/* SPDX-License-Identifier: GPL-2.0-only */ /* * AppArmor security module * * This file contains AppArmor af_unix fine grained mediation * * Copyright 2014 Canonical Ltd. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation, version 2 of the * License. */ #ifndef __AA_AF_UNIX_H #include #include "label.h" //#include "include/net.h" #define unix_addr_len(L) ((L) - sizeof(sa_family_t)) #define unix_abstract_name_len(L) (unix_addr_len(L) - 1) #define unix_abstract_len(U) (unix_abstract_name_len((U)->addr->len)) #define addr_unix_abstract_name(B) ((B)[0] == 0) #define addr_unix_anonymous(U) (addr_unix_len(U) <= 0) #define addr_unix_abstract(U) (!addr_unix_anonymous(U) && addr_unix_abstract_name((U)->addr)) //#define unix_addr_fs(U) (!unix_addr_anonymous(U) && !unix_addr_abstract_name((U)->addr)) #define unix_addr(A) ((struct sockaddr_un *)(A)) #define unix_addr_anon(A, L) ((A) && unix_addr_len(L) <= 0) #define unix_addr_fs(A, L) (!unix_addr_anon(A, L) && \ !addr_unix_abstract_name(unix_addr(A)->sun_path)) #define UNIX_ANONYMOUS(U) (!unix_sk(U)->addr) /* from net/unix/af_unix.c */ #define UNIX_ABSTRACT(U) (!UNIX_ANONYMOUS(U) && \ unix_sk(U)->addr->hash < UNIX_HASH_SIZE) #define UNIX_FS(U) (!UNIX_ANONYMOUS(U) && unix_sk(U)->addr->name->sun_path[0]) #define unix_peer(sk) (unix_sk(sk)->peer) #define unix_connected(S) ((S)->state == SS_CONNECTED) static inline void print_unix_addr(struct sockaddr_un *A, int L) { char *buf = (A) ? (char *) &(A)->sun_path : NULL; int len = unix_addr_len(L); if (!buf || len <= 0) pr_warn(" "); else if (buf[0]) pr_warn(" %s", buf); else /* abstract name len includes leading \0 */ pr_warn(" %d @%.*s", len - 1, len - 1, buf+1); }; #define print_unix_sk(SK) \ do { \ struct unix_sock *u = unix_sk(SK); \ \ pr_warn("%s: f %d, t %d, p %d", #SK, \ (SK)->sk_family, (SK)->sk_type, (SK)->sk_protocol); \ if (u->addr) \ print_unix_addr(u->addr->name, u->addr->len); \ else \ print_unix_addr(NULL, sizeof(sa_family_t)); \ } while (0) #define print_sk(SK) \ do { \ if (!(SK)) { \ pr_warn("%s: %s is null\n", __func__, #SK); \ } else if ((SK)->sk_family == PF_UNIX) { \ print_unix_sk(SK); \ pr_warn("\n"); \ } else { \ pr_warn("%s: %s: family %d\n", __func__, #SK, \ (SK)->sk_family); \ } \ } while (0) #define print_sock_addr(U) \ do { \ pr_warn("%s:\n", __func__); \ pr_warn" sock %s:", sock_ctx && sock_ctx->label ? \ aa_label_printk(sock_ctx->label, GFP_ATOMIC); : \ ""); print_sk(sock); \ pr_warn(" other %s:", other_ctx && other_ctx->label ? \ aa_label_printk(other_ctx->label, GFP_ATOMIC); : \ ""); print_sk(other); \ pr_warn(" new %s", new_ctx && new_ctx->label ? \ aa_label_printk(new_ctx->label, GFP_ATOMIC); : \ ""); print_sk(newsk); \ } while (0) int aa_unix_peer_perm(const struct cred *subj_cred, struct aa_label *label, const char *op, u32 request, struct sock *sk, struct sock *peer_sk, struct aa_label *peer_label); int aa_unix_label_sk_perm(const struct cred *subj_cred, struct aa_label *label, const char *op, u32 request, struct sock *sk); int aa_unix_sock_perm(const char *op, u32 request, struct socket *sock); int aa_unix_create_perm(struct aa_label *label, int family, int type, int protocol); int aa_unix_bind_perm(struct socket *sock, struct sockaddr *address, int addrlen); int aa_unix_connect_perm(struct socket *sock, struct sockaddr *address, int addrlen); int aa_unix_listen_perm(struct socket *sock, int backlog); int aa_unix_accept_perm(struct socket *sock, struct socket *newsock); int aa_unix_msg_perm(const char *op, u32 request, struct socket *sock, struct msghdr *msg, int size); int aa_unix_opt_perm(const char *op, u32 request, struct socket *sock, int level, int optname); int aa_unix_file_perm(const struct cred *subj_cred, struct aa_label *label, const char *op, u32 request, struct socket *sock); #endif /* __AA_AF_UNIX_H */