Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
awilliam
GitHub Repository: awilliam/linux-vfio
 Path: blob/master/security/apparmor/include/file.h
10817 views
1
/*

2
 * AppArmor security module

3
 *

4
 * This file contains AppArmor file mediation function definitions.

5
 *

6
 * Copyright (C) 1998-2008 Novell/SUSE

7
 * Copyright 2009-2010 Canonical Ltd.

8
 *

9
 * This program is free software; you can redistribute it and/or

10
 * modify it under the terms of the GNU General Public License as

11
 * published by the Free Software Foundation, version 2 of the

12
 * License.

13
 */

14


15
#ifndef __AA_FILE_H

16
#define __AA_FILE_H

17


18
#include "domain.h"

19
#include "match.h"

20


21
struct aa_profile;

22
struct path;

23


24
/*

25
 * We use MAY_EXEC, MAY_WRITE, MAY_READ, MAY_APPEND and the following flags

26
 * for profile permissions

27
 */

28
#define AA_MAY_CREATE                  0x0010

29
#define AA_MAY_DELETE                  0x0020

30
#define AA_MAY_META_WRITE              0x0040

31
#define AA_MAY_META_READ               0x0080

32


33
#define AA_MAY_CHMOD                   0x0100

34
#define AA_MAY_CHOWN                   0x0200

35
#define AA_MAY_LOCK                    0x0400

36
#define AA_EXEC_MMAP                   0x0800

37


38
#define AA_MAY_LINK			0x1000

39
#define AA_LINK_SUBSET			AA_MAY_LOCK	/* overlaid */

40
#define AA_MAY_ONEXEC			0x40000000	/* exec allows onexec */

41
#define AA_MAY_CHANGE_PROFILE		0x80000000

42
#define AA_MAY_CHANGEHAT		0x80000000	/* ctrl auditing only */

43


44
#define AA_AUDIT_FILE_MASK	(MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND |\

45
				 AA_MAY_CREATE | AA_MAY_DELETE |	\

46
				 AA_MAY_META_READ | AA_MAY_META_WRITE | \

47
				 AA_MAY_CHMOD | AA_MAY_CHOWN | AA_MAY_LOCK | \

48
				 AA_EXEC_MMAP | AA_MAY_LINK)

49


50
/*

51
 * The xindex is broken into 3 parts

52
 * - index - an index into either the exec name table or the variable table

53
 * - exec type - which determines how the executable name and index are used

54
 * - flags - which modify how the destination name is applied

55
 */

56
#define AA_X_INDEX_MASK		0x03ff

57


58
#define AA_X_TYPE_MASK		0x0c00

59
#define AA_X_TYPE_SHIFT		10

60
#define AA_X_NONE		0x0000

61
#define AA_X_NAME		0x0400	/* use executable name px */

62
#define AA_X_TABLE		0x0800	/* use a specified name ->n# */

63


64
#define AA_X_UNSAFE		0x1000

65
#define AA_X_CHILD		0x2000	/* make >AA_X_NONE apply to children */

66
#define AA_X_INHERIT		0x4000

67
#define AA_X_UNCONFINED		0x8000

68


69
/* AA_SECURE_X_NEEDED - is passed in the bprm->unsafe field */

70
#define AA_SECURE_X_NEEDED	0x8000

71


72
/* need to make conditional which ones are being set */

73
struct path_cond {

74
	uid_t uid;

75
	umode_t mode;

76
};

77


78
/* struct file_perms - file permission

79
 * @allow: mask of permissions that are allowed

80
 * @audit: mask of permissions to force an audit message for

81
 * @quiet: mask of permissions to quiet audit messages for

82
 * @kill: mask of permissions that when matched will kill the task

83
 * @xindex: exec transition index if @allow contains MAY_EXEC

84
 *

85
 * The @audit and @queit mask should be mutually exclusive.

86
 */

87
struct file_perms {

88
	u32 allow;

89
	u32 audit;

90
	u32 quiet;

91
	u32 kill;

92
	u16 xindex;

93
};

94


95
extern struct file_perms nullperms;

96


97
#define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)

98


99
/* FIXME: split perms from dfa and match this to description

100
 *        also add delegation info.

101
 */

102
static inline u16 dfa_map_xindex(u16 mask)

103
{

104
	u16 old_index = (mask >> 10) & 0xf;

105
	u16 index = 0;

106


107
	if (mask & 0x100)

108
		index |= AA_X_UNSAFE;

109
	if (mask & 0x200)

110
		index |= AA_X_INHERIT;

111
	if (mask & 0x80)

112
		index |= AA_X_UNCONFINED;

113


114
	if (old_index == 1) {

115
		index |= AA_X_UNCONFINED;

116
	} else if (old_index == 2) {

117
		index |= AA_X_NAME;

118
	} else if (old_index == 3) {

119
		index |= AA_X_NAME | AA_X_CHILD;

120
	} else {

121
		index |= AA_X_TABLE;

122
		index |= old_index - 4;

123
	}

124


125
	return index;

126
}

127


128
/*

129
 * map old dfa inline permissions to new format

130
 */

131
#define dfa_user_allow(dfa, state) (((ACCEPT_TABLE(dfa)[state]) & 0x7f) | \

132
				    ((ACCEPT_TABLE(dfa)[state]) & 0x80000000))

133
#define dfa_user_audit(dfa, state) ((ACCEPT_TABLE2(dfa)[state]) & 0x7f)

134
#define dfa_user_quiet(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 7) & 0x7f)

135
#define dfa_user_xindex(dfa, state) \

136
	(dfa_map_xindex(ACCEPT_TABLE(dfa)[state] & 0x3fff))

137


138
#define dfa_other_allow(dfa, state) ((((ACCEPT_TABLE(dfa)[state]) >> 14) & \

139
				      0x7f) |				\

140
				     ((ACCEPT_TABLE(dfa)[state]) & 0x80000000))

141
#define dfa_other_audit(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 14) & 0x7f)

142
#define dfa_other_quiet(dfa, state) \

143
	((((ACCEPT_TABLE2(dfa)[state]) >> 7) >> 14) & 0x7f)

144
#define dfa_other_xindex(dfa, state) \

145
	dfa_map_xindex((ACCEPT_TABLE(dfa)[state] >> 14) & 0x3fff)

146


147
int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,

148
		  gfp_t gfp, int op, u32 request, const char *name,

149
		  const char *target, uid_t ouid, const char *info, int error);

150


151
/**

152
 * struct aa_file_rules - components used for file rule permissions

153
 * @dfa: dfa to match path names and conditionals against

154
 * @perms: permission table indexed by the matched state accept entry of @dfa

155
 * @trans: transition table for indexed by named x transitions

156
 *

157
 * File permission are determined by matching a path against @dfa and then

158
 * then using the value of the accept entry for the matching state as

159
 * an index into @perms.  If a named exec transition is required it is

160
 * looked up in the transition table.

161
 */

162
struct aa_file_rules {

163
	unsigned int start;

164
	struct aa_dfa *dfa;

165
	/* struct perms perms; */

166
	struct aa_domain trans;

167
	/* TODO: add delegate table */

168
};

169


170
unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start,

171
			  const char *name, struct path_cond *cond,

172
			  struct file_perms *perms);

173


174
int aa_path_perm(int op, struct aa_profile *profile, struct path *path,

175
		 int flags, u32 request, struct path_cond *cond);

176


177
int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,

178
		 struct path *new_dir, struct dentry *new_dentry);

179


180
int aa_file_perm(int op, struct aa_profile *profile, struct file *file,

181
		 u32 request);

182


183
static inline void aa_free_file_rules(struct aa_file_rules *rules)

184
{

185
	aa_put_dfa(rules->dfa);

186
	aa_free_domain_entries(&rules->trans);

187
}

188


189
#define ACC_FMODE(x) (("\000\004\002\006"[(x)&O_ACCMODE]) | (((x) << 1) & 0x40))

190


191
/* from namei.c */

192
#define MAP_OPEN_FLAGS(x) ((((x) + 1) & O_ACCMODE) ? (x) + 1 : (x))

193


194
/**

195
 * aa_map_file_perms - map file flags to AppArmor permissions

196
 * @file: open file to map flags to AppArmor permissions

197
 *

198
 * Returns: apparmor permission set for the file

199
 */

200
static inline u32 aa_map_file_to_perms(struct file *file)

201
{

202
	int flags = MAP_OPEN_FLAGS(file->f_flags);

203
	u32 perms = ACC_FMODE(file->f_mode);

204


205
	if ((flags & O_APPEND) && (perms & MAY_WRITE))

206
		perms = (perms & ~MAY_WRITE) | MAY_APPEND;

207
	/* trunc implies write permission */

208
	if (flags & O_TRUNC)

209
		perms |= MAY_WRITE;

210
	if (flags & O_CREAT)

211
		perms |= AA_MAY_CREATE;

212


213
	return perms;

214
}

215


216
#endif /* __AA_FILE_H */

217


218