task.h source code [linux/security/apparmor/include/task.h]

1	/ SPDX-License-Identifier: GPL-2.0-only /
2	/*
3	* AppArmor security module
4	*
5	* This file contains AppArmor task related definitions and mediation
6	*
7	* Copyright 2017 Canonical Ltd.
8	*/
9
10	#ifndef __AA_TASK_H
11	#define __AA_TASK_H
12
13	static inline struct aa_task_ctx task_ctx(struct* task_struct *task)
14	{
15	return task->security + apparmor_blob_sizes.lbs_task;
16	}
17
18	/*
19	* struct aa_task_ctx - information for current task label change
20	* @nnp: snapshot of label at time of no_new_privs
21	* @onexec: profile to transition to on next exec (MAY BE NULL)
22	* @previous: profile the task may return to (MAY BE NULL)
23	* @token: magic value the task must know for returning to @previous_profile
24	*/
25	struct aa_task_ctx {
26	struct aa_label *nnp;
27	struct aa_label *onexec;
28	struct aa_label *previous;
29	u64 token;
30	};
31
32	int aa_replace_current_label(struct aa_label *label);
33	void aa_set_current_onexec(struct aa_label *label, bool stack);
34	int aa_set_current_hat(struct aa_label *label, u64 token);
35	int aa_restore_previous_label(u64 cookie);
36	struct aa_label aa_get_task_label(struct* task_struct *task);
37
38	/**
39	* aa_free_task_ctx - free a task_ctx
40	* @ctx: task_ctx to free (MAYBE NULL)
41	*/
42	static inline void aa_free_task_ctx(struct aa_task_ctx *ctx)
43	{
44	if (ctx) {
45	aa_put_label(l: ctx->nnp);
46	aa_put_label(l: ctx->previous);
47	aa_put_label(l: ctx->onexec);
48	}
49	}
50
51	/**
52	* aa_dup_task_ctx - duplicate a task context, incrementing reference counts
53	* @new: a blank task context (NOT NULL)
54	* @old: the task context to copy (NOT NULL)
55	*/
56	static inline void aa_dup_task_ctx(struct aa_task_ctx *new,
57	const struct aa_task_ctx *old)
58	{
59	new = old;
60	aa_get_label(l: new->nnp);
61	aa_get_label(l: new->previous);
62	aa_get_label(l: new->onexec);
63	}
64
65	/**
66	* aa_clear_task_ctx_trans - clear transition tracking info from the ctx
67	* @ctx: task context to clear (NOT NULL)
68	*/
69	static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx)
70	{
71	AA_BUG(!ctx);
72
73	aa_put_label(l: ctx->previous);
74	aa_put_label(l: ctx->onexec);
75	ctx->previous = NULL;
76	ctx->onexec = NULL;
77	ctx->token = `0`;
78	}
79
80	#define AA_PTRACE_TRACE MAY_WRITE
81	#define AA_PTRACE_READ MAY_READ
82	#define AA_MAY_BE_TRACED AA_MAY_APPEND
83	#define AA_MAY_BE_READ AA_MAY_CREATE
84	#define PTRACE_PERM_SHIFT 2
85
86	#define AA_PTRACE_PERM_MASK (AA_PTRACE_READ \| AA_PTRACE_TRACE \| \
87	AA_MAY_BE_READ \| AA_MAY_BE_TRACED)
88	#define AA_SIGNAL_PERM_MASK (MAY_READ \| MAY_WRITE)
89
90	#define AA_SFS_SIG_MASK "hup int quit ill trap abrt bus fpe kill usr1 " \
91	"segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg " \
92	"xcpu xfsz vtalrm prof winch io pwr sys emt lost"
93
94	int aa_may_ptrace(const struct cred tracer_cred, struct* aa_label *tracer,
95	const struct cred tracee_cred, struct* aa_label *tracee,
96	u32 request);
97
98
99
100	#define AA_USERNS_CREATE 8
101
102	int aa_profile_ns_perm(struct aa_profile *profile,
103	struct apparmor_audit_data *ad, u32 request);
104
105	#endif /* __AA_TASK_H */
106

source code of linux/security/apparmor/include/task.h