[apparmor] First draft of a userspace ipc introspection interface

John Johansen john.johansen at canonical.com
Thu Nov 18 02:35:01 GMT 2010 

So this is a first cut at an interface to be exposed to userspace via libapparmor.

It takes the general question approach, ie. what are my permissions for doing
ipc between X and Y.  It doesn't deal with all the various exceptions and possible
combinations that may be possible.
  ie.  It will be possible to do ipc but not send sig kill, or ipc may be limited
       to a specific form, eg pipes.

It also doesn't currently deal with whether ipc can be done through a file that
each end opens (ie not a shared fd that was passed).  That would require a total
policy analysis that we don't currently do/require at profile load time.

I am not terribly happy with the int return parameter (I actually favor the kernel
negative error codes or using errno) but I choose to follow the clib and current
libapparmor convention.

Basically there are two fns, one form ipc, and one for exec questions.  And then
there are several convenience function that make life easier for application
developers.

_query_ is used on fn names that do generic queries that could be against any
        profile/task

_introspect_ is used for fn names for querying the state of the task calling it


I have omitted the details of the kernel interfaces, and patches at this time
as I just want to focus on getting peoples feed back about the interfaces before
we get into implementation details

---


/**
 * aa_query_ipc - query @origin as to whether it can ipc with @target
 * @origin: origin profile for the ipc request
 * @target: target profile for the ipc request
 * @symmetric: whether the communication needs to be symmetric or asymmetric
 * @perms: Return - if successful permission granted for ipc between @origin
 *         and @target
 *
 * Returns: 0 on success with permissions in @perms
 *         -1 on failure, with errno set to the error condition
 */
int aa_query_ipc(const char *origin, const char *target, int symetric,
		 aa_perms_t *perms);

/**
 * aa_introspect_ipc - ask whether current task can ipc with @target
 * @target: target profile for the ipc request
 * @symmetric: whether the communication needs to be symmetric or asymmetric
 * @perms: Return - if successful permission granted for ipc between @origin and
 *         @target
 *
 * Returns: 0 on success with permissions in @perms
 *         -1 on failure, with errno set to the error condition
 */
int aa_introspect_ipc(const char *target, int symmetric, aa_perms_t *perms);

/**
 * aa_query_task_ipc - query @origin task as to whether it can ipc with @target
 * @origin: origin task for the ipc request
 * @target: target task for the ipc request
 * @symmetric: whether the communication needs to be symmetric or asymmetric
 * @perms: Return - if successful permission granted for ipc between @origin
 *         and @target
 *
 * Returns: 0 on success with permissions in @perms
 *         -1 on failure, with errno set to the error condition
 */
int aa_query_task_ipc(pid_t origin, pid_t target, int symmetric,
		      aa_perms_t *perms);

/**
 * aa_introspect_task_ipc - ask whether current task can ipc with @target
 * @target: target task for the ipc request
 * @symmetric: whether the communication needs to be symmetric or asymmetric
 * @perms: Return - if successful permission granted for ipc between @origin
 *         and @target
 *
 * Returns: 0 on success with permissions in @perms
 *         -1 on failure, with errno set to the error condition
 */
int aa_introspect_task_ipc(pid_t target, int symmetric, aa_perms_t *rq_perms);

/*
 * fns for querying about domain transitions
 */

/**
 * aa_querty_exec - query @profile as to confinement for @prog
 * @profile: profile(s) to find exec transition in
 * @prog: program to exec
 * @buffer: buffer to put result in
 * @size: size of @buffer
 *
 * Returns: on success - size of profile name put in buffer, name in @buffer
 *          on failure - -1 with errno set to the error condition
 */
int aa_query_exec(const char *profile, const char *prog, char *buffer,
		  size_t size);

/**
 * aa_querty_exec - query @profile as to confinement for @prog
 * @profile: profile(s) to find exec transition in
 * @prog: program to exec

 * @xdomain: Return pointer to buffer with profile name that
 *
 * Returns: on success - pointer to allocated buffer with profile name,
 *                       caller must free buffer
 *          on failure - NULL with errno set to the error condition
 */
char *aa_aquery_exec(const char *profile, const char *prog);

/**
 * aa_querty_exec - ask what domain @prog would have if exec from current task
 * @prog: program to exec
 * @buffer: buffer to put result in
 * @size: size of @buffer
 *
 * Returns: on success - size of profile name put in buffer, name in @buffer
 *          on failure - -1 with errno set to the error condition
 */
int aa_introspect_exec(const char *prog, char *buffer, size_t size);

/**
 * aa_querty_exec - query @domain as to confinement for @prog
 * @prog: program to exec
 *
 * Returns: on success - pointer to allocated buffer with profile name,
 *                       caller must free buffer
 *          on failure - NULL with errno set to the error condition
 */
char *aa_aintrospect_exec(const char *prog);

More information about the AppArmor mailing list