1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor file mediation function definitions. 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License as 11 * published by the Free Software Foundation, version 2 of the 12 * License. 13 */ 14 15#ifndef __AA_FILE_H 16#define __AA_FILE_H 17 18#include <linux/path.h> 19 20#include "domain.h" 21#include "match.h" 22 23struct aa_profile; 24 25/* 26 * We use MAY_EXEC, MAY_WRITE, MAY_READ, MAY_APPEND and the following flags 27 * for profile permissions 28 */ 29#define AA_MAY_CREATE 0x0010 30#define AA_MAY_DELETE 0x0020 31#define AA_MAY_META_WRITE 0x0040 32#define AA_MAY_META_READ 0x0080 33 34#define AA_MAY_CHMOD 0x0100 35#define AA_MAY_CHOWN 0x0200 36#define AA_MAY_LOCK 0x0400 37#define AA_EXEC_MMAP 0x0800 38 39#define AA_MAY_LINK 0x1000 40#define AA_LINK_SUBSET AA_MAY_LOCK /* overlaid */ 41#define AA_MAY_ONEXEC 0x40000000 /* exec allows onexec */ 42#define AA_MAY_CHANGE_PROFILE 0x80000000 43#define AA_MAY_CHANGEHAT 0x80000000 /* ctrl auditing only */ 44 45#define AA_AUDIT_FILE_MASK (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND |\ 46 AA_MAY_CREATE | AA_MAY_DELETE | \ 47 AA_MAY_META_READ | AA_MAY_META_WRITE | \ 48 AA_MAY_CHMOD | AA_MAY_CHOWN | AA_MAY_LOCK | \ 49 AA_EXEC_MMAP | AA_MAY_LINK) 50 51/* 52 * The xindex is broken into 3 parts 53 * - index - an index into either the exec name table or the variable table 54 * - exec type - which determines how the executable name and index are used 55 * - flags - which modify how the destination name is applied 56 */ 57#define AA_X_INDEX_MASK 0x03ff 58 59#define AA_X_TYPE_MASK 0x0c00 60#define AA_X_TYPE_SHIFT 10 61#define AA_X_NONE 0x0000 62#define AA_X_NAME 0x0400 /* use executable name px */ 63#define AA_X_TABLE 0x0800 /* use a specified name ->n# */ 64 65#define AA_X_UNSAFE 0x1000 66#define AA_X_CHILD 0x2000 /* make >AA_X_NONE apply to children */ 67#define AA_X_INHERIT 0x4000 68#define AA_X_UNCONFINED 0x8000 69 70/* AA_SECURE_X_NEEDED - is passed in the bprm->unsafe field */ 71#define AA_SECURE_X_NEEDED 0x8000 72 73/* need to make conditional which ones are being set */ 74struct path_cond { 75 uid_t uid; 76 umode_t mode; 77}; 78 79/* struct file_perms - file permission 80 * @allow: mask of permissions that are allowed 81 * @audit: mask of permissions to force an audit message for 82 * @quiet: mask of permissions to quiet audit messages for 83 * @kill: mask of permissions that when matched will kill the task 84 * @xindex: exec transition index if @allow contains MAY_EXEC 85 * 86 * The @audit and @queit mask should be mutually exclusive. 87 */ 88struct file_perms { 89 u32 allow; 90 u32 audit; 91 u32 quiet; 92 u32 kill; 93 u16 xindex; 94}; 95 96extern struct file_perms nullperms; 97 98#define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill) 99 100static inline u16 dfa_map_xindex(u16 mask) 101{ 102 u16 old_index = (mask >> 10) & 0xf; 103 u16 index = 0; 104 105 if (mask & 0x100) 106 index |= AA_X_UNSAFE; 107 if (mask & 0x200) 108 index |= AA_X_INHERIT; 109 if (mask & 0x80) 110 index |= AA_X_UNCONFINED; 111 112 if (old_index == 1) { 113 index |= AA_X_UNCONFINED; 114 } else if (old_index == 2) { 115 index |= AA_X_NAME; 116 } else if (old_index == 3) { 117 index |= AA_X_NAME | AA_X_CHILD; 118 } else { 119 index |= AA_X_TABLE; 120 index |= old_index - 4; 121 } 122 123 return index; 124} 125 126/* 127 * map old dfa inline permissions to new format 128 */ 129#define dfa_user_allow(dfa, state) (((ACCEPT_TABLE(dfa)[state]) & 0x7f) | \ 130 ((ACCEPT_TABLE(dfa)[state]) & 0x80000000)) 131#define dfa_user_audit(dfa, state) ((ACCEPT_TABLE2(dfa)[state]) & 0x7f) 132#define dfa_user_quiet(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 7) & 0x7f) 133#define dfa_user_xindex(dfa, state) \ 134 (dfa_map_xindex(ACCEPT_TABLE(dfa)[state] & 0x3fff)) 135 136#define dfa_other_allow(dfa, state) ((((ACCEPT_TABLE(dfa)[state]) >> 14) & \ 137 0x7f) | \ 138 ((ACCEPT_TABLE(dfa)[state]) & 0x80000000)) 139#define dfa_other_audit(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 14) & 0x7f) 140#define dfa_other_quiet(dfa, state) \ 141 ((((ACCEPT_TABLE2(dfa)[state]) >> 7) >> 14) & 0x7f) 142#define dfa_other_xindex(dfa, state) \ 143 dfa_map_xindex((ACCEPT_TABLE(dfa)[state] >> 14) & 0x3fff) 144 145int aa_audit_file(struct aa_profile *profile, struct file_perms *perms, 146 gfp_t gfp, int op, u32 request, const char *name, 147 const char *target, uid_t ouid, const char *info, int error); 148 149/** 150 * struct aa_file_rules - components used for file rule permissions 151 * @dfa: dfa to match path names and conditionals against 152 * @perms: permission table indexed by the matched state accept entry of @dfa 153 * @trans: transition table for indexed by named x transitions 154 * 155 * File permission are determined by matching a path against @dfa and then 156 * then using the value of the accept entry for the matching state as 157 * an index into @perms. If a named exec transition is required it is 158 * looked up in the transition table. 159 */ 160struct aa_file_rules { 161 unsigned int start; 162 struct aa_dfa *dfa; 163 /* struct perms perms; */ 164 struct aa_domain trans; 165 /* TODO: add delegate table */ 166}; 167 168unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, 169 const char *name, struct path_cond *cond, 170 struct file_perms *perms); 171 172int aa_path_perm(int op, struct aa_profile *profile, struct path *path, 173 int flags, u32 request, struct path_cond *cond); 174 175int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, 176 struct path *new_dir, struct dentry *new_dentry); 177 178int aa_file_perm(int op, struct aa_profile *profile, struct file *file, 179 u32 request); 180 181static inline void aa_free_file_rules(struct aa_file_rules *rules) 182{ 183 aa_put_dfa(rules->dfa); 184 aa_free_domain_entries(&rules->trans); 185} 186 187#define ACC_FMODE(x) (("\000\004\002\006"[(x)&O_ACCMODE]) | (((x) << 1) & 0x40)) 188 189/* from namei.c */ 190#define MAP_OPEN_FLAGS(x) ((((x) + 1) & O_ACCMODE) ? (x) + 1 : (x)) 191 192/** 193 * aa_map_file_perms - map file flags to AppArmor permissions 194 * @file: open file to map flags to AppArmor permissions 195 * 196 * Returns: apparmor permission set for the file 197 */ 198static inline u32 aa_map_file_to_perms(struct file *file) 199{ 200 int flags = MAP_OPEN_FLAGS(file->f_flags); 201 u32 perms = ACC_FMODE(file->f_mode); 202 203 if ((flags & O_APPEND) && (perms & MAY_WRITE)) 204 perms = (perms & ~MAY_WRITE) | MAY_APPEND; 205 /* trunc implies write permission */ 206 if (flags & O_TRUNC) 207 perms |= MAY_WRITE; 208 if (flags & O_CREAT) 209 perms |= AA_MAY_CREATE; 210 211 return perms; 212} 213 214#endif /* __AA_FILE_H */ 215