1 files changed, 141 insertions, 0 deletions
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
new file mode 100644
index 00000000000..9982c48def4
--- /dev/null
+++ b/security/apparmor/capability.c
@@ -0,0 +1,141 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor capability mediation functions
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2010 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+#include <linux/capability.h>
+#include <linux/errno.h>
+#include <linux/gfp.h>
+#include "include/apparmor.h"
+#include "include/capability.h"
+#include "include/context.h"
+#include "include/policy.h"
+#include "include/audit.h"
+/*
+ * Table of capability names: we generate it from capabilities.h.
+ */
+#include "capability_names.h"
+struct audit_cache {
+        struct aa_profile *profile;
+        kernel_cap_t caps;
+};
+static DEFINE_PER_CPU(struct audit_cache, audit_cache);
+/**
+ * audit_cb - call back for capability components of audit struct
+ * @ab - audit buffer   (NOT NULL)
+ * @va - audit struct to audit data from  (NOT NULL)
+ */
+static void audit_cb(struct audit_buffer *ab, void *va)
+{
+        struct common_audit_data *sa = va;
+        audit_log_format(ab, " capname=");
+        audit_log_untrustedstring(ab, capability_names[sa->u.cap]);
+}
+/**
+ * audit_caps - audit a capability
+ * @profile: profile confining task (NOT NULL)
+ * @task: task capability test was performed against (NOT NULL)
+ * @cap: capability tested
+ * @error: error code returned by test
+ *
+ * Do auditing of capability and handle, audit/complain/kill modes switching
+ * and duplicate message elimination.
+ *
+ * Returns: 0 or sa->error on success,  error code on failure
+ */
+static int audit_caps(struct aa_profile *profile, struct task_struct *task,
+                      int cap, int error)
+{
+        struct audit_cache *ent;
+        int type = AUDIT_APPARMOR_AUTO;
+        struct common_audit_data sa;
+        COMMON_AUDIT_DATA_INIT(&sa, CAP);
+        sa.tsk = task;
+        sa.u.cap = cap;
+        sa.aad.op = OP_CAPABLE;
+        sa.aad.error = error;
+        if (likely(!error)) {
+                /* test if auditing is being forced */
+                if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
+                           !cap_raised(profile->caps.audit, cap)))
+                        return 0;
+                type = AUDIT_APPARMOR_AUDIT;
+        } else if (KILL_MODE(profile) ||
+                   cap_raised(profile->caps.kill, cap)) {
+                type = AUDIT_APPARMOR_KILL;
+        } else if (cap_raised(profile->caps.quiet, cap) &&
+                   AUDIT_MODE(profile) != AUDIT_NOQUIET &&
+                   AUDIT_MODE(profile) != AUDIT_ALL) {
+                /* quiet auditing */
+                return error;
+        }
+        /* Do simple duplicate message elimination */
+        ent = &get_cpu_var(audit_cache);
+        if (profile == ent->profile && cap_raised(ent->caps, cap)) {
+                put_cpu_var(audit_cache);
+                if (COMPLAIN_MODE(profile))
+                        return complain_error(error);
+                return error;
+        } else {
+                aa_put_profile(ent->profile);
+                ent->profile = aa_get_profile(profile);
+                cap_raise(ent->caps, cap);
+        }
+        put_cpu_var(audit_cache);
+        return aa_audit(type, profile, GFP_ATOMIC, &sa, audit_cb);
+}
+/**
+ * profile_capable - test if profile allows use of capability @cap
+ * @profile: profile being enforced    (NOT NULL, NOT unconfined)
+ * @cap: capability to test if allowed
+ *
+ * Returns: 0 if allowed else -EPERM
+ */
+static int profile_capable(struct aa_profile *profile, int cap)
+{
+        return cap_raised(profile->caps.allow, cap) ? 0 : -EPERM;
+}
+/**
+ * aa_capable - test permission to use capability
+ * @task: task doing capability test against (NOT NULL)
+ * @profile: profile confining @task (NOT NULL)
+ * @cap: capability to be tested
+ * @audit: whether an audit record should be generated
+ *
+ * Look up capability in profile capability set.
+ *
+ * Returns: 0 on success, or else an error code.
+ */
+int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap,
+               int audit)
+{
+        int error = profile_capable(profile, cap);
+        if (!audit) {
+                if (COMPLAIN_MODE(profile))
+                        return complain_error(error);
+                return error;
+        }
+        return audit_caps(profile, task, cap, error);
+}

diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c new file mode 100644 index 00000000000..9982c48def4 --- /dev/null +++ b/security/apparmor/capability.c
@@ -0,0 +1,141 @@
	1	/*
	2	* AppArmor security module
	3	*
	4	* This file contains AppArmor capability mediation functions
	5	*
	6	* Copyright (C) 1998-2008 Novell/SUSE
	7	* Copyright 2009-2010 Canonical Ltd.
	8	*
	9	* This program is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU General Public License as
	11	* published by the Free Software Foundation, version 2 of the
	12	* License.
	13	*/
	14
	15	#include <linux/capability.h>
	16	#include <linux/errno.h>
	17	#include <linux/gfp.h>
	18
	19	#include "include/apparmor.h"
	20	#include "include/capability.h"
	21	#include "include/context.h"
	22	#include "include/policy.h"
	23	#include "include/audit.h"
	24
	25	/*
	26	* Table of capability names: we generate it from capabilities.h.
	27	*/
	28	#include "capability_names.h"
	29
	30	struct audit_cache {
	31	struct aa_profile *profile;
	32	kernel_cap_t caps;
	33	};
	34
	35	static DEFINE_PER_CPU(struct audit_cache, audit_cache);
	36
	37	/**
	38	* audit_cb - call back for capability components of audit struct
	39	* @ab - audit buffer (NOT NULL)
	40	* @va - audit struct to audit data from (NOT NULL)
	41	*/
	42	static void audit_cb(struct audit_buffer ab, void va)
	43	{
	44	struct common_audit_data *sa = va;
	45	audit_log_format(ab, " capname=");
	46	audit_log_untrustedstring(ab, capability_names[sa->u.cap]);
	47	}
	48
	49	/**
	50	* audit_caps - audit a capability
	51	* @profile: profile confining task (NOT NULL)
	52	* @task: task capability test was performed against (NOT NULL)
	53	* @cap: capability tested
	54	* @error: error code returned by test
	55	*
	56	* Do auditing of capability and handle, audit/complain/kill modes switching
	57	* and duplicate message elimination.
	58	*
	59	* Returns: 0 or sa->error on success, error code on failure
	60	*/
	61	static int audit_caps(struct aa_profile profile, struct task_struct task,
	62	int cap, int error)
	63	{
	64	struct audit_cache *ent;
	65	int type = AUDIT_APPARMOR_AUTO;
	66	struct common_audit_data sa;
	67	COMMON_AUDIT_DATA_INIT(&sa, CAP);
	68	sa.tsk = task;
	69	sa.u.cap = cap;
	70	sa.aad.op = OP_CAPABLE;
	71	sa.aad.error = error;
	72
	73	if (likely(!error)) {
	74	/* test if auditing is being forced */
	75	if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
	76	!cap_raised(profile->caps.audit, cap)))
	77	return 0;
	78	type = AUDIT_APPARMOR_AUDIT;
	79	} else if (KILL_MODE(profile) \|\|
	80	cap_raised(profile->caps.kill, cap)) {
	81	type = AUDIT_APPARMOR_KILL;
	82	} else if (cap_raised(profile->caps.quiet, cap) &&
	83	AUDIT_MODE(profile) != AUDIT_NOQUIET &&
	84	AUDIT_MODE(profile) != AUDIT_ALL) {
	85	/* quiet auditing */
	86	return error;
	87	}
	88
	89	/* Do simple duplicate message elimination */
	90	ent = &get_cpu_var(audit_cache);
	91	if (profile == ent->profile && cap_raised(ent->caps, cap)) {
	92	put_cpu_var(audit_cache);
	93	if (COMPLAIN_MODE(profile))
	94	return complain_error(error);
	95	return error;
	96	} else {
	97	aa_put_profile(ent->profile);
	98	ent->profile = aa_get_profile(profile);
	99	cap_raise(ent->caps, cap);
	100	}
	101	put_cpu_var(audit_cache);
	102
	103	return aa_audit(type, profile, GFP_ATOMIC, &sa, audit_cb);
	104	}
	105
	106	/**
	107	* profile_capable - test if profile allows use of capability @cap
	108	* @profile: profile being enforced (NOT NULL, NOT unconfined)
	109	* @cap: capability to test if allowed
	110	*
	111	* Returns: 0 if allowed else -EPERM
	112	*/
	113	static int profile_capable(struct aa_profile *profile, int cap)
	114	{
	115	return cap_raised(profile->caps.allow, cap) ? 0 : -EPERM;
	116	}
	117
	118	/**
	119	* aa_capable - test permission to use capability
	120	* @task: task doing capability test against (NOT NULL)
	121	* @profile: profile confining @task (NOT NULL)
	122	* @cap: capability to be tested
	123	* @audit: whether an audit record should be generated
	124	*
	125	* Look up capability in profile capability set.
	126	*
	127	* Returns: 0 on success, or else an error code.
	128	*/
	129	int aa_capable(struct task_struct task, struct aa_profile profile, int cap,
	130	int audit)
	131	{
	132	int error = profile_capable(profile, cap);
	133
	134	if (!audit) {
	135	if (COMPLAIN_MODE(profile))
	136	return complain_error(error);
	137	return error;
	138	}
	139
	140	return audit_caps(profile, task, cap, error);
	141	}