AppArmor: mediation of non file objects

ipc: AppArmor ipc is currently limited to mediation done by file mediation and basic ptrace tests. Improved mediation is a wip. rlimits: AppArmor provides basic abilities to set and control rlimits at a per profile level. Only resources specified in a profile are controled or set. AppArmor rules set the hard limit to a value <= to the current hard limit (ie. they can not currently raise hard limits), and if necessary will lower the soft limit to the new hard limit value. AppArmor does not track resource limits to reset them when a profile is left so that children processes inherit the limits set by the parent even if they are not confined by the same profile. Capabilities: AppArmor provides a per profile mask of capabilities, that will further restrict. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
author: John Johansen <john.johansen@canonical.com> 2010-07-29 17:48:05 -0400
committer: James Morris <jmorris@namei.org> 2010-08-02 01:38:35 -0400
commit: 0ed3b28ab8bf460a3a026f3f1782bf4c53840184 (patch)
tree: 9da3a2c6d9f55d3166726fe7c51671a6029c1269 /security/apparmor/include
parent: b5e95b48685e3481139a5634d14d630d12c7d5ce (diff)
3 files changed, 119 insertions, 0 deletions
diff --git a/security/apparmor/include/capability.h b/security/apparmor/include/capability.h
new file mode 100644
index 000000000000..c24d2959ea02
--- /dev/null
+++ b/security/apparmor/include/capability.h
@@ -0,0 +1,45 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor capability mediation definitions.
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2010 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+#ifndef __AA_CAPABILITY_H
+#define __AA_CAPABILITY_H
+#include <linux/sched.h>
+struct aa_profile;
+/* aa_caps - confinement data for capabilities
+ * @allowed: capabilities mask
+ * @audit: caps that are to be audited
+ * @quiet: caps that should not be audited
+ * @kill: caps that when requested will result in the task being killed
+ * @extended: caps that are subject finer grained mediation
+ */
+struct aa_caps {
+        kernel_cap_t allow;
+        kernel_cap_t audit;
+        kernel_cap_t quiet;
+        kernel_cap_t kill;
+        kernel_cap_t extended;
+};
+int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap,
+               int audit);
+static inline void aa_free_cap_rules(struct aa_caps *caps)
+{
+        /* NOP */
+}
+#endif /* __AA_CAPBILITY_H */
diff --git a/security/apparmor/include/ipc.h b/security/apparmor/include/ipc.h
new file mode 100644
index 000000000000..aeda0fbc8b2f
--- /dev/null
+++ b/security/apparmor/include/ipc.h
@@ -0,0 +1,28 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor ipc mediation function definitions.
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2010 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+#ifndef __AA_IPC_H
+#define __AA_IPC_H
+#include <linux/sched.h>
+struct aa_profile;
+int aa_may_ptrace(struct task_struct *tracer_task, struct aa_profile *tracer,
+                  struct aa_profile *tracee, unsigned int mode);
+int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee,
+              unsigned int mode);
+#endif /* __AA_IPC_H */
diff --git a/security/apparmor/include/resource.h b/security/apparmor/include/resource.h
new file mode 100644
index 000000000000..3c88be946494
--- /dev/null
+++ b/security/apparmor/include/resource.h
@@ -0,0 +1,46 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor resource limits function definitions.
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2010 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+#ifndef __AA_RESOURCE_H
+#define __AA_RESOURCE_H
+#include <linux/resource.h>
+#include <linux/sched.h>
+struct aa_profile;
+/* struct aa_rlimit - rlimit settings for the profile
+ * @mask: which hard limits to set
+ * @limits: rlimit values that override task limits
+ *
+ * AppArmor rlimits are used to set confined task rlimits.  Only the
+ * limits specified in @mask will be controlled by apparmor.
+ */
+struct aa_rlimit {
+        unsigned int mask;
+        struct rlimit limits[RLIM_NLIMITS];
+};
+int aa_map_resource(int resource);
+int aa_task_setrlimit(struct aa_profile *profile, unsigned int resource,
+                      struct rlimit *new_rlim);
+void __aa_transition_rlimits(struct aa_profile *old, struct aa_profile *new);
+static inline void aa_free_rlimit_rules(struct aa_rlimit *rlims)
+{
+        /* NOP */
+}
+#endif /* __AA_RESOURCE_H */
author	John Johansen <john.johansen@canonical.com>	2010-07-29 17:48:05 -0400
committer	James Morris <jmorris@namei.org>	2010-08-02 01:38:35 -0400
commit	0ed3b28ab8bf460a3a026f3f1782bf4c53840184 (patch)
tree	9da3a2c6d9f55d3166726fe7c51671a6029c1269 /security/apparmor/include
parent	b5e95b48685e3481139a5634d14d630d12c7d5ce (diff)

diff --git a/security/apparmor/include/capability.h b/security/apparmor/include/capability.h new file mode 100644 index 000000000000..c24d2959ea02 --- /dev/null +++ b/security/apparmor/include/capability.h
@@ -0,0 +1,45 @@
	1	/*
	2	* AppArmor security module
	3	*
	4	* This file contains AppArmor capability mediation definitions.
	5	*
	6	* Copyright (C) 1998-2008 Novell/SUSE
	7	* Copyright 2009-2010 Canonical Ltd.
	8	*
	9	* This program is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU General Public License as
	11	* published by the Free Software Foundation, version 2 of the
	12	* License.
	13	*/
	14
	15	#ifndef __AA_CAPABILITY_H
	16	#define __AA_CAPABILITY_H
	17
	18	#include <linux/sched.h>
	19
	20	struct aa_profile;
	21
	22	/* aa_caps - confinement data for capabilities
	23	* @allowed: capabilities mask
	24	* @audit: caps that are to be audited
	25	* @quiet: caps that should not be audited
	26	* @kill: caps that when requested will result in the task being killed
	27	* @extended: caps that are subject finer grained mediation
	28	*/
	29	struct aa_caps {
	30	kernel_cap_t allow;
	31	kernel_cap_t audit;
	32	kernel_cap_t quiet;
	33	kernel_cap_t kill;
	34	kernel_cap_t extended;
	35	};
	36
	37	int aa_capable(struct task_struct task, struct aa_profile profile, int cap,
	38	int audit);
	39
	40	static inline void aa_free_cap_rules(struct aa_caps *caps)
	41	{
	42	/* NOP */
	43	}
	44
	45	#endif /* __AA_CAPBILITY_H */


diff --git a/security/apparmor/include/ipc.h b/security/apparmor/include/ipc.h new file mode 100644 index 000000000000..aeda0fbc8b2f --- /dev/null +++ b/security/apparmor/include/ipc.h
@@ -0,0 +1,28 @@
	1	/*
	2	* AppArmor security module
	3	*
	4	* This file contains AppArmor ipc mediation function definitions.
	5	*
	6	* Copyright (C) 1998-2008 Novell/SUSE
	7	* Copyright 2009-2010 Canonical Ltd.
	8	*
	9	* This program is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU General Public License as
	11	* published by the Free Software Foundation, version 2 of the
	12	* License.
	13	*/
	14
	15	#ifndef __AA_IPC_H
	16	#define __AA_IPC_H
	17
	18	#include <linux/sched.h>
	19
	20	struct aa_profile;
	21
	22	int aa_may_ptrace(struct task_struct tracer_task, struct aa_profile tracer,
	23	struct aa_profile *tracee, unsigned int mode);
	24
	25	int aa_ptrace(struct task_struct tracer, struct task_struct tracee,
	26	unsigned int mode);
	27
	28	#endif /* __AA_IPC_H */


diff --git a/security/apparmor/include/resource.h b/security/apparmor/include/resource.h new file mode 100644 index 000000000000..3c88be946494 --- /dev/null +++ b/security/apparmor/include/resource.h
@@ -0,0 +1,46 @@
	1	/*
	2	* AppArmor security module
	3	*
	4	* This file contains AppArmor resource limits function definitions.
	5	*
	6	* Copyright (C) 1998-2008 Novell/SUSE
	7	* Copyright 2009-2010 Canonical Ltd.
	8	*
	9	* This program is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU General Public License as
	11	* published by the Free Software Foundation, version 2 of the
	12	* License.
	13	*/
	14
	15	#ifndef __AA_RESOURCE_H
	16	#define __AA_RESOURCE_H
	17
	18	#include <linux/resource.h>
	19	#include <linux/sched.h>
	20
	21	struct aa_profile;
	22
	23	/* struct aa_rlimit - rlimit settings for the profile
	24	* @mask: which hard limits to set
	25	* @limits: rlimit values that override task limits
	26	*
	27	* AppArmor rlimits are used to set confined task rlimits. Only the
	28	* limits specified in @mask will be controlled by apparmor.
	29	*/
	30	struct aa_rlimit {
	31	unsigned int mask;
	32	struct rlimit limits[RLIM_NLIMITS];
	33	};
	34
	35	int aa_map_resource(int resource);
	36	int aa_task_setrlimit(struct aa_profile *profile, unsigned int resource,
	37	struct rlimit *new_rlim);
	38
	39	void __aa_transition_rlimits(struct aa_profile old, struct aa_profile new);
	40
	41	static inline void aa_free_rlimit_rules(struct aa_rlimit *rlims)
	42	{
	43	/* NOP */
	44	}
	45
	46	#endif /* __AA_RESOURCE_H */