1 /* 2 * AppArmor security module 3 * 4 * This file contains AppArmor ipc mediation 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License as 11 * published by the Free Software Foundation, version 2 of the 12 * License. 13 */ 14 15 #include <linux/gfp.h> 16 #include <linux/ptrace.h> 17 18 #include "include/audit.h" 19 #include "include/capability.h" 20 #include "include/context.h" 21 #include "include/policy.h" 22 #include "include/ipc.h" 23 24 /* call back to audit ptrace fields */ 25 static void audit_cb(struct audit_buffer *ab, void *va) 26 { 27 struct common_audit_data *sa = va; 28 audit_log_format(ab, " target="); 29 audit_log_untrustedstring(ab, sa->aad->target); 30 } 31 32 /** 33 * aa_audit_ptrace - do auditing for ptrace 34 * @profile: profile being enforced (NOT NULL) 35 * @target: profile being traced (NOT NULL) 36 * @error: error condition 37 * 38 * Returns: %0 or error code 39 */ 40 static int aa_audit_ptrace(struct aa_profile *profile, 41 struct aa_profile *target, int error) 42 { 43 struct common_audit_data sa; 44 struct apparmor_audit_data aad = {0,}; 45 sa.type = LSM_AUDIT_DATA_NONE; 46 sa.aad = &aad; 47 aad.op = OP_PTRACE; 48 aad.target = target; 49 aad.error = error; 50 51 return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_ATOMIC, &sa, 52 audit_cb); 53 } 54 55 /** 56 * aa_may_ptrace - test if tracer task can trace the tracee 57 * @tracer_task: task who will do the tracing (NOT NULL) 58 * @tracer: profile of the task doing the tracing (NOT NULL) 59 * @tracee: task to be traced 60 * @mode: whether PTRACE_MODE_READ || PTRACE_MODE_ATTACH 61 * 62 * Returns: %0 else error code if permission denied or error 63 */ 64 int aa_may_ptrace(struct task_struct *tracer_task, struct aa_profile *tracer, 65 struct aa_profile *tracee, unsigned int mode) 66 { 67 /* TODO: currently only based on capability, not extended ptrace 68 * rules, 69 * Test mode for PTRACE_MODE_READ || PTRACE_MODE_ATTACH 70 */ 71 72 if (unconfined(tracer) || tracer == tracee) 73 return 0; 74 /* log this capability request */ 75 return aa_capable(tracer_task, tracer, CAP_SYS_PTRACE, 1); 76 } 77 78 /** 79 * aa_ptrace - do ptrace permission check and auditing 80 * @tracer: task doing the tracing (NOT NULL) 81 * @tracee: task being traced (NOT NULL) 82 * @mode: ptrace mode either PTRACE_MODE_READ || PTRACE_MODE_ATTACH 83 * 84 * Returns: %0 else error code if permission denied or error 85 */ 86 int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee, 87 unsigned int mode) 88 { 89 /* 90 * tracer can ptrace tracee when 91 * - tracer is unconfined || 92 * - tracer is in complain mode 93 * - tracer has rules allowing it to trace tracee currently this is: 94 * - confined by the same profile || 95 * - tracer profile has CAP_SYS_PTRACE 96 */ 97 98 struct aa_profile *tracer_p; 99 /* cred released below */ 100 const struct cred *cred = get_task_cred(tracer); 101 int error = 0; 102 tracer_p = aa_cred_profile(cred); 103 104 if (!unconfined(tracer_p)) { 105 /* lcred released below */ 106 const struct cred *lcred = get_task_cred(tracee); 107 struct aa_profile *tracee_p = aa_cred_profile(lcred); 108 109 error = aa_may_ptrace(tracer, tracer_p, tracee_p, mode); 110 error = aa_audit_ptrace(tracer_p, tracee_p, error); 111 112 put_cred(lcred); 113 } 114 put_cred(cred); 115 116 return error; 117 } 118