/* * AppArmor security module * * This file contains AppArmor ipc mediation * * Copyright (C) 1998-2008 Novell/SUSE * Copyright 2009-2010 Canonical Ltd. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation, version 2 of the * License. */ #include <linux/gfp.h> #include <linux/ptrace.h> #include "include/audit.h" #include "include/capability.h" #include "include/context.h" #include "include/policy.h" /* call back to audit ptrace fields */ static void audit_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; audit_log_format(ab, " target="); audit_log_untrustedstring(ab, sa->aad.target); } /** * aa_audit_ptrace - do auditing for ptrace * @profile: profile being enforced (NOT NULL) * @target: profile being traced (NOT NULL) * @error: error condition * * Returns: %0 or error code */ static int aa_audit_ptrace(struct aa_profile *profile, struct aa_profile *target, int error) { struct common_audit_data sa; COMMON_AUDIT_DATA_INIT(&sa, NONE); sa.aad.op = OP_PTRACE; sa.aad.target = target; sa.aad.error = error; return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_ATOMIC, &sa, audit_cb); } /** * aa_may_ptrace - test if tracer task can trace the tracee * @tracer_task: task who will do the tracing (NOT NULL) * @tracer: profile of the task doing the tracing (NOT NULL) * @tracee: task to be traced * @mode: whether PTRACE_MODE_READ || PTRACE_MODE_ATTACH * * Returns: %0 else error code if permission denied or error */ int aa_may_ptrace(struct task_struct *tracer_task, struct aa_profile *tracer, struct aa_profile *tracee, unsigned int mode) { /* TODO: currently only based on capability, not extended ptrace * rules, * Test mode for PTRACE_MODE_READ || PTRACE_MODE_ATTACH */ if (unconfined(tracer) || tracer == tracee) return 0; /* log this capability request */ return aa_capable(tracer_task, tracer, CAP_SYS_PTRACE, 1); } /** * aa_ptrace - do ptrace permission check and auditing * @tracer: task doing the tracing (NOT NULL) * @tracee: task being traced (NOT NULL) * @mode: ptrace mode either PTRACE_MODE_READ || PTRACE_MODE_ATTACH * * Returns: %0 else error code if permission denied or error */ int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee, unsigned int mode) { /* * tracer can ptrace tracee when * - tracer is unconfined || * - tracer is in complain mode * - tracer has rules allowing it to trace tracee currently this is: * - confined by the same profile || * - tracer profile has CAP_SYS_PTRACE */ struct aa_profile *tracer_p; /* cred released below */ const struct cred *cred = get_task_cred(tracer); int error = 0; tracer_p = aa_cred_profile(cred); if (!unconfined(tracer_p)) { /* lcred released below */ const struct cred *lcred = get_task_cred(tracee); struct aa_profile *tracee_p = aa_cred_profile(lcred); error = aa_may_ptrace(tracer, tracer_p, tracee_p, mode); error = aa_audit_ptrace(tracer_p, tracee_p, error); put_cred(lcred); } put_cred(cred); return error; }