^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * AppArmor security module
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * This file contains AppArmor resource mediation and attachment
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * Copyright (C) 1998-2008 Novell/SUSE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * Copyright 2009-2010 Canonical Ltd.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <linux/audit.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/security.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include "include/audit.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include "include/cred.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include "include/resource.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include "include/policy.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) * Table of rlimit names: we generate it from resource.h.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #include "rlim_names.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) struct aa_sfs_entry aa_sfs_entry_rlimit[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) AA_SFS_FILE_STRING("mask", AA_SFS_RLIMIT_MASK),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) { }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) /* audit callback for resource specific fields */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) static void audit_cb(struct audit_buffer *ab, void *va)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) struct common_audit_data *sa = va;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) audit_log_format(ab, " rlimit=%s value=%lu",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) rlim_names[aad(sa)->rlim.rlim], aad(sa)->rlim.max);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) if (aad(sa)->peer) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) audit_log_format(ab, " peer=");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) FLAGS_NONE, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) * audit_resource - audit setting resource limit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) * @profile: profile being enforced (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) * @resource: rlimit being auditing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) * @value: value being set
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) * @error: error value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) * Returns: 0 or sa->error else other error code on failure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) static int audit_resource(struct aa_profile *profile, unsigned int resource,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) unsigned long value, struct aa_label *peer,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) const char *info, int error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, OP_SETRLIMIT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) aad(&sa)->rlim.rlim = resource;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) aad(&sa)->rlim.max = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) aad(&sa)->peer = peer;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) aad(&sa)->info = info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) aad(&sa)->error = error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) return aa_audit(AUDIT_APPARMOR_AUTO, profile, &sa, audit_cb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) * aa_map_resouce - map compiled policy resource to internal #
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) * @resource: flattened policy resource number
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) * Returns: resource # for the current architecture.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) * rlimit resource can vary based on architecture, map the compiled policy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) * resource # to the internal representation for the architecture.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) int aa_map_resource(int resource)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) return rlim_map[resource];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) static int profile_setrlimit(struct aa_profile *profile, unsigned int resource,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) struct rlimit *new_rlim)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) int e = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) if (profile->rlimits.mask & (1 << resource) && new_rlim->rlim_max >
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) profile->rlimits.limits[resource].rlim_max)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) e = -EACCES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) return audit_resource(profile, resource, new_rlim->rlim_max, NULL, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) e);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) * aa_task_setrlimit - test permission to set an rlimit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) * @label - label confining the task (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) * @task - task the resource is being set on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) * @resource - the resource being set
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) * @new_rlim - the new resource limit (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) * Control raising the processes hard limit.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) * Returns: 0 or error code if setting resource failed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) int aa_task_setrlimit(struct aa_label *label, struct task_struct *task,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) unsigned int resource, struct rlimit *new_rlim)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) struct aa_profile *profile;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) struct aa_label *peer;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) int error = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) peer = aa_get_newest_cred_label(__task_cred(task));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) /* TODO: extend resource control to handle other (non current)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) * profiles. AppArmor rules currently have the implicit assumption
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) * that the task is setting the resource of a task confined with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) * the same profile or that the task setting the resource of another
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) * task has CAP_SYS_RESOURCE.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) if (label != peer &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) aa_capable(label, CAP_SYS_RESOURCE, CAP_OPT_NOAUDIT) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) error = fn_for_each(label, profile,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) audit_resource(profile, resource,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) new_rlim->rlim_max, peer,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) "cap_sys_resource", -EACCES));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) error = fn_for_each_confined(label, profile,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) profile_setrlimit(profile, resource, new_rlim));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) aa_put_label(peer);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) * __aa_transition_rlimits - apply new profile rlimits
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) * @old_l: old label on task (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) * @new_l: new label with rlimits to apply (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) void __aa_transition_rlimits(struct aa_label *old_l, struct aa_label *new_l)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) unsigned int mask = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) struct rlimit *rlim, *initrlim;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) struct aa_profile *old, *new;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) struct label_it i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) old = labels_profile(old_l);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) new = labels_profile(new_l);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) /* for any rlimits the profile controlled, reset the soft limit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) * to the lesser of the tasks hard limit and the init tasks soft limit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) label_for_each_confined(i, old_l, old) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) if (old->rlimits.mask) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) int j;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) for (j = 0, mask = 1; j < RLIM_NLIMITS; j++,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) mask <<= 1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) if (old->rlimits.mask & mask) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) rlim = current->signal->rlim + j;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) initrlim = init_task.signal->rlim + j;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) rlim->rlim_cur = min(rlim->rlim_max,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) initrlim->rlim_cur);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) /* set any new hard limits as dictated by the new profile */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) label_for_each_confined(i, new_l, new) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) int j;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) if (!new->rlimits.mask)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) for (j = 0, mask = 1; j < RLIM_NLIMITS; j++, mask <<= 1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) if (!(new->rlimits.mask & mask))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) rlim = current->signal->rlim + j;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) rlim->rlim_max = min(rlim->rlim_max,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) new->rlimits.limits[j].rlim_max);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) /* soft limit should not exceed hard limit */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) rlim->rlim_cur = min(rlim->rlim_cur, rlim->rlim_max);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags