_set_audit(const char *val, struct kernel_param *kp);
666static int param_get_audit(char *buffer, struct kernel_param *kp);
b5e95b48
JJ		 667
668static int param_set_mode(const char *val, struct kernel_param *kp);
669static int param_get_mode(char *buffer, struct kernel_param *kp);
b5e95b48
JJ		 670
671/* Flag values, also controllable via /sys/module/apparmor/parameters
672 * We define special types as we want to do additional mediation.
673 */
674
675/* AppArmor global enforcement switch - complain, enforce, kill */
676enum profile_mode aa_g_profile_mode = APPARMOR_ENFORCE;
677module_param_call(mode, param_set_mode, param_get_mode,
678 &aa_g_profile_mode, S_IRUSR | S_IWUSR);
679
7616ac70 680#ifdef CONFIG_SECURITY_APPARMOR_HASH
6059f71f 681/* whether policy verification hashing is enabled */
7616ac70 682bool aa_g_hash_policy = IS_ENABLED(CONFIG_SECURITY_APPARMOR_HASH_DEFAULT);
6059f71f 683module_param_named(hash_policy, aa_g_hash_policy, aabool, S_IRUSR | S_IWUSR);
7616ac70 684#endif
6059f71f 685
b5e95b48 686/* Debug mode */
680cd62e 687bool aa_g_debug = IS_ENABLED(CONFIG_SECURITY_DEBUG_MESSAGES);
b5e95b48
JJ		 688module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR);
689
690/* Audit mode */
691enum audit_mode aa_g_audit;
692module_param_call(audit, param_set_audit, param_get_audit,
693 &aa_g_audit, S_IRUSR | S_IWUSR);
694
695/* Determines if audit header is included in audited messages. This
696 * provides more context if the audit daemon is not running
697 */
90ab5ee9 698bool aa_g_audit_header = 1;
b5e95b48
JJ		 699module_param_named(audit_header, aa_g_audit_header, aabool,
700 S_IRUSR | S_IWUSR);
701
702/* lock out loading/removal of policy
703 * TODO: add in at boot loading of policy, which is the only way to
704 * load policy, if lock_policy is set
705 */
90ab5ee9 706bool aa_g_lock_policy;
b5e95b48
JJ		 707module_param_named(lock_policy, aa_g_lock_policy, aalockpolicy,
708 S_IRUSR | S_IWUSR);
709
710/* Syscall logging mode */
90ab5ee9 711bool aa_g_logsyscall;
b5e95b48
JJ		 712module_param_named(logsyscall, aa_g_logsyscall, aabool, S_IRUSR | S_IWUSR);
713
714/* Maximum pathname length before accesses will start getting rejected */
715unsigned int aa_g_path_max = 2 * PATH_MAX;
716module_param_named(path_max, aa_g_path_max, aauint, S_IRUSR | S_IWUSR);
717
718/* Determines how paranoid loading of policy is and how much verification
719 * on the loaded policy is done.
abbf8734
JJ		 720 * DEPRECATED: read only as strict checking of load is always done now
721 * that none root users (user namespaces) can load policy.
b5e95b48 722 */
90ab5ee9 723bool aa_g_paranoid_load = 1;
abbf8734 724module_param_named(paranoid_load, aa_g_paranoid_load, aabool, S_IRUGO);
b5e95b48
JJ		 725
726/* Boot time disable flag */
90ab5ee9 727static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE;
c611616c 728module_param_named(enabled, apparmor_enabled, bool, S_IRUGO);
b5e95b48
JJ		 729
730static int __init apparmor_enabled_setup(char *str)
731{
732 unsigned long enabled;
29707b20 733 int error = kstrtoul(str, 0, &enabled);
b5e95b48
JJ		 734 if (!error)
735 apparmor_enabled = enabled ? 1 : 0;
736 return 1;
737}
738
739__setup("apparmor=", apparmor_enabled_setup);
740
741/* set global flag turning off the ability to load policy */
101d6c82 742static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp)
b5e95b48 743{
fd2a8043 744 if (!policy_admin_capable(NULL))
b5e95b48 745 return -EPERM;
b5e95b48
JJ		 746 return param_set_bool(val, kp);
747}
748
101d6c82 749static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp)
b5e95b48 750{
2bd8dbbf 751 if (!policy_view_capable(NULL))
b5e95b48
JJ		 752 return -EPERM;
753 return param_get_bool(buffer, kp);
754}
755
101d6c82 756static int param_set_aabool(const char *val, const struct kernel_param *kp)
b5e95b48 757{
fd2a8043 758 if (!policy_admin_capable(NULL))
b5e95b48
JJ		 759 return -EPERM;
760 return param_set_bool(val, kp);
761}
762
101d6c82 763static int param_get_aabool(char *buffer, const struct kernel_param *kp)
b5e95b48 764{
2bd8dbbf 765 if (!policy_view_capable(NULL))
b5e95b48
JJ		 766 return -EPERM;
767 return param_get_bool(buffer, kp);
768}
769
101d6c82 770static int param_set_aauint(const char *val, const struct kernel_param *kp)
b5e95b48 771{
fd2a8043 772 if (!policy_admin_capable(NULL))
b5e95b48
JJ		 773 return -EPERM;
774 return param_set_uint(val, kp);
775}
776
101d6c82 777static int param_get_aauint(char *buffer, const struct kernel_param *kp)
b5e95b48 778{
2bd8dbbf 779 if (!policy_view_capable(NULL))
b5e95b48
JJ		 780 return -EPERM;
781 return param_get_uint(buffer, kp);
782}
783
784static int param_get_audit(char *buffer, struct kernel_param *kp)
785{
2bd8dbbf 786 if (!policy_view_capable(NULL))
b5e95b48
JJ		 787 return -EPERM;
788
789 if (!apparmor_enabled)
790 return -EINVAL;
791
792 return sprintf(buffer, "%s", audit_mode_names[aa_g_audit]);
793}
794
795static int param_set_audit(const char *val, struct kernel_param *kp)
796{
797 int i;
fd2a8043 798 if (!policy_admin_capable(NULL))
b5e95b48
JJ		 799 return -EPERM;
800
801 if (!apparmor_enabled)
802 return -EINVAL;
803
804 if (!val)
805 return -EINVAL;
806
807 for (i = 0; i < AUDIT_MAX_INDEX; i++) {
808 if (strcmp(val, audit_mode_names[i]) == 0) {
809 aa_g_audit = i;
810 return 0;
811 }
812 }
813
814 return -EINVAL;
815}
816
817static int param_get_mode(char *buffer, struct kernel_param *kp)
818{
fd2a8043 819 if (!policy_view_capable(NULL))
b5e95b48
JJ		 820 return -EPERM;
821
822 if (!apparmor_enabled)
823 return -EINVAL;
824
0d259f04 825 return sprintf(buffer, "%s", aa_profile_mode_names[aa_g_profile_mode]);
b5e95b48
JJ		 826}
827
828static int param_set_mode(const char *val, struct kernel_param *kp)
829{
830 int i;
fd2a8043 831 if (!policy_admin_capable(NULL))
b5e95b48
JJ		 832 return -EPERM;
833
834 if (!apparmor_enabled)
835 return -EINVAL;
836
837 if (!val)
838 return -EINVAL;
839
0d259f04
JJ		 840 for (i = 0; i < APPARMOR_MODE_NAMES_MAX_INDEX; i++) {
841 if (strcmp(val, aa_profile_mode_names[i]) == 0) {
b5e95b48
JJ		 842 aa_g_profile_mode = i;
843 return 0;
844 }
845 }
846
847 return -EINVAL;
848}
849
850/*
851 * AppArmor init functions
852 */
853
854/**
55a26ebf 855 * set_init_ctx - set a task context and profile on the first task.
b5e95b48
JJ		 856 *
857 * TODO: allow setting an alternate profile than unconfined
858 */
55a26ebf 859static int __init set_init_ctx(void)
b5e95b48
JJ		 860{
861 struct cred *cred = (struct cred *)current->real_cred;
55a26ebf 862 struct aa_task_ctx *ctx;
b5e95b48 863
55a26ebf
JJ		 864 ctx = aa_alloc_task_context(GFP_KERNEL);
865 if (!ctx)
b5e95b48
JJ		 866 return -ENOMEM;
867
55a26ebf
JJ		 868 ctx->profile = aa_get_profile(root_ns->unconfined);
869 cred_ctx(cred) = ctx;
b5e95b48
JJ		 870
871 return 0;
872}
873
874static int __init apparmor_init(void)
875{
876 int error;
877
b1d9e6b0 878 if (!apparmor_enabled || !security_module_enable("apparmor")) {
b5e95b48
JJ		 879 aa_info_message("AppArmor disabled by boot time parameter");
880 apparmor_enabled = 0;
881 return 0;
882 }
883
11c236b8
JJ		 884 error = aa_setup_dfa_engine();
885 if (error) {
886 AA_ERROR("Unable to setup dfa engine\n");
887 goto alloc_out;
888 }
889
b5e95b48
JJ		 890 error = aa_alloc_root_ns();
891 if (error) {
892 AA_ERROR("Unable to allocate default profile namespace\n");
893 goto alloc_out;
894 }
895
55a26ebf 896 error = set_init_ctx();
b5e95b48
JJ		 897 if (error) {
898 AA_ERROR("Failed to set context on init task\n");
b1d9e6b0
CS		 899 aa_free_root_ns();
900 goto alloc_out;
b5e95b48 901 }
b1d9e6b0 902 security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks));
b5e95b48
JJ		 903
904 /* Report that AppArmor successfully initialized */
905 apparmor_initialized = 1;
906 if (aa_g_profile_mode == APPARMOR_COMPLAIN)
907 aa_info_message("AppArmor initialized: complain mode enabled");
908 else if (aa_g_profile_mode == APPARMOR_KILL)
909 aa_info_message("AppArmor initialized: kill mode enabled");
910 else
911 aa_info_message("AppArmor initialized");
912
913 return error;
914
b5e95b48
JJ		 915alloc_out:
916 aa_destroy_aafs();
11c236b8 917 aa_teardown_dfa_engine();
b5e95b48
JJ		 918
919 apparmor_enabled = 0;
920 return error;
b5e95b48
JJ		 921}
922
923security_initcall(apparmor_init);
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git