linux/security/apparmor/include/net.h

/* SPDX-License-Identifier: GPL-2.0-only */
/*
 * AppArmor security module
 *
 * This file contains AppArmor network mediation definitions.
 *
 * Copyright (C) 1998-2008 Novell/SUSE
 * Copyright 2009-2017 Canonical Ltd.
 */

#ifndef __AA_NET_H
#define __AA_NET_H

#include <net/sock.h>
#include <linux/path.h>

#include "apparmorfs.h"
#include "label.h"
#include "perms.h"
#include "policy.h"

#define AA_MAY_SEND		AA_MAY_WRITE
#define AA_MAY_RECEIVE		AA_MAY_READ

#define AA_MAY_SHUTDOWN		AA_MAY_DELETE

#define AA_MAY_CONNECT		AA_MAY_OPEN
#define AA_MAY_ACCEPT		0x00100000

#define AA_MAY_BIND		0x00200000
#define AA_MAY_LISTEN		0x00400000

#define AA_MAY_SETOPT		0x01000000
#define AA_MAY_GETOPT		0x02000000

#define NET_PERMS_MASK (AA_MAY_SEND | AA_MAY_RECEIVE | AA_MAY_CREATE |    \
			AA_MAY_SHUTDOWN | AA_MAY_BIND | AA_MAY_LISTEN |	  \
			AA_MAY_CONNECT | AA_MAY_ACCEPT | AA_MAY_SETATTR | \
			AA_MAY_GETATTR | AA_MAY_SETOPT | AA_MAY_GETOPT)

#define NET_FS_PERMS (AA_MAY_SEND | AA_MAY_RECEIVE | AA_MAY_CREATE |	\
		      AA_MAY_SHUTDOWN | AA_MAY_CONNECT | AA_MAY_RENAME |\
		      AA_MAY_SETATTR | AA_MAY_GETATTR | AA_MAY_CHMOD |	\
		      AA_MAY_CHOWN | AA_MAY_CHGRP | AA_MAY_LOCK |	\
		      AA_MAY_MPROT)

#define NET_PEER_MASK (AA_MAY_SEND | AA_MAY_RECEIVE | AA_MAY_CONNECT |	\
		       AA_MAY_ACCEPT)
struct aa_sk_ctx {
	struct aa_label *label;
	struct aa_label *peer;
};

#define SK_CTX(X) ((X)->sk_security)
#define SOCK_ctx(X) SOCK_INODE(X)->i_security
#define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P)				  \
	struct lsm_network_audit NAME ## _net = { .sk = (SK),		  \
						  .family = (F)};	  \
	DEFINE_AUDIT_DATA(NAME,						  \
			  ((SK) && (F) != AF_UNIX) ? LSM_AUDIT_DATA_NET : \
						     LSM_AUDIT_DATA_NONE, \
			  OP);						  \
	NAME.u.net = &(NAME ## _net);					  \
	aad(&NAME)->net.type = (T);					  \
	aad(&NAME)->net.protocol = (P)

#define DEFINE_AUDIT_SK(NAME, OP, SK)					\
	DEFINE_AUDIT_NET(NAME, OP, SK, (SK)->sk_family, (SK)->sk_type,	\
			 (SK)->sk_protocol)


#define af_select(FAMILY, FN, DEF_FN)		\
({						\
	int __e;				\
	switch ((FAMILY)) {			\
	default:				\
		__e = DEF_FN;			\
	}					\
	__e;					\
})

struct aa_secmark {
	u8 audit;
	u8 deny;
	u32 secid;
	char *label;
};

extern struct aa_sfs_entry aa_sfs_entry_network[];

void audit_net_cb(struct audit_buffer *ab, void *va);
int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa,
		       u32 request, u16 family, int type);
int aa_af_perm(struct aa_label *label, const char *op, u32 request, u16 family,
	       int type, int protocol);
static inline int aa_profile_af_sk_perm(struct aa_profile *profile,
					struct common_audit_data *sa,
					u32 request,
					struct sock *sk)
{
	return aa_profile_af_perm(profile, sa, request, sk->sk_family,
				  sk->sk_type);
}
int aa_sk_perm(const char *op, u32 request, struct sock *sk);

int aa_sock_file_perm(struct aa_label *label, const char *op, u32 request,
		      struct socket *sock);

int apparmor_secmark_check(struct aa_label *label, char *op, u32 request,
			   u32 secid, const struct sock *sk);

#endif /* __AA_NET_H */
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation version 2 of the license extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 315 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Armijn Hemel <armijn@tjaldur.nl> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-06-01 10:08:55 +02:00			`/* SPDX-License-Identifier: GPL-2.0-only */`
apparmor: add base infastructure for socket mediation version 2 - Force an abi break. Network mediation will only be available in v8 abi complaint policy. Provide a basic mediation of sockets. This is not a full net mediation but just whether a spcific family of socket can be used by an application, along with setting up some basic infrastructure for network mediation to follow. the user space rule hav the basic form of NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ] [ TYPE \| PROTOCOL ] DOMAIN = ( 'inet' \| 'ax25' \| 'ipx' \| 'appletalk' \| 'netrom' \| 'bridge' \| 'atmpvc' \| 'x25' \| 'inet6' \| 'rose' \| 'netbeui' \| 'security' \| 'key' \| 'packet' \| 'ash' \| 'econet' \| 'atmsvc' \| 'sna' \| 'irda' \| 'pppox' \| 'wanpipe' \| 'bluetooth' \| 'netlink' \| 'unix' \| 'rds' \| 'llc' \| 'can' \| 'tipc' \| 'iucv' \| 'rxrpc' \| 'isdn' \| 'phonet' \| 'ieee802154' \| 'caif' \| 'alg' \| 'nfc' \| 'vsock' \| 'mpls' \| 'ib' \| 'kcm' ) ',' TYPE = ( 'stream' \| 'dgram' \| 'seqpacket' \| 'rdm' \| 'raw' \| 'packet' ) PROTOCOL = ( 'tcp' \| 'udp' \| 'icmp' ) eg. network, network inet, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2017-07-18 23:18:33 -07:00			`/*`
			`* AppArmor security module`
			`*`
			`* This file contains AppArmor network mediation definitions.`
			`*`
			`* Copyright (C) 1998-2008 Novell/SUSE`
			`* Copyright 2009-2017 Canonical Ltd.`
			`*/`

			`#ifndef __AA_NET_H`
			`#define __AA_NET_H`

			`#include <net/sock.h>`
			`#include <linux/path.h>`

			`#include "apparmorfs.h"`
			`#include "label.h"`
			`#include "perms.h"`
			`#include "policy.h"`

			`#define AA_MAY_SEND AA_MAY_WRITE`
			`#define AA_MAY_RECEIVE AA_MAY_READ`

			`#define AA_MAY_SHUTDOWN AA_MAY_DELETE`

			`#define AA_MAY_CONNECT AA_MAY_OPEN`
			`#define AA_MAY_ACCEPT 0x00100000`

			`#define AA_MAY_BIND 0x00200000`
			`#define AA_MAY_LISTEN 0x00400000`

			`#define AA_MAY_SETOPT 0x01000000`
			`#define AA_MAY_GETOPT 0x02000000`

			`#define NET_PERMS_MASK (AA_MAY_SEND \| AA_MAY_RECEIVE \| AA_MAY_CREATE \| \`
			`AA_MAY_SHUTDOWN \| AA_MAY_BIND \| AA_MAY_LISTEN \| \`
			`AA_MAY_CONNECT \| AA_MAY_ACCEPT \| AA_MAY_SETATTR \| \`
			`AA_MAY_GETATTR \| AA_MAY_SETOPT \| AA_MAY_GETOPT)`

			`#define NET_FS_PERMS (AA_MAY_SEND \| AA_MAY_RECEIVE \| AA_MAY_CREATE \| \`
			`AA_MAY_SHUTDOWN \| AA_MAY_CONNECT \| AA_MAY_RENAME \|\`
			`AA_MAY_SETATTR \| AA_MAY_GETATTR \| AA_MAY_CHMOD \| \`
			`AA_MAY_CHOWN \| AA_MAY_CHGRP \| AA_MAY_LOCK \| \`
			`AA_MAY_MPROT)`

			`#define NET_PEER_MASK (AA_MAY_SEND \| AA_MAY_RECEIVE \| AA_MAY_CONNECT \| \`
			`AA_MAY_ACCEPT)`
			`struct aa_sk_ctx {`
			`struct aa_label *label;`
			`struct aa_label *peer;`
			`};`

			`#define SK_CTX(X) ((X)->sk_security)`
			`#define SOCK_ctx(X) SOCK_INODE(X)->i_security`
			`#define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P) \`
			`struct lsm_network_audit NAME ## _net = { .sk = (SK), \`
			`.family = (F)}; \`
			`DEFINE_AUDIT_DATA(NAME, \`
			`((SK) && (F) != AF_UNIX) ? LSM_AUDIT_DATA_NET : \`
			`LSM_AUDIT_DATA_NONE, \`
			`OP); \`
			`NAME.u.net = &(NAME ## _net); \`
			`aad(&NAME)->net.type = (T); \`
			`aad(&NAME)->net.protocol = (P)`

			`#define DEFINE_AUDIT_SK(NAME, OP, SK) \`
			`DEFINE_AUDIT_NET(NAME, OP, SK, (SK)->sk_family, (SK)->sk_type, \`
			`(SK)->sk_protocol)`


			`#define af_select(FAMILY, FN, DEF_FN) \`
			`({ \`
			`int __e; \`
			`switch ((FAMILY)) { \`
			`default: \`
			`__e = DEF_FN; \`
			`} \`
			`__e; \`
			`})`

apparmor: Parse secmark policy Add support for parsing secmark policy provided by userspace, and store that in the overall policy. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2018-05-24 13:27:46 -07:00			`struct aa_secmark {`
			`u8 audit;`
			`u8 deny;`
			`u32 secid;`
			`char *label;`
			`};`

apparmor: add base infastructure for socket mediation version 2 - Force an abi break. Network mediation will only be available in v8 abi complaint policy. Provide a basic mediation of sockets. This is not a full net mediation but just whether a spcific family of socket can be used by an application, along with setting up some basic infrastructure for network mediation to follow. the user space rule hav the basic form of NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ] [ TYPE \| PROTOCOL ] DOMAIN = ( 'inet' \| 'ax25' \| 'ipx' \| 'appletalk' \| 'netrom' \| 'bridge' \| 'atmpvc' \| 'x25' \| 'inet6' \| 'rose' \| 'netbeui' \| 'security' \| 'key' \| 'packet' \| 'ash' \| 'econet' \| 'atmsvc' \| 'sna' \| 'irda' \| 'pppox' \| 'wanpipe' \| 'bluetooth' \| 'netlink' \| 'unix' \| 'rds' \| 'llc' \| 'can' \| 'tipc' \| 'iucv' \| 'rxrpc' \| 'isdn' \| 'phonet' \| 'ieee802154' \| 'caif' \| 'alg' \| 'nfc' \| 'vsock' \| 'mpls' \| 'ib' \| 'kcm' ) ',' TYPE = ( 'stream' \| 'dgram' \| 'seqpacket' \| 'rdm' \| 'raw' \| 'packet' ) PROTOCOL = ( 'tcp' \| 'udp' \| 'icmp' ) eg. network, network inet, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2017-07-18 23:18:33 -07:00			`extern struct aa_sfs_entry aa_sfs_entry_network[];`

			`void audit_net_cb(struct audit_buffer ab, void va);`
			`int aa_profile_af_perm(struct aa_profile profile, struct common_audit_data sa,`
			`u32 request, u16 family, int type);`
			`int aa_af_perm(struct aa_label label, const char op, u32 request, u16 family,`
			`int type, int protocol);`
			`static inline int aa_profile_af_sk_perm(struct aa_profile *profile,`
			`struct common_audit_data *sa,`
			`u32 request,`
			`struct sock *sk)`
			`{`
			`return aa_profile_af_perm(profile, sa, request, sk->sk_family,`
			`sk->sk_type);`
			`}`
			`int aa_sk_perm(const char op, u32 request, struct sock sk);`

			`int aa_sock_file_perm(struct aa_label label, const char op, u32 request,`
			`struct socket *sock);`

apparmor: Parse secmark policy Add support for parsing secmark policy provided by userspace, and store that in the overall policy. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2018-05-24 13:27:46 -07:00			`int apparmor_secmark_check(struct aa_label label, char op, u32 request,`
security: add const qualifier to struct sock in various places A followup change to tcp_request_sock_op would have to drop the 'const' qualifier from the 'route_req' function as the 'security_inet_conn_request' call is moved there - and that function expects a 'struct sock *'. However, it turns out its also possible to add a const qualifier to security_inet_conn_request instead. Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: James Morris <jamorris@linux.microsoft.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2020-11-30 16:36:29 +01:00			`u32 secid, const struct sock *sk);`
apparmor: Parse secmark policy Add support for parsing secmark policy provided by userspace, and store that in the overall policy. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: John Johansen <john.johansen@canonical.com> 2018-05-24 13:27:46 -07:00
apparmor: add base infastructure for socket mediation version 2 - Force an abi break. Network mediation will only be available in v8 abi complaint policy. Provide a basic mediation of sockets. This is not a full net mediation but just whether a spcific family of socket can be used by an application, along with setting up some basic infrastructure for network mediation to follow. the user space rule hav the basic form of NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ] [ TYPE \| PROTOCOL ] DOMAIN = ( 'inet' \| 'ax25' \| 'ipx' \| 'appletalk' \| 'netrom' \| 'bridge' \| 'atmpvc' \| 'x25' \| 'inet6' \| 'rose' \| 'netbeui' \| 'security' \| 'key' \| 'packet' \| 'ash' \| 'econet' \| 'atmsvc' \| 'sna' \| 'irda' \| 'pppox' \| 'wanpipe' \| 'bluetooth' \| 'netlink' \| 'unix' \| 'rds' \| 'llc' \| 'can' \| 'tipc' \| 'iucv' \| 'rxrpc' \| 'isdn' \| 'phonet' \| 'ieee802154' \| 'caif' \| 'alg' \| 'nfc' \| 'vsock' \| 'mpls' \| 'ib' \| 'kcm' ) ',' TYPE = ( 'stream' \| 'dgram' \| 'seqpacket' \| 'rdm' \| 'raw' \| 'packet' ) PROTOCOL = ( 'tcp' \| 'udp' \| 'icmp' ) eg. network, network inet, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2017-07-18 23:18:33 -07:00			`#endif /* __AA_NET_H */`