1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * AppArmor security module 4 * 5 * This file contains AppArmor /sys/kernel/security/apparmor interface functions 6 * 7 * Copyright (C) 1998-2008 Novell/SUSE 8 * Copyright 2009-2010 Canonical Ltd. 9 */ 10 11#include <linux/ctype.h> 12#include <linux/security.h> 13#include <linux/vmalloc.h> 14#include <linux/init.h> 15#include <linux/seq_file.h> 16#include <linux/uaccess.h> 17#include <linux/mount.h> 18#include <linux/namei.h> 19#include <linux/capability.h> 20#include <linux/rcupdate.h> 21#include <linux/fs.h> 22#include <linux/fs_context.h> 23#include <linux/poll.h> 24#include <linux/zlib.h> 25#include <uapi/linux/major.h> 26#include <uapi/linux/magic.h> 27 28#include "include/apparmor.h" 29#include "include/apparmorfs.h" 30#include "include/audit.h" 31#include "include/cred.h" 32#include "include/crypto.h" 33#include "include/ipc.h" 34#include "include/label.h" 35#include "include/policy.h" 36#include "include/policy_ns.h" 37#include "include/resource.h" 38#include "include/policy_unpack.h" 39 40/* 41 * The apparmor filesystem interface used for policy load and introspection 42 * The interface is split into two main components based on their function 43 * a securityfs component: 44 * used for static files that are always available, and which allows 45 * userspace to specificy the location of the security filesystem. 46 * 47 * fns and data are prefixed with 48 * aa_sfs_ 49 * 50 * an apparmorfs component: 51 * used loaded policy content and introspection. It is not part of a 52 * regular mounted filesystem and is available only through the magic 53 * policy symlink in the root of the securityfs apparmor/ directory. 54 * Tasks queries will be magically redirected to the correct portion 55 * of the policy tree based on their confinement. 56 * 57 * fns and data are prefixed with 58 * aafs_ 59 * 60 * The aa_fs_ prefix is used to indicate the fn is used by both the 61 * securityfs and apparmorfs filesystems. 62 */ 63 64 65/* 66 * support fns 67 */ 68 69struct rawdata_f_data { 70 struct aa_loaddata *loaddata; 71}; 72 73#define RAWDATA_F_DATA_BUF(p) (char *)(p + 1) 74 75static void rawdata_f_data_free(struct rawdata_f_data *private) 76{ 77 if (!private) 78 return; 79 80 aa_put_loaddata(private->loaddata); 81 kvfree(private); 82} 83 84static struct rawdata_f_data *rawdata_f_data_alloc(size_t size) 85{ 86 struct rawdata_f_data *ret; 87 88 if (size > SIZE_MAX - sizeof(*ret)) 89 return ERR_PTR(-EINVAL); 90 91 ret = kvzalloc(sizeof(*ret) + size, GFP_KERNEL); 92 if (!ret) 93 return ERR_PTR(-ENOMEM); 94 95 return ret; 96} 97 98/** 99 * aa_mangle_name - mangle a profile name to std profile layout form 100 * @name: profile name to mangle (NOT NULL) 101 * @target: buffer to store mangled name, same length as @name (MAYBE NULL) 102 * 103 * Returns: length of mangled name 104 */ 105static int mangle_name(const char *name, char *target) 106{ 107 char *t = target; 108 109 while (*name == '/' || *name == '.') 110 name++; 111 112 if (target) { 113 for (; *name; name++) { 114 if (*name == '/') 115 *(t)++ = '.'; 116 else if (isspace(*name)) 117 *(t)++ = '_'; 118 else if (isalnum(*name) || strchr("._-", *name)) 119 *(t)++ = *name; 120 } 121 122 *t = 0; 123 } else { 124 int len = 0; 125 for (; *name; name++) { 126 if (isalnum(*name) || isspace(*name) || 127 strchr("/._-", *name)) 128 len++; 129 } 130 131 return len; 132 } 133 134 return t - target; 135} 136 137 138/* 139 * aafs - core fns and data for the policy tree 140 */ 141 142#define AAFS_NAME "apparmorfs" 143static struct vfsmount *aafs_mnt; 144static int aafs_count; 145 146 147static int aafs_show_path(struct seq_file *seq, struct dentry *dentry) 148{ 149 seq_printf(seq, "%s:[%lu]", AAFS_NAME, d_inode(dentry)->i_ino); 150 return 0; 151} 152 153static void aafs_free_inode(struct inode *inode) 154{ 155 if (S_ISLNK(inode->i_mode)) 156 kfree(inode->i_link); 157 free_inode_nonrcu(inode); 158} 159 160static const struct super_operations aafs_super_ops = { 161 .statfs = simple_statfs, 162 .free_inode = aafs_free_inode, 163 .show_path = aafs_show_path, 164}; 165 166static int apparmorfs_fill_super(struct super_block *sb, struct fs_context *fc) 167{ 168 static struct tree_descr files[] = { {""} }; 169 int error; 170 171 error = simple_fill_super(sb, AAFS_MAGIC, files); 172 if (error) 173 return error; 174 sb->s_op = &aafs_super_ops; 175 176 return 0; 177} 178 179static int apparmorfs_get_tree(struct fs_context *fc) 180{ 181 return get_tree_single(fc, apparmorfs_fill_super); 182} 183 184static const struct fs_context_operations apparmorfs_context_ops = { 185 .get_tree = apparmorfs_get_tree, 186}; 187 188static int apparmorfs_init_fs_context(struct fs_context *fc) 189{ 190 fc->ops = &apparmorfs_context_ops; 191 return 0; 192} 193 194static struct file_system_type aafs_ops = { 195 .owner = THIS_MODULE, 196 .name = AAFS_NAME, 197 .init_fs_context = apparmorfs_init_fs_context, 198 .kill_sb = kill_anon_super, 199}; 200 201/** 202 * __aafs_setup_d_inode - basic inode setup for apparmorfs 203 * @dir: parent directory for the dentry 204 * @dentry: dentry we are seting the inode up for 205 * @mode: permissions the file should have 206 * @data: data to store on inode.i_private, available in open() 207 * @link: if symlink, symlink target string 208 * @fops: struct file_operations that should be used 209 * @iops: struct of inode_operations that should be used 210 */ 211static int __aafs_setup_d_inode(struct inode *dir, struct dentry *dentry, 212 umode_t mode, void *data, char *link, 213 const struct file_operations *fops, 214 const struct inode_operations *iops) 215{ 216 struct inode *inode = new_inode(dir->i_sb); 217 218 AA_BUG(!dir); 219 AA_BUG(!dentry); 220 221 if (!inode) 222 return -ENOMEM; 223 224 inode->i_ino = get_next_ino(); 225 inode->i_mode = mode; 226 inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode); 227 inode->i_private = data; 228 if (S_ISDIR(mode)) { 229 inode->i_op = iops ? iops : &simple_dir_inode_operations; 230 inode->i_fop = &simple_dir_operations; 231 inc_nlink(inode); 232 inc_nlink(dir); 233 } else if (S_ISLNK(mode)) { 234 inode->i_op = iops ? iops : &simple_symlink_inode_operations; 235 inode->i_link = link; 236 } else { 237 inode->i_fop = fops; 238 } 239 d_instantiate(dentry, inode); 240 dget(dentry); 241 242 return 0; 243} 244 245/** 246 * aafs_create - create a dentry in the apparmorfs filesystem 247 * 248 * @name: name of dentry to create 249 * @mode: permissions the file should have 250 * @parent: parent directory for this dentry 251 * @data: data to store on inode.i_private, available in open() 252 * @link: if symlink, symlink target string 253 * @fops: struct file_operations that should be used for 254 * @iops: struct of inode_operations that should be used 255 * 256 * This is the basic "create a xxx" function for apparmorfs. 257 * 258 * Returns a pointer to a dentry if it succeeds, that must be free with 259 * aafs_remove(). Will return ERR_PTR on failure. 260 */ 261static struct dentry *aafs_create(const char *name, umode_t mode, 262 struct dentry *parent, void *data, void *link, 263 const struct file_operations *fops, 264 const struct inode_operations *iops) 265{ 266 struct dentry *dentry; 267 struct inode *dir; 268 int error; 269 270 AA_BUG(!name); 271 AA_BUG(!parent); 272 273 if (!(mode & S_IFMT)) 274 mode = (mode & S_IALLUGO) | S_IFREG; 275 276 error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count); 277 if (error) 278 return ERR_PTR(error); 279 280 dir = d_inode(parent); 281 282 inode_lock(dir); 283 dentry = lookup_one_len(name, parent, strlen(name)); 284 if (IS_ERR(dentry)) { 285 error = PTR_ERR(dentry); 286 goto fail_lock; 287 } 288 289 if (d_really_is_positive(dentry)) { 290 error = -EEXIST; 291 goto fail_dentry; 292 } 293 294 error = __aafs_setup_d_inode(dir, dentry, mode, data, link, fops, iops); 295 if (error) 296 goto fail_dentry; 297 inode_unlock(dir); 298 299 return dentry; 300 301fail_dentry: 302 dput(dentry); 303 304fail_lock: 305 inode_unlock(dir); 306 simple_release_fs(&aafs_mnt, &aafs_count); 307 308 return ERR_PTR(error); 309} 310 311/** 312 * aafs_create_file - create a file in the apparmorfs filesystem 313 * 314 * @name: name of dentry to create 315 * @mode: permissions the file should have 316 * @parent: parent directory for this dentry 317 * @data: data to store on inode.i_private, available in open() 318 * @fops: struct file_operations that should be used for 319 * 320 * see aafs_create 321 */ 322static struct dentry *aafs_create_file(const char *name, umode_t mode, 323 struct dentry *parent, void *data, 324 const struct file_operations *fops) 325{ 326 return aafs_create(name, mode, parent, data, NULL, fops, NULL); 327} 328 329/** 330 * aafs_create_dir - create a directory in the apparmorfs filesystem 331 * 332 * @name: name of dentry to create 333 * @parent: parent directory for this dentry 334 * 335 * see aafs_create 336 */ 337static struct dentry *aafs_create_dir(const char *name, struct dentry *parent) 338{ 339 return aafs_create(name, S_IFDIR | 0755, parent, NULL, NULL, NULL, 340 NULL); 341} 342 343/** 344 * aafs_remove - removes a file or directory from the apparmorfs filesystem 345 * 346 * @dentry: dentry of the file/directory/symlink to removed. 347 */ 348static void aafs_remove(struct dentry *dentry) 349{ 350 struct inode *dir; 351 352 if (!dentry || IS_ERR(dentry)) 353 return; 354 355 dir = d_inode(dentry->d_parent); 356 inode_lock(dir); 357 if (simple_positive(dentry)) { 358 if (d_is_dir(dentry)) 359 simple_rmdir(dir, dentry); 360 else 361 simple_unlink(dir, dentry); 362 d_delete(dentry); 363 dput(dentry); 364 } 365 inode_unlock(dir); 366 simple_release_fs(&aafs_mnt, &aafs_count); 367} 368 369 370/* 371 * aa_fs - policy load/replace/remove 372 */ 373 374/** 375 * aa_simple_write_to_buffer - common routine for getting policy from user 376 * @userbuf: user buffer to copy data from (NOT NULL) 377 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size) 378 * @copy_size: size of data to copy from user buffer 379 * @pos: position write is at in the file (NOT NULL) 380 * 381 * Returns: kernel buffer containing copy of user buffer data or an 382 * ERR_PTR on failure. 383 */ 384static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf, 385 size_t alloc_size, 386 size_t copy_size, 387 loff_t *pos) 388{ 389 struct aa_loaddata *data; 390 391 AA_BUG(copy_size > alloc_size); 392 393 if (*pos != 0) 394 /* only writes from pos 0, that is complete writes */ 395 return ERR_PTR(-ESPIPE); 396 397 /* freed by caller to simple_write_to_buffer */ 398 data = aa_loaddata_alloc(alloc_size); 399 if (IS_ERR(data)) 400 return data; 401 402 data->size = copy_size; 403 if (copy_from_user(data->data, userbuf, copy_size)) { 404 aa_put_loaddata(data); 405 return ERR_PTR(-EFAULT); 406 } 407 408 return data; 409} 410 411static ssize_t policy_update(u32 mask, const char __user *buf, size_t size, 412 loff_t *pos, struct aa_ns *ns) 413{ 414 struct aa_loaddata *data; 415 struct aa_label *label; 416 ssize_t error; 417 418 label = begin_current_label_crit_section(); 419 420 /* high level check about policy management - fine grained in 421 * below after unpack 422 */ 423 error = aa_may_manage_policy(label, ns, mask); 424 if (error) 425 goto end_section; 426 427 data = aa_simple_write_to_buffer(buf, size, size, pos); 428 error = PTR_ERR(data); 429 if (!IS_ERR(data)) { 430 error = aa_replace_profiles(ns, label, mask, data); 431 aa_put_loaddata(data); 432 } 433end_section: 434 end_current_label_crit_section(label); 435 436 return error; 437} 438 439/* .load file hook fn to load policy */ 440static ssize_t profile_load(struct file *f, const char __user *buf, size_t size, 441 loff_t *pos) 442{ 443 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); 444 int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns); 445 446 aa_put_ns(ns); 447 448 return error; 449} 450 451static const struct file_operations aa_fs_profile_load = { 452 .write = profile_load, 453 .llseek = default_llseek, 454}; 455 456/* .replace file hook fn to load and/or replace policy */ 457static ssize_t profile_replace(struct file *f, const char __user *buf, 458 size_t size, loff_t *pos) 459{ 460 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); 461 int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY, 462 buf, size, pos, ns); 463 aa_put_ns(ns); 464 465 return error; 466} 467 468static const struct file_operations aa_fs_profile_replace = { 469 .write = profile_replace, 470 .llseek = default_llseek, 471}; 472 473/* .remove file hook fn to remove loaded policy */ 474static ssize_t profile_remove(struct file *f, const char __user *buf, 475 size_t size, loff_t *pos) 476{ 477 struct aa_loaddata *data; 478 struct aa_label *label; 479 ssize_t error; 480 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); 481 482 label = begin_current_label_crit_section(); 483 /* high level check about policy management - fine grained in 484 * below after unpack 485 */ 486 error = aa_may_manage_policy(label, ns, AA_MAY_REMOVE_POLICY); 487 if (error) 488 goto out; 489 490 /* 491 * aa_remove_profile needs a null terminated string so 1 extra 492 * byte is allocated and the copied data is null terminated. 493 */ 494 data = aa_simple_write_to_buffer(buf, size + 1, size, pos); 495 496 error = PTR_ERR(data); 497 if (!IS_ERR(data)) { 498 data->data[size] = 0; 499 error = aa_remove_profiles(ns, label, data->data, size); 500 aa_put_loaddata(data); 501 } 502 out: 503 end_current_label_crit_section(label); 504 aa_put_ns(ns); 505 return error; 506} 507 508static const struct file_operations aa_fs_profile_remove = { 509 .write = profile_remove, 510 .llseek = default_llseek, 511}; 512 513struct aa_revision { 514 struct aa_ns *ns; 515 long last_read; 516}; 517 518/* revision file hook fn for policy loads */ 519static int ns_revision_release(struct inode *inode, struct file *file) 520{ 521 struct aa_revision *rev = file->private_data; 522 523 if (rev) { 524 aa_put_ns(rev->ns); 525 kfree(rev); 526 } 527 528 return 0; 529} 530 531static ssize_t ns_revision_read(struct file *file, char __user *buf, 532 size_t size, loff_t *ppos) 533{ 534 struct aa_revision *rev = file->private_data; 535 char buffer[32]; 536 long last_read; 537 int avail; 538 539 mutex_lock_nested(&rev->ns->lock, rev->ns->level); 540 last_read = rev->last_read; 541 if (last_read == rev->ns->revision) { 542 mutex_unlock(&rev->ns->lock); 543 if (file->f_flags & O_NONBLOCK) 544 return -EAGAIN; 545 if (wait_event_interruptible(rev->ns->wait, 546 last_read != 547 READ_ONCE(rev->ns->revision))) 548 return -ERESTARTSYS; 549 mutex_lock_nested(&rev->ns->lock, rev->ns->level); 550 } 551 552 avail = sprintf(buffer, "%ld\n", rev->ns->revision); 553 if (*ppos + size > avail) { 554 rev->last_read = rev->ns->revision; 555 *ppos = 0; 556 } 557 mutex_unlock(&rev->ns->lock); 558 559 return simple_read_from_buffer(buf, size, ppos, buffer, avail); 560} 561 562static int ns_revision_open(struct inode *inode, struct file *file) 563{ 564 struct aa_revision *rev = kzalloc(sizeof(*rev), GFP_KERNEL); 565 566 if (!rev) 567 return -ENOMEM; 568 569 rev->ns = aa_get_ns(inode->i_private); 570 if (!rev->ns) 571 rev->ns = aa_get_current_ns(); 572 file->private_data = rev; 573 574 return 0; 575} 576 577static __poll_t ns_revision_poll(struct file *file, poll_table *pt) 578{ 579 struct aa_revision *rev = file->private_data; 580 __poll_t mask = 0; 581 582 if (rev) { 583 mutex_lock_nested(&rev->ns->lock, rev->ns->level); 584 poll_wait(file, &rev->ns->wait, pt); 585 if (rev->last_read < rev->ns->revision) 586 mask |= EPOLLIN | EPOLLRDNORM; 587 mutex_unlock(&rev->ns->lock); 588 } 589 590 return mask; 591} 592 593void __aa_bump_ns_revision(struct aa_ns *ns) 594{ 595 WRITE_ONCE(ns->revision, READ_ONCE(ns->revision) + 1); 596 wake_up_interruptible(&ns->wait); 597} 598 599static const struct file_operations aa_fs_ns_revision_fops = { 600 .owner = THIS_MODULE, 601 .open = ns_revision_open, 602 .poll = ns_revision_poll, 603 .read = ns_revision_read, 604 .llseek = generic_file_llseek, 605 .release = ns_revision_release, 606}; 607 608static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms, 609 const char *match_str, size_t match_len) 610{ 611 struct aa_perms tmp = { }; 612 struct aa_dfa *dfa; 613 unsigned int state = 0; 614 615 if (profile_unconfined(profile)) 616 return; 617 if (profile->file.dfa && *match_str == AA_CLASS_FILE) { 618 dfa = profile->file.dfa; 619 state = aa_dfa_match_len(dfa, profile->file.start, 620 match_str + 1, match_len - 1); 621 if (state) { 622 struct path_cond cond = { }; 623 624 tmp = aa_compute_fperms(dfa, state, &cond); 625 } 626 } else if (profile->policy.dfa) { 627 if (!PROFILE_MEDIATES(profile, *match_str)) 628 return; /* no change to current perms */ 629 dfa = profile->policy.dfa; 630 state = aa_dfa_match_len(dfa, profile->policy.start[0], 631 match_str, match_len); 632 if (state) 633 aa_compute_perms(dfa, state, &tmp); 634 } 635 aa_apply_modes_to_perms(profile, &tmp); 636 aa_perms_accum_raw(perms, &tmp); 637} 638 639 640/** 641 * query_data - queries a policy and writes its data to buf 642 * @buf: the resulting data is stored here (NOT NULL) 643 * @buf_len: size of buf 644 * @query: query string used to retrieve data 645 * @query_len: size of query including second NUL byte 646 * 647 * The buffers pointed to by buf and query may overlap. The query buffer is 648 * parsed before buf is written to. 649 * 650 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of 651 * the security confinement context and <KEY> is the name of the data to 652 * retrieve. <LABEL> and <KEY> must not be NUL-terminated. 653 * 654 * Don't expect the contents of buf to be preserved on failure. 655 * 656 * Returns: number of characters written to buf or -errno on failure 657 */ 658static ssize_t query_data(char *buf, size_t buf_len, 659 char *query, size_t query_len) 660{ 661 char *out; 662 const char *key; 663 struct label_it i; 664 struct aa_label *label, *curr; 665 struct aa_profile *profile; 666 struct aa_data *data; 667 u32 bytes, blocks; 668 __le32 outle32; 669 670 if (!query_len) 671 return -EINVAL; /* need a query */ 672 673 key = query + strnlen(query, query_len) + 1; 674 if (key + 1 >= query + query_len) 675 return -EINVAL; /* not enough space for a non-empty key */ 676 if (key + strnlen(key, query + query_len - key) >= query + query_len) 677 return -EINVAL; /* must end with NUL */ 678 679 if (buf_len < sizeof(bytes) + sizeof(blocks)) 680 return -EINVAL; /* not enough space */ 681 682 curr = begin_current_label_crit_section(); 683 label = aa_label_parse(curr, query, GFP_KERNEL, false, false); 684 end_current_label_crit_section(curr); 685 if (IS_ERR(label)) 686 return PTR_ERR(label); 687 688 /* We are going to leave space for two numbers. The first is the total 689 * number of bytes we are writing after the first number. This is so 690 * users can read the full output without reallocation. 691 * 692 * The second number is the number of data blocks we're writing. An 693 * application might be confined by multiple policies having data in 694 * the same key. 695 */ 696 memset(buf, 0, sizeof(bytes) + sizeof(blocks)); 697 out = buf + sizeof(bytes) + sizeof(blocks); 698 699 blocks = 0; 700 label_for_each_confined(i, label, profile) { 701 if (!profile->data) 702 continue; 703 704 data = rhashtable_lookup_fast(profile->data, &key, 705 profile->data->p); 706 707 if (data) { 708 if (out + sizeof(outle32) + data->size > buf + 709 buf_len) { 710 aa_put_label(label); 711 return -EINVAL; /* not enough space */ 712 } 713 outle32 = __cpu_to_le32(data->size); 714 memcpy(out, &outle32, sizeof(outle32)); 715 out += sizeof(outle32); 716 memcpy(out, data->data, data->size); 717 out += data->size; 718 blocks++; 719 } 720 } 721 aa_put_label(label); 722 723 outle32 = __cpu_to_le32(out - buf - sizeof(bytes)); 724 memcpy(buf, &outle32, sizeof(outle32)); 725 outle32 = __cpu_to_le32(blocks); 726 memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32)); 727 728 return out - buf; 729} 730 731/** 732 * query_label - queries a label and writes permissions to buf 733 * @buf: the resulting permissions string is stored here (NOT NULL) 734 * @buf_len: size of buf 735 * @query: binary query string to match against the dfa 736 * @query_len: size of query 737 * @view_only: only compute for querier's view 738 * 739 * The buffers pointed to by buf and query may overlap. The query buffer is 740 * parsed before buf is written to. 741 * 742 * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is 743 * the name of the label, in the current namespace, that is to be queried and 744 * DFA_STRING is a binary string to match against the label(s)'s DFA. 745 * 746 * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters 747 * but must *not* be NUL terminated. 748 * 749 * Returns: number of characters written to buf or -errno on failure 750 */ 751static ssize_t query_label(char *buf, size_t buf_len, 752 char *query, size_t query_len, bool view_only) 753{ 754 struct aa_profile *profile; 755 struct aa_label *label, *curr; 756 char *label_name, *match_str; 757 size_t label_name_len, match_len; 758 struct aa_perms perms; 759 struct label_it i; 760 761 if (!query_len) 762 return -EINVAL; 763 764 label_name = query; 765 label_name_len = strnlen(query, query_len); 766 if (!label_name_len || label_name_len == query_len) 767 return -EINVAL; 768 769 /** 770 * The extra byte is to account for the null byte between the 771 * profile name and dfa string. profile_name_len is greater 772 * than zero and less than query_len, so a byte can be safely 773 * added or subtracted. 774 */ 775 match_str = label_name + label_name_len + 1; 776 match_len = query_len - label_name_len - 1; 777 778 curr = begin_current_label_crit_section(); 779 label = aa_label_parse(curr, label_name, GFP_KERNEL, false, false); 780 end_current_label_crit_section(curr); 781 if (IS_ERR(label)) 782 return PTR_ERR(label); 783 784 perms = allperms; 785 if (view_only) { 786 label_for_each_in_ns(i, labels_ns(label), label, profile) { 787 profile_query_cb(profile, &perms, match_str, match_len); 788 } 789 } else { 790 label_for_each(i, label, profile) { 791 profile_query_cb(profile, &perms, match_str, match_len); 792 } 793 } 794 aa_put_label(label); 795 796 return scnprintf(buf, buf_len, 797 "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n", 798 perms.allow, perms.deny, perms.audit, perms.quiet); 799} 800 801/* 802 * Transaction based IO. 803 * The file expects a write which triggers the transaction, and then 804 * possibly a read(s) which collects the result - which is stored in a 805 * file-local buffer. Once a new write is performed, a new set of results 806 * are stored in the file-local buffer. 807 */ 808struct multi_transaction { 809 struct kref count; 810 ssize_t size; 811 char data[]; 812}; 813 814#define MULTI_TRANSACTION_LIMIT (PAGE_SIZE - sizeof(struct multi_transaction)) 815/* TODO: replace with per file lock */ 816static DEFINE_SPINLOCK(multi_transaction_lock); 817 818static void multi_transaction_kref(struct kref *kref) 819{ 820 struct multi_transaction *t; 821 822 t = container_of(kref, struct multi_transaction, count); 823 free_page((unsigned long) t); 824} 825 826static struct multi_transaction * 827get_multi_transaction(struct multi_transaction *t) 828{ 829 if (t) 830 kref_get(&(t->count)); 831 832 return t; 833} 834 835static void put_multi_transaction(struct multi_transaction *t) 836{ 837 if (t) 838 kref_put(&(t->count), multi_transaction_kref); 839} 840 841/* does not increment @new's count */ 842static void multi_transaction_set(struct file *file, 843 struct multi_transaction *new, size_t n) 844{ 845 struct multi_transaction *old; 846 847 AA_BUG(n > MULTI_TRANSACTION_LIMIT); 848 849 new->size = n; 850 spin_lock(&multi_transaction_lock); 851 old = (struct multi_transaction *) file->private_data; 852 file->private_data = new; 853 spin_unlock(&multi_transaction_lock); 854 put_multi_transaction(old); 855} 856 857static struct multi_transaction *multi_transaction_new(struct file *file, 858 const char __user *buf, 859 size_t size) 860{ 861 struct multi_transaction *t; 862 863 if (size > MULTI_TRANSACTION_LIMIT - 1) 864 return ERR_PTR(-EFBIG); 865 866 t = (struct multi_transaction *)get_zeroed_page(GFP_KERNEL); 867 if (!t) 868 return ERR_PTR(-ENOMEM); 869 kref_init(&t->count); 870 if (copy_from_user(t->data, buf, size)) { 871 put_multi_transaction(t); 872 return ERR_PTR(-EFAULT); 873 } 874 875 return t; 876} 877 878static ssize_t multi_transaction_read(struct file *file, char __user *buf, 879 size_t size, loff_t *pos) 880{ 881 struct multi_transaction *t; 882 ssize_t ret; 883 884 spin_lock(&multi_transaction_lock); 885 t = get_multi_transaction(file->private_data); 886 spin_unlock(&multi_transaction_lock); 887 if (!t) 888 return 0; 889 890 ret = simple_read_from_buffer(buf, size, pos, t->data, t->size); 891 put_multi_transaction(t); 892 893 return ret; 894} 895 896static int multi_transaction_release(struct inode *inode, struct file *file) 897{ 898 put_multi_transaction(file->private_data); 899 900 return 0; 901} 902 903#define QUERY_CMD_LABEL "label\0" 904#define QUERY_CMD_LABEL_LEN 6 905#define QUERY_CMD_PROFILE "profile\0" 906#define QUERY_CMD_PROFILE_LEN 8 907#define QUERY_CMD_LABELALL "labelall\0" 908#define QUERY_CMD_LABELALL_LEN 9 909#define QUERY_CMD_DATA "data\0" 910#define QUERY_CMD_DATA_LEN 5 911 912/** 913 * aa_write_access - generic permissions and data query 914 * @file: pointer to open apparmorfs/access file 915 * @ubuf: user buffer containing the complete query string (NOT NULL) 916 * @count: size of ubuf 917 * @ppos: position in the file (MUST BE ZERO) 918 * 919 * Allows for one permissions or data query per open(), write(), and read() 920 * sequence. The only queries currently supported are label-based queries for 921 * permissions or data. 922 * 923 * For permissions queries, ubuf must begin with "label\0", followed by the 924 * profile query specific format described in the query_label() function 925 * documentation. 926 * 927 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where 928 * <LABEL> is the name of the security confinement context and <KEY> is the 929 * name of the data to retrieve. 930 * 931 * Returns: number of bytes written or -errno on failure 932 */ 933static ssize_t aa_write_access(struct file *file, const char __user *ubuf, 934 size_t count, loff_t *ppos) 935{ 936 struct multi_transaction *t; 937 ssize_t len; 938 939 if (*ppos) 940 return -ESPIPE; 941 942 t = multi_transaction_new(file, ubuf, count); 943 if (IS_ERR(t)) 944 return PTR_ERR(t); 945 946 if (count > QUERY_CMD_PROFILE_LEN && 947 !memcmp(t->data, QUERY_CMD_PROFILE, QUERY_CMD_PROFILE_LEN)) { 948 len = query_label(t->data, MULTI_TRANSACTION_LIMIT, 949 t->data + QUERY_CMD_PROFILE_LEN, 950 count - QUERY_CMD_PROFILE_LEN, true); 951 } else if (count > QUERY_CMD_LABEL_LEN && 952 !memcmp(t->data, QUERY_CMD_LABEL, QUERY_CMD_LABEL_LEN)) { 953 len = query_label(t->data, MULTI_TRANSACTION_LIMIT, 954 t->data + QUERY_CMD_LABEL_LEN, 955 count - QUERY_CMD_LABEL_LEN, true); 956 } else if (count > QUERY_CMD_LABELALL_LEN && 957 !memcmp(t->data, QUERY_CMD_LABELALL, 958 QUERY_CMD_LABELALL_LEN)) { 959 len = query_label(t->data, MULTI_TRANSACTION_LIMIT, 960 t->data + QUERY_CMD_LABELALL_LEN, 961 count - QUERY_CMD_LABELALL_LEN, false); 962 } else if (count > QUERY_CMD_DATA_LEN && 963 !memcmp(t->data, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) { 964 len = query_data(t->data, MULTI_TRANSACTION_LIMIT, 965 t->data + QUERY_CMD_DATA_LEN, 966 count - QUERY_CMD_DATA_LEN); 967 } else 968 len = -EINVAL; 969 970 if (len < 0) { 971 put_multi_transaction(t); 972 return len; 973 } 974 975 multi_transaction_set(file, t, len); 976 977 return count; 978} 979 980static const struct file_operations aa_sfs_access = { 981 .write = aa_write_access, 982 .read = multi_transaction_read, 983 .release = multi_transaction_release, 984 .llseek = generic_file_llseek, 985}; 986 987static int aa_sfs_seq_show(struct seq_file *seq, void *v) 988{ 989 struct aa_sfs_entry *fs_file = seq->private; 990 991 if (!fs_file) 992 return 0; 993 994 switch (fs_file->v_type) { 995 case AA_SFS_TYPE_BOOLEAN: 996 seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no"); 997 break; 998 case AA_SFS_TYPE_STRING: 999 seq_printf(seq, "%s\n", fs_file->v.string); 1000 break; 1001 case AA_SFS_TYPE_U64: 1002 seq_printf(seq, "%#08lx\n", fs_file->v.u64); 1003 break; 1004 default: 1005 /* Ignore unpritable entry types. */ 1006 break; 1007 } 1008 1009 return 0; 1010} 1011 1012static int aa_sfs_seq_open(struct inode *inode, struct file *file) 1013{ 1014 return single_open(file, aa_sfs_seq_show, inode->i_private); 1015} 1016 1017const struct file_operations aa_sfs_seq_file_ops = { 1018 .owner = THIS_MODULE, 1019 .open = aa_sfs_seq_open, 1020 .read = seq_read, 1021 .llseek = seq_lseek, 1022 .release = single_release, 1023}; 1024 1025/* 1026 * profile based file operations 1027 * policy/profiles/XXXX/profiles/ * 1028 */ 1029 1030#define SEQ_PROFILE_FOPS(NAME) \ 1031static int seq_profile_ ##NAME ##_open(struct inode *inode, struct file *file)\ 1032{ \ 1033 return seq_profile_open(inode, file, seq_profile_ ##NAME ##_show); \ 1034} \ 1035 \ 1036static const struct file_operations seq_profile_ ##NAME ##_fops = { \ 1037 .owner = THIS_MODULE, \ 1038 .open = seq_profile_ ##NAME ##_open, \ 1039 .read = seq_read, \ 1040 .llseek = seq_lseek, \ 1041 .release = seq_profile_release, \ 1042} \ 1043 1044static int seq_profile_open(struct inode *inode, struct file *file, 1045 int (*show)(struct seq_file *, void *)) 1046{ 1047 struct aa_proxy *proxy = aa_get_proxy(inode->i_private); 1048 int error = single_open(file, show, proxy); 1049 1050 if (error) { 1051 file->private_data = NULL; 1052 aa_put_proxy(proxy); 1053 } 1054 1055 return error; 1056} 1057 1058static int seq_profile_release(struct inode *inode, struct file *file) 1059{ 1060 struct seq_file *seq = (struct seq_file *) file->private_data; 1061 if (seq) 1062 aa_put_proxy(seq->private); 1063 return single_release(inode, file); 1064} 1065 1066static int seq_profile_name_show(struct seq_file *seq, void *v) 1067{ 1068 struct aa_proxy *proxy = seq->private; 1069 struct aa_label *label = aa_get_label_rcu(&proxy->label); 1070 struct aa_profile *profile = labels_profile(label); 1071 seq_printf(seq, "%s\n", profile->base.name); 1072 aa_put_label(label); 1073 1074 return 0; 1075} 1076 1077static int seq_profile_mode_show(struct seq_file *seq, void *v) 1078{ 1079 struct aa_proxy *proxy = seq->private; 1080 struct aa_label *label = aa_get_label_rcu(&proxy->label); 1081 struct aa_profile *profile = labels_profile(label); 1082 seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]); 1083 aa_put_label(label); 1084 1085 return 0; 1086} 1087 1088static int seq_profile_attach_show(struct seq_file *seq, void *v) 1089{ 1090 struct aa_proxy *proxy = seq->private; 1091 struct aa_label *label = aa_get_label_rcu(&proxy->label); 1092 struct aa_profile *profile = labels_profile(label); 1093 if (profile->attach) 1094 seq_printf(seq, "%s\n", profile->attach); 1095 else if (profile->xmatch) 1096 seq_puts(seq, "<unknown>\n"); 1097 else 1098 seq_printf(seq, "%s\n", profile->base.name); 1099 aa_put_label(label); 1100 1101 return 0; 1102} 1103 1104static int seq_profile_hash_show(struct seq_file *seq, void *v) 1105{ 1106 struct aa_proxy *proxy = seq->private; 1107 struct aa_label *label = aa_get_label_rcu(&proxy->label); 1108 struct aa_profile *profile = labels_profile(label); 1109 unsigned int i, size = aa_hash_size(); 1110 1111 if (profile->hash) { 1112 for (i = 0; i < size; i++) 1113 seq_printf(seq, "%.2x", profile->hash[i]); 1114 seq_putc(seq, '\n'); 1115 } 1116 aa_put_label(label); 1117 1118 return 0; 1119} 1120 1121SEQ_PROFILE_FOPS(name); 1122SEQ_PROFILE_FOPS(mode); 1123SEQ_PROFILE_FOPS(attach); 1124SEQ_PROFILE_FOPS(hash); 1125 1126/* 1127 * namespace based files 1128 * several root files and 1129 * policy/ * 1130 */ 1131 1132#define SEQ_NS_FOPS(NAME) \ 1133static int seq_ns_ ##NAME ##_open(struct inode *inode, struct file *file) \ 1134{ \ 1135 return single_open(file, seq_ns_ ##NAME ##_show, inode->i_private); \ 1136} \ 1137 \ 1138static const struct file_operations seq_ns_ ##NAME ##_fops = { \ 1139 .owner = THIS_MODULE, \ 1140 .open = seq_ns_ ##NAME ##_open, \ 1141 .read = seq_read, \ 1142 .llseek = seq_lseek, \ 1143 .release = single_release, \ 1144} \ 1145 1146static int seq_ns_stacked_show(struct seq_file *seq, void *v) 1147{ 1148 struct aa_label *label; 1149 1150 label = begin_current_label_crit_section(); 1151 seq_printf(seq, "%s\n", label->size > 1 ? "yes" : "no"); 1152 end_current_label_crit_section(label); 1153 1154 return 0; 1155} 1156 1157static int seq_ns_nsstacked_show(struct seq_file *seq, void *v) 1158{ 1159 struct aa_label *label; 1160 struct aa_profile *profile; 1161 struct label_it it; 1162 int count = 1; 1163 1164 label = begin_current_label_crit_section(); 1165 1166 if (label->size > 1) { 1167 label_for_each(it, label, profile) 1168 if (profile->ns != labels_ns(label)) { 1169 count++; 1170 break; 1171 } 1172 } 1173 1174 seq_printf(seq, "%s\n", count > 1 ? "yes" : "no"); 1175 end_current_label_crit_section(label); 1176 1177 return 0; 1178} 1179 1180static int seq_ns_level_show(struct seq_file *seq, void *v) 1181{ 1182 struct aa_label *label; 1183 1184 label = begin_current_label_crit_section(); 1185 seq_printf(seq, "%d\n", labels_ns(label)->level); 1186 end_current_label_crit_section(label); 1187 1188 return 0; 1189} 1190 1191static int seq_ns_name_show(struct seq_file *seq, void *v) 1192{ 1193 struct aa_label *label = begin_current_label_crit_section(); 1194 seq_printf(seq, "%s\n", labels_ns(label)->base.name); 1195 end_current_label_crit_section(label); 1196 1197 return 0; 1198} 1199 1200SEQ_NS_FOPS(stacked); 1201SEQ_NS_FOPS(nsstacked); 1202SEQ_NS_FOPS(level); 1203SEQ_NS_FOPS(name); 1204 1205 1206/* policy/raw_data/ * file ops */ 1207 1208#define SEQ_RAWDATA_FOPS(NAME) \ 1209static int seq_rawdata_ ##NAME ##_open(struct inode *inode, struct file *file)\ 1210{ \ 1211 return seq_rawdata_open(inode, file, seq_rawdata_ ##NAME ##_show); \ 1212} \ 1213 \ 1214static const struct file_operations seq_rawdata_ ##NAME ##_fops = { \ 1215 .owner = THIS_MODULE, \ 1216 .open = seq_rawdata_ ##NAME ##_open, \ 1217 .read = seq_read, \ 1218 .llseek = seq_lseek, \ 1219 .release = seq_rawdata_release, \ 1220} \ 1221 1222static int seq_rawdata_open(struct inode *inode, struct file *file, 1223 int (*show)(struct seq_file *, void *)) 1224{ 1225 struct aa_loaddata *data = __aa_get_loaddata(inode->i_private); 1226 int error; 1227 1228 if (!data) 1229 /* lost race this ent is being reaped */ 1230 return -ENOENT; 1231 1232 error = single_open(file, show, data); 1233 if (error) { 1234 AA_BUG(file->private_data && 1235 ((struct seq_file *)file->private_data)->private); 1236 aa_put_loaddata(data); 1237 } 1238 1239 return error; 1240} 1241 1242static int seq_rawdata_release(struct inode *inode, struct file *file) 1243{ 1244 struct seq_file *seq = (struct seq_file *) file->private_data; 1245 1246 if (seq) 1247 aa_put_loaddata(seq->private); 1248 1249 return single_release(inode, file); 1250} 1251 1252static int seq_rawdata_abi_show(struct seq_file *seq, void *v) 1253{ 1254 struct aa_loaddata *data = seq->private; 1255 1256 seq_printf(seq, "v%d\n", data->abi); 1257 1258 return 0; 1259} 1260 1261static int seq_rawdata_revision_show(struct seq_file *seq, void *v) 1262{ 1263 struct aa_loaddata *data = seq->private; 1264 1265 seq_printf(seq, "%ld\n", data->revision); 1266 1267 return 0; 1268} 1269 1270static int seq_rawdata_hash_show(struct seq_file *seq, void *v) 1271{ 1272 struct aa_loaddata *data = seq->private; 1273 unsigned int i, size = aa_hash_size(); 1274 1275 if (data->hash) { 1276 for (i = 0; i < size; i++) 1277 seq_printf(seq, "%.2x", data->hash[i]); 1278 seq_putc(seq, '\n'); 1279 } 1280 1281 return 0; 1282} 1283 1284static int seq_rawdata_compressed_size_show(struct seq_file *seq, void *v) 1285{ 1286 struct aa_loaddata *data = seq->private; 1287 1288 seq_printf(seq, "%zu\n", data->compressed_size); 1289 1290 return 0; 1291} 1292 1293SEQ_RAWDATA_FOPS(abi); 1294SEQ_RAWDATA_FOPS(revision); 1295SEQ_RAWDATA_FOPS(hash); 1296SEQ_RAWDATA_FOPS(compressed_size); 1297 1298static int deflate_decompress(char *src, size_t slen, char *dst, size_t dlen) 1299{ 1300 int error; 1301 struct z_stream_s strm; 1302 1303 if (aa_g_rawdata_compression_level == 0) { 1304 if (dlen < slen) 1305 return -EINVAL; 1306 memcpy(dst, src, slen); 1307 return 0; 1308 } 1309 1310 memset(&strm, 0, sizeof(strm)); 1311 1312 strm.workspace = kvzalloc(zlib_inflate_workspacesize(), GFP_KERNEL); 1313 if (!strm.workspace) 1314 return -ENOMEM; 1315 1316 strm.next_in = src; 1317 strm.avail_in = slen; 1318 1319 error = zlib_inflateInit(&strm); 1320 if (error != Z_OK) { 1321 error = -ENOMEM; 1322 goto fail_inflate_init; 1323 } 1324 1325 strm.next_out = dst; 1326 strm.avail_out = dlen; 1327 1328 error = zlib_inflate(&strm, Z_FINISH); 1329 if (error != Z_STREAM_END) 1330 error = -EINVAL; 1331 else 1332 error = 0; 1333 1334 zlib_inflateEnd(&strm); 1335fail_inflate_init: 1336 kvfree(strm.workspace); 1337 return error; 1338} 1339 1340static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size, 1341 loff_t *ppos) 1342{ 1343 struct rawdata_f_data *private = file->private_data; 1344 1345 return simple_read_from_buffer(buf, size, ppos, 1346 RAWDATA_F_DATA_BUF(private), 1347 private->loaddata->size); 1348} 1349 1350static int rawdata_release(struct inode *inode, struct file *file) 1351{ 1352 rawdata_f_data_free(file->private_data); 1353 1354 return 0; 1355} 1356 1357static int rawdata_open(struct inode *inode, struct file *file) 1358{ 1359 int error; 1360 struct aa_loaddata *loaddata; 1361 struct rawdata_f_data *private; 1362 1363 if (!policy_view_capable(NULL)) 1364 return -EACCES; 1365 1366 loaddata = __aa_get_loaddata(inode->i_private); 1367 if (!loaddata) 1368 /* lost race: this entry is being reaped */ 1369 return -ENOENT; 1370 1371 private = rawdata_f_data_alloc(loaddata->size); 1372 if (IS_ERR(private)) { 1373 error = PTR_ERR(private); 1374 goto fail_private_alloc; 1375 } 1376 1377 private->loaddata = loaddata; 1378 1379 error = deflate_decompress(loaddata->data, loaddata->compressed_size, 1380 RAWDATA_F_DATA_BUF(private), 1381 loaddata->size); 1382 if (error) 1383 goto fail_decompress; 1384 1385 file->private_data = private; 1386 return 0; 1387 1388fail_decompress: 1389 rawdata_f_data_free(private); 1390 return error; 1391 1392fail_private_alloc: 1393 aa_put_loaddata(loaddata); 1394 return error; 1395} 1396 1397static const struct file_operations rawdata_fops = { 1398 .open = rawdata_open, 1399 .read = rawdata_read, 1400 .llseek = generic_file_llseek, 1401 .release = rawdata_release, 1402}; 1403 1404static void remove_rawdata_dents(struct aa_loaddata *rawdata) 1405{ 1406 int i; 1407 1408 for (i = 0; i < AAFS_LOADDATA_NDENTS; i++) { 1409 if (!IS_ERR_OR_NULL(rawdata->dents[i])) { 1410 /* no refcounts on i_private */ 1411 aafs_remove(rawdata->dents[i]); 1412 rawdata->dents[i] = NULL; 1413 } 1414 } 1415} 1416 1417void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata) 1418{ 1419 AA_BUG(rawdata->ns && !mutex_is_locked(&rawdata->ns->lock)); 1420 1421 if (rawdata->ns) { 1422 remove_rawdata_dents(rawdata); 1423 list_del_init(&rawdata->list); 1424 aa_put_ns(rawdata->ns); 1425 rawdata->ns = NULL; 1426 } 1427} 1428 1429int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata) 1430{ 1431 struct dentry *dent, *dir; 1432 1433 AA_BUG(!ns); 1434 AA_BUG(!rawdata); 1435 AA_BUG(!mutex_is_locked(&ns->lock)); 1436 AA_BUG(!ns_subdata_dir(ns)); 1437 1438 /* 1439 * just use ns revision dir was originally created at. This is 1440 * under ns->lock and if load is successful revision will be 1441 * bumped and is guaranteed to be unique 1442 */ 1443 rawdata->name = kasprintf(GFP_KERNEL, "%ld", ns->revision); 1444 if (!rawdata->name) 1445 return -ENOMEM; 1446 1447 dir = aafs_create_dir(rawdata->name, ns_subdata_dir(ns)); 1448 if (IS_ERR(dir)) 1449 /* ->name freed when rawdata freed */ 1450 return PTR_ERR(dir); 1451 rawdata->dents[AAFS_LOADDATA_DIR] = dir; 1452 1453 dent = aafs_create_file("abi", S_IFREG | 0444, dir, rawdata, 1454 &seq_rawdata_abi_fops); 1455 if (IS_ERR(dent)) 1456 goto fail; 1457 rawdata->dents[AAFS_LOADDATA_ABI] = dent; 1458 1459 dent = aafs_create_file("revision", S_IFREG | 0444, dir, rawdata, 1460 &seq_rawdata_revision_fops); 1461 if (IS_ERR(dent)) 1462 goto fail; 1463 rawdata->dents[AAFS_LOADDATA_REVISION] = dent; 1464 1465 if (aa_g_hash_policy) { 1466 dent = aafs_create_file("sha1", S_IFREG | 0444, dir, 1467 rawdata, &seq_rawdata_hash_fops); 1468 if (IS_ERR(dent)) 1469 goto fail; 1470 rawdata->dents[AAFS_LOADDATA_HASH] = dent; 1471 } 1472 1473 dent = aafs_create_file("compressed_size", S_IFREG | 0444, dir, 1474 rawdata, 1475 &seq_rawdata_compressed_size_fops); 1476 if (IS_ERR(dent)) 1477 goto fail; 1478 rawdata->dents[AAFS_LOADDATA_COMPRESSED_SIZE] = dent; 1479 1480 dent = aafs_create_file("raw_data", S_IFREG | 0444, 1481 dir, rawdata, &rawdata_fops); 1482 if (IS_ERR(dent)) 1483 goto fail; 1484 rawdata->dents[AAFS_LOADDATA_DATA] = dent; 1485 d_inode(dent)->i_size = rawdata->size; 1486 1487 rawdata->ns = aa_get_ns(ns); 1488 list_add(&rawdata->list, &ns->rawdata_list); 1489 /* no refcount on inode rawdata */ 1490 1491 return 0; 1492 1493fail: 1494 remove_rawdata_dents(rawdata); 1495 1496 return PTR_ERR(dent); 1497} 1498 1499/** fns to setup dynamic per profile/namespace files **/ 1500 1501/** 1502 * 1503 * Requires: @profile->ns->lock held 1504 */ 1505void __aafs_profile_rmdir(struct aa_profile *profile) 1506{ 1507 struct aa_profile *child; 1508 int i; 1509 1510 if (!profile) 1511 return; 1512 1513 list_for_each_entry(child, &profile->base.profiles, base.list) 1514 __aafs_profile_rmdir(child); 1515 1516 for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) { 1517 struct aa_proxy *proxy; 1518 if (!profile->dents[i]) 1519 continue; 1520 1521 proxy = d_inode(profile->dents[i])->i_private; 1522 aafs_remove(profile->dents[i]); 1523 aa_put_proxy(proxy); 1524 profile->dents[i] = NULL; 1525 } 1526} 1527 1528/** 1529 * 1530 * Requires: @old->ns->lock held 1531 */ 1532void __aafs_profile_migrate_dents(struct aa_profile *old, 1533 struct aa_profile *new) 1534{ 1535 int i; 1536 1537 AA_BUG(!old); 1538 AA_BUG(!new); 1539 AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock)); 1540 1541 for (i = 0; i < AAFS_PROF_SIZEOF; i++) { 1542 new->dents[i] = old->dents[i]; 1543 if (new->dents[i]) 1544 new->dents[i]->d_inode->i_mtime = current_time(new->dents[i]->d_inode); 1545 old->dents[i] = NULL; 1546 } 1547} 1548 1549static struct dentry *create_profile_file(struct dentry *dir, const char *name, 1550 struct aa_profile *profile, 1551 const struct file_operations *fops) 1552{ 1553 struct aa_proxy *proxy = aa_get_proxy(profile->label.proxy); 1554 struct dentry *dent; 1555 1556 dent = aafs_create_file(name, S_IFREG | 0444, dir, proxy, fops); 1557 if (IS_ERR(dent)) 1558 aa_put_proxy(proxy); 1559 1560 return dent; 1561} 1562 1563static int profile_depth(struct aa_profile *profile) 1564{ 1565 int depth = 0; 1566 1567 rcu_read_lock(); 1568 for (depth = 0; profile; profile = rcu_access_pointer(profile->parent)) 1569 depth++; 1570 rcu_read_unlock(); 1571 1572 return depth; 1573} 1574 1575static char *gen_symlink_name(int depth, const char *dirname, const char *fname) 1576{ 1577 char *buffer, *s; 1578 int error; 1579 int size = depth * 6 + strlen(dirname) + strlen(fname) + 11; 1580 1581 s = buffer = kmalloc(size, GFP_KERNEL); 1582 if (!buffer) 1583 return ERR_PTR(-ENOMEM); 1584 1585 for (; depth > 0; depth--) { 1586 strcpy(s, "../../"); 1587 s += 6; 1588 size -= 6; 1589 } 1590 1591 error = snprintf(s, size, "raw_data/%s/%s", dirname, fname); 1592 if (error >= size || error < 0) { 1593 kfree(buffer); 1594 return ERR_PTR(-ENAMETOOLONG); 1595 } 1596 1597 return buffer; 1598} 1599 1600static void rawdata_link_cb(void *arg) 1601{ 1602 kfree(arg); 1603} 1604 1605static const char *rawdata_get_link_base(struct dentry *dentry, 1606 struct inode *inode, 1607 struct delayed_call *done, 1608 const char *name) 1609{ 1610 struct aa_proxy *proxy = inode->i_private; 1611 struct aa_label *label; 1612 struct aa_profile *profile; 1613 char *target; 1614 int depth; 1615 1616 if (!dentry) 1617 return ERR_PTR(-ECHILD); 1618 1619 label = aa_get_label_rcu(&proxy->label); 1620 profile = labels_profile(label); 1621 depth = profile_depth(profile); 1622 target = gen_symlink_name(depth, profile->rawdata->name, name); 1623 aa_put_label(label); 1624 1625 if (IS_ERR(target)) 1626 return target; 1627 1628 set_delayed_call(done, rawdata_link_cb, target); 1629 1630 return target; 1631} 1632 1633static const char *rawdata_get_link_sha1(struct dentry *dentry, 1634 struct inode *inode, 1635 struct delayed_call *done) 1636{ 1637 return rawdata_get_link_base(dentry, inode, done, "sha1"); 1638} 1639 1640static const char *rawdata_get_link_abi(struct dentry *dentry, 1641 struct inode *inode, 1642 struct delayed_call *done) 1643{ 1644 return rawdata_get_link_base(dentry, inode, done, "abi"); 1645} 1646 1647static const char *rawdata_get_link_data(struct dentry *dentry, 1648 struct inode *inode, 1649 struct delayed_call *done) 1650{ 1651 return rawdata_get_link_base(dentry, inode, done, "raw_data"); 1652} 1653 1654static const struct inode_operations rawdata_link_sha1_iops = { 1655 .get_link = rawdata_get_link_sha1, 1656}; 1657 1658static const struct inode_operations rawdata_link_abi_iops = { 1659 .get_link = rawdata_get_link_abi, 1660}; 1661static const struct inode_operations rawdata_link_data_iops = { 1662 .get_link = rawdata_get_link_data, 1663}; 1664 1665 1666/* 1667 * Requires: @profile->ns->lock held 1668 */ 1669int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) 1670{ 1671 struct aa_profile *child; 1672 struct dentry *dent = NULL, *dir; 1673 int error; 1674 1675 AA_BUG(!profile); 1676 AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock)); 1677 1678 if (!parent) { 1679 struct aa_profile *p; 1680 p = aa_deref_parent(profile); 1681 dent = prof_dir(p); 1682 if (!dent) { 1683 error = -ENOENT; 1684 goto fail2; 1685 } 1686 /* adding to parent that previously didn't have children */ 1687 dent = aafs_create_dir("profiles", dent); 1688 if (IS_ERR(dent)) 1689 goto fail; 1690 prof_child_dir(p) = parent = dent; 1691 } 1692 1693 if (!profile->dirname) { 1694 int len, id_len; 1695 len = mangle_name(profile->base.name, NULL); 1696 id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id); 1697 1698 profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL); 1699 if (!profile->dirname) { 1700 error = -ENOMEM; 1701 goto fail2; 1702 } 1703 1704 mangle_name(profile->base.name, profile->dirname); 1705 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++); 1706 } 1707 1708 dent = aafs_create_dir(profile->dirname, parent); 1709 if (IS_ERR(dent)) 1710 goto fail; 1711 prof_dir(profile) = dir = dent; 1712 1713 dent = create_profile_file(dir, "name", profile, 1714 &seq_profile_name_fops); 1715 if (IS_ERR(dent)) 1716 goto fail; 1717 profile->dents[AAFS_PROF_NAME] = dent; 1718 1719 dent = create_profile_file(dir, "mode", profile, 1720 &seq_profile_mode_fops); 1721 if (IS_ERR(dent)) 1722 goto fail; 1723 profile->dents[AAFS_PROF_MODE] = dent; 1724 1725 dent = create_profile_file(dir, "attach", profile, 1726 &seq_profile_attach_fops); 1727 if (IS_ERR(dent)) 1728 goto fail; 1729 profile->dents[AAFS_PROF_ATTACH] = dent; 1730 1731 if (profile->hash) { 1732 dent = create_profile_file(dir, "sha1", profile, 1733 &seq_profile_hash_fops); 1734 if (IS_ERR(dent)) 1735 goto fail; 1736 profile->dents[AAFS_PROF_HASH] = dent; 1737 } 1738 1739 if (profile->rawdata) { 1740 dent = aafs_create("raw_sha1", S_IFLNK | 0444, dir, 1741 profile->label.proxy, NULL, NULL, 1742 &rawdata_link_sha1_iops); 1743 if (IS_ERR(dent)) 1744 goto fail; 1745 aa_get_proxy(profile->label.proxy); 1746 profile->dents[AAFS_PROF_RAW_HASH] = dent; 1747 1748 dent = aafs_create("raw_abi", S_IFLNK | 0444, dir, 1749 profile->label.proxy, NULL, NULL, 1750 &rawdata_link_abi_iops); 1751 if (IS_ERR(dent)) 1752 goto fail; 1753 aa_get_proxy(profile->label.proxy); 1754 profile->dents[AAFS_PROF_RAW_ABI] = dent; 1755 1756 dent = aafs_create("raw_data", S_IFLNK | 0444, dir, 1757 profile->label.proxy, NULL, NULL, 1758 &rawdata_link_data_iops); 1759 if (IS_ERR(dent)) 1760 goto fail; 1761 aa_get_proxy(profile->label.proxy); 1762 profile->dents[AAFS_PROF_RAW_DATA] = dent; 1763 } 1764 1765 list_for_each_entry(child, &profile->base.profiles, base.list) { 1766 error = __aafs_profile_mkdir(child, prof_child_dir(profile)); 1767 if (error) 1768 goto fail2; 1769 } 1770 1771 return 0; 1772 1773fail: 1774 error = PTR_ERR(dent); 1775 1776fail2: 1777 __aafs_profile_rmdir(profile); 1778 1779 return error; 1780} 1781 1782static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode) 1783{ 1784 struct aa_ns *ns, *parent; 1785 /* TODO: improve permission check */ 1786 struct aa_label *label; 1787 int error; 1788 1789 label = begin_current_label_crit_section(); 1790 error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY); 1791 end_current_label_crit_section(label); 1792 if (error) 1793 return error; 1794 1795 parent = aa_get_ns(dir->i_private); 1796 AA_BUG(d_inode(ns_subns_dir(parent)) != dir); 1797 1798 /* we have to unlock and then relock to get locking order right 1799 * for pin_fs 1800 */ 1801 inode_unlock(dir); 1802 error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count); 1803 mutex_lock_nested(&parent->lock, parent->level); 1804 inode_lock_nested(dir, I_MUTEX_PARENT); 1805 if (error) 1806 goto out; 1807 1808 error = __aafs_setup_d_inode(dir, dentry, mode | S_IFDIR, NULL, 1809 NULL, NULL, NULL); 1810 if (error) 1811 goto out_pin; 1812 1813 ns = __aa_find_or_create_ns(parent, READ_ONCE(dentry->d_name.name), 1814 dentry); 1815 if (IS_ERR(ns)) { 1816 error = PTR_ERR(ns); 1817 ns = NULL; 1818 } 1819 1820 aa_put_ns(ns); /* list ref remains */ 1821out_pin: 1822 if (error) 1823 simple_release_fs(&aafs_mnt, &aafs_count); 1824out: 1825 mutex_unlock(&parent->lock); 1826 aa_put_ns(parent); 1827 1828 return error; 1829} 1830 1831static int ns_rmdir_op(struct inode *dir, struct dentry *dentry) 1832{ 1833 struct aa_ns *ns, *parent; 1834 /* TODO: improve permission check */ 1835 struct aa_label *label; 1836 int error; 1837 1838 label = begin_current_label_crit_section(); 1839 error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY); 1840 end_current_label_crit_section(label); 1841 if (error) 1842 return error; 1843 1844 parent = aa_get_ns(dir->i_private); 1845 /* rmdir calls the generic securityfs functions to remove files 1846 * from the apparmor dir. It is up to the apparmor ns locking 1847 * to avoid races. 1848 */ 1849 inode_unlock(dir); 1850 inode_unlock(dentry->d_inode); 1851 1852 mutex_lock_nested(&parent->lock, parent->level); 1853 ns = aa_get_ns(__aa_findn_ns(&parent->sub_ns, dentry->d_name.name, 1854 dentry->d_name.len)); 1855 if (!ns) { 1856 error = -ENOENT; 1857 goto out; 1858 } 1859 AA_BUG(ns_dir(ns) != dentry); 1860 1861 __aa_remove_ns(ns); 1862 aa_put_ns(ns); 1863 1864out: 1865 mutex_unlock(&parent->lock); 1866 inode_lock_nested(dir, I_MUTEX_PARENT); 1867 inode_lock(dentry->d_inode); 1868 aa_put_ns(parent); 1869 1870 return error; 1871} 1872 1873static const struct inode_operations ns_dir_inode_operations = { 1874 .lookup = simple_lookup, 1875 .mkdir = ns_mkdir_op, 1876 .rmdir = ns_rmdir_op, 1877}; 1878 1879static void __aa_fs_list_remove_rawdata(struct aa_ns *ns) 1880{ 1881 struct aa_loaddata *ent, *tmp; 1882 1883 AA_BUG(!mutex_is_locked(&ns->lock)); 1884 1885 list_for_each_entry_safe(ent, tmp, &ns->rawdata_list, list) 1886 __aa_fs_remove_rawdata(ent); 1887} 1888 1889/** 1890 * 1891 * Requires: @ns->lock held 1892 */ 1893void __aafs_ns_rmdir(struct aa_ns *ns) 1894{ 1895 struct aa_ns *sub; 1896 struct aa_profile *child; 1897 int i; 1898 1899 if (!ns) 1900 return; 1901 AA_BUG(!mutex_is_locked(&ns->lock)); 1902 1903 list_for_each_entry(child, &ns->base.profiles, base.list) 1904 __aafs_profile_rmdir(child); 1905 1906 list_for_each_entry(sub, &ns->sub_ns, base.list) { 1907 mutex_lock_nested(&sub->lock, sub->level); 1908 __aafs_ns_rmdir(sub); 1909 mutex_unlock(&sub->lock); 1910 } 1911 1912 __aa_fs_list_remove_rawdata(ns); 1913 1914 if (ns_subns_dir(ns)) { 1915 sub = d_inode(ns_subns_dir(ns))->i_private; 1916 aa_put_ns(sub); 1917 } 1918 if (ns_subload(ns)) { 1919 sub = d_inode(ns_subload(ns))->i_private; 1920 aa_put_ns(sub); 1921 } 1922 if (ns_subreplace(ns)) { 1923 sub = d_inode(ns_subreplace(ns))->i_private; 1924 aa_put_ns(sub); 1925 } 1926 if (ns_subremove(ns)) { 1927 sub = d_inode(ns_subremove(ns))->i_private; 1928 aa_put_ns(sub); 1929 } 1930 if (ns_subrevision(ns)) { 1931 sub = d_inode(ns_subrevision(ns))->i_private; 1932 aa_put_ns(sub); 1933 } 1934 1935 for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) { 1936 aafs_remove(ns->dents[i]); 1937 ns->dents[i] = NULL; 1938 } 1939} 1940 1941/* assumes cleanup in caller */ 1942static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir) 1943{ 1944 struct dentry *dent; 1945 1946 AA_BUG(!ns); 1947 AA_BUG(!dir); 1948 1949 dent = aafs_create_dir("profiles", dir); 1950 if (IS_ERR(dent)) 1951 return PTR_ERR(dent); 1952 ns_subprofs_dir(ns) = dent; 1953 1954 dent = aafs_create_dir("raw_data", dir); 1955 if (IS_ERR(dent)) 1956 return PTR_ERR(dent); 1957 ns_subdata_dir(ns) = dent; 1958 1959 dent = aafs_create_file("revision", 0444, dir, ns, 1960 &aa_fs_ns_revision_fops); 1961 if (IS_ERR(dent)) 1962 return PTR_ERR(dent); 1963 aa_get_ns(ns); 1964 ns_subrevision(ns) = dent; 1965 1966 dent = aafs_create_file(".load", 0640, dir, ns, 1967 &aa_fs_profile_load); 1968 if (IS_ERR(dent)) 1969 return PTR_ERR(dent); 1970 aa_get_ns(ns); 1971 ns_subload(ns) = dent; 1972 1973 dent = aafs_create_file(".replace", 0640, dir, ns, 1974 &aa_fs_profile_replace); 1975 if (IS_ERR(dent)) 1976 return PTR_ERR(dent); 1977 aa_get_ns(ns); 1978 ns_subreplace(ns) = dent; 1979 1980 dent = aafs_create_file(".remove", 0640, dir, ns, 1981 &aa_fs_profile_remove); 1982 if (IS_ERR(dent)) 1983 return PTR_ERR(dent); 1984 aa_get_ns(ns); 1985 ns_subremove(ns) = dent; 1986 1987 /* use create_dentry so we can supply private data */ 1988 dent = aafs_create("namespaces", S_IFDIR | 0755, dir, ns, NULL, NULL, 1989 &ns_dir_inode_operations); 1990 if (IS_ERR(dent)) 1991 return PTR_ERR(dent); 1992 aa_get_ns(ns); 1993 ns_subns_dir(ns) = dent; 1994 1995 return 0; 1996} 1997 1998/* 1999 * Requires: @ns->lock held 2000 */ 2001int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name, 2002 struct dentry *dent) 2003{ 2004 struct aa_ns *sub; 2005 struct aa_profile *child; 2006 struct dentry *dir; 2007 int error; 2008 2009 AA_BUG(!ns); 2010 AA_BUG(!parent); 2011 AA_BUG(!mutex_is_locked(&ns->lock)); 2012 2013 if (!name) 2014 name = ns->base.name; 2015 2016 if (!dent) { 2017 /* create ns dir if it doesn't already exist */ 2018 dent = aafs_create_dir(name, parent); 2019 if (IS_ERR(dent)) 2020 goto fail; 2021 } else 2022 dget(dent); 2023 ns_dir(ns) = dir = dent; 2024 error = __aafs_ns_mkdir_entries(ns, dir); 2025 if (error) 2026 goto fail2; 2027 2028 /* profiles */ 2029 list_for_each_entry(child, &ns->base.profiles, base.list) { 2030 error = __aafs_profile_mkdir(child, ns_subprofs_dir(ns)); 2031 if (error) 2032 goto fail2; 2033 } 2034 2035 /* subnamespaces */ 2036 list_for_each_entry(sub, &ns->sub_ns, base.list) { 2037 mutex_lock_nested(&sub->lock, sub->level); 2038 error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL); 2039 mutex_unlock(&sub->lock); 2040 if (error) 2041 goto fail2; 2042 } 2043 2044 return 0; 2045 2046fail: 2047 error = PTR_ERR(dent); 2048 2049fail2: 2050 __aafs_ns_rmdir(ns); 2051 2052 return error; 2053} 2054 2055 2056#define list_entry_is_head(pos, head, member) (&pos->member == (head)) 2057 2058/** 2059 * __next_ns - find the next namespace to list 2060 * @root: root namespace to stop search at (NOT NULL) 2061 * @ns: current ns position (NOT NULL) 2062 * 2063 * Find the next namespace from @ns under @root and handle all locking needed 2064 * while switching current namespace. 2065 * 2066 * Returns: next namespace or NULL if at last namespace under @root 2067 * Requires: ns->parent->lock to be held 2068 * NOTE: will not unlock root->lock 2069 */ 2070static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns) 2071{ 2072 struct aa_ns *parent, *next; 2073 2074 AA_BUG(!root); 2075 AA_BUG(!ns); 2076 AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock)); 2077 2078 /* is next namespace a child */ 2079 if (!list_empty(&ns->sub_ns)) { 2080 next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list); 2081 mutex_lock_nested(&next->lock, next->level); 2082 return next; 2083 } 2084 2085 /* check if the next ns is a sibling, parent, gp, .. */ 2086 parent = ns->parent; 2087 while (ns != root) { 2088 mutex_unlock(&ns->lock); 2089 next = list_next_entry(ns, base.list); 2090 if (!list_entry_is_head(next, &parent->sub_ns, base.list)) { 2091 mutex_lock_nested(&next->lock, next->level); 2092 return next; 2093 } 2094 ns = parent; 2095 parent = parent->parent; 2096 } 2097 2098 return NULL; 2099} 2100 2101/** 2102 * __first_profile - find the first profile in a namespace 2103 * @root: namespace that is root of profiles being displayed (NOT NULL) 2104 * @ns: namespace to start in (NOT NULL) 2105 * 2106 * Returns: unrefcounted profile or NULL if no profile 2107 * Requires: profile->ns.lock to be held 2108 */ 2109static struct aa_profile *__first_profile(struct aa_ns *root, 2110 struct aa_ns *ns) 2111{ 2112 AA_BUG(!root); 2113 AA_BUG(ns && !mutex_is_locked(&ns->lock)); 2114 2115 for (; ns; ns = __next_ns(root, ns)) { 2116 if (!list_empty(&ns->base.profiles)) 2117 return list_first_entry(&ns->base.profiles, 2118 struct aa_profile, base.list); 2119 } 2120 return NULL; 2121} 2122 2123/** 2124 * __next_profile - step to the next profile in a profile tree 2125 * @profile: current profile in tree (NOT NULL) 2126 * 2127 * Perform a depth first traversal on the profile tree in a namespace 2128 * 2129 * Returns: next profile or NULL if done 2130 * Requires: profile->ns.lock to be held 2131 */ 2132static struct aa_profile *__next_profile(struct aa_profile *p) 2133{ 2134 struct aa_profile *parent; 2135 struct aa_ns *ns = p->ns; 2136 2137 AA_BUG(!mutex_is_locked(&profiles_ns(p)->lock)); 2138 2139 /* is next profile a child */ 2140 if (!list_empty(&p->base.profiles)) 2141 return list_first_entry(&p->base.profiles, typeof(*p), 2142 base.list); 2143 2144 /* is next profile a sibling, parent sibling, gp, sibling, .. */ 2145 parent = rcu_dereference_protected(p->parent, 2146 mutex_is_locked(&p->ns->lock)); 2147 while (parent) { 2148 p = list_next_entry(p, base.list); 2149 if (!list_entry_is_head(p, &parent->base.profiles, base.list)) 2150 return p; 2151 p = parent; 2152 parent = rcu_dereference_protected(parent->parent, 2153 mutex_is_locked(&parent->ns->lock)); 2154 } 2155 2156 /* is next another profile in the namespace */ 2157 p = list_next_entry(p, base.list); 2158 if (!list_entry_is_head(p, &ns->base.profiles, base.list)) 2159 return p; 2160 2161 return NULL; 2162} 2163 2164/** 2165 * next_profile - step to the next profile in where ever it may be 2166 * @root: root namespace (NOT NULL) 2167 * @profile: current profile (NOT NULL) 2168 * 2169 * Returns: next profile or NULL if there isn't one 2170 */ 2171static struct aa_profile *next_profile(struct aa_ns *root, 2172 struct aa_profile *profile) 2173{ 2174 struct aa_profile *next = __next_profile(profile); 2175 if (next) 2176 return next; 2177 2178 /* finished all profiles in namespace move to next namespace */ 2179 return __first_profile(root, __next_ns(root, profile->ns)); 2180} 2181 2182/** 2183 * p_start - start a depth first traversal of profile tree 2184 * @f: seq_file to fill 2185 * @pos: current position 2186 * 2187 * Returns: first profile under current namespace or NULL if none found 2188 * 2189 * acquires first ns->lock 2190 */ 2191static void *p_start(struct seq_file *f, loff_t *pos) 2192{ 2193 struct aa_profile *profile = NULL; 2194 struct aa_ns *root = aa_get_current_ns(); 2195 loff_t l = *pos; 2196 f->private = root; 2197 2198 /* find the first profile */ 2199 mutex_lock_nested(&root->lock, root->level); 2200 profile = __first_profile(root, root); 2201 2202 /* skip to position */ 2203 for (; profile && l > 0; l--) 2204 profile = next_profile(root, profile); 2205 2206 return profile; 2207} 2208 2209/** 2210 * p_next - read the next profile entry 2211 * @f: seq_file to fill 2212 * @p: profile previously returned 2213 * @pos: current position 2214 * 2215 * Returns: next profile after @p or NULL if none 2216 * 2217 * may acquire/release locks in namespace tree as necessary 2218 */ 2219static void *p_next(struct seq_file *f, void *p, loff_t *pos) 2220{ 2221 struct aa_profile *profile = p; 2222 struct aa_ns *ns = f->private; 2223 (*pos)++; 2224 2225 return next_profile(ns, profile); 2226} 2227 2228/** 2229 * p_stop - stop depth first traversal 2230 * @f: seq_file we are filling 2231 * @p: the last profile writen 2232 * 2233 * Release all locking done by p_start/p_next on namespace tree 2234 */ 2235static void p_stop(struct seq_file *f, void *p) 2236{ 2237 struct aa_profile *profile = p; 2238 struct aa_ns *root = f->private, *ns; 2239 2240 if (profile) { 2241 for (ns = profile->ns; ns && ns != root; ns = ns->parent) 2242 mutex_unlock(&ns->lock); 2243 } 2244 mutex_unlock(&root->lock); 2245 aa_put_ns(root); 2246} 2247 2248/** 2249 * seq_show_profile - show a profile entry 2250 * @f: seq_file to file 2251 * @p: current position (profile) (NOT NULL) 2252 * 2253 * Returns: error on failure 2254 */ 2255static int seq_show_profile(struct seq_file *f, void *p) 2256{ 2257 struct aa_profile *profile = (struct aa_profile *)p; 2258 struct aa_ns *root = f->private; 2259 2260 aa_label_seq_xprint(f, root, &profile->label, 2261 FLAG_SHOW_MODE | FLAG_VIEW_SUBNS, GFP_KERNEL); 2262 seq_putc(f, '\n'); 2263 2264 return 0; 2265} 2266 2267static const struct seq_operations aa_sfs_profiles_op = { 2268 .start = p_start, 2269 .next = p_next, 2270 .stop = p_stop, 2271 .show = seq_show_profile, 2272}; 2273 2274static int profiles_open(struct inode *inode, struct file *file) 2275{ 2276 if (!policy_view_capable(NULL)) 2277 return -EACCES; 2278 2279 return seq_open(file, &aa_sfs_profiles_op); 2280} 2281 2282static int profiles_release(struct inode *inode, struct file *file) 2283{ 2284 return seq_release(inode, file); 2285} 2286 2287static const struct file_operations aa_sfs_profiles_fops = { 2288 .open = profiles_open, 2289 .read = seq_read, 2290 .llseek = seq_lseek, 2291 .release = profiles_release, 2292}; 2293 2294 2295/** Base file system setup **/ 2296static struct aa_sfs_entry aa_sfs_entry_file[] = { 2297 AA_SFS_FILE_STRING("mask", 2298 "create read write exec append mmap_exec link lock"), 2299 { } 2300}; 2301 2302static struct aa_sfs_entry aa_sfs_entry_ptrace[] = { 2303 AA_SFS_FILE_STRING("mask", "read trace"), 2304 { } 2305}; 2306 2307static struct aa_sfs_entry aa_sfs_entry_signal[] = { 2308 AA_SFS_FILE_STRING("mask", AA_SFS_SIG_MASK), 2309 { } 2310}; 2311 2312static struct aa_sfs_entry aa_sfs_entry_attach[] = { 2313 AA_SFS_FILE_BOOLEAN("xattr", 1), 2314 { } 2315}; 2316static struct aa_sfs_entry aa_sfs_entry_domain[] = { 2317 AA_SFS_FILE_BOOLEAN("change_hat", 1), 2318 AA_SFS_FILE_BOOLEAN("change_hatv", 1), 2319 AA_SFS_FILE_BOOLEAN("change_onexec", 1), 2320 AA_SFS_FILE_BOOLEAN("change_profile", 1), 2321 AA_SFS_FILE_BOOLEAN("stack", 1), 2322 AA_SFS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1), 2323 AA_SFS_FILE_BOOLEAN("post_nnp_subset", 1), 2324 AA_SFS_FILE_BOOLEAN("computed_longest_left", 1), 2325 AA_SFS_DIR("attach_conditions", aa_sfs_entry_attach), 2326 AA_SFS_FILE_STRING("version", "1.2"), 2327 { } 2328}; 2329 2330static struct aa_sfs_entry aa_sfs_entry_versions[] = { 2331 AA_SFS_FILE_BOOLEAN("v5", 1), 2332 AA_SFS_FILE_BOOLEAN("v6", 1), 2333 AA_SFS_FILE_BOOLEAN("v7", 1), 2334 AA_SFS_FILE_BOOLEAN("v8", 1), 2335 { } 2336}; 2337 2338static struct aa_sfs_entry aa_sfs_entry_policy[] = { 2339 AA_SFS_DIR("versions", aa_sfs_entry_versions), 2340 AA_SFS_FILE_BOOLEAN("set_load", 1), 2341 /* number of out of band transitions supported */ 2342 AA_SFS_FILE_U64("outofband", MAX_OOB_SUPPORTED), 2343 { } 2344}; 2345 2346static struct aa_sfs_entry aa_sfs_entry_mount[] = { 2347 AA_SFS_FILE_STRING("mask", "mount umount pivot_root"), 2348 { } 2349}; 2350 2351static struct aa_sfs_entry aa_sfs_entry_ns[] = { 2352 AA_SFS_FILE_BOOLEAN("profile", 1), 2353 AA_SFS_FILE_BOOLEAN("pivot_root", 0), 2354 { } 2355}; 2356 2357static struct aa_sfs_entry aa_sfs_entry_query_label[] = { 2358 AA_SFS_FILE_STRING("perms", "allow deny audit quiet"), 2359 AA_SFS_FILE_BOOLEAN("data", 1), 2360 AA_SFS_FILE_BOOLEAN("multi_transaction", 1), 2361 { } 2362}; 2363 2364static struct aa_sfs_entry aa_sfs_entry_query[] = { 2365 AA_SFS_DIR("label", aa_sfs_entry_query_label), 2366 { } 2367}; 2368static struct aa_sfs_entry aa_sfs_entry_features[] = { 2369 AA_SFS_DIR("policy", aa_sfs_entry_policy), 2370 AA_SFS_DIR("domain", aa_sfs_entry_domain), 2371 AA_SFS_DIR("file", aa_sfs_entry_file), 2372 AA_SFS_DIR("network_v8", aa_sfs_entry_network), 2373 AA_SFS_DIR("mount", aa_sfs_entry_mount), 2374 AA_SFS_DIR("namespaces", aa_sfs_entry_ns), 2375 AA_SFS_FILE_U64("capability", VFS_CAP_FLAGS_MASK), 2376 AA_SFS_DIR("rlimit", aa_sfs_entry_rlimit), 2377 AA_SFS_DIR("caps", aa_sfs_entry_caps), 2378 AA_SFS_DIR("ptrace", aa_sfs_entry_ptrace), 2379 AA_SFS_DIR("signal", aa_sfs_entry_signal), 2380 AA_SFS_DIR("query", aa_sfs_entry_query), 2381 { } 2382}; 2383 2384static struct aa_sfs_entry aa_sfs_entry_apparmor[] = { 2385 AA_SFS_FILE_FOPS(".access", 0666, &aa_sfs_access), 2386 AA_SFS_FILE_FOPS(".stacked", 0444, &seq_ns_stacked_fops), 2387 AA_SFS_FILE_FOPS(".ns_stacked", 0444, &seq_ns_nsstacked_fops), 2388 AA_SFS_FILE_FOPS(".ns_level", 0444, &seq_ns_level_fops), 2389 AA_SFS_FILE_FOPS(".ns_name", 0444, &seq_ns_name_fops), 2390 AA_SFS_FILE_FOPS("profiles", 0444, &aa_sfs_profiles_fops), 2391 AA_SFS_DIR("features", aa_sfs_entry_features), 2392 { } 2393}; 2394 2395static struct aa_sfs_entry aa_sfs_entry = 2396 AA_SFS_DIR("apparmor", aa_sfs_entry_apparmor); 2397 2398/** 2399 * entry_create_file - create a file entry in the apparmor securityfs 2400 * @fs_file: aa_sfs_entry to build an entry for (NOT NULL) 2401 * @parent: the parent dentry in the securityfs 2402 * 2403 * Use entry_remove_file to remove entries created with this fn. 2404 */ 2405static int __init entry_create_file(struct aa_sfs_entry *fs_file, 2406 struct dentry *parent) 2407{ 2408 int error = 0; 2409 2410 fs_file->dentry = securityfs_create_file(fs_file->name, 2411 S_IFREG | fs_file->mode, 2412 parent, fs_file, 2413 fs_file->file_ops); 2414 if (IS_ERR(fs_file->dentry)) { 2415 error = PTR_ERR(fs_file->dentry); 2416 fs_file->dentry = NULL; 2417 } 2418 return error; 2419} 2420 2421static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir); 2422/** 2423 * entry_create_dir - recursively create a directory entry in the securityfs 2424 * @fs_dir: aa_sfs_entry (and all child entries) to build (NOT NULL) 2425 * @parent: the parent dentry in the securityfs 2426 * 2427 * Use entry_remove_dir to remove entries created with this fn. 2428 */ 2429static int __init entry_create_dir(struct aa_sfs_entry *fs_dir, 2430 struct dentry *parent) 2431{ 2432 struct aa_sfs_entry *fs_file; 2433 struct dentry *dir; 2434 int error; 2435 2436 dir = securityfs_create_dir(fs_dir->name, parent); 2437 if (IS_ERR(dir)) 2438 return PTR_ERR(dir); 2439 fs_dir->dentry = dir; 2440 2441 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) { 2442 if (fs_file->v_type == AA_SFS_TYPE_DIR) 2443 error = entry_create_dir(fs_file, fs_dir->dentry); 2444 else 2445 error = entry_create_file(fs_file, fs_dir->dentry); 2446 if (error) 2447 goto failed; 2448 } 2449 2450 return 0; 2451 2452failed: 2453 entry_remove_dir(fs_dir); 2454 2455 return error; 2456} 2457 2458/** 2459 * entry_remove_file - drop a single file entry in the apparmor securityfs 2460 * @fs_file: aa_sfs_entry to detach from the securityfs (NOT NULL) 2461 */ 2462static void __init entry_remove_file(struct aa_sfs_entry *fs_file) 2463{ 2464 if (!fs_file->dentry) 2465 return; 2466 2467 securityfs_remove(fs_file->dentry); 2468 fs_file->dentry = NULL; 2469} 2470 2471/** 2472 * entry_remove_dir - recursively drop a directory entry from the securityfs 2473 * @fs_dir: aa_sfs_entry (and all child entries) to detach (NOT NULL) 2474 */ 2475static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir) 2476{ 2477 struct aa_sfs_entry *fs_file; 2478 2479 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) { 2480 if (fs_file->v_type == AA_SFS_TYPE_DIR) 2481 entry_remove_dir(fs_file); 2482 else 2483 entry_remove_file(fs_file); 2484 } 2485 2486 entry_remove_file(fs_dir); 2487} 2488 2489/** 2490 * aa_destroy_aafs - cleanup and free aafs 2491 * 2492 * releases dentries allocated by aa_create_aafs 2493 */ 2494void __init aa_destroy_aafs(void) 2495{ 2496 entry_remove_dir(&aa_sfs_entry); 2497} 2498 2499 2500#define NULL_FILE_NAME ".null" 2501struct path aa_null; 2502 2503static int aa_mk_null_file(struct dentry *parent) 2504{ 2505 struct vfsmount *mount = NULL; 2506 struct dentry *dentry; 2507 struct inode *inode; 2508 int count = 0; 2509 int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count); 2510 2511 if (error) 2512 return error; 2513 2514 inode_lock(d_inode(parent)); 2515 dentry = lookup_one_len(NULL_FILE_NAME, parent, strlen(NULL_FILE_NAME)); 2516 if (IS_ERR(dentry)) { 2517 error = PTR_ERR(dentry); 2518 goto out; 2519 } 2520 inode = new_inode(parent->d_inode->i_sb); 2521 if (!inode) { 2522 error = -ENOMEM; 2523 goto out1; 2524 } 2525 2526 inode->i_ino = get_next_ino(); 2527 inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO; 2528 inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode); 2529 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, 2530 MKDEV(MEM_MAJOR, 3)); 2531 d_instantiate(dentry, inode); 2532 aa_null.dentry = dget(dentry); 2533 aa_null.mnt = mntget(mount); 2534 2535 error = 0; 2536 2537out1: 2538 dput(dentry); 2539out: 2540 inode_unlock(d_inode(parent)); 2541 simple_release_fs(&mount, &count); 2542 return error; 2543} 2544 2545 2546 2547static const char *policy_get_link(struct dentry *dentry, 2548 struct inode *inode, 2549 struct delayed_call *done) 2550{ 2551 struct aa_ns *ns; 2552 struct path path; 2553 int error; 2554 2555 if (!dentry) 2556 return ERR_PTR(-ECHILD); 2557 2558 ns = aa_get_current_ns(); 2559 path.mnt = mntget(aafs_mnt); 2560 path.dentry = dget(ns_dir(ns)); 2561 error = nd_jump_link(&path); 2562 aa_put_ns(ns); 2563 2564 return ERR_PTR(error); 2565} 2566 2567static int policy_readlink(struct dentry *dentry, char __user *buffer, 2568 int buflen) 2569{ 2570 char name[32]; 2571 int res; 2572 2573 res = snprintf(name, sizeof(name), "%s:[%lu]", AAFS_NAME, 2574 d_inode(dentry)->i_ino); 2575 if (res > 0 && res < sizeof(name)) 2576 res = readlink_copy(buffer, buflen, name); 2577 else 2578 res = -ENOENT; 2579 2580 return res; 2581} 2582 2583static const struct inode_operations policy_link_iops = { 2584 .readlink = policy_readlink, 2585 .get_link = policy_get_link, 2586}; 2587 2588 2589/** 2590 * aa_create_aafs - create the apparmor security filesystem 2591 * 2592 * dentries created here are released by aa_destroy_aafs 2593 * 2594 * Returns: error on failure 2595 */ 2596static int __init aa_create_aafs(void) 2597{ 2598 struct dentry *dent; 2599 int error; 2600 2601 if (!apparmor_initialized) 2602 return 0; 2603 2604 if (aa_sfs_entry.dentry) { 2605 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__); 2606 return -EEXIST; 2607 } 2608 2609 /* setup apparmorfs used to virtualize policy/ */ 2610 aafs_mnt = kern_mount(&aafs_ops); 2611 if (IS_ERR(aafs_mnt)) 2612 panic("can't set apparmorfs up\n"); 2613 aafs_mnt->mnt_sb->s_flags &= ~SB_NOUSER; 2614 2615 /* Populate fs tree. */ 2616 error = entry_create_dir(&aa_sfs_entry, NULL); 2617 if (error) 2618 goto error; 2619 2620 dent = securityfs_create_file(".load", 0666, aa_sfs_entry.dentry, 2621 NULL, &aa_fs_profile_load); 2622 if (IS_ERR(dent)) 2623 goto dent_error; 2624 ns_subload(root_ns) = dent; 2625 2626 dent = securityfs_create_file(".replace", 0666, aa_sfs_entry.dentry, 2627 NULL, &aa_fs_profile_replace); 2628 if (IS_ERR(dent)) 2629 goto dent_error; 2630 ns_subreplace(root_ns) = dent; 2631 2632 dent = securityfs_create_file(".remove", 0666, aa_sfs_entry.dentry, 2633 NULL, &aa_fs_profile_remove); 2634 if (IS_ERR(dent)) 2635 goto dent_error; 2636 ns_subremove(root_ns) = dent; 2637 2638 dent = securityfs_create_file("revision", 0444, aa_sfs_entry.dentry, 2639 NULL, &aa_fs_ns_revision_fops); 2640 if (IS_ERR(dent)) 2641 goto dent_error; 2642 ns_subrevision(root_ns) = dent; 2643 2644 /* policy tree referenced by magic policy symlink */ 2645 mutex_lock_nested(&root_ns->lock, root_ns->level); 2646 error = __aafs_ns_mkdir(root_ns, aafs_mnt->mnt_root, ".policy", 2647 aafs_mnt->mnt_root); 2648 mutex_unlock(&root_ns->lock); 2649 if (error) 2650 goto error; 2651 2652 /* magic symlink similar to nsfs redirects based on task policy */ 2653 dent = securityfs_create_symlink("policy", aa_sfs_entry.dentry, 2654 NULL, &policy_link_iops); 2655 if (IS_ERR(dent)) 2656 goto dent_error; 2657 2658 error = aa_mk_null_file(aa_sfs_entry.dentry); 2659 if (error) 2660 goto error; 2661 2662 /* TODO: add default profile to apparmorfs */ 2663 2664 /* Report that AppArmor fs is enabled */ 2665 aa_info_message("AppArmor Filesystem Enabled"); 2666 return 0; 2667 2668dent_error: 2669 error = PTR_ERR(dent); 2670error: 2671 aa_destroy_aafs(); 2672 AA_ERROR("Error creating AppArmor securityfs\n"); 2673 return error; 2674} 2675 2676fs_initcall(aa_create_aafs); 2677