diff options
| author |   John Johansen <john.johansen@canonical.com> | 2017-01-16 00:42:52 -0800 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2017-01-16 01:18:40 -0800 |
| commit | 078c73c63fb2878689da334f112507639c72c14f (patch) | |
| tree | a1e4ea3567f70f0863b35faac815e2658af8473e /security/apparmor | |
| parent | apparmor: add ns being viewed as a param to policy_admin_capable() (diff) | |
| download | linux-dev-078c73c63fb2878689da334f112507639c72c14f.tar.xz linux-dev-078c73c63fb2878689da334f112507639c72c14f.zip | |
apparmor: add profile and ns params to aa_may_manage_policy()
Policy management will be expanded beyond traditional unconfined root.
This will require knowning the profile of the task doing the management
and the ns view.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
| -rw-r--r-- | security/apparmor/apparmorfs.c | 2 | ||||
| -rw-r--r-- | security/apparmor/include/policy.h | 2 | ||||
| -rw-r--r-- | security/apparmor/policy.c | 22 |
3 files changed, 12 insertions, 14 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 9fd7f73a4e86..cc6ee1ee2b42 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -100,7 +100,7 @@ static char *aa_simple_write_to_buffer(int op, const char __user *userbuf, * Don't allow profile load/replace/remove from profiles that don't * have CAP_MAC_ADMIN */ - if (!aa_may_manage_policy(op)) + if (!aa_may_manage_policy(__aa_current_profile(), NULL, op)) return ERR_PTR(-EACCES); /* freed by caller to simple_write_to_buffer */ diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h index 27f9171fa31f..95641e235d47 100644 --- a/security/apparmor/include/policy.h +++ b/security/apparmor/include/policy.h @@ -301,6 +301,6 @@ static inline int AUDIT_MODE(struct aa_profile *profile) bool policy_view_capable(struct aa_ns *ns); bool policy_admin_capable(struct aa_ns *ns); -bool aa_may_manage_policy(int op); +int aa_may_manage_policy(struct aa_profile *profile, struct aa_ns *ns, int op); #endif /* __AA_POLICY_H */ diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index ef64c25b2a45..27d93aa58016 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -650,26 +650,24 @@ bool policy_admin_capable(struct aa_ns *ns) /** * aa_may_manage_policy - can the current task manage policy + * @profile: profile to check if it can manage policy * @op: the policy manipulation operation being done * - * Returns: true if the task is allowed to manipulate policy + * Returns: 0 if the task is allowed to manipulate policy else error */ -bool aa_may_manage_policy(int op) +int aa_may_manage_policy(struct aa_profile *profile, struct aa_ns *ns, int op) { /* check if loading policy is locked out */ - if (aa_g_lock_policy) { - audit_policy(__aa_current_profile(), op, GFP_KERNEL, NULL, + if (aa_g_lock_policy) + return audit_policy(profile, op, GFP_KERNEL, NULL, "policy_locked", -EACCES); - return 0; - } - if (!policy_admin_capable(NULL)) { - audit_policy(__aa_current_profile(), op, GFP_KERNEL, NULL, - "not policy admin", -EACCES); - return 0; - } + if (!policy_admin_capable(ns)) + return audit_policy(profile, op, GFP_KERNEL, NULL, + "not policy admin", -EACCES); - return 1; + /* TODO: add fine grained mediation of policy loads */ + return 0; } static struct aa_profile *__list_lookup_parent(struct list_head *lh, |