1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0-only */ 2*4882a593Smuzhiyun /* 3*4882a593Smuzhiyun * AppArmor security module 4*4882a593Smuzhiyun * 5*4882a593Smuzhiyun * This file contains AppArmor basic permission sets definitions. 6*4882a593Smuzhiyun * 7*4882a593Smuzhiyun * Copyright 2017 Canonical Ltd. 8*4882a593Smuzhiyun */ 9*4882a593Smuzhiyun 10*4882a593Smuzhiyun #ifndef __AA_PERM_H 11*4882a593Smuzhiyun #define __AA_PERM_H 12*4882a593Smuzhiyun 13*4882a593Smuzhiyun #include <linux/fs.h> 14*4882a593Smuzhiyun #include "label.h" 15*4882a593Smuzhiyun 16*4882a593Smuzhiyun #define AA_MAY_EXEC MAY_EXEC 17*4882a593Smuzhiyun #define AA_MAY_WRITE MAY_WRITE 18*4882a593Smuzhiyun #define AA_MAY_READ MAY_READ 19*4882a593Smuzhiyun #define AA_MAY_APPEND MAY_APPEND 20*4882a593Smuzhiyun 21*4882a593Smuzhiyun #define AA_MAY_CREATE 0x0010 22*4882a593Smuzhiyun #define AA_MAY_DELETE 0x0020 23*4882a593Smuzhiyun #define AA_MAY_OPEN 0x0040 24*4882a593Smuzhiyun #define AA_MAY_RENAME 0x0080 /* pair */ 25*4882a593Smuzhiyun 26*4882a593Smuzhiyun #define AA_MAY_SETATTR 0x0100 /* meta write */ 27*4882a593Smuzhiyun #define AA_MAY_GETATTR 0x0200 /* meta read */ 28*4882a593Smuzhiyun #define AA_MAY_SETCRED 0x0400 /* security cred/attr */ 29*4882a593Smuzhiyun #define AA_MAY_GETCRED 0x0800 30*4882a593Smuzhiyun 31*4882a593Smuzhiyun #define AA_MAY_CHMOD 0x1000 /* pair */ 32*4882a593Smuzhiyun #define AA_MAY_CHOWN 0x2000 /* pair */ 33*4882a593Smuzhiyun #define AA_MAY_CHGRP 0x4000 /* pair */ 34*4882a593Smuzhiyun #define AA_MAY_LOCK 0x8000 /* LINK_SUBSET overlaid */ 35*4882a593Smuzhiyun 36*4882a593Smuzhiyun #define AA_EXEC_MMAP 0x00010000 37*4882a593Smuzhiyun #define AA_MAY_MPROT 0x00020000 /* extend conditions */ 38*4882a593Smuzhiyun #define AA_MAY_LINK 0x00040000 /* pair */ 39*4882a593Smuzhiyun #define AA_MAY_SNAPSHOT 0x00080000 /* pair */ 40*4882a593Smuzhiyun 41*4882a593Smuzhiyun #define AA_MAY_DELEGATE 42*4882a593Smuzhiyun #define AA_CONT_MATCH 0x08000000 43*4882a593Smuzhiyun 44*4882a593Smuzhiyun #define AA_MAY_STACK 0x10000000 45*4882a593Smuzhiyun #define AA_MAY_ONEXEC 0x20000000 /* either stack or change_profile */ 46*4882a593Smuzhiyun #define AA_MAY_CHANGE_PROFILE 0x40000000 47*4882a593Smuzhiyun #define AA_MAY_CHANGEHAT 0x80000000 48*4882a593Smuzhiyun 49*4882a593Smuzhiyun #define AA_LINK_SUBSET AA_MAY_LOCK /* overlaid */ 50*4882a593Smuzhiyun 51*4882a593Smuzhiyun 52*4882a593Smuzhiyun #define PERMS_CHRS_MASK (MAY_READ | MAY_WRITE | AA_MAY_CREATE | \ 53*4882a593Smuzhiyun AA_MAY_DELETE | AA_MAY_LINK | AA_MAY_LOCK | \ 54*4882a593Smuzhiyun AA_MAY_EXEC | AA_EXEC_MMAP | AA_MAY_APPEND) 55*4882a593Smuzhiyun 56*4882a593Smuzhiyun #define PERMS_NAMES_MASK (PERMS_CHRS_MASK | AA_MAY_OPEN | AA_MAY_RENAME | \ 57*4882a593Smuzhiyun AA_MAY_SETATTR | AA_MAY_GETATTR | AA_MAY_SETCRED | \ 58*4882a593Smuzhiyun AA_MAY_GETCRED | AA_MAY_CHMOD | AA_MAY_CHOWN | \ 59*4882a593Smuzhiyun AA_MAY_CHGRP | AA_MAY_MPROT | AA_MAY_SNAPSHOT | \ 60*4882a593Smuzhiyun AA_MAY_STACK | AA_MAY_ONEXEC | \ 61*4882a593Smuzhiyun AA_MAY_CHANGE_PROFILE | AA_MAY_CHANGEHAT) 62*4882a593Smuzhiyun 63*4882a593Smuzhiyun extern const char aa_file_perm_chrs[]; 64*4882a593Smuzhiyun extern const char *aa_file_perm_names[]; 65*4882a593Smuzhiyun 66*4882a593Smuzhiyun struct aa_perms { 67*4882a593Smuzhiyun u32 allow; 68*4882a593Smuzhiyun u32 audit; /* set only when allow is set */ 69*4882a593Smuzhiyun 70*4882a593Smuzhiyun u32 deny; /* explicit deny, or conflict if allow also set */ 71*4882a593Smuzhiyun u32 quiet; /* set only when ~allow | deny */ 72*4882a593Smuzhiyun u32 kill; /* set only when ~allow | deny */ 73*4882a593Smuzhiyun u32 stop; /* set only when ~allow | deny */ 74*4882a593Smuzhiyun 75*4882a593Smuzhiyun u32 complain; /* accumulates only used when ~allow & ~deny */ 76*4882a593Smuzhiyun u32 cond; /* set only when ~allow and ~deny */ 77*4882a593Smuzhiyun 78*4882a593Smuzhiyun u32 hide; /* set only when ~allow | deny */ 79*4882a593Smuzhiyun u32 prompt; /* accumulates only used when ~allow & ~deny */ 80*4882a593Smuzhiyun 81*4882a593Smuzhiyun /* Reserved: 82*4882a593Smuzhiyun * u32 subtree; / * set only when allow is set * / 83*4882a593Smuzhiyun */ 84*4882a593Smuzhiyun u16 xindex; 85*4882a593Smuzhiyun }; 86*4882a593Smuzhiyun 87*4882a593Smuzhiyun #define ALL_PERMS_MASK 0xffffffff 88*4882a593Smuzhiyun extern struct aa_perms nullperms; 89*4882a593Smuzhiyun extern struct aa_perms allperms; 90*4882a593Smuzhiyun 91*4882a593Smuzhiyun 92*4882a593Smuzhiyun #define xcheck(FN1, FN2) \ 93*4882a593Smuzhiyun ({ \ 94*4882a593Smuzhiyun int e, error = FN1; \ 95*4882a593Smuzhiyun e = FN2; \ 96*4882a593Smuzhiyun if (e) \ 97*4882a593Smuzhiyun error = e; \ 98*4882a593Smuzhiyun error; \ 99*4882a593Smuzhiyun }) 100*4882a593Smuzhiyun 101*4882a593Smuzhiyun 102*4882a593Smuzhiyun /* 103*4882a593Smuzhiyun * TODO: update for labels pointing to labels instead of profiles 104*4882a593Smuzhiyun * TODO: optimize the walk, currently does subwalk of L2 for each P in L1 105*4882a593Smuzhiyun * gah this doesn't allow for label compound check!!!! 106*4882a593Smuzhiyun */ 107*4882a593Smuzhiyun #define xcheck_ns_profile_profile(P1, P2, FN, args...) \ 108*4882a593Smuzhiyun ({ \ 109*4882a593Smuzhiyun int ____e = 0; \ 110*4882a593Smuzhiyun if (P1->ns == P2->ns) \ 111*4882a593Smuzhiyun ____e = FN((P1), (P2), args); \ 112*4882a593Smuzhiyun (____e); \ 113*4882a593Smuzhiyun }) 114*4882a593Smuzhiyun 115*4882a593Smuzhiyun #define xcheck_ns_profile_label(P, L, FN, args...) \ 116*4882a593Smuzhiyun ({ \ 117*4882a593Smuzhiyun struct aa_profile *__p2; \ 118*4882a593Smuzhiyun fn_for_each((L), __p2, \ 119*4882a593Smuzhiyun xcheck_ns_profile_profile((P), __p2, (FN), args)); \ 120*4882a593Smuzhiyun }) 121*4882a593Smuzhiyun 122*4882a593Smuzhiyun #define xcheck_ns_labels(L1, L2, FN, args...) \ 123*4882a593Smuzhiyun ({ \ 124*4882a593Smuzhiyun struct aa_profile *__p1; \ 125*4882a593Smuzhiyun fn_for_each((L1), __p1, FN(__p1, (L2), args)); \ 126*4882a593Smuzhiyun }) 127*4882a593Smuzhiyun 128*4882a593Smuzhiyun /* Do the cross check but applying FN at the profiles level */ 129*4882a593Smuzhiyun #define xcheck_labels_profiles(L1, L2, FN, args...) \ 130*4882a593Smuzhiyun xcheck_ns_labels((L1), (L2), xcheck_ns_profile_label, (FN), args) 131*4882a593Smuzhiyun 132*4882a593Smuzhiyun #define xcheck_labels(L1, L2, P, FN1, FN2) \ 133*4882a593Smuzhiyun xcheck(fn_for_each((L1), (P), (FN1)), fn_for_each((L2), (P), (FN2))) 134*4882a593Smuzhiyun 135*4882a593Smuzhiyun 136*4882a593Smuzhiyun void aa_perm_mask_to_str(char *str, size_t str_size, const char *chrs, 137*4882a593Smuzhiyun u32 mask); 138*4882a593Smuzhiyun void aa_audit_perm_names(struct audit_buffer *ab, const char * const *names, 139*4882a593Smuzhiyun u32 mask); 140*4882a593Smuzhiyun void aa_audit_perm_mask(struct audit_buffer *ab, u32 mask, const char *chrs, 141*4882a593Smuzhiyun u32 chrsmask, const char * const *names, u32 namesmask); 142*4882a593Smuzhiyun void aa_apply_modes_to_perms(struct aa_profile *profile, 143*4882a593Smuzhiyun struct aa_perms *perms); 144*4882a593Smuzhiyun void aa_compute_perms(struct aa_dfa *dfa, unsigned int state, 145*4882a593Smuzhiyun struct aa_perms *perms); 146*4882a593Smuzhiyun void aa_perms_accum(struct aa_perms *accum, struct aa_perms *addend); 147*4882a593Smuzhiyun void aa_perms_accum_raw(struct aa_perms *accum, struct aa_perms *addend); 148*4882a593Smuzhiyun void aa_profile_match_label(struct aa_profile *profile, struct aa_label *label, 149*4882a593Smuzhiyun int type, u32 request, struct aa_perms *perms); 150*4882a593Smuzhiyun int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target, 151*4882a593Smuzhiyun u32 request, int type, u32 *deny, 152*4882a593Smuzhiyun struct common_audit_data *sa); 153*4882a593Smuzhiyun int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms, 154*4882a593Smuzhiyun u32 request, struct common_audit_data *sa, 155*4882a593Smuzhiyun void (*cb)(struct audit_buffer *, void *)); 156*4882a593Smuzhiyun #endif /* __AA_PERM_H */ 157