diff options
| author | John Johansen <john.johansen@canonical.com> | 2016-04-20 17:18:18 -0400 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2016-07-12 11:43:10 -0400 |
| commit | f7da2de01127b58d93cebeab165136d0998e7b1a (patch) | |
| tree | e61ea1a2516b02cd42c3275dd29b3d32a93889dd | |
| parent | 7ee6da25dcce27b6023a8673fdf8be98dcf7cacf (diff) | |
apparmor: ensure the target profile name is always audited
The target profile name was not being correctly audited in a few
cases because the target variable was not being set and gotos
passed the code to set it at apply:
Since it is always based on new_profile just drop the target var
and conditionally report based on new_profile.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
| -rw-r--r-- | security/apparmor/domain.c | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 67a7418937a5..fc3036b34e51 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c | |||
| @@ -346,7 +346,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) | |||
| 346 | file_inode(bprm->file)->i_uid, | 346 | file_inode(bprm->file)->i_uid, |
| 347 | file_inode(bprm->file)->i_mode | 347 | file_inode(bprm->file)->i_mode |
| 348 | }; | 348 | }; |
| 349 | const char *name = NULL, *target = NULL, *info = NULL; | 349 | const char *name = NULL, *info = NULL; |
| 350 | int error = 0; | 350 | int error = 0; |
| 351 | 351 | ||
| 352 | if (bprm->cred_prepared) | 352 | if (bprm->cred_prepared) |
| @@ -399,6 +399,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) | |||
| 399 | if (cxt->onexec) { | 399 | if (cxt->onexec) { |
| 400 | struct file_perms cp; | 400 | struct file_perms cp; |
| 401 | info = "change_profile onexec"; | 401 | info = "change_profile onexec"; |
| 402 | new_profile = aa_get_newest_profile(cxt->onexec); | ||
| 402 | if (!(perms.allow & AA_MAY_ONEXEC)) | 403 | if (!(perms.allow & AA_MAY_ONEXEC)) |
| 403 | goto audit; | 404 | goto audit; |
| 404 | 405 | ||
| @@ -413,7 +414,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) | |||
| 413 | 414 | ||
| 414 | if (!(cp.allow & AA_MAY_ONEXEC)) | 415 | if (!(cp.allow & AA_MAY_ONEXEC)) |
| 415 | goto audit; | 416 | goto audit; |
| 416 | new_profile = aa_get_newest_profile(cxt->onexec); | ||
| 417 | goto apply; | 417 | goto apply; |
| 418 | } | 418 | } |
| 419 | 419 | ||
| @@ -445,10 +445,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) | |||
| 445 | if (!new_profile) { | 445 | if (!new_profile) { |
| 446 | error = -ENOMEM; | 446 | error = -ENOMEM; |
| 447 | info = "could not create null profile"; | 447 | info = "could not create null profile"; |
| 448 | } else { | 448 | } else |
| 449 | error = -EACCES; | 449 | error = -EACCES; |
| 450 | target = new_profile->base.hname; | ||
| 451 | } | ||
| 452 | perms.xindex |= AA_X_UNSAFE; | 450 | perms.xindex |= AA_X_UNSAFE; |
| 453 | } else | 451 | } else |
| 454 | /* fail exec */ | 452 | /* fail exec */ |
| @@ -459,7 +457,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) | |||
| 459 | * fail the exec. | 457 | * fail the exec. |
| 460 | */ | 458 | */ |
| 461 | if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) { | 459 | if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) { |
| 462 | aa_put_profile(new_profile); | ||
| 463 | error = -EPERM; | 460 | error = -EPERM; |
| 464 | goto cleanup; | 461 | goto cleanup; |
| 465 | } | 462 | } |
| @@ -474,10 +471,8 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) | |||
| 474 | 471 | ||
| 475 | if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { | 472 | if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { |
| 476 | error = may_change_ptraced_domain(new_profile); | 473 | error = may_change_ptraced_domain(new_profile); |
| 477 | if (error) { | 474 | if (error) |
| 478 | aa_put_profile(new_profile); | ||
| 479 | goto audit; | 475 | goto audit; |
| 480 | } | ||
| 481 | } | 476 | } |
| 482 | 477 | ||
| 483 | /* Determine if secure exec is needed. | 478 | /* Determine if secure exec is needed. |
| @@ -498,7 +493,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) | |||
| 498 | bprm->unsafe |= AA_SECURE_X_NEEDED; | 493 | bprm->unsafe |= AA_SECURE_X_NEEDED; |
| 499 | } | 494 | } |
| 500 | apply: | 495 | apply: |
| 501 | target = new_profile->base.hname; | ||
| 502 | /* when transitioning profiles clear unsafe personality bits */ | 496 | /* when transitioning profiles clear unsafe personality bits */ |
| 503 | bprm->per_clear |= PER_CLEAR_ON_SETID; | 497 | bprm->per_clear |= PER_CLEAR_ON_SETID; |
| 504 | 498 | ||
| @@ -506,15 +500,19 @@ x_clear: | |||
| 506 | aa_put_profile(cxt->profile); | 500 | aa_put_profile(cxt->profile); |
| 507 | /* transfer new profile reference will be released when cxt is freed */ | 501 | /* transfer new profile reference will be released when cxt is freed */ |
| 508 | cxt->profile = new_profile; | 502 | cxt->profile = new_profile; |
| 503 | new_profile = NULL; | ||
| 509 | 504 | ||
| 510 | /* clear out all temporary/transitional state from the context */ | 505 | /* clear out all temporary/transitional state from the context */ |
| 511 | aa_clear_task_cxt_trans(cxt); | 506 | aa_clear_task_cxt_trans(cxt); |
| 512 | 507 | ||
| 513 | audit: | 508 | audit: |
| 514 | error = aa_audit_file(profile, &perms, GFP_KERNEL, OP_EXEC, MAY_EXEC, | 509 | error = aa_audit_file(profile, &perms, GFP_KERNEL, OP_EXEC, MAY_EXEC, |
| 515 | name, target, cond.uid, info, error); | 510 | name, |
| 511 | new_profile ? new_profile->base.hname : NULL, | ||
| 512 | cond.uid, info, error); | ||
| 516 | 513 | ||
| 517 | cleanup: | 514 | cleanup: |
| 515 | aa_put_profile(new_profile); | ||
| 518 | aa_put_profile(profile); | 516 | aa_put_profile(profile); |
| 519 | kfree(buffer); | 517 | kfree(buffer); |
| 520 | 518 | ||