| John Johansen | de62de5 | 2017-10-08 00:43:02 -0700 | [diff] [blame] | 1 | /* |
| 2 | * AppArmor security module |
| 3 | * |
| 4 | * This file contains AppArmor task related definitions and mediation |
| 5 | * |
| 6 | * Copyright 2017 Canonical Ltd. |
| 7 | * |
| 8 | * This program is free software; you can redistribute it and/or |
| 9 | * modify it under the terms of the GNU General Public License as |
| 10 | * published by the Free Software Foundation, version 2 of the |
| 11 | * License. |
| 12 | */ |
| 13 | |
| 14 | #ifndef __AA_TASK_H |
| 15 | #define __AA_TASK_H |
| 16 | |
| 17 | #define task_ctx(X) ((X)->security) |
| 18 | |
| 19 | /* |
| 20 | * struct aa_task_ctx - information for current task label change |
| John Johansen | 9fcf78c | 2017-10-08 18:26:19 -0700 | [diff] [blame] | 21 | * @nnp: snapshot of label at time of no_new_privs |
| John Johansen | de62de5 | 2017-10-08 00:43:02 -0700 | [diff] [blame] | 22 | * @onexec: profile to transition to on next exec (MAY BE NULL) |
| 23 | * @previous: profile the task may return to (MAY BE NULL) |
| 24 | * @token: magic value the task must know for returning to @previous_profile |
| 25 | */ |
| 26 | struct aa_task_ctx { |
| John Johansen | 9fcf78c | 2017-10-08 18:26:19 -0700 | [diff] [blame] | 27 | struct aa_label *nnp; |
| John Johansen | de62de5 | 2017-10-08 00:43:02 -0700 | [diff] [blame] | 28 | struct aa_label *onexec; |
| 29 | struct aa_label *previous; |
| 30 | u64 token; |
| 31 | }; |
| 32 | |
| 33 | int aa_replace_current_label(struct aa_label *label); |
| 34 | int aa_set_current_onexec(struct aa_label *label, bool stack); |
| 35 | int aa_set_current_hat(struct aa_label *label, u64 token); |
| 36 | int aa_restore_previous_label(u64 cookie); |
| 37 | struct aa_label *aa_get_task_label(struct task_struct *task); |
| 38 | |
| 39 | /** |
| 40 | * aa_alloc_task_ctx - allocate a new task_ctx |
| 41 | * @flags: gfp flags for allocation |
| 42 | * |
| 43 | * Returns: allocated buffer or NULL on failure |
| 44 | */ |
| 45 | static inline struct aa_task_ctx *aa_alloc_task_ctx(gfp_t flags) |
| 46 | { |
| 47 | return kzalloc(sizeof(struct aa_task_ctx), flags); |
| 48 | } |
| 49 | |
| 50 | /** |
| 51 | * aa_free_task_ctx - free a task_ctx |
| 52 | * @ctx: task_ctx to free (MAYBE NULL) |
| 53 | */ |
| 54 | static inline void aa_free_task_ctx(struct aa_task_ctx *ctx) |
| 55 | { |
| 56 | if (ctx) { |
| John Johansen | 9fcf78c | 2017-10-08 18:26:19 -0700 | [diff] [blame] | 57 | aa_put_label(ctx->nnp); |
| John Johansen | de62de5 | 2017-10-08 00:43:02 -0700 | [diff] [blame] | 58 | aa_put_label(ctx->previous); |
| 59 | aa_put_label(ctx->onexec); |
| 60 | |
| 61 | kzfree(ctx); |
| 62 | } |
| 63 | } |
| 64 | |
| 65 | /** |
| 66 | * aa_dup_task_ctx - duplicate a task context, incrementing reference counts |
| 67 | * @new: a blank task context (NOT NULL) |
| 68 | * @old: the task context to copy (NOT NULL) |
| 69 | */ |
| 70 | static inline void aa_dup_task_ctx(struct aa_task_ctx *new, |
| 71 | const struct aa_task_ctx *old) |
| 72 | { |
| 73 | *new = *old; |
| John Johansen | 9fcf78c | 2017-10-08 18:26:19 -0700 | [diff] [blame] | 74 | aa_get_label(new->nnp); |
| John Johansen | de62de5 | 2017-10-08 00:43:02 -0700 | [diff] [blame] | 75 | aa_get_label(new->previous); |
| 76 | aa_get_label(new->onexec); |
| 77 | } |
| 78 | |
| 79 | /** |
| 80 | * aa_clear_task_ctx_trans - clear transition tracking info from the ctx |
| 81 | * @ctx: task context to clear (NOT NULL) |
| 82 | */ |
| 83 | static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx) |
| 84 | { |
| 85 | AA_BUG(!ctx); |
| 86 | |
| 87 | aa_put_label(ctx->previous); |
| 88 | aa_put_label(ctx->onexec); |
| 89 | ctx->previous = NULL; |
| 90 | ctx->onexec = NULL; |
| 91 | ctx->token = 0; |
| 92 | } |
| 93 | |
| 94 | #endif /* __AA_TASK_H */ |