Back to home page

OSCL-LXR
 
 

     

0001 /* SPDX-License-Identifier: GPL-2.0-only */
0002 /*
0003  * AppArmor security module
0004  *
0005  * This file contains AppArmor task related definitions and mediation
0006  *
0007  * Copyright 2017 Canonical Ltd.
0008  */
0009 
0010 #ifndef __AA_TASK_H
0011 #define __AA_TASK_H
0012 
0013 static inline struct aa_task_ctx *task_ctx(struct task_struct *task)
0014 {
0015     return task->security + apparmor_blob_sizes.lbs_task;
0016 }
0017 
0018 /*
0019  * struct aa_task_ctx - information for current task label change
0020  * @nnp: snapshot of label at time of no_new_privs
0021  * @onexec: profile to transition to on next exec  (MAY BE NULL)
0022  * @previous: profile the task may return to     (MAY BE NULL)
0023  * @token: magic value the task must know for returning to @previous_profile
0024  */
0025 struct aa_task_ctx {
0026     struct aa_label *nnp;
0027     struct aa_label *onexec;
0028     struct aa_label *previous;
0029     u64 token;
0030 };
0031 
0032 int aa_replace_current_label(struct aa_label *label);
0033 int aa_set_current_onexec(struct aa_label *label, bool stack);
0034 int aa_set_current_hat(struct aa_label *label, u64 token);
0035 int aa_restore_previous_label(u64 cookie);
0036 struct aa_label *aa_get_task_label(struct task_struct *task);
0037 
0038 /**
0039  * aa_free_task_ctx - free a task_ctx
0040  * @ctx: task_ctx to free (MAYBE NULL)
0041  */
0042 static inline void aa_free_task_ctx(struct aa_task_ctx *ctx)
0043 {
0044     if (ctx) {
0045         aa_put_label(ctx->nnp);
0046         aa_put_label(ctx->previous);
0047         aa_put_label(ctx->onexec);
0048     }
0049 }
0050 
0051 /**
0052  * aa_dup_task_ctx - duplicate a task context, incrementing reference counts
0053  * @new: a blank task context      (NOT NULL)
0054  * @old: the task context to copy  (NOT NULL)
0055  */
0056 static inline void aa_dup_task_ctx(struct aa_task_ctx *new,
0057                    const struct aa_task_ctx *old)
0058 {
0059     *new = *old;
0060     aa_get_label(new->nnp);
0061     aa_get_label(new->previous);
0062     aa_get_label(new->onexec);
0063 }
0064 
0065 /**
0066  * aa_clear_task_ctx_trans - clear transition tracking info from the ctx
0067  * @ctx: task context to clear (NOT NULL)
0068  */
0069 static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx)
0070 {
0071     AA_BUG(!ctx);
0072 
0073     aa_put_label(ctx->previous);
0074     aa_put_label(ctx->onexec);
0075     ctx->previous = NULL;
0076     ctx->onexec = NULL;
0077     ctx->token = 0;
0078 }
0079 
0080 #define AA_PTRACE_TRACE     MAY_WRITE
0081 #define AA_PTRACE_READ      MAY_READ
0082 #define AA_MAY_BE_TRACED    AA_MAY_APPEND
0083 #define AA_MAY_BE_READ      AA_MAY_CREATE
0084 #define PTRACE_PERM_SHIFT   2
0085 
0086 #define AA_PTRACE_PERM_MASK (AA_PTRACE_READ | AA_PTRACE_TRACE | \
0087                  AA_MAY_BE_READ | AA_MAY_BE_TRACED)
0088 #define AA_SIGNAL_PERM_MASK (MAY_READ | MAY_WRITE)
0089 
0090 #define AA_SFS_SIG_MASK "hup int quit ill trap abrt bus fpe kill usr1 " \
0091     "segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg " \
0092     "xcpu xfsz vtalrm prof winch io pwr sys emt lost"
0093 
0094 int aa_may_ptrace(struct aa_label *tracer, struct aa_label *tracee,
0095           u32 request);
0096 
0097 
0098 #endif /* __AA_TASK_H */
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!