apparmor: add support for profiles to define the kill signal

Previously apparmor has only sent SIGKILL but there are cases where
it can be useful to send a different signal. Allow the profile
to optionally specify a different value.

Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 65191c5fc5e3215e79fe24a7fd0350c518118e52..3455d223879b0b2fc2aa1a40cfae70b7de71ff97 100644 (file)
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -2342,6 +2342,7 @@ static struct aa_sfs_entry aa_sfs_entry_domain[] = {
        AA_SFS_FILE_BOOLEAN("computed_longest_left",    1),
        AA_SFS_DIR("attach_conditions",         aa_sfs_entry_attach),
        AA_SFS_FILE_BOOLEAN("disconnected.path",            1),
+       AA_SFS_FILE_BOOLEAN("kill.signal",              1),
        AA_SFS_FILE_STRING("version", "1.2"),
        { }
 };

diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index 73087d76f649f777365e545b82b58ca800c28fbf..ac89602aa2d9d433dac029926b81ecb949e429fb 100644 (file)
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -192,7 +192,7 @@ int aa_audit(int type, struct aa_profile *profile,
        aa_audit_msg(type, ad, cb);
 
        if (ad->type == AUDIT_APPARMOR_KILL)
-               (void)send_sig_info(SIGKILL, NULL,
+               (void)send_sig_info(profile->signal, NULL,
                        ad->common.type == LSM_AUDIT_DATA_TASK &&
                        ad->common.u.tsk ? ad->common.u.tsk : current);
 

diff --git a/security/apparmor/include/ipc.h b/security/apparmor/include/ipc.h
index 74d17052f76bcd76fd94b9c7808a97924edf1889..323dd071afe9c2a99bdefbd45251d51d6b2b601e 100644 (file)
--- a/security/apparmor/include/ipc.h
+++ b/security/apparmor/include/ipc.h
@@ -13,6 +13,9 @@
 
 #include <linux/sched.h>
 
+#define SIGUNKNOWN 0
+#define MAXMAPPED_SIG 35
+
 int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender,
                  const struct cred *target_cred, struct aa_label *target,
                  int sig);

diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index bfd8bf1a1ecd90ec51a93ffd0fa29b3cd1cc9592..73cb84ef58f2b8d4024e0cf85ad4e472fc0cdbd7 100644 (file)
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -236,6 +236,7 @@ struct aa_profile {
        enum audit_mode audit;
        long mode;
        u32 path_flags;
+       int signal;
        const char *disconnected;
 
        struct aa_attachment attach;

diff --git a/security/apparmor/include/sig_names.h b/security/apparmor/include/sig_names.h
index cbf7a997ed8412797282be480a15339ee431d997..c772668cdc6297fa16bb248f93dcf058e39fc0cd 100644 (file)
--- a/security/apparmor/include/sig_names.h
+++ b/security/apparmor/include/sig_names.h
@@ -1,9 +1,5 @@
 #include <linux/signal.h>
-
-#define SIGUNKNOWN 0
-#define MAXMAPPED_SIG 35
-#define MAXMAPPED_SIGNAME (MAXMAPPED_SIG + 1)
-#define SIGRT_BASE 128
+#include "signal.h"
 
 /* provide a mapping of arch signal to internal signal # for mediation
  * those that are always an alias SIGCLD for SIGCLHD and SIGPOLL for SIGIO

diff --git a/security/apparmor/include/signal.h b/security/apparmor/include/signal.h
new file mode 100644 (file)
index 0000000..729763f
--- /dev/null
+++ b/security/apparmor/include/signal.h
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor ipc mediation function definitions.
+ *
+ * Copyright 2023 Canonical Ltd.
+ */
+
+#ifndef __AA_SIGNAL_H
+#define __AA_SIGNAL_H
+
+#define SIGUNKNOWN 0
+#define MAXMAPPED_SIG 35
+
+#define MAXMAPPED_SIGNAME (MAXMAPPED_SIG + 1)
+#define SIGRT_BASE 128
+
+#endif /* __AA_SIGNAL_H */

diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 2857e771e2a93d1e616a90045aeb99c655a6091e..04222eddd890b57057650516506eb3da475c1c1b 100644 (file)
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -364,6 +364,7 @@ struct aa_profile *aa_alloc_profile(const char *hname, struct aa_proxy *proxy,
        profile->label.flags |= FLAG_PROFILE;
        profile->label.vec[0] = profile;
 
+       profile->signal = SIGKILL;
        /* refcount released by caller */
        return profile;
 

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 7813920a21e55da904b49618f03d3d6e7395947c..73139189df0f22c9967322eebc6f986dad98d0e4 100644 (file)
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -29,6 +29,7 @@
 #include "include/policy.h"
 #include "include/policy_unpack.h"
 #include "include/policy_compat.h"
+#include "include/signal.h"
 
 /* audit callback for unpack fields */
 static void audit_cb(struct audit_buffer *ab, void *va)
@@ -916,6 +917,12 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
        (void) aa_unpack_strdup(e, &disconnected, "disconnected");
        profile->disconnected = disconnected;
 
+       /* optional */
+       (void) aa_unpack_u32(e, &profile->signal, "kill");
+       if (profile->signal < 1 && profile->signal > MAXMAPPED_SIG) {
+               info = "profile kill.signal invalid value";
+               goto fail;
+       }
        /* per profile debug flags (complain, audit) */
        if (!aa_unpack_nameX(e, AA_STRUCT, "flags")) {
                info = "profile missing flags";