Kyle Swenson | 8d8f654 | 2021-03-15 11:02:55 -0600 | [diff] [blame^] | 1 | /* |
| 2 | * AppArmor security module |
| 3 | * |
| 4 | * This file contains AppArmor ipc mediation |
| 5 | * |
| 6 | * Copyright (C) 1998-2008 Novell/SUSE |
| 7 | * Copyright 2009-2010 Canonical Ltd. |
| 8 | * |
| 9 | * This program is free software; you can redistribute it and/or |
| 10 | * modify it under the terms of the GNU General Public License as |
| 11 | * published by the Free Software Foundation, version 2 of the |
| 12 | * License. |
| 13 | */ |
| 14 | |
| 15 | #include <linux/gfp.h> |
| 16 | #include <linux/ptrace.h> |
| 17 | |
| 18 | #include "include/audit.h" |
| 19 | #include "include/capability.h" |
| 20 | #include "include/context.h" |
| 21 | #include "include/policy.h" |
| 22 | #include "include/ipc.h" |
| 23 | |
| 24 | /* call back to audit ptrace fields */ |
| 25 | static void audit_cb(struct audit_buffer *ab, void *va) |
| 26 | { |
| 27 | struct common_audit_data *sa = va; |
| 28 | audit_log_format(ab, " target="); |
| 29 | audit_log_untrustedstring(ab, sa->aad->target); |
| 30 | } |
| 31 | |
| 32 | /** |
| 33 | * aa_audit_ptrace - do auditing for ptrace |
| 34 | * @profile: profile being enforced (NOT NULL) |
| 35 | * @target: profile being traced (NOT NULL) |
| 36 | * @error: error condition |
| 37 | * |
| 38 | * Returns: %0 or error code |
| 39 | */ |
| 40 | static int aa_audit_ptrace(struct aa_profile *profile, |
| 41 | struct aa_profile *target, int error) |
| 42 | { |
| 43 | struct common_audit_data sa; |
| 44 | struct apparmor_audit_data aad = {0,}; |
| 45 | sa.type = LSM_AUDIT_DATA_NONE; |
| 46 | sa.aad = &aad; |
| 47 | aad.op = OP_PTRACE; |
| 48 | aad.target = target; |
| 49 | aad.error = error; |
| 50 | |
| 51 | return aa_audit(AUDIT_APPARMOR_AUTO, profile, GFP_ATOMIC, &sa, |
| 52 | audit_cb); |
| 53 | } |
| 54 | |
| 55 | /** |
| 56 | * aa_may_ptrace - test if tracer task can trace the tracee |
| 57 | * @tracer: profile of the task doing the tracing (NOT NULL) |
| 58 | * @tracee: task to be traced |
| 59 | * @mode: whether PTRACE_MODE_READ || PTRACE_MODE_ATTACH |
| 60 | * |
| 61 | * Returns: %0 else error code if permission denied or error |
| 62 | */ |
| 63 | int aa_may_ptrace(struct aa_profile *tracer, struct aa_profile *tracee, |
| 64 | unsigned int mode) |
| 65 | { |
| 66 | /* TODO: currently only based on capability, not extended ptrace |
| 67 | * rules, |
| 68 | * Test mode for PTRACE_MODE_READ || PTRACE_MODE_ATTACH |
| 69 | */ |
| 70 | |
| 71 | if (unconfined(tracer) || tracer == tracee) |
| 72 | return 0; |
| 73 | /* log this capability request */ |
| 74 | return aa_capable(tracer, CAP_SYS_PTRACE, 1); |
| 75 | } |
| 76 | |
| 77 | /** |
| 78 | * aa_ptrace - do ptrace permission check and auditing |
| 79 | * @tracer: task doing the tracing (NOT NULL) |
| 80 | * @tracee: task being traced (NOT NULL) |
| 81 | * @mode: ptrace mode either PTRACE_MODE_READ || PTRACE_MODE_ATTACH |
| 82 | * |
| 83 | * Returns: %0 else error code if permission denied or error |
| 84 | */ |
| 85 | int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee, |
| 86 | unsigned int mode) |
| 87 | { |
| 88 | /* |
| 89 | * tracer can ptrace tracee when |
| 90 | * - tracer is unconfined || |
| 91 | * - tracer is in complain mode |
| 92 | * - tracer has rules allowing it to trace tracee currently this is: |
| 93 | * - confined by the same profile || |
| 94 | * - tracer profile has CAP_SYS_PTRACE |
| 95 | */ |
| 96 | |
| 97 | struct aa_profile *tracer_p = aa_get_task_profile(tracer); |
| 98 | int error = 0; |
| 99 | |
| 100 | if (!unconfined(tracer_p)) { |
| 101 | struct aa_profile *tracee_p = aa_get_task_profile(tracee); |
| 102 | |
| 103 | error = aa_may_ptrace(tracer_p, tracee_p, mode); |
| 104 | error = aa_audit_ptrace(tracer_p, tracee_p, error); |
| 105 | |
| 106 | aa_put_profile(tracee_p); |
| 107 | } |
| 108 | aa_put_profile(tracer_p); |
| 109 | |
| 110 | return error; |
| 111 | } |