xref: /linux/security/apparmor/ipc.c (revision d524dac9279b6a41ffdf7ff7958c577f2e387db6) 
1 /*
2  * AppArmor security module
3  *
4  * This file contains AppArmor ipc mediation
5  *
6  * Copyright (C) 1998-2008 Novell/SUSE
7  * Copyright 2009-2010 Canonical Ltd.
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License as
11  * published by the Free Software Foundation, version 2 of the
12  * License.
13  */
14 
15 #include <linux/gfp.h>
16 #include <linux/ptrace.h>
17 
18 #include "include/audit.h"
19 #include "include/capability.h"
20 #include "include/context.h"
21 #include "include/policy.h"
22 
23 /* call back to audit ptrace fields */
24 static void audit_cb(struct audit_buffer *ab, void *va)
25 {
26 	struct common_audit_data *sa = va;
27 	audit_log_format(ab, " target=");
28 	audit_log_untrustedstring(ab, sa->aad.target);
29 }
30 
31 /**
32  * aa_audit_ptrace - do auditing for ptrace
33  * @profile: profile being enforced  (NOT NULL)
34  * @target: profile being traced (NOT NULL)
35  * @error: error condition
36  *
37  * Returns: %0 or error code
38  */
39 static int aa_audit_ptrace(struct aa_profile *profile,
40 			   struct aa_profile *target, int error)
41 {
42 	struct common_audit_data sa;
43 	COMMON_AUDIT_DATA_INIT(&sa, NONE);
44 	sa.aad.op = OP_PTRACE;
45 	sa.aad.target = target;
46 	sa.aad.error = error;
47 
48 	return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_ATOMIC, &sa,
49 			audit_cb);
50 }
51 
52 /**
53  * aa_may_ptrace - test if tracer task can trace the tracee
54  * @tracer_task: task who will do the tracing  (NOT NULL)
55  * @tracer: profile of the task doing the tracing  (NOT NULL)
56  * @tracee: task to be traced
57  * @mode: whether PTRACE_MODE_READ || PTRACE_MODE_ATTACH
58  *
59  * Returns: %0 else error code if permission denied or error
60  */
61 int aa_may_ptrace(struct task_struct *tracer_task, struct aa_profile *tracer,
62 		  struct aa_profile *tracee, unsigned int mode)
63 {
64 	/* TODO: currently only based on capability, not extended ptrace
65 	 *       rules,
66 	 *       Test mode for PTRACE_MODE_READ || PTRACE_MODE_ATTACH
67 	 */
68 
69 	if (unconfined(tracer) || tracer == tracee)
70 		return 0;
71 	/* log this capability request */
72 	return aa_capable(tracer_task, tracer, CAP_SYS_PTRACE, 1);
73 }
74 
75 /**
76  * aa_ptrace - do ptrace permission check and auditing
77  * @tracer: task doing the tracing (NOT NULL)
78  * @tracee: task being traced (NOT NULL)
79  * @mode: ptrace mode either PTRACE_MODE_READ || PTRACE_MODE_ATTACH
80  *
81  * Returns: %0 else error code if permission denied or error
82  */
83 int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee,
84 	      unsigned int mode)
85 {
86 	/*
87 	 * tracer can ptrace tracee when
88 	 * - tracer is unconfined ||
89 	 *   - tracer is in complain mode
90 	 *   - tracer has rules allowing it to trace tracee currently this is:
91 	 *       - confined by the same profile ||
92 	 *       - tracer profile has CAP_SYS_PTRACE
93 	 */
94 
95 	struct aa_profile *tracer_p;
96 	/* cred released below */
97 	const struct cred *cred = get_task_cred(tracer);
98 	int error = 0;
99 	tracer_p = aa_cred_profile(cred);
100 
101 	if (!unconfined(tracer_p)) {
102 		/* lcred released below */
103 		const struct cred *lcred = get_task_cred(tracee);
104 		struct aa_profile *tracee_p = aa_cred_profile(lcred);
105 
106 		error = aa_may_ptrace(tracer, tracer_p, tracee_p, mode);
107 		error = aa_audit_ptrace(tracer_p, tracee_p, error);
108 
109 		put_cred(lcred);
110 	}
111 	put_cred(cred);
112 
113 	return error;
114 }
115