2
* Copyright (C) 1998-2005 Novell/SUSE
4
* This program is free software; you can redistribute it and/or
5
* modify it under the terms of the GNU General Public License as
6
* published by the Free Software Foundation, version 2 of the
9
* AppArmor internal prototypes
15
#include <linux/fs.h> /* Include for defn of iattr */
16
#include <linux/binfmts.h> /* defn of linux_binprm */
17
#include <linux/rcupdate.h>
21
/* Control parameters (0 or 1), settable thru module/boot flags or
22
* via /sys/kernel/security/apparmor/control */
23
extern int apparmor_complain;
24
extern int apparmor_debug;
25
extern int apparmor_audit;
26
extern int apparmor_logsyscall;
28
static inline int mediated_filesystem(struct inode *inode)
30
return !(inode->i_sb->s_flags & MS_NOUSER);
33
#define PROFILE_COMPLAIN(_profile) \
34
(apparmor_complain == 1 || ((_profile) && (_profile)->flags.complain))
36
#define SUBDOMAIN_COMPLAIN(_sd) \
37
(apparmor_complain == 1 || \
38
((_sd) && (_sd)->active && (_sd)->active->flags.complain))
40
#define PROFILE_AUDIT(_profile) \
41
(apparmor_audit == 1 || ((_profile) && (_profile)->flags.audit))
43
#define SUBDOMAIN_AUDIT(_sd) \
44
(apparmor_audit == 1 || \
45
((_sd) && (_sd)->active && (_sd)->active->flags.audit))
48
* DEBUG remains global (no per profile flag) since it is mostly used in sysctl
49
* which is not related to profile accesses.
52
#define AA_DEBUG(fmt, args...) \
55
printk(KERN_DEBUG "AppArmor: " fmt, ##args); \
57
#define AA_INFO(fmt, args...) printk(KERN_INFO "AppArmor: " fmt, ##args)
58
#define AA_WARN(fmt, args...) printk(KERN_WARNING "AppArmor: " fmt, ##args)
59
#define AA_ERROR(fmt, args...) printk(KERN_ERR "AppArmor: " fmt, ##args)
62
/* apparmor logged syscall reject caching */
65
AA_SYSCALL_SYSCTL_WRITE,
70
#define AA_SYSCALL_TO_MASK(X) (1 << (X))
73
/* basic AppArmor data structures */
81
enum entry_match_type {
88
/* struct aa_entry - file ACL *
89
* @filename: filename controlled by this ACL
90
* @mode: permissions granted by ACL
91
* @type: type of match to perform against @filename
92
* @extradata: any extra data needed by an extended matching type
93
* @list: list the ACL is on
94
* @listp: permission partitioned lists this ACL is on.
96
* Each entry describes a file and an allowed access mode.
100
int mode; /* mode is 'or' of READ, WRITE, EXECUTE,
101
* INHERIT, UNCONSTRAINED, and LIBRARY
102
* (meaning don't prefetch). */
104
enum entry_match_type type;
107
struct list_head list;
108
struct list_head listp[POS_AA_FILE_MAX + 1];
111
#define AA_SECURE_EXEC_NEEDED 0x00000001
113
#define AA_EXEC_MODIFIER_MASK(mask) ((mask) & AA_EXEC_MODIFIERS)
114
#define AA_EXEC_MASK(mask) ((mask) & (AA_MAY_EXEC | AA_EXEC_MODIFIERS))
115
#define AA_EXEC_UNSAFE_MASK(mask) ((mask) & (AA_MAY_EXEC | AA_EXEC_MODIFIERS |\
118
/* struct aaprofile - basic confinement data
119
* @parent: non refcounted pointer to parent profile
120
* @name: the profiles name
121
* @file_entry: file ACL
122
* @file_entryp: vector of file ACL by permission granted
123
* @list: list this profile is on
124
* @sub: profiles list of subprofiles (HATS)
125
* @flags: flags controlling profile behavior
126
* @null_profile: if needed per profile learning and null confinement profile
127
* @isstale: flag to indicate the profile is stale
128
* @num_file_entries: number of file entries the profile contains
129
* @num_file_pentries: number of file entries for each partitioned list
130
* @capabilities: capabilities granted by the process
131
* @rcu: rcu head used when freeing the profile
132
* @on_rcu_callback: flag indicating profile is on the rcu callback list
133
* @count: reference count of the profile
135
* The AppArmor profile contains the basic confinement data. Each profile
136
* has a name and potentially a list of profile entries. The profiles are
137
* connected in a list
140
struct aaprofile *parent;
143
struct list_head file_entry;
144
struct list_head file_entryp[POS_AA_FILE_MAX + 1];
145
struct list_head list;
146
struct list_head sub;
147
struct flagval flags;
148
struct aaprofile *null_profile;
151
int num_file_entries;
152
int num_file_pentries[POS_AA_FILE_MAX + 1];
154
kernel_cap_t capabilities;
168
* aafile - file pointer confinement data
170
* Data structure assigned to each open file (by apparmor_file_alloc_security)
173
enum aafile_type type;
174
struct aaprofile *profile;
178
* struct subdomain - primary label for confined tasks
179
* @active: the current active profile
180
* @hat_magic: the magic token controling the ability to leave a hat
181
* @list: list this subdomain is on
182
* @task: task that the subdomain confines
183
* @cached_caps: caps that have previously generated log entries
184
* @cached_syscalls: mediated syscalls that have previously been logged
186
* Contains the tasks current active profile (which could change due to
187
* change_hat). Plus the hat_magic needed during change_hat.
189
* N.B AppArmor's previous product name SubDomain was derived from the name
190
* of this structure/concept (changehat reducing a task into a sub-domain).
193
struct aaprofile *active; /* The current active profile */
194
u32 hat_magic; /* used with change_hat */
195
struct list_head list; /* list of subdomains */
196
struct task_struct *task;
198
kernel_cap_t cached_caps;
199
unsigned int cached_syscalls;
202
typedef int (*aa_iter) (struct subdomain *, void *);
205
* temp (cookie) data used by aa_path_* functions, see inline.h
207
struct aa_path_data {
208
struct dentry *root, *dentry;
209
struct mnt_namespace *mnt_namespace;
210
struct list_head *head, *pos;
214
#define AA_SUBDOMAIN(sec) ((struct subdomain*)(sec))
215
#define AA_PROFILE(sec) ((struct aaprofile*)(sec))
217
/* Lock protecting access to 'struct subdomain' accesses */
218
extern spinlock_t sd_lock;
220
extern struct aaprofile *null_complain_profile;
222
/* aa_audit - AppArmor auditing structure
223
* Structure is populated by access control code and passed to aa_audit which
224
* provides for a single point of logging.
228
unsigned short type, flags;
242
#define AA_AUDITTYPE_FILE 1
243
#define AA_AUDITTYPE_DIR 2
244
#define AA_AUDITTYPE_ATTR 3
245
#define AA_AUDITTYPE_XATTR 4
246
#define AA_AUDITTYPE_LINK 5
247
#define AA_AUDITTYPE_CAP 6
248
#define AA_AUDITTYPE_MSG 7
249
#define AA_AUDITTYPE_SYSCALL 8
250
#define AA_AUDITTYPE__END 9
253
#define AA_AUDITFLAG_AUDITSS_SYSCALL 1 /* log syscall context */
254
#define AA_AUDITFLAG_LOGERR 2 /* log operations that failed due to
255
non permission errors */
257
#define HINT_UNKNOWN_HAT "unknown_hat"
258
#define HINT_FORK "fork"
259
#define HINT_MANDPROF "missing_mandatory_profile"
260
#define HINT_CHGPROF "changing_profile"
262
#define LOG_HINT(p, gfp, hint, fmt, args...) \
264
aa_audit_message(p, gfp, 0, \
265
"LOGPROF-HINT " hint " " fmt, ##args);\
268
/* directory op type, for aa_perm_dir */
274
/* xattr op type, for aa_xattr */
275
enum aa_xattroptype {
282
#define BASE_PROFILE(p) ((p)->parent ? (p)->parent : (p))
283
#define IN_SUBPROFILE(p) ((p)->parent)
286
extern int alloc_null_complain_profile(void);
287
extern void free_null_complain_profile(void);
288
extern int attach_nullprofile(struct aaprofile *profile);
289
extern int aa_audit_message(struct aaprofile *active, gfp_t gfp, int,
291
extern int aa_audit_syscallreject(struct aaprofile *active, gfp_t gfp,
292
enum aasyscall call);
293
extern int aa_audit(struct aaprofile *active, const struct aa_audit *);
294
extern char *aa_get_name(struct dentry *dentry, struct vfsmount *mnt);
296
extern int aa_attr(struct aaprofile *active, struct dentry *dentry,
297
struct iattr *iattr);
298
extern int aa_xattr(struct aaprofile *active, struct dentry *dentry,
299
const char *xattr, enum aa_xattroptype xattroptype);
300
extern int aa_capability(struct aaprofile *active, int cap);
301
extern int aa_perm(struct aaprofile *active, struct dentry *dentry,
302
struct vfsmount *mnt, int mask, int leaf);
303
extern int aa_perm_nameidata(struct aaprofile *active, struct nameidata *nd,
305
extern int aa_perm_dentry(struct aaprofile *active, struct dentry *dentry,
307
extern int aa_perm_dir(struct aaprofile *active, struct dentry *dentry,
308
enum aa_diroptype diroptype);
309
extern int aa_link(struct aaprofile *active,
310
struct dentry *link, struct dentry *target);
311
extern int aa_fork(struct task_struct *p);
312
extern int aa_register(struct linux_binprm *bprm);
313
extern void aa_release(struct task_struct *p);
314
extern int aa_change_hat(const char *id, u32 hat_magic);
315
extern int aa_associate_filp(struct file *filp);
318
extern struct aaprofile *aa_profilelist_find(const char *name);
319
extern int aa_profilelist_add(struct aaprofile *profile);
320
extern struct aaprofile *aa_profilelist_remove(const char *name);
321
extern void aa_profilelist_release(void);
322
extern struct aaprofile *aa_profilelist_replace(struct aaprofile *profile);
323
extern void aa_profile_dump(struct aaprofile *);
324
extern void aa_profilelist_dump(void);
325
extern void aa_subdomainlist_add(struct subdomain *);
326
extern void aa_subdomainlist_remove(struct subdomain *);
327
extern void aa_subdomainlist_iterate(aa_iter, void *);
328
extern void aa_subdomainlist_iterateremove(aa_iter, void *);
329
extern void aa_subdomainlist_release(void);
331
/* module_interface.c */
332
extern ssize_t aa_file_prof_add(void *, size_t);
333
extern ssize_t aa_file_prof_repl(void *, size_t);
334
extern ssize_t aa_file_prof_remove(const char *, size_t);
335
extern void free_aaprofile(struct aaprofile *profile);
336
extern void free_aaprofile_kref(struct kref *kref);
339
extern size_t aa_getprocattr(struct aaprofile *active, char *str, size_t size);
340
extern int aa_setprocattr_changehat(char *hatinfo, size_t infosize);
341
extern int aa_setprocattr_setprofile(struct task_struct *p, char *profilename,
345
extern int create_apparmorfs(void);
346
extern void destroy_apparmorfs(void);
349
extern const char *capability_to_name(unsigned int cap);
350
extern const char *syscall_to_name(enum aasyscall call);
352
#endif /* __APPARMOR_H */