blob: cf1071b14232a48e4f963db40a14a4c3937ce8e1 [file] [log] [blame]
John Johansen0ed3b282010-07-29 14:48:05 -07001/*
2 * AppArmor security module
3 *
4 * This file contains AppArmor ipc mediation
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 */
14
15#include <linux/gfp.h>
16#include <linux/ptrace.h>
17
18#include "include/audit.h"
19#include "include/capability.h"
20#include "include/context.h"
21#include "include/policy.h"
James Morris33f8bf52011-08-29 10:40:54 +100022#include "include/ipc.h"
John Johansen0ed3b282010-07-29 14:48:05 -070023
24/* call back to audit ptrace fields */
25static void audit_cb(struct audit_buffer *ab, void *va)
26{
27 struct common_audit_data *sa = va;
28 audit_log_format(ab, " target=");
Eric Paris3b3b0e42012-04-03 09:37:02 -070029 audit_log_untrustedstring(ab, sa->aad->target);
John Johansen0ed3b282010-07-29 14:48:05 -070030}
31
32/**
33 * aa_audit_ptrace - do auditing for ptrace
34 * @profile: profile being enforced (NOT NULL)
35 * @target: profile being traced (NOT NULL)
36 * @error: error condition
37 *
38 * Returns: %0 or error code
39 */
40static int aa_audit_ptrace(struct aa_profile *profile,
41 struct aa_profile *target, int error)
42{
43 struct common_audit_data sa;
Eric Paris3b3b0e42012-04-03 09:37:02 -070044 struct apparmor_audit_data aad = {0,};
Eric Paris50c205f2012-04-04 15:01:43 -040045 sa.type = LSM_AUDIT_DATA_NONE;
Eric Paris3b3b0e42012-04-03 09:37:02 -070046 sa.aad = &aad;
47 aad.op = OP_PTRACE;
48 aad.target = target;
49 aad.error = error;
John Johansen0ed3b282010-07-29 14:48:05 -070050
51 return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_ATOMIC, &sa,
52 audit_cb);
53}
54
55/**
56 * aa_may_ptrace - test if tracer task can trace the tracee
57 * @tracer_task: task who will do the tracing (NOT NULL)
58 * @tracer: profile of the task doing the tracing (NOT NULL)
59 * @tracee: task to be traced
60 * @mode: whether PTRACE_MODE_READ || PTRACE_MODE_ATTACH
61 *
62 * Returns: %0 else error code if permission denied or error
63 */
64int aa_may_ptrace(struct task_struct *tracer_task, struct aa_profile *tracer,
65 struct aa_profile *tracee, unsigned int mode)
66{
67 /* TODO: currently only based on capability, not extended ptrace
68 * rules,
69 * Test mode for PTRACE_MODE_READ || PTRACE_MODE_ATTACH
70 */
71
72 if (unconfined(tracer) || tracer == tracee)
73 return 0;
74 /* log this capability request */
75 return aa_capable(tracer_task, tracer, CAP_SYS_PTRACE, 1);
76}
77
78/**
79 * aa_ptrace - do ptrace permission check and auditing
80 * @tracer: task doing the tracing (NOT NULL)
81 * @tracee: task being traced (NOT NULL)
82 * @mode: ptrace mode either PTRACE_MODE_READ || PTRACE_MODE_ATTACH
83 *
84 * Returns: %0 else error code if permission denied or error
85 */
86int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee,
87 unsigned int mode)
88{
89 /*
90 * tracer can ptrace tracee when
91 * - tracer is unconfined ||
92 * - tracer is in complain mode
93 * - tracer has rules allowing it to trace tracee currently this is:
94 * - confined by the same profile ||
95 * - tracer profile has CAP_SYS_PTRACE
96 */
97
98 struct aa_profile *tracer_p;
99 /* cred released below */
100 const struct cred *cred = get_task_cred(tracer);
101 int error = 0;
102 tracer_p = aa_cred_profile(cred);
103
104 if (!unconfined(tracer_p)) {
105 /* lcred released below */
James Morris77c80e62010-08-02 15:49:00 +1000106 const struct cred *lcred = get_task_cred(tracee);
John Johansen0ed3b282010-07-29 14:48:05 -0700107 struct aa_profile *tracee_p = aa_cred_profile(lcred);
108
109 error = aa_may_ptrace(tracer, tracer_p, tracee_p, mode);
110 error = aa_audit_ptrace(tracer_p, tracee_p, error);
111
112 put_cred(lcred);
113 }
114 put_cred(cred);
115
116 return error;
117}