apparmorfs.c (65990B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * AppArmor security module 4 * 5 * This file contains AppArmor /sys/kernel/security/apparmor interface functions 6 * 7 * Copyright (C) 1998-2008 Novell/SUSE 8 * Copyright 2009-2010 Canonical Ltd. 9 */ 10 11#include <linux/ctype.h> 12#include <linux/security.h> 13#include <linux/vmalloc.h> 14#include <linux/init.h> 15#include <linux/seq_file.h> 16#include <linux/uaccess.h> 17#include <linux/mount.h> 18#include <linux/namei.h> 19#include <linux/capability.h> 20#include <linux/rcupdate.h> 21#include <linux/fs.h> 22#include <linux/fs_context.h> 23#include <linux/poll.h> 24#include <linux/zlib.h> 25#include <uapi/linux/major.h> 26#include <uapi/linux/magic.h> 27 28#include "include/apparmor.h" 29#include "include/apparmorfs.h" 30#include "include/audit.h" 31#include "include/cred.h" 32#include "include/crypto.h" 33#include "include/ipc.h" 34#include "include/label.h" 35#include "include/policy.h" 36#include "include/policy_ns.h" 37#include "include/resource.h" 38#include "include/policy_unpack.h" 39 40/* 41 * The apparmor filesystem interface used for policy load and introspection 42 * The interface is split into two main components based on their function 43 * a securityfs component: 44 * used for static files that are always available, and which allows 45 * userspace to specificy the location of the security filesystem. 46 * 47 * fns and data are prefixed with 48 * aa_sfs_ 49 * 50 * an apparmorfs component: 51 * used loaded policy content and introspection. It is not part of a 52 * regular mounted filesystem and is available only through the magic 53 * policy symlink in the root of the securityfs apparmor/ directory. 54 * Tasks queries will be magically redirected to the correct portion 55 * of the policy tree based on their confinement. 56 * 57 * fns and data are prefixed with 58 * aafs_ 59 * 60 * The aa_fs_ prefix is used to indicate the fn is used by both the 61 * securityfs and apparmorfs filesystems. 62 */ 63 64 65/* 66 * support fns 67 */ 68 69struct rawdata_f_data { 70 struct aa_loaddata *loaddata; 71}; 72 73#define RAWDATA_F_DATA_BUF(p) (char *)(p + 1) 74 75static void rawdata_f_data_free(struct rawdata_f_data *private) 76{ 77 if (!private) 78 return; 79 80 aa_put_loaddata(private->loaddata); 81 kvfree(private); 82} 83 84static struct rawdata_f_data *rawdata_f_data_alloc(size_t size) 85{ 86 struct rawdata_f_data *ret; 87 88 if (size > SIZE_MAX - sizeof(*ret)) 89 return ERR_PTR(-EINVAL); 90 91 ret = kvzalloc(sizeof(*ret) + size, GFP_KERNEL); 92 if (!ret) 93 return ERR_PTR(-ENOMEM); 94 95 return ret; 96} 97 98/** 99 * aa_mangle_name - mangle a profile name to std profile layout form 100 * @name: profile name to mangle (NOT NULL) 101 * @target: buffer to store mangled name, same length as @name (MAYBE NULL) 102 * 103 * Returns: length of mangled name 104 */ 105static int mangle_name(const char *name, char *target) 106{ 107 char *t = target; 108 109 while (*name == '/' || *name == '.') 110 name++; 111 112 if (target) { 113 for (; *name; name++) { 114 if (*name == '/') 115 *(t)++ = '.'; 116 else if (isspace(*name)) 117 *(t)++ = '_'; 118 else if (isalnum(*name) || strchr("._-", *name)) 119 *(t)++ = *name; 120 } 121 122 *t = 0; 123 } else { 124 int len = 0; 125 for (; *name; name++) { 126 if (isalnum(*name) || isspace(*name) || 127 strchr("/._-", *name)) 128 len++; 129 } 130 131 return len; 132 } 133 134 return t - target; 135} 136 137 138/* 139 * aafs - core fns and data for the policy tree 140 */ 141 142#define AAFS_NAME "apparmorfs" 143static struct vfsmount *aafs_mnt; 144static int aafs_count; 145 146 147static int aafs_show_path(struct seq_file *seq, struct dentry *dentry) 148{ 149 seq_printf(seq, "%s:[%lu]", AAFS_NAME, d_inode(dentry)->i_ino); 150 return 0; 151} 152 153static void aafs_free_inode(struct inode *inode) 154{ 155 if (S_ISLNK(inode->i_mode)) 156 kfree(inode->i_link); 157 free_inode_nonrcu(inode); 158} 159 160static const struct super_operations aafs_super_ops = { 161 .statfs = simple_statfs, 162 .free_inode = aafs_free_inode, 163 .show_path = aafs_show_path, 164}; 165 166static int apparmorfs_fill_super(struct super_block *sb, struct fs_context *fc) 167{ 168 static struct tree_descr files[] = { {""} }; 169 int error; 170 171 error = simple_fill_super(sb, AAFS_MAGIC, files); 172 if (error) 173 return error; 174 sb->s_op = &aafs_super_ops; 175 176 return 0; 177} 178 179static int apparmorfs_get_tree(struct fs_context *fc) 180{ 181 return get_tree_single(fc, apparmorfs_fill_super); 182} 183 184static const struct fs_context_operations apparmorfs_context_ops = { 185 .get_tree = apparmorfs_get_tree, 186}; 187 188static int apparmorfs_init_fs_context(struct fs_context *fc) 189{ 190 fc->ops = &apparmorfs_context_ops; 191 return 0; 192} 193 194static struct file_system_type aafs_ops = { 195 .owner = THIS_MODULE, 196 .name = AAFS_NAME, 197 .init_fs_context = apparmorfs_init_fs_context, 198 .kill_sb = kill_anon_super, 199}; 200 201/** 202 * __aafs_setup_d_inode - basic inode setup for apparmorfs 203 * @dir: parent directory for the dentry 204 * @dentry: dentry we are seting the inode up for 205 * @mode: permissions the file should have 206 * @data: data to store on inode.i_private, available in open() 207 * @link: if symlink, symlink target string 208 * @fops: struct file_operations that should be used 209 * @iops: struct of inode_operations that should be used 210 */ 211static int __aafs_setup_d_inode(struct inode *dir, struct dentry *dentry, 212 umode_t mode, void *data, char *link, 213 const struct file_operations *fops, 214 const struct inode_operations *iops) 215{ 216 struct inode *inode = new_inode(dir->i_sb); 217 218 AA_BUG(!dir); 219 AA_BUG(!dentry); 220 221 if (!inode) 222 return -ENOMEM; 223 224 inode->i_ino = get_next_ino(); 225 inode->i_mode = mode; 226 inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode); 227 inode->i_private = data; 228 if (S_ISDIR(mode)) { 229 inode->i_op = iops ? iops : &simple_dir_inode_operations; 230 inode->i_fop = &simple_dir_operations; 231 inc_nlink(inode); 232 inc_nlink(dir); 233 } else if (S_ISLNK(mode)) { 234 inode->i_op = iops ? iops : &simple_symlink_inode_operations; 235 inode->i_link = link; 236 } else { 237 inode->i_fop = fops; 238 } 239 d_instantiate(dentry, inode); 240 dget(dentry); 241 242 return 0; 243} 244 245/** 246 * aafs_create - create a dentry in the apparmorfs filesystem 247 * 248 * @name: name of dentry to create 249 * @mode: permissions the file should have 250 * @parent: parent directory for this dentry 251 * @data: data to store on inode.i_private, available in open() 252 * @link: if symlink, symlink target string 253 * @fops: struct file_operations that should be used for 254 * @iops: struct of inode_operations that should be used 255 * 256 * This is the basic "create a xxx" function for apparmorfs. 257 * 258 * Returns a pointer to a dentry if it succeeds, that must be free with 259 * aafs_remove(). Will return ERR_PTR on failure. 260 */ 261static struct dentry *aafs_create(const char *name, umode_t mode, 262 struct dentry *parent, void *data, void *link, 263 const struct file_operations *fops, 264 const struct inode_operations *iops) 265{ 266 struct dentry *dentry; 267 struct inode *dir; 268 int error; 269 270 AA_BUG(!name); 271 AA_BUG(!parent); 272 273 if (!(mode & S_IFMT)) 274 mode = (mode & S_IALLUGO) | S_IFREG; 275 276 error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count); 277 if (error) 278 return ERR_PTR(error); 279 280 dir = d_inode(parent); 281 282 inode_lock(dir); 283 dentry = lookup_one_len(name, parent, strlen(name)); 284 if (IS_ERR(dentry)) { 285 error = PTR_ERR(dentry); 286 goto fail_lock; 287 } 288 289 if (d_really_is_positive(dentry)) { 290 error = -EEXIST; 291 goto fail_dentry; 292 } 293 294 error = __aafs_setup_d_inode(dir, dentry, mode, data, link, fops, iops); 295 if (error) 296 goto fail_dentry; 297 inode_unlock(dir); 298 299 return dentry; 300 301fail_dentry: 302 dput(dentry); 303 304fail_lock: 305 inode_unlock(dir); 306 simple_release_fs(&aafs_mnt, &aafs_count); 307 308 return ERR_PTR(error); 309} 310 311/** 312 * aafs_create_file - create a file in the apparmorfs filesystem 313 * 314 * @name: name of dentry to create 315 * @mode: permissions the file should have 316 * @parent: parent directory for this dentry 317 * @data: data to store on inode.i_private, available in open() 318 * @fops: struct file_operations that should be used for 319 * 320 * see aafs_create 321 */ 322static struct dentry *aafs_create_file(const char *name, umode_t mode, 323 struct dentry *parent, void *data, 324 const struct file_operations *fops) 325{ 326 return aafs_create(name, mode, parent, data, NULL, fops, NULL); 327} 328 329/** 330 * aafs_create_dir - create a directory in the apparmorfs filesystem 331 * 332 * @name: name of dentry to create 333 * @parent: parent directory for this dentry 334 * 335 * see aafs_create 336 */ 337static struct dentry *aafs_create_dir(const char *name, struct dentry *parent) 338{ 339 return aafs_create(name, S_IFDIR | 0755, parent, NULL, NULL, NULL, 340 NULL); 341} 342 343/** 344 * aafs_remove - removes a file or directory from the apparmorfs filesystem 345 * 346 * @dentry: dentry of the file/directory/symlink to removed. 347 */ 348static void aafs_remove(struct dentry *dentry) 349{ 350 struct inode *dir; 351 352 if (!dentry || IS_ERR(dentry)) 353 return; 354 355 dir = d_inode(dentry->d_parent); 356 inode_lock(dir); 357 if (simple_positive(dentry)) { 358 if (d_is_dir(dentry)) 359 simple_rmdir(dir, dentry); 360 else 361 simple_unlink(dir, dentry); 362 d_delete(dentry); 363 dput(dentry); 364 } 365 inode_unlock(dir); 366 simple_release_fs(&aafs_mnt, &aafs_count); 367} 368 369 370/* 371 * aa_fs - policy load/replace/remove 372 */ 373 374/** 375 * aa_simple_write_to_buffer - common routine for getting policy from user 376 * @userbuf: user buffer to copy data from (NOT NULL) 377 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size) 378 * @copy_size: size of data to copy from user buffer 379 * @pos: position write is at in the file (NOT NULL) 380 * 381 * Returns: kernel buffer containing copy of user buffer data or an 382 * ERR_PTR on failure. 383 */ 384static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf, 385 size_t alloc_size, 386 size_t copy_size, 387 loff_t *pos) 388{ 389 struct aa_loaddata *data; 390 391 AA_BUG(copy_size > alloc_size); 392 393 if (*pos != 0) 394 /* only writes from pos 0, that is complete writes */ 395 return ERR_PTR(-ESPIPE); 396 397 /* freed by caller to simple_write_to_buffer */ 398 data = aa_loaddata_alloc(alloc_size); 399 if (IS_ERR(data)) 400 return data; 401 402 data->size = copy_size; 403 if (copy_from_user(data->data, userbuf, copy_size)) { 404 kvfree(data); 405 return ERR_PTR(-EFAULT); 406 } 407 408 return data; 409} 410 411static ssize_t policy_update(u32 mask, const char __user *buf, size_t size, 412 loff_t *pos, struct aa_ns *ns) 413{ 414 struct aa_loaddata *data; 415 struct aa_label *label; 416 ssize_t error; 417 418 label = begin_current_label_crit_section(); 419 420 /* high level check about policy management - fine grained in 421 * below after unpack 422 */ 423 error = aa_may_manage_policy(label, ns, mask); 424 if (error) 425 goto end_section; 426 427 data = aa_simple_write_to_buffer(buf, size, size, pos); 428 error = PTR_ERR(data); 429 if (!IS_ERR(data)) { 430 error = aa_replace_profiles(ns, label, mask, data); 431 aa_put_loaddata(data); 432 } 433end_section: 434 end_current_label_crit_section(label); 435 436 return error; 437} 438 439/* .load file hook fn to load policy */ 440static ssize_t profile_load(struct file *f, const char __user *buf, size_t size, 441 loff_t *pos) 442{ 443 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); 444 int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns); 445 446 aa_put_ns(ns); 447 448 return error; 449} 450 451static const struct file_operations aa_fs_profile_load = { 452 .write = profile_load, 453 .llseek = default_llseek, 454}; 455 456/* .replace file hook fn to load and/or replace policy */ 457static ssize_t profile_replace(struct file *f, const char __user *buf, 458 size_t size, loff_t *pos) 459{ 460 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); 461 int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY, 462 buf, size, pos, ns); 463 aa_put_ns(ns); 464 465 return error; 466} 467 468static const struct file_operations aa_fs_profile_replace = { 469 .write = profile_replace, 470 .llseek = default_llseek, 471}; 472 473/* .remove file hook fn to remove loaded policy */ 474static ssize_t profile_remove(struct file *f, const char __user *buf, 475 size_t size, loff_t *pos) 476{ 477 struct aa_loaddata *data; 478 struct aa_label *label; 479 ssize_t error; 480 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); 481 482 label = begin_current_label_crit_section(); 483 /* high level check about policy management - fine grained in 484 * below after unpack 485 */ 486 error = aa_may_manage_policy(label, ns, AA_MAY_REMOVE_POLICY); 487 if (error) 488 goto out; 489 490 /* 491 * aa_remove_profile needs a null terminated string so 1 extra 492 * byte is allocated and the copied data is null terminated. 493 */ 494 data = aa_simple_write_to_buffer(buf, size + 1, size, pos); 495 496 error = PTR_ERR(data); 497 if (!IS_ERR(data)) { 498 data->data[size] = 0; 499 error = aa_remove_profiles(ns, label, data->data, size); 500 aa_put_loaddata(data); 501 } 502 out: 503 end_current_label_crit_section(label); 504 aa_put_ns(ns); 505 return error; 506} 507 508static const struct file_operations aa_fs_profile_remove = { 509 .write = profile_remove, 510 .llseek = default_llseek, 511}; 512 513struct aa_revision { 514 struct aa_ns *ns; 515 long last_read; 516}; 517 518/* revision file hook fn for policy loads */ 519static int ns_revision_release(struct inode *inode, struct file *file) 520{ 521 struct aa_revision *rev = file->private_data; 522 523 if (rev) { 524 aa_put_ns(rev->ns); 525 kfree(rev); 526 } 527 528 return 0; 529} 530 531static ssize_t ns_revision_read(struct file *file, char __user *buf, 532 size_t size, loff_t *ppos) 533{ 534 struct aa_revision *rev = file->private_data; 535 char buffer[32]; 536 long last_read; 537 int avail; 538 539 mutex_lock_nested(&rev->ns->lock, rev->ns->level); 540 last_read = rev->last_read; 541 if (last_read == rev->ns->revision) { 542 mutex_unlock(&rev->ns->lock); 543 if (file->f_flags & O_NONBLOCK) 544 return -EAGAIN; 545 if (wait_event_interruptible(rev->ns->wait, 546 last_read != 547 READ_ONCE(rev->ns->revision))) 548 return -ERESTARTSYS; 549 mutex_lock_nested(&rev->ns->lock, rev->ns->level); 550 } 551 552 avail = sprintf(buffer, "%ld\n", rev->ns->revision); 553 if (*ppos + size > avail) { 554 rev->last_read = rev->ns->revision; 555 *ppos = 0; 556 } 557 mutex_unlock(&rev->ns->lock); 558 559 return simple_read_from_buffer(buf, size, ppos, buffer, avail); 560} 561 562static int ns_revision_open(struct inode *inode, struct file *file) 563{ 564 struct aa_revision *rev = kzalloc(sizeof(*rev), GFP_KERNEL); 565 566 if (!rev) 567 return -ENOMEM; 568 569 rev->ns = aa_get_ns(inode->i_private); 570 if (!rev->ns) 571 rev->ns = aa_get_current_ns(); 572 file->private_data = rev; 573 574 return 0; 575} 576 577static __poll_t ns_revision_poll(struct file *file, poll_table *pt) 578{ 579 struct aa_revision *rev = file->private_data; 580 __poll_t mask = 0; 581 582 if (rev) { 583 mutex_lock_nested(&rev->ns->lock, rev->ns->level); 584 poll_wait(file, &rev->ns->wait, pt); 585 if (rev->last_read < rev->ns->revision) 586 mask |= EPOLLIN | EPOLLRDNORM; 587 mutex_unlock(&rev->ns->lock); 588 } 589 590 return mask; 591} 592 593void __aa_bump_ns_revision(struct aa_ns *ns) 594{ 595 WRITE_ONCE(ns->revision, READ_ONCE(ns->revision) + 1); 596 wake_up_interruptible(&ns->wait); 597} 598 599static const struct file_operations aa_fs_ns_revision_fops = { 600 .owner = THIS_MODULE, 601 .open = ns_revision_open, 602 .poll = ns_revision_poll, 603 .read = ns_revision_read, 604 .llseek = generic_file_llseek, 605 .release = ns_revision_release, 606}; 607 608static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms, 609 const char *match_str, size_t match_len) 610{ 611 struct aa_perms tmp = { }; 612 struct aa_dfa *dfa; 613 unsigned int state = 0; 614 615 if (profile_unconfined(profile)) 616 return; 617 if (profile->file.dfa && *match_str == AA_CLASS_FILE) { 618 dfa = profile->file.dfa; 619 state = aa_dfa_match_len(dfa, profile->file.start, 620 match_str + 1, match_len - 1); 621 if (state) { 622 struct path_cond cond = { }; 623 624 tmp = aa_compute_fperms(dfa, state, &cond); 625 } 626 } else if (profile->policy.dfa) { 627 if (!PROFILE_MEDIATES(profile, *match_str)) 628 return; /* no change to current perms */ 629 dfa = profile->policy.dfa; 630 state = aa_dfa_match_len(dfa, profile->policy.start[0], 631 match_str, match_len); 632 if (state) 633 aa_compute_perms(dfa, state, &tmp); 634 } 635 aa_apply_modes_to_perms(profile, &tmp); 636 aa_perms_accum_raw(perms, &tmp); 637} 638 639 640/** 641 * query_data - queries a policy and writes its data to buf 642 * @buf: the resulting data is stored here (NOT NULL) 643 * @buf_len: size of buf 644 * @query: query string used to retrieve data 645 * @query_len: size of query including second NUL byte 646 * 647 * The buffers pointed to by buf and query may overlap. The query buffer is 648 * parsed before buf is written to. 649 * 650 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of 651 * the security confinement context and <KEY> is the name of the data to 652 * retrieve. <LABEL> and <KEY> must not be NUL-terminated. 653 * 654 * Don't expect the contents of buf to be preserved on failure. 655 * 656 * Returns: number of characters written to buf or -errno on failure 657 */ 658static ssize_t query_data(char *buf, size_t buf_len, 659 char *query, size_t query_len) 660{ 661 char *out; 662 const char *key; 663 struct label_it i; 664 struct aa_label *label, *curr; 665 struct aa_profile *profile; 666 struct aa_data *data; 667 u32 bytes, blocks; 668 __le32 outle32; 669 670 if (!query_len) 671 return -EINVAL; /* need a query */ 672 673 key = query + strnlen(query, query_len) + 1; 674 if (key + 1 >= query + query_len) 675 return -EINVAL; /* not enough space for a non-empty key */ 676 if (key + strnlen(key, query + query_len - key) >= query + query_len) 677 return -EINVAL; /* must end with NUL */ 678 679 if (buf_len < sizeof(bytes) + sizeof(blocks)) 680 return -EINVAL; /* not enough space */ 681 682 curr = begin_current_label_crit_section(); 683 label = aa_label_parse(curr, query, GFP_KERNEL, false, false); 684 end_current_label_crit_section(curr); 685 if (IS_ERR(label)) 686 return PTR_ERR(label); 687 688 /* We are going to leave space for two numbers. The first is the total 689 * number of bytes we are writing after the first number. This is so 690 * users can read the full output without reallocation. 691 * 692 * The second number is the number of data blocks we're writing. An 693 * application might be confined by multiple policies having data in 694 * the same key. 695 */ 696 memset(buf, 0, sizeof(bytes) + sizeof(blocks)); 697 out = buf + sizeof(bytes) + sizeof(blocks); 698 699 blocks = 0; 700 label_for_each_confined(i, label, profile) { 701 if (!profile->data) 702 continue; 703 704 data = rhashtable_lookup_fast(profile->data, &key, 705 profile->data->p); 706 707 if (data) { 708 if (out + sizeof(outle32) + data->size > buf + 709 buf_len) { 710 aa_put_label(label); 711 return -EINVAL; /* not enough space */ 712 } 713 outle32 = __cpu_to_le32(data->size); 714 memcpy(out, &outle32, sizeof(outle32)); 715 out += sizeof(outle32); 716 memcpy(out, data->data, data->size); 717 out += data->size; 718 blocks++; 719 } 720 } 721 aa_put_label(label); 722 723 outle32 = __cpu_to_le32(out - buf - sizeof(bytes)); 724 memcpy(buf, &outle32, sizeof(outle32)); 725 outle32 = __cpu_to_le32(blocks); 726 memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32)); 727 728 return out - buf; 729} 730 731/** 732 * query_label - queries a label and writes permissions to buf 733 * @buf: the resulting permissions string is stored here (NOT NULL) 734 * @buf_len: size of buf 735 * @query: binary query string to match against the dfa 736 * @query_len: size of query 737 * @view_only: only compute for querier's view 738 * 739 * The buffers pointed to by buf and query may overlap. The query buffer is 740 * parsed before buf is written to. 741 * 742 * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is 743 * the name of the label, in the current namespace, that is to be queried and 744 * DFA_STRING is a binary string to match against the label(s)'s DFA. 745 * 746 * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters 747 * but must *not* be NUL terminated. 748 * 749 * Returns: number of characters written to buf or -errno on failure 750 */ 751static ssize_t query_label(char *buf, size_t buf_len, 752 char *query, size_t query_len, bool view_only) 753{ 754 struct aa_profile *profile; 755 struct aa_label *label, *curr; 756 char *label_name, *match_str; 757 size_t label_name_len, match_len; 758 struct aa_perms perms; 759 struct label_it i; 760 761 if (!query_len) 762 return -EINVAL; 763 764 label_name = query; 765 label_name_len = strnlen(query, query_len); 766 if (!label_name_len || label_name_len == query_len) 767 return -EINVAL; 768 769 /** 770 * The extra byte is to account for the null byte between the 771 * profile name and dfa string. profile_name_len is greater 772 * than zero and less than query_len, so a byte can be safely 773 * added or subtracted. 774 */ 775 match_str = label_name + label_name_len + 1; 776 match_len = query_len - label_name_len - 1; 777 778 curr = begin_current_label_crit_section(); 779 label = aa_label_parse(curr, label_name, GFP_KERNEL, false, false); 780 end_current_label_crit_section(curr); 781 if (IS_ERR(label)) 782 return PTR_ERR(label); 783 784 perms = allperms; 785 if (view_only) { 786 label_for_each_in_ns(i, labels_ns(label), label, profile) { 787 profile_query_cb(profile, &perms, match_str, match_len); 788 } 789 } else { 790 label_for_each(i, label, profile) { 791 profile_query_cb(profile, &perms, match_str, match_len); 792 } 793 } 794 aa_put_label(label); 795 796 return scnprintf(buf, buf_len, 797 "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n", 798 perms.allow, perms.deny, perms.audit, perms.quiet); 799} 800 801/* 802 * Transaction based IO. 803 * The file expects a write which triggers the transaction, and then 804 * possibly a read(s) which collects the result - which is stored in a 805 * file-local buffer. Once a new write is performed, a new set of results 806 * are stored in the file-local buffer. 807 */ 808struct multi_transaction { 809 struct kref count; 810 ssize_t size; 811 char data[]; 812}; 813 814#define MULTI_TRANSACTION_LIMIT (PAGE_SIZE - sizeof(struct multi_transaction)) 815 816static void multi_transaction_kref(struct kref *kref) 817{ 818 struct multi_transaction *t; 819 820 t = container_of(kref, struct multi_transaction, count); 821 free_page((unsigned long) t); 822} 823 824static struct multi_transaction * 825get_multi_transaction(struct multi_transaction *t) 826{ 827 if (t) 828 kref_get(&(t->count)); 829 830 return t; 831} 832 833static void put_multi_transaction(struct multi_transaction *t) 834{ 835 if (t) 836 kref_put(&(t->count), multi_transaction_kref); 837} 838 839/* does not increment @new's count */ 840static void multi_transaction_set(struct file *file, 841 struct multi_transaction *new, size_t n) 842{ 843 struct multi_transaction *old; 844 845 AA_BUG(n > MULTI_TRANSACTION_LIMIT); 846 847 new->size = n; 848 spin_lock(&file->f_lock); 849 old = (struct multi_transaction *) file->private_data; 850 file->private_data = new; 851 spin_unlock(&file->f_lock); 852 put_multi_transaction(old); 853} 854 855static struct multi_transaction *multi_transaction_new(struct file *file, 856 const char __user *buf, 857 size_t size) 858{ 859 struct multi_transaction *t; 860 861 if (size > MULTI_TRANSACTION_LIMIT - 1) 862 return ERR_PTR(-EFBIG); 863 864 t = (struct multi_transaction *)get_zeroed_page(GFP_KERNEL); 865 if (!t) 866 return ERR_PTR(-ENOMEM); 867 kref_init(&t->count); 868 if (copy_from_user(t->data, buf, size)) 869 return ERR_PTR(-EFAULT); 870 871 return t; 872} 873 874static ssize_t multi_transaction_read(struct file *file, char __user *buf, 875 size_t size, loff_t *pos) 876{ 877 struct multi_transaction *t; 878 ssize_t ret; 879 880 spin_lock(&file->f_lock); 881 t = get_multi_transaction(file->private_data); 882 spin_unlock(&file->f_lock); 883 884 if (!t) 885 return 0; 886 887 ret = simple_read_from_buffer(buf, size, pos, t->data, t->size); 888 put_multi_transaction(t); 889 890 return ret; 891} 892 893static int multi_transaction_release(struct inode *inode, struct file *file) 894{ 895 put_multi_transaction(file->private_data); 896 897 return 0; 898} 899 900#define QUERY_CMD_LABEL "label\0" 901#define QUERY_CMD_LABEL_LEN 6 902#define QUERY_CMD_PROFILE "profile\0" 903#define QUERY_CMD_PROFILE_LEN 8 904#define QUERY_CMD_LABELALL "labelall\0" 905#define QUERY_CMD_LABELALL_LEN 9 906#define QUERY_CMD_DATA "data\0" 907#define QUERY_CMD_DATA_LEN 5 908 909/** 910 * aa_write_access - generic permissions and data query 911 * @file: pointer to open apparmorfs/access file 912 * @ubuf: user buffer containing the complete query string (NOT NULL) 913 * @count: size of ubuf 914 * @ppos: position in the file (MUST BE ZERO) 915 * 916 * Allows for one permissions or data query per open(), write(), and read() 917 * sequence. The only queries currently supported are label-based queries for 918 * permissions or data. 919 * 920 * For permissions queries, ubuf must begin with "label\0", followed by the 921 * profile query specific format described in the query_label() function 922 * documentation. 923 * 924 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where 925 * <LABEL> is the name of the security confinement context and <KEY> is the 926 * name of the data to retrieve. 927 * 928 * Returns: number of bytes written or -errno on failure 929 */ 930static ssize_t aa_write_access(struct file *file, const char __user *ubuf, 931 size_t count, loff_t *ppos) 932{ 933 struct multi_transaction *t; 934 ssize_t len; 935 936 if (*ppos) 937 return -ESPIPE; 938 939 t = multi_transaction_new(file, ubuf, count); 940 if (IS_ERR(t)) 941 return PTR_ERR(t); 942 943 if (count > QUERY_CMD_PROFILE_LEN && 944 !memcmp(t->data, QUERY_CMD_PROFILE, QUERY_CMD_PROFILE_LEN)) { 945 len = query_label(t->data, MULTI_TRANSACTION_LIMIT, 946 t->data + QUERY_CMD_PROFILE_LEN, 947 count - QUERY_CMD_PROFILE_LEN, true); 948 } else if (count > QUERY_CMD_LABEL_LEN && 949 !memcmp(t->data, QUERY_CMD_LABEL, QUERY_CMD_LABEL_LEN)) { 950 len = query_label(t->data, MULTI_TRANSACTION_LIMIT, 951 t->data + QUERY_CMD_LABEL_LEN, 952 count - QUERY_CMD_LABEL_LEN, true); 953 } else if (count > QUERY_CMD_LABELALL_LEN && 954 !memcmp(t->data, QUERY_CMD_LABELALL, 955 QUERY_CMD_LABELALL_LEN)) { 956 len = query_label(t->data, MULTI_TRANSACTION_LIMIT, 957 t->data + QUERY_CMD_LABELALL_LEN, 958 count - QUERY_CMD_LABELALL_LEN, false); 959 } else if (count > QUERY_CMD_DATA_LEN && 960 !memcmp(t->data, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) { 961 len = query_data(t->data, MULTI_TRANSACTION_LIMIT, 962 t->data + QUERY_CMD_DATA_LEN, 963 count - QUERY_CMD_DATA_LEN); 964 } else 965 len = -EINVAL; 966 967 if (len < 0) { 968 put_multi_transaction(t); 969 return len; 970 } 971 972 multi_transaction_set(file, t, len); 973 974 return count; 975} 976 977static const struct file_operations aa_sfs_access = { 978 .write = aa_write_access, 979 .read = multi_transaction_read, 980 .release = multi_transaction_release, 981 .llseek = generic_file_llseek, 982}; 983 984static int aa_sfs_seq_show(struct seq_file *seq, void *v) 985{ 986 struct aa_sfs_entry *fs_file = seq->private; 987 988 if (!fs_file) 989 return 0; 990 991 switch (fs_file->v_type) { 992 case AA_SFS_TYPE_BOOLEAN: 993 seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no"); 994 break; 995 case AA_SFS_TYPE_STRING: 996 seq_printf(seq, "%s\n", fs_file->v.string); 997 break; 998 case AA_SFS_TYPE_U64: 999 seq_printf(seq, "%#08lx\n", fs_file->v.u64); 1000 break; 1001 default: 1002 /* Ignore unpritable entry types. */ 1003 break; 1004 } 1005 1006 return 0; 1007} 1008 1009static int aa_sfs_seq_open(struct inode *inode, struct file *file) 1010{ 1011 return single_open(file, aa_sfs_seq_show, inode->i_private); 1012} 1013 1014const struct file_operations aa_sfs_seq_file_ops = { 1015 .owner = THIS_MODULE, 1016 .open = aa_sfs_seq_open, 1017 .read = seq_read, 1018 .llseek = seq_lseek, 1019 .release = single_release, 1020}; 1021 1022/* 1023 * profile based file operations 1024 * policy/profiles/XXXX/profiles/ * 1025 */ 1026 1027#define SEQ_PROFILE_FOPS(NAME) \ 1028static int seq_profile_ ##NAME ##_open(struct inode *inode, struct file *file)\ 1029{ \ 1030 return seq_profile_open(inode, file, seq_profile_ ##NAME ##_show); \ 1031} \ 1032 \ 1033static const struct file_operations seq_profile_ ##NAME ##_fops = { \ 1034 .owner = THIS_MODULE, \ 1035 .open = seq_profile_ ##NAME ##_open, \ 1036 .read = seq_read, \ 1037 .llseek = seq_lseek, \ 1038 .release = seq_profile_release, \ 1039} \ 1040 1041static int seq_profile_open(struct inode *inode, struct file *file, 1042 int (*show)(struct seq_file *, void *)) 1043{ 1044 struct aa_proxy *proxy = aa_get_proxy(inode->i_private); 1045 int error = single_open(file, show, proxy); 1046 1047 if (error) { 1048 file->private_data = NULL; 1049 aa_put_proxy(proxy); 1050 } 1051 1052 return error; 1053} 1054 1055static int seq_profile_release(struct inode *inode, struct file *file) 1056{ 1057 struct seq_file *seq = (struct seq_file *) file->private_data; 1058 if (seq) 1059 aa_put_proxy(seq->private); 1060 return single_release(inode, file); 1061} 1062 1063static int seq_profile_name_show(struct seq_file *seq, void *v) 1064{ 1065 struct aa_proxy *proxy = seq->private; 1066 struct aa_label *label = aa_get_label_rcu(&proxy->label); 1067 struct aa_profile *profile = labels_profile(label); 1068 seq_printf(seq, "%s\n", profile->base.name); 1069 aa_put_label(label); 1070 1071 return 0; 1072} 1073 1074static int seq_profile_mode_show(struct seq_file *seq, void *v) 1075{ 1076 struct aa_proxy *proxy = seq->private; 1077 struct aa_label *label = aa_get_label_rcu(&proxy->label); 1078 struct aa_profile *profile = labels_profile(label); 1079 seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]); 1080 aa_put_label(label); 1081 1082 return 0; 1083} 1084 1085static int seq_profile_attach_show(struct seq_file *seq, void *v) 1086{ 1087 struct aa_proxy *proxy = seq->private; 1088 struct aa_label *label = aa_get_label_rcu(&proxy->label); 1089 struct aa_profile *profile = labels_profile(label); 1090 if (profile->attach) 1091 seq_printf(seq, "%s\n", profile->attach); 1092 else if (profile->xmatch) 1093 seq_puts(seq, "<unknown>\n"); 1094 else 1095 seq_printf(seq, "%s\n", profile->base.name); 1096 aa_put_label(label); 1097 1098 return 0; 1099} 1100 1101static int seq_profile_hash_show(struct seq_file *seq, void *v) 1102{ 1103 struct aa_proxy *proxy = seq->private; 1104 struct aa_label *label = aa_get_label_rcu(&proxy->label); 1105 struct aa_profile *profile = labels_profile(label); 1106 unsigned int i, size = aa_hash_size(); 1107 1108 if (profile->hash) { 1109 for (i = 0; i < size; i++) 1110 seq_printf(seq, "%.2x", profile->hash[i]); 1111 seq_putc(seq, '\n'); 1112 } 1113 aa_put_label(label); 1114 1115 return 0; 1116} 1117 1118SEQ_PROFILE_FOPS(name); 1119SEQ_PROFILE_FOPS(mode); 1120SEQ_PROFILE_FOPS(attach); 1121SEQ_PROFILE_FOPS(hash); 1122 1123/* 1124 * namespace based files 1125 * several root files and 1126 * policy/ * 1127 */ 1128 1129#define SEQ_NS_FOPS(NAME) \ 1130static int seq_ns_ ##NAME ##_open(struct inode *inode, struct file *file) \ 1131{ \ 1132 return single_open(file, seq_ns_ ##NAME ##_show, inode->i_private); \ 1133} \ 1134 \ 1135static const struct file_operations seq_ns_ ##NAME ##_fops = { \ 1136 .owner = THIS_MODULE, \ 1137 .open = seq_ns_ ##NAME ##_open, \ 1138 .read = seq_read, \ 1139 .llseek = seq_lseek, \ 1140 .release = single_release, \ 1141} \ 1142 1143static int seq_ns_stacked_show(struct seq_file *seq, void *v) 1144{ 1145 struct aa_label *label; 1146 1147 label = begin_current_label_crit_section(); 1148 seq_printf(seq, "%s\n", label->size > 1 ? "yes" : "no"); 1149 end_current_label_crit_section(label); 1150 1151 return 0; 1152} 1153 1154static int seq_ns_nsstacked_show(struct seq_file *seq, void *v) 1155{ 1156 struct aa_label *label; 1157 struct aa_profile *profile; 1158 struct label_it it; 1159 int count = 1; 1160 1161 label = begin_current_label_crit_section(); 1162 1163 if (label->size > 1) { 1164 label_for_each(it, label, profile) 1165 if (profile->ns != labels_ns(label)) { 1166 count++; 1167 break; 1168 } 1169 } 1170 1171 seq_printf(seq, "%s\n", count > 1 ? "yes" : "no"); 1172 end_current_label_crit_section(label); 1173 1174 return 0; 1175} 1176 1177static int seq_ns_level_show(struct seq_file *seq, void *v) 1178{ 1179 struct aa_label *label; 1180 1181 label = begin_current_label_crit_section(); 1182 seq_printf(seq, "%d\n", labels_ns(label)->level); 1183 end_current_label_crit_section(label); 1184 1185 return 0; 1186} 1187 1188static int seq_ns_name_show(struct seq_file *seq, void *v) 1189{ 1190 struct aa_label *label = begin_current_label_crit_section(); 1191 seq_printf(seq, "%s\n", labels_ns(label)->base.name); 1192 end_current_label_crit_section(label); 1193 1194 return 0; 1195} 1196 1197SEQ_NS_FOPS(stacked); 1198SEQ_NS_FOPS(nsstacked); 1199SEQ_NS_FOPS(level); 1200SEQ_NS_FOPS(name); 1201 1202 1203/* policy/raw_data/ * file ops */ 1204 1205#define SEQ_RAWDATA_FOPS(NAME) \ 1206static int seq_rawdata_ ##NAME ##_open(struct inode *inode, struct file *file)\ 1207{ \ 1208 return seq_rawdata_open(inode, file, seq_rawdata_ ##NAME ##_show); \ 1209} \ 1210 \ 1211static const struct file_operations seq_rawdata_ ##NAME ##_fops = { \ 1212 .owner = THIS_MODULE, \ 1213 .open = seq_rawdata_ ##NAME ##_open, \ 1214 .read = seq_read, \ 1215 .llseek = seq_lseek, \ 1216 .release = seq_rawdata_release, \ 1217} \ 1218 1219static int seq_rawdata_open(struct inode *inode, struct file *file, 1220 int (*show)(struct seq_file *, void *)) 1221{ 1222 struct aa_loaddata *data = __aa_get_loaddata(inode->i_private); 1223 int error; 1224 1225 if (!data) 1226 /* lost race this ent is being reaped */ 1227 return -ENOENT; 1228 1229 error = single_open(file, show, data); 1230 if (error) { 1231 AA_BUG(file->private_data && 1232 ((struct seq_file *)file->private_data)->private); 1233 aa_put_loaddata(data); 1234 } 1235 1236 return error; 1237} 1238 1239static int seq_rawdata_release(struct inode *inode, struct file *file) 1240{ 1241 struct seq_file *seq = (struct seq_file *) file->private_data; 1242 1243 if (seq) 1244 aa_put_loaddata(seq->private); 1245 1246 return single_release(inode, file); 1247} 1248 1249static int seq_rawdata_abi_show(struct seq_file *seq, void *v) 1250{ 1251 struct aa_loaddata *data = seq->private; 1252 1253 seq_printf(seq, "v%d\n", data->abi); 1254 1255 return 0; 1256} 1257 1258static int seq_rawdata_revision_show(struct seq_file *seq, void *v) 1259{ 1260 struct aa_loaddata *data = seq->private; 1261 1262 seq_printf(seq, "%ld\n", data->revision); 1263 1264 return 0; 1265} 1266 1267static int seq_rawdata_hash_show(struct seq_file *seq, void *v) 1268{ 1269 struct aa_loaddata *data = seq->private; 1270 unsigned int i, size = aa_hash_size(); 1271 1272 if (data->hash) { 1273 for (i = 0; i < size; i++) 1274 seq_printf(seq, "%.2x", data->hash[i]); 1275 seq_putc(seq, '\n'); 1276 } 1277 1278 return 0; 1279} 1280 1281static int seq_rawdata_compressed_size_show(struct seq_file *seq, void *v) 1282{ 1283 struct aa_loaddata *data = seq->private; 1284 1285 seq_printf(seq, "%zu\n", data->compressed_size); 1286 1287 return 0; 1288} 1289 1290SEQ_RAWDATA_FOPS(abi); 1291SEQ_RAWDATA_FOPS(revision); 1292SEQ_RAWDATA_FOPS(hash); 1293SEQ_RAWDATA_FOPS(compressed_size); 1294 1295static int deflate_decompress(char *src, size_t slen, char *dst, size_t dlen) 1296{ 1297 int error; 1298 struct z_stream_s strm; 1299 1300 if (aa_g_rawdata_compression_level == 0) { 1301 if (dlen < slen) 1302 return -EINVAL; 1303 memcpy(dst, src, slen); 1304 return 0; 1305 } 1306 1307 memset(&strm, 0, sizeof(strm)); 1308 1309 strm.workspace = kvzalloc(zlib_inflate_workspacesize(), GFP_KERNEL); 1310 if (!strm.workspace) 1311 return -ENOMEM; 1312 1313 strm.next_in = src; 1314 strm.avail_in = slen; 1315 1316 error = zlib_inflateInit(&strm); 1317 if (error != Z_OK) { 1318 error = -ENOMEM; 1319 goto fail_inflate_init; 1320 } 1321 1322 strm.next_out = dst; 1323 strm.avail_out = dlen; 1324 1325 error = zlib_inflate(&strm, Z_FINISH); 1326 if (error != Z_STREAM_END) 1327 error = -EINVAL; 1328 else 1329 error = 0; 1330 1331 zlib_inflateEnd(&strm); 1332fail_inflate_init: 1333 kvfree(strm.workspace); 1334 return error; 1335} 1336 1337static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size, 1338 loff_t *ppos) 1339{ 1340 struct rawdata_f_data *private = file->private_data; 1341 1342 return simple_read_from_buffer(buf, size, ppos, 1343 RAWDATA_F_DATA_BUF(private), 1344 private->loaddata->size); 1345} 1346 1347static int rawdata_release(struct inode *inode, struct file *file) 1348{ 1349 rawdata_f_data_free(file->private_data); 1350 1351 return 0; 1352} 1353 1354static int rawdata_open(struct inode *inode, struct file *file) 1355{ 1356 int error; 1357 struct aa_loaddata *loaddata; 1358 struct rawdata_f_data *private; 1359 1360 if (!aa_current_policy_view_capable(NULL)) 1361 return -EACCES; 1362 1363 loaddata = __aa_get_loaddata(inode->i_private); 1364 if (!loaddata) 1365 /* lost race: this entry is being reaped */ 1366 return -ENOENT; 1367 1368 private = rawdata_f_data_alloc(loaddata->size); 1369 if (IS_ERR(private)) { 1370 error = PTR_ERR(private); 1371 goto fail_private_alloc; 1372 } 1373 1374 private->loaddata = loaddata; 1375 1376 error = deflate_decompress(loaddata->data, loaddata->compressed_size, 1377 RAWDATA_F_DATA_BUF(private), 1378 loaddata->size); 1379 if (error) 1380 goto fail_decompress; 1381 1382 file->private_data = private; 1383 return 0; 1384 1385fail_decompress: 1386 rawdata_f_data_free(private); 1387 return error; 1388 1389fail_private_alloc: 1390 aa_put_loaddata(loaddata); 1391 return error; 1392} 1393 1394static const struct file_operations rawdata_fops = { 1395 .open = rawdata_open, 1396 .read = rawdata_read, 1397 .llseek = generic_file_llseek, 1398 .release = rawdata_release, 1399}; 1400 1401static void remove_rawdata_dents(struct aa_loaddata *rawdata) 1402{ 1403 int i; 1404 1405 for (i = 0; i < AAFS_LOADDATA_NDENTS; i++) { 1406 if (!IS_ERR_OR_NULL(rawdata->dents[i])) { 1407 /* no refcounts on i_private */ 1408 aafs_remove(rawdata->dents[i]); 1409 rawdata->dents[i] = NULL; 1410 } 1411 } 1412} 1413 1414void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata) 1415{ 1416 AA_BUG(rawdata->ns && !mutex_is_locked(&rawdata->ns->lock)); 1417 1418 if (rawdata->ns) { 1419 remove_rawdata_dents(rawdata); 1420 list_del_init(&rawdata->list); 1421 aa_put_ns(rawdata->ns); 1422 rawdata->ns = NULL; 1423 } 1424} 1425 1426int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata) 1427{ 1428 struct dentry *dent, *dir; 1429 1430 AA_BUG(!ns); 1431 AA_BUG(!rawdata); 1432 AA_BUG(!mutex_is_locked(&ns->lock)); 1433 AA_BUG(!ns_subdata_dir(ns)); 1434 1435 /* 1436 * just use ns revision dir was originally created at. This is 1437 * under ns->lock and if load is successful revision will be 1438 * bumped and is guaranteed to be unique 1439 */ 1440 rawdata->name = kasprintf(GFP_KERNEL, "%ld", ns->revision); 1441 if (!rawdata->name) 1442 return -ENOMEM; 1443 1444 dir = aafs_create_dir(rawdata->name, ns_subdata_dir(ns)); 1445 if (IS_ERR(dir)) 1446 /* ->name freed when rawdata freed */ 1447 return PTR_ERR(dir); 1448 rawdata->dents[AAFS_LOADDATA_DIR] = dir; 1449 1450 dent = aafs_create_file("abi", S_IFREG | 0444, dir, rawdata, 1451 &seq_rawdata_abi_fops); 1452 if (IS_ERR(dent)) 1453 goto fail; 1454 rawdata->dents[AAFS_LOADDATA_ABI] = dent; 1455 1456 dent = aafs_create_file("revision", S_IFREG | 0444, dir, rawdata, 1457 &seq_rawdata_revision_fops); 1458 if (IS_ERR(dent)) 1459 goto fail; 1460 rawdata->dents[AAFS_LOADDATA_REVISION] = dent; 1461 1462 if (aa_g_hash_policy) { 1463 dent = aafs_create_file("sha1", S_IFREG | 0444, dir, 1464 rawdata, &seq_rawdata_hash_fops); 1465 if (IS_ERR(dent)) 1466 goto fail; 1467 rawdata->dents[AAFS_LOADDATA_HASH] = dent; 1468 } 1469 1470 dent = aafs_create_file("compressed_size", S_IFREG | 0444, dir, 1471 rawdata, 1472 &seq_rawdata_compressed_size_fops); 1473 if (IS_ERR(dent)) 1474 goto fail; 1475 rawdata->dents[AAFS_LOADDATA_COMPRESSED_SIZE] = dent; 1476 1477 dent = aafs_create_file("raw_data", S_IFREG | 0444, 1478 dir, rawdata, &rawdata_fops); 1479 if (IS_ERR(dent)) 1480 goto fail; 1481 rawdata->dents[AAFS_LOADDATA_DATA] = dent; 1482 d_inode(dent)->i_size = rawdata->size; 1483 1484 rawdata->ns = aa_get_ns(ns); 1485 list_add(&rawdata->list, &ns->rawdata_list); 1486 /* no refcount on inode rawdata */ 1487 1488 return 0; 1489 1490fail: 1491 remove_rawdata_dents(rawdata); 1492 1493 return PTR_ERR(dent); 1494} 1495 1496/** fns to setup dynamic per profile/namespace files **/ 1497 1498/** 1499 * 1500 * Requires: @profile->ns->lock held 1501 */ 1502void __aafs_profile_rmdir(struct aa_profile *profile) 1503{ 1504 struct aa_profile *child; 1505 int i; 1506 1507 if (!profile) 1508 return; 1509 1510 list_for_each_entry(child, &profile->base.profiles, base.list) 1511 __aafs_profile_rmdir(child); 1512 1513 for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) { 1514 struct aa_proxy *proxy; 1515 if (!profile->dents[i]) 1516 continue; 1517 1518 proxy = d_inode(profile->dents[i])->i_private; 1519 aafs_remove(profile->dents[i]); 1520 aa_put_proxy(proxy); 1521 profile->dents[i] = NULL; 1522 } 1523} 1524 1525/** 1526 * 1527 * Requires: @old->ns->lock held 1528 */ 1529void __aafs_profile_migrate_dents(struct aa_profile *old, 1530 struct aa_profile *new) 1531{ 1532 int i; 1533 1534 AA_BUG(!old); 1535 AA_BUG(!new); 1536 AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock)); 1537 1538 for (i = 0; i < AAFS_PROF_SIZEOF; i++) { 1539 new->dents[i] = old->dents[i]; 1540 if (new->dents[i]) 1541 new->dents[i]->d_inode->i_mtime = current_time(new->dents[i]->d_inode); 1542 old->dents[i] = NULL; 1543 } 1544} 1545 1546static struct dentry *create_profile_file(struct dentry *dir, const char *name, 1547 struct aa_profile *profile, 1548 const struct file_operations *fops) 1549{ 1550 struct aa_proxy *proxy = aa_get_proxy(profile->label.proxy); 1551 struct dentry *dent; 1552 1553 dent = aafs_create_file(name, S_IFREG | 0444, dir, proxy, fops); 1554 if (IS_ERR(dent)) 1555 aa_put_proxy(proxy); 1556 1557 return dent; 1558} 1559 1560static int profile_depth(struct aa_profile *profile) 1561{ 1562 int depth = 0; 1563 1564 rcu_read_lock(); 1565 for (depth = 0; profile; profile = rcu_access_pointer(profile->parent)) 1566 depth++; 1567 rcu_read_unlock(); 1568 1569 return depth; 1570} 1571 1572static char *gen_symlink_name(int depth, const char *dirname, const char *fname) 1573{ 1574 char *buffer, *s; 1575 int error; 1576 int size = depth * 6 + strlen(dirname) + strlen(fname) + 11; 1577 1578 s = buffer = kmalloc(size, GFP_KERNEL); 1579 if (!buffer) 1580 return ERR_PTR(-ENOMEM); 1581 1582 for (; depth > 0; depth--) { 1583 strcpy(s, "../../"); 1584 s += 6; 1585 size -= 6; 1586 } 1587 1588 error = snprintf(s, size, "raw_data/%s/%s", dirname, fname); 1589 if (error >= size || error < 0) { 1590 kfree(buffer); 1591 return ERR_PTR(-ENAMETOOLONG); 1592 } 1593 1594 return buffer; 1595} 1596 1597static void rawdata_link_cb(void *arg) 1598{ 1599 kfree(arg); 1600} 1601 1602static const char *rawdata_get_link_base(struct dentry *dentry, 1603 struct inode *inode, 1604 struct delayed_call *done, 1605 const char *name) 1606{ 1607 struct aa_proxy *proxy = inode->i_private; 1608 struct aa_label *label; 1609 struct aa_profile *profile; 1610 char *target; 1611 int depth; 1612 1613 if (!dentry) 1614 return ERR_PTR(-ECHILD); 1615 1616 label = aa_get_label_rcu(&proxy->label); 1617 profile = labels_profile(label); 1618 depth = profile_depth(profile); 1619 target = gen_symlink_name(depth, profile->rawdata->name, name); 1620 aa_put_label(label); 1621 1622 if (IS_ERR(target)) 1623 return target; 1624 1625 set_delayed_call(done, rawdata_link_cb, target); 1626 1627 return target; 1628} 1629 1630static const char *rawdata_get_link_sha1(struct dentry *dentry, 1631 struct inode *inode, 1632 struct delayed_call *done) 1633{ 1634 return rawdata_get_link_base(dentry, inode, done, "sha1"); 1635} 1636 1637static const char *rawdata_get_link_abi(struct dentry *dentry, 1638 struct inode *inode, 1639 struct delayed_call *done) 1640{ 1641 return rawdata_get_link_base(dentry, inode, done, "abi"); 1642} 1643 1644static const char *rawdata_get_link_data(struct dentry *dentry, 1645 struct inode *inode, 1646 struct delayed_call *done) 1647{ 1648 return rawdata_get_link_base(dentry, inode, done, "raw_data"); 1649} 1650 1651static const struct inode_operations rawdata_link_sha1_iops = { 1652 .get_link = rawdata_get_link_sha1, 1653}; 1654 1655static const struct inode_operations rawdata_link_abi_iops = { 1656 .get_link = rawdata_get_link_abi, 1657}; 1658static const struct inode_operations rawdata_link_data_iops = { 1659 .get_link = rawdata_get_link_data, 1660}; 1661 1662 1663/* 1664 * Requires: @profile->ns->lock held 1665 */ 1666int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) 1667{ 1668 struct aa_profile *child; 1669 struct dentry *dent = NULL, *dir; 1670 int error; 1671 1672 AA_BUG(!profile); 1673 AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock)); 1674 1675 if (!parent) { 1676 struct aa_profile *p; 1677 p = aa_deref_parent(profile); 1678 dent = prof_dir(p); 1679 /* adding to parent that previously didn't have children */ 1680 dent = aafs_create_dir("profiles", dent); 1681 if (IS_ERR(dent)) 1682 goto fail; 1683 prof_child_dir(p) = parent = dent; 1684 } 1685 1686 if (!profile->dirname) { 1687 int len, id_len; 1688 len = mangle_name(profile->base.name, NULL); 1689 id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id); 1690 1691 profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL); 1692 if (!profile->dirname) { 1693 error = -ENOMEM; 1694 goto fail2; 1695 } 1696 1697 mangle_name(profile->base.name, profile->dirname); 1698 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++); 1699 } 1700 1701 dent = aafs_create_dir(profile->dirname, parent); 1702 if (IS_ERR(dent)) 1703 goto fail; 1704 prof_dir(profile) = dir = dent; 1705 1706 dent = create_profile_file(dir, "name", profile, 1707 &seq_profile_name_fops); 1708 if (IS_ERR(dent)) 1709 goto fail; 1710 profile->dents[AAFS_PROF_NAME] = dent; 1711 1712 dent = create_profile_file(dir, "mode", profile, 1713 &seq_profile_mode_fops); 1714 if (IS_ERR(dent)) 1715 goto fail; 1716 profile->dents[AAFS_PROF_MODE] = dent; 1717 1718 dent = create_profile_file(dir, "attach", profile, 1719 &seq_profile_attach_fops); 1720 if (IS_ERR(dent)) 1721 goto fail; 1722 profile->dents[AAFS_PROF_ATTACH] = dent; 1723 1724 if (profile->hash) { 1725 dent = create_profile_file(dir, "sha1", profile, 1726 &seq_profile_hash_fops); 1727 if (IS_ERR(dent)) 1728 goto fail; 1729 profile->dents[AAFS_PROF_HASH] = dent; 1730 } 1731 1732 if (profile->rawdata) { 1733 dent = aafs_create("raw_sha1", S_IFLNK | 0444, dir, 1734 profile->label.proxy, NULL, NULL, 1735 &rawdata_link_sha1_iops); 1736 if (IS_ERR(dent)) 1737 goto fail; 1738 aa_get_proxy(profile->label.proxy); 1739 profile->dents[AAFS_PROF_RAW_HASH] = dent; 1740 1741 dent = aafs_create("raw_abi", S_IFLNK | 0444, dir, 1742 profile->label.proxy, NULL, NULL, 1743 &rawdata_link_abi_iops); 1744 if (IS_ERR(dent)) 1745 goto fail; 1746 aa_get_proxy(profile->label.proxy); 1747 profile->dents[AAFS_PROF_RAW_ABI] = dent; 1748 1749 dent = aafs_create("raw_data", S_IFLNK | 0444, dir, 1750 profile->label.proxy, NULL, NULL, 1751 &rawdata_link_data_iops); 1752 if (IS_ERR(dent)) 1753 goto fail; 1754 aa_get_proxy(profile->label.proxy); 1755 profile->dents[AAFS_PROF_RAW_DATA] = dent; 1756 } 1757 1758 list_for_each_entry(child, &profile->base.profiles, base.list) { 1759 error = __aafs_profile_mkdir(child, prof_child_dir(profile)); 1760 if (error) 1761 goto fail2; 1762 } 1763 1764 return 0; 1765 1766fail: 1767 error = PTR_ERR(dent); 1768 1769fail2: 1770 __aafs_profile_rmdir(profile); 1771 1772 return error; 1773} 1774 1775static int ns_mkdir_op(struct user_namespace *mnt_userns, struct inode *dir, 1776 struct dentry *dentry, umode_t mode) 1777{ 1778 struct aa_ns *ns, *parent; 1779 /* TODO: improve permission check */ 1780 struct aa_label *label; 1781 int error; 1782 1783 label = begin_current_label_crit_section(); 1784 error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY); 1785 end_current_label_crit_section(label); 1786 if (error) 1787 return error; 1788 1789 parent = aa_get_ns(dir->i_private); 1790 AA_BUG(d_inode(ns_subns_dir(parent)) != dir); 1791 1792 /* we have to unlock and then relock to get locking order right 1793 * for pin_fs 1794 */ 1795 inode_unlock(dir); 1796 error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count); 1797 mutex_lock_nested(&parent->lock, parent->level); 1798 inode_lock_nested(dir, I_MUTEX_PARENT); 1799 if (error) 1800 goto out; 1801 1802 error = __aafs_setup_d_inode(dir, dentry, mode | S_IFDIR, NULL, 1803 NULL, NULL, NULL); 1804 if (error) 1805 goto out_pin; 1806 1807 ns = __aa_find_or_create_ns(parent, READ_ONCE(dentry->d_name.name), 1808 dentry); 1809 if (IS_ERR(ns)) { 1810 error = PTR_ERR(ns); 1811 ns = NULL; 1812 } 1813 1814 aa_put_ns(ns); /* list ref remains */ 1815out_pin: 1816 if (error) 1817 simple_release_fs(&aafs_mnt, &aafs_count); 1818out: 1819 mutex_unlock(&parent->lock); 1820 aa_put_ns(parent); 1821 1822 return error; 1823} 1824 1825static int ns_rmdir_op(struct inode *dir, struct dentry *dentry) 1826{ 1827 struct aa_ns *ns, *parent; 1828 /* TODO: improve permission check */ 1829 struct aa_label *label; 1830 int error; 1831 1832 label = begin_current_label_crit_section(); 1833 error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY); 1834 end_current_label_crit_section(label); 1835 if (error) 1836 return error; 1837 1838 parent = aa_get_ns(dir->i_private); 1839 /* rmdir calls the generic securityfs functions to remove files 1840 * from the apparmor dir. It is up to the apparmor ns locking 1841 * to avoid races. 1842 */ 1843 inode_unlock(dir); 1844 inode_unlock(dentry->d_inode); 1845 1846 mutex_lock_nested(&parent->lock, parent->level); 1847 ns = aa_get_ns(__aa_findn_ns(&parent->sub_ns, dentry->d_name.name, 1848 dentry->d_name.len)); 1849 if (!ns) { 1850 error = -ENOENT; 1851 goto out; 1852 } 1853 AA_BUG(ns_dir(ns) != dentry); 1854 1855 __aa_remove_ns(ns); 1856 aa_put_ns(ns); 1857 1858out: 1859 mutex_unlock(&parent->lock); 1860 inode_lock_nested(dir, I_MUTEX_PARENT); 1861 inode_lock(dentry->d_inode); 1862 aa_put_ns(parent); 1863 1864 return error; 1865} 1866 1867static const struct inode_operations ns_dir_inode_operations = { 1868 .lookup = simple_lookup, 1869 .mkdir = ns_mkdir_op, 1870 .rmdir = ns_rmdir_op, 1871}; 1872 1873static void __aa_fs_list_remove_rawdata(struct aa_ns *ns) 1874{ 1875 struct aa_loaddata *ent, *tmp; 1876 1877 AA_BUG(!mutex_is_locked(&ns->lock)); 1878 1879 list_for_each_entry_safe(ent, tmp, &ns->rawdata_list, list) 1880 __aa_fs_remove_rawdata(ent); 1881} 1882 1883/** 1884 * 1885 * Requires: @ns->lock held 1886 */ 1887void __aafs_ns_rmdir(struct aa_ns *ns) 1888{ 1889 struct aa_ns *sub; 1890 struct aa_profile *child; 1891 int i; 1892 1893 if (!ns) 1894 return; 1895 AA_BUG(!mutex_is_locked(&ns->lock)); 1896 1897 list_for_each_entry(child, &ns->base.profiles, base.list) 1898 __aafs_profile_rmdir(child); 1899 1900 list_for_each_entry(sub, &ns->sub_ns, base.list) { 1901 mutex_lock_nested(&sub->lock, sub->level); 1902 __aafs_ns_rmdir(sub); 1903 mutex_unlock(&sub->lock); 1904 } 1905 1906 __aa_fs_list_remove_rawdata(ns); 1907 1908 if (ns_subns_dir(ns)) { 1909 sub = d_inode(ns_subns_dir(ns))->i_private; 1910 aa_put_ns(sub); 1911 } 1912 if (ns_subload(ns)) { 1913 sub = d_inode(ns_subload(ns))->i_private; 1914 aa_put_ns(sub); 1915 } 1916 if (ns_subreplace(ns)) { 1917 sub = d_inode(ns_subreplace(ns))->i_private; 1918 aa_put_ns(sub); 1919 } 1920 if (ns_subremove(ns)) { 1921 sub = d_inode(ns_subremove(ns))->i_private; 1922 aa_put_ns(sub); 1923 } 1924 if (ns_subrevision(ns)) { 1925 sub = d_inode(ns_subrevision(ns))->i_private; 1926 aa_put_ns(sub); 1927 } 1928 1929 for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) { 1930 aafs_remove(ns->dents[i]); 1931 ns->dents[i] = NULL; 1932 } 1933} 1934 1935/* assumes cleanup in caller */ 1936static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir) 1937{ 1938 struct dentry *dent; 1939 1940 AA_BUG(!ns); 1941 AA_BUG(!dir); 1942 1943 dent = aafs_create_dir("profiles", dir); 1944 if (IS_ERR(dent)) 1945 return PTR_ERR(dent); 1946 ns_subprofs_dir(ns) = dent; 1947 1948 dent = aafs_create_dir("raw_data", dir); 1949 if (IS_ERR(dent)) 1950 return PTR_ERR(dent); 1951 ns_subdata_dir(ns) = dent; 1952 1953 dent = aafs_create_file("revision", 0444, dir, ns, 1954 &aa_fs_ns_revision_fops); 1955 if (IS_ERR(dent)) 1956 return PTR_ERR(dent); 1957 aa_get_ns(ns); 1958 ns_subrevision(ns) = dent; 1959 1960 dent = aafs_create_file(".load", 0640, dir, ns, 1961 &aa_fs_profile_load); 1962 if (IS_ERR(dent)) 1963 return PTR_ERR(dent); 1964 aa_get_ns(ns); 1965 ns_subload(ns) = dent; 1966 1967 dent = aafs_create_file(".replace", 0640, dir, ns, 1968 &aa_fs_profile_replace); 1969 if (IS_ERR(dent)) 1970 return PTR_ERR(dent); 1971 aa_get_ns(ns); 1972 ns_subreplace(ns) = dent; 1973 1974 dent = aafs_create_file(".remove", 0640, dir, ns, 1975 &aa_fs_profile_remove); 1976 if (IS_ERR(dent)) 1977 return PTR_ERR(dent); 1978 aa_get_ns(ns); 1979 ns_subremove(ns) = dent; 1980 1981 /* use create_dentry so we can supply private data */ 1982 dent = aafs_create("namespaces", S_IFDIR | 0755, dir, ns, NULL, NULL, 1983 &ns_dir_inode_operations); 1984 if (IS_ERR(dent)) 1985 return PTR_ERR(dent); 1986 aa_get_ns(ns); 1987 ns_subns_dir(ns) = dent; 1988 1989 return 0; 1990} 1991 1992/* 1993 * Requires: @ns->lock held 1994 */ 1995int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name, 1996 struct dentry *dent) 1997{ 1998 struct aa_ns *sub; 1999 struct aa_profile *child; 2000 struct dentry *dir; 2001 int error; 2002 2003 AA_BUG(!ns); 2004 AA_BUG(!parent); 2005 AA_BUG(!mutex_is_locked(&ns->lock)); 2006 2007 if (!name) 2008 name = ns->base.name; 2009 2010 if (!dent) { 2011 /* create ns dir if it doesn't already exist */ 2012 dent = aafs_create_dir(name, parent); 2013 if (IS_ERR(dent)) 2014 goto fail; 2015 } else 2016 dget(dent); 2017 ns_dir(ns) = dir = dent; 2018 error = __aafs_ns_mkdir_entries(ns, dir); 2019 if (error) 2020 goto fail2; 2021 2022 /* profiles */ 2023 list_for_each_entry(child, &ns->base.profiles, base.list) { 2024 error = __aafs_profile_mkdir(child, ns_subprofs_dir(ns)); 2025 if (error) 2026 goto fail2; 2027 } 2028 2029 /* subnamespaces */ 2030 list_for_each_entry(sub, &ns->sub_ns, base.list) { 2031 mutex_lock_nested(&sub->lock, sub->level); 2032 error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL); 2033 mutex_unlock(&sub->lock); 2034 if (error) 2035 goto fail2; 2036 } 2037 2038 return 0; 2039 2040fail: 2041 error = PTR_ERR(dent); 2042 2043fail2: 2044 __aafs_ns_rmdir(ns); 2045 2046 return error; 2047} 2048 2049/** 2050 * __next_ns - find the next namespace to list 2051 * @root: root namespace to stop search at (NOT NULL) 2052 * @ns: current ns position (NOT NULL) 2053 * 2054 * Find the next namespace from @ns under @root and handle all locking needed 2055 * while switching current namespace. 2056 * 2057 * Returns: next namespace or NULL if at last namespace under @root 2058 * Requires: ns->parent->lock to be held 2059 * NOTE: will not unlock root->lock 2060 */ 2061static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns) 2062{ 2063 struct aa_ns *parent, *next; 2064 2065 AA_BUG(!root); 2066 AA_BUG(!ns); 2067 AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock)); 2068 2069 /* is next namespace a child */ 2070 if (!list_empty(&ns->sub_ns)) { 2071 next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list); 2072 mutex_lock_nested(&next->lock, next->level); 2073 return next; 2074 } 2075 2076 /* check if the next ns is a sibling, parent, gp, .. */ 2077 parent = ns->parent; 2078 while (ns != root) { 2079 mutex_unlock(&ns->lock); 2080 next = list_next_entry(ns, base.list); 2081 if (!list_entry_is_head(next, &parent->sub_ns, base.list)) { 2082 mutex_lock_nested(&next->lock, next->level); 2083 return next; 2084 } 2085 ns = parent; 2086 parent = parent->parent; 2087 } 2088 2089 return NULL; 2090} 2091 2092/** 2093 * __first_profile - find the first profile in a namespace 2094 * @root: namespace that is root of profiles being displayed (NOT NULL) 2095 * @ns: namespace to start in (NOT NULL) 2096 * 2097 * Returns: unrefcounted profile or NULL if no profile 2098 * Requires: profile->ns.lock to be held 2099 */ 2100static struct aa_profile *__first_profile(struct aa_ns *root, 2101 struct aa_ns *ns) 2102{ 2103 AA_BUG(!root); 2104 AA_BUG(ns && !mutex_is_locked(&ns->lock)); 2105 2106 for (; ns; ns = __next_ns(root, ns)) { 2107 if (!list_empty(&ns->base.profiles)) 2108 return list_first_entry(&ns->base.profiles, 2109 struct aa_profile, base.list); 2110 } 2111 return NULL; 2112} 2113 2114/** 2115 * __next_profile - step to the next profile in a profile tree 2116 * @p: current profile in tree (NOT NULL) 2117 * 2118 * Perform a depth first traversal on the profile tree in a namespace 2119 * 2120 * Returns: next profile or NULL if done 2121 * Requires: profile->ns.lock to be held 2122 */ 2123static struct aa_profile *__next_profile(struct aa_profile *p) 2124{ 2125 struct aa_profile *parent; 2126 struct aa_ns *ns = p->ns; 2127 2128 AA_BUG(!mutex_is_locked(&profiles_ns(p)->lock)); 2129 2130 /* is next profile a child */ 2131 if (!list_empty(&p->base.profiles)) 2132 return list_first_entry(&p->base.profiles, typeof(*p), 2133 base.list); 2134 2135 /* is next profile a sibling, parent sibling, gp, sibling, .. */ 2136 parent = rcu_dereference_protected(p->parent, 2137 mutex_is_locked(&p->ns->lock)); 2138 while (parent) { 2139 p = list_next_entry(p, base.list); 2140 if (!list_entry_is_head(p, &parent->base.profiles, base.list)) 2141 return p; 2142 p = parent; 2143 parent = rcu_dereference_protected(parent->parent, 2144 mutex_is_locked(&parent->ns->lock)); 2145 } 2146 2147 /* is next another profile in the namespace */ 2148 p = list_next_entry(p, base.list); 2149 if (!list_entry_is_head(p, &ns->base.profiles, base.list)) 2150 return p; 2151 2152 return NULL; 2153} 2154 2155/** 2156 * next_profile - step to the next profile in where ever it may be 2157 * @root: root namespace (NOT NULL) 2158 * @profile: current profile (NOT NULL) 2159 * 2160 * Returns: next profile or NULL if there isn't one 2161 */ 2162static struct aa_profile *next_profile(struct aa_ns *root, 2163 struct aa_profile *profile) 2164{ 2165 struct aa_profile *next = __next_profile(profile); 2166 if (next) 2167 return next; 2168 2169 /* finished all profiles in namespace move to next namespace */ 2170 return __first_profile(root, __next_ns(root, profile->ns)); 2171} 2172 2173/** 2174 * p_start - start a depth first traversal of profile tree 2175 * @f: seq_file to fill 2176 * @pos: current position 2177 * 2178 * Returns: first profile under current namespace or NULL if none found 2179 * 2180 * acquires first ns->lock 2181 */ 2182static void *p_start(struct seq_file *f, loff_t *pos) 2183{ 2184 struct aa_profile *profile = NULL; 2185 struct aa_ns *root = aa_get_current_ns(); 2186 loff_t l = *pos; 2187 f->private = root; 2188 2189 /* find the first profile */ 2190 mutex_lock_nested(&root->lock, root->level); 2191 profile = __first_profile(root, root); 2192 2193 /* skip to position */ 2194 for (; profile && l > 0; l--) 2195 profile = next_profile(root, profile); 2196 2197 return profile; 2198} 2199 2200/** 2201 * p_next - read the next profile entry 2202 * @f: seq_file to fill 2203 * @p: profile previously returned 2204 * @pos: current position 2205 * 2206 * Returns: next profile after @p or NULL if none 2207 * 2208 * may acquire/release locks in namespace tree as necessary 2209 */ 2210static void *p_next(struct seq_file *f, void *p, loff_t *pos) 2211{ 2212 struct aa_profile *profile = p; 2213 struct aa_ns *ns = f->private; 2214 (*pos)++; 2215 2216 return next_profile(ns, profile); 2217} 2218 2219/** 2220 * p_stop - stop depth first traversal 2221 * @f: seq_file we are filling 2222 * @p: the last profile writen 2223 * 2224 * Release all locking done by p_start/p_next on namespace tree 2225 */ 2226static void p_stop(struct seq_file *f, void *p) 2227{ 2228 struct aa_profile *profile = p; 2229 struct aa_ns *root = f->private, *ns; 2230 2231 if (profile) { 2232 for (ns = profile->ns; ns && ns != root; ns = ns->parent) 2233 mutex_unlock(&ns->lock); 2234 } 2235 mutex_unlock(&root->lock); 2236 aa_put_ns(root); 2237} 2238 2239/** 2240 * seq_show_profile - show a profile entry 2241 * @f: seq_file to file 2242 * @p: current position (profile) (NOT NULL) 2243 * 2244 * Returns: error on failure 2245 */ 2246static int seq_show_profile(struct seq_file *f, void *p) 2247{ 2248 struct aa_profile *profile = (struct aa_profile *)p; 2249 struct aa_ns *root = f->private; 2250 2251 aa_label_seq_xprint(f, root, &profile->label, 2252 FLAG_SHOW_MODE | FLAG_VIEW_SUBNS, GFP_KERNEL); 2253 seq_putc(f, '\n'); 2254 2255 return 0; 2256} 2257 2258static const struct seq_operations aa_sfs_profiles_op = { 2259 .start = p_start, 2260 .next = p_next, 2261 .stop = p_stop, 2262 .show = seq_show_profile, 2263}; 2264 2265static int profiles_open(struct inode *inode, struct file *file) 2266{ 2267 if (!aa_current_policy_view_capable(NULL)) 2268 return -EACCES; 2269 2270 return seq_open(file, &aa_sfs_profiles_op); 2271} 2272 2273static int profiles_release(struct inode *inode, struct file *file) 2274{ 2275 return seq_release(inode, file); 2276} 2277 2278static const struct file_operations aa_sfs_profiles_fops = { 2279 .open = profiles_open, 2280 .read = seq_read, 2281 .llseek = seq_lseek, 2282 .release = profiles_release, 2283}; 2284 2285 2286/** Base file system setup **/ 2287static struct aa_sfs_entry aa_sfs_entry_file[] = { 2288 AA_SFS_FILE_STRING("mask", 2289 "create read write exec append mmap_exec link lock"), 2290 { } 2291}; 2292 2293static struct aa_sfs_entry aa_sfs_entry_ptrace[] = { 2294 AA_SFS_FILE_STRING("mask", "read trace"), 2295 { } 2296}; 2297 2298static struct aa_sfs_entry aa_sfs_entry_signal[] = { 2299 AA_SFS_FILE_STRING("mask", AA_SFS_SIG_MASK), 2300 { } 2301}; 2302 2303static struct aa_sfs_entry aa_sfs_entry_attach[] = { 2304 AA_SFS_FILE_BOOLEAN("xattr", 1), 2305 { } 2306}; 2307static struct aa_sfs_entry aa_sfs_entry_domain[] = { 2308 AA_SFS_FILE_BOOLEAN("change_hat", 1), 2309 AA_SFS_FILE_BOOLEAN("change_hatv", 1), 2310 AA_SFS_FILE_BOOLEAN("change_onexec", 1), 2311 AA_SFS_FILE_BOOLEAN("change_profile", 1), 2312 AA_SFS_FILE_BOOLEAN("stack", 1), 2313 AA_SFS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1), 2314 AA_SFS_FILE_BOOLEAN("post_nnp_subset", 1), 2315 AA_SFS_FILE_BOOLEAN("computed_longest_left", 1), 2316 AA_SFS_DIR("attach_conditions", aa_sfs_entry_attach), 2317 AA_SFS_FILE_STRING("version", "1.2"), 2318 { } 2319}; 2320 2321static struct aa_sfs_entry aa_sfs_entry_versions[] = { 2322 AA_SFS_FILE_BOOLEAN("v5", 1), 2323 AA_SFS_FILE_BOOLEAN("v6", 1), 2324 AA_SFS_FILE_BOOLEAN("v7", 1), 2325 AA_SFS_FILE_BOOLEAN("v8", 1), 2326 { } 2327}; 2328 2329static struct aa_sfs_entry aa_sfs_entry_policy[] = { 2330 AA_SFS_DIR("versions", aa_sfs_entry_versions), 2331 AA_SFS_FILE_BOOLEAN("set_load", 1), 2332 /* number of out of band transitions supported */ 2333 AA_SFS_FILE_U64("outofband", MAX_OOB_SUPPORTED), 2334 { } 2335}; 2336 2337static struct aa_sfs_entry aa_sfs_entry_mount[] = { 2338 AA_SFS_FILE_STRING("mask", "mount umount pivot_root"), 2339 { } 2340}; 2341 2342static struct aa_sfs_entry aa_sfs_entry_ns[] = { 2343 AA_SFS_FILE_BOOLEAN("profile", 1), 2344 AA_SFS_FILE_BOOLEAN("pivot_root", 0), 2345 { } 2346}; 2347 2348static struct aa_sfs_entry aa_sfs_entry_query_label[] = { 2349 AA_SFS_FILE_STRING("perms", "allow deny audit quiet"), 2350 AA_SFS_FILE_BOOLEAN("data", 1), 2351 AA_SFS_FILE_BOOLEAN("multi_transaction", 1), 2352 { } 2353}; 2354 2355static struct aa_sfs_entry aa_sfs_entry_query[] = { 2356 AA_SFS_DIR("label", aa_sfs_entry_query_label), 2357 { } 2358}; 2359static struct aa_sfs_entry aa_sfs_entry_features[] = { 2360 AA_SFS_DIR("policy", aa_sfs_entry_policy), 2361 AA_SFS_DIR("domain", aa_sfs_entry_domain), 2362 AA_SFS_DIR("file", aa_sfs_entry_file), 2363 AA_SFS_DIR("network_v8", aa_sfs_entry_network), 2364 AA_SFS_DIR("mount", aa_sfs_entry_mount), 2365 AA_SFS_DIR("namespaces", aa_sfs_entry_ns), 2366 AA_SFS_FILE_U64("capability", VFS_CAP_FLAGS_MASK), 2367 AA_SFS_DIR("rlimit", aa_sfs_entry_rlimit), 2368 AA_SFS_DIR("caps", aa_sfs_entry_caps), 2369 AA_SFS_DIR("ptrace", aa_sfs_entry_ptrace), 2370 AA_SFS_DIR("signal", aa_sfs_entry_signal), 2371 AA_SFS_DIR("query", aa_sfs_entry_query), 2372 { } 2373}; 2374 2375static struct aa_sfs_entry aa_sfs_entry_apparmor[] = { 2376 AA_SFS_FILE_FOPS(".access", 0666, &aa_sfs_access), 2377 AA_SFS_FILE_FOPS(".stacked", 0444, &seq_ns_stacked_fops), 2378 AA_SFS_FILE_FOPS(".ns_stacked", 0444, &seq_ns_nsstacked_fops), 2379 AA_SFS_FILE_FOPS(".ns_level", 0444, &seq_ns_level_fops), 2380 AA_SFS_FILE_FOPS(".ns_name", 0444, &seq_ns_name_fops), 2381 AA_SFS_FILE_FOPS("profiles", 0444, &aa_sfs_profiles_fops), 2382 AA_SFS_DIR("features", aa_sfs_entry_features), 2383 { } 2384}; 2385 2386static struct aa_sfs_entry aa_sfs_entry = 2387 AA_SFS_DIR("apparmor", aa_sfs_entry_apparmor); 2388 2389/** 2390 * entry_create_file - create a file entry in the apparmor securityfs 2391 * @fs_file: aa_sfs_entry to build an entry for (NOT NULL) 2392 * @parent: the parent dentry in the securityfs 2393 * 2394 * Use entry_remove_file to remove entries created with this fn. 2395 */ 2396static int __init entry_create_file(struct aa_sfs_entry *fs_file, 2397 struct dentry *parent) 2398{ 2399 int error = 0; 2400 2401 fs_file->dentry = securityfs_create_file(fs_file->name, 2402 S_IFREG | fs_file->mode, 2403 parent, fs_file, 2404 fs_file->file_ops); 2405 if (IS_ERR(fs_file->dentry)) { 2406 error = PTR_ERR(fs_file->dentry); 2407 fs_file->dentry = NULL; 2408 } 2409 return error; 2410} 2411 2412static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir); 2413/** 2414 * entry_create_dir - recursively create a directory entry in the securityfs 2415 * @fs_dir: aa_sfs_entry (and all child entries) to build (NOT NULL) 2416 * @parent: the parent dentry in the securityfs 2417 * 2418 * Use entry_remove_dir to remove entries created with this fn. 2419 */ 2420static int __init entry_create_dir(struct aa_sfs_entry *fs_dir, 2421 struct dentry *parent) 2422{ 2423 struct aa_sfs_entry *fs_file; 2424 struct dentry *dir; 2425 int error; 2426 2427 dir = securityfs_create_dir(fs_dir->name, parent); 2428 if (IS_ERR(dir)) 2429 return PTR_ERR(dir); 2430 fs_dir->dentry = dir; 2431 2432 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) { 2433 if (fs_file->v_type == AA_SFS_TYPE_DIR) 2434 error = entry_create_dir(fs_file, fs_dir->dentry); 2435 else 2436 error = entry_create_file(fs_file, fs_dir->dentry); 2437 if (error) 2438 goto failed; 2439 } 2440 2441 return 0; 2442 2443failed: 2444 entry_remove_dir(fs_dir); 2445 2446 return error; 2447} 2448 2449/** 2450 * entry_remove_file - drop a single file entry in the apparmor securityfs 2451 * @fs_file: aa_sfs_entry to detach from the securityfs (NOT NULL) 2452 */ 2453static void __init entry_remove_file(struct aa_sfs_entry *fs_file) 2454{ 2455 if (!fs_file->dentry) 2456 return; 2457 2458 securityfs_remove(fs_file->dentry); 2459 fs_file->dentry = NULL; 2460} 2461 2462/** 2463 * entry_remove_dir - recursively drop a directory entry from the securityfs 2464 * @fs_dir: aa_sfs_entry (and all child entries) to detach (NOT NULL) 2465 */ 2466static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir) 2467{ 2468 struct aa_sfs_entry *fs_file; 2469 2470 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) { 2471 if (fs_file->v_type == AA_SFS_TYPE_DIR) 2472 entry_remove_dir(fs_file); 2473 else 2474 entry_remove_file(fs_file); 2475 } 2476 2477 entry_remove_file(fs_dir); 2478} 2479 2480/** 2481 * aa_destroy_aafs - cleanup and free aafs 2482 * 2483 * releases dentries allocated by aa_create_aafs 2484 */ 2485void __init aa_destroy_aafs(void) 2486{ 2487 entry_remove_dir(&aa_sfs_entry); 2488} 2489 2490 2491#define NULL_FILE_NAME ".null" 2492struct path aa_null; 2493 2494static int aa_mk_null_file(struct dentry *parent) 2495{ 2496 struct vfsmount *mount = NULL; 2497 struct dentry *dentry; 2498 struct inode *inode; 2499 int count = 0; 2500 int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count); 2501 2502 if (error) 2503 return error; 2504 2505 inode_lock(d_inode(parent)); 2506 dentry = lookup_one_len(NULL_FILE_NAME, parent, strlen(NULL_FILE_NAME)); 2507 if (IS_ERR(dentry)) { 2508 error = PTR_ERR(dentry); 2509 goto out; 2510 } 2511 inode = new_inode(parent->d_inode->i_sb); 2512 if (!inode) { 2513 error = -ENOMEM; 2514 goto out1; 2515 } 2516 2517 inode->i_ino = get_next_ino(); 2518 inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO; 2519 inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode); 2520 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, 2521 MKDEV(MEM_MAJOR, 3)); 2522 d_instantiate(dentry, inode); 2523 aa_null.dentry = dget(dentry); 2524 aa_null.mnt = mntget(mount); 2525 2526 error = 0; 2527 2528out1: 2529 dput(dentry); 2530out: 2531 inode_unlock(d_inode(parent)); 2532 simple_release_fs(&mount, &count); 2533 return error; 2534} 2535 2536 2537 2538static const char *policy_get_link(struct dentry *dentry, 2539 struct inode *inode, 2540 struct delayed_call *done) 2541{ 2542 struct aa_ns *ns; 2543 struct path path; 2544 int error; 2545 2546 if (!dentry) 2547 return ERR_PTR(-ECHILD); 2548 2549 ns = aa_get_current_ns(); 2550 path.mnt = mntget(aafs_mnt); 2551 path.dentry = dget(ns_dir(ns)); 2552 error = nd_jump_link(&path); 2553 aa_put_ns(ns); 2554 2555 return ERR_PTR(error); 2556} 2557 2558static int policy_readlink(struct dentry *dentry, char __user *buffer, 2559 int buflen) 2560{ 2561 char name[32]; 2562 int res; 2563 2564 res = snprintf(name, sizeof(name), "%s:[%lu]", AAFS_NAME, 2565 d_inode(dentry)->i_ino); 2566 if (res > 0 && res < sizeof(name)) 2567 res = readlink_copy(buffer, buflen, name); 2568 else 2569 res = -ENOENT; 2570 2571 return res; 2572} 2573 2574static const struct inode_operations policy_link_iops = { 2575 .readlink = policy_readlink, 2576 .get_link = policy_get_link, 2577}; 2578 2579 2580/** 2581 * aa_create_aafs - create the apparmor security filesystem 2582 * 2583 * dentries created here are released by aa_destroy_aafs 2584 * 2585 * Returns: error on failure 2586 */ 2587static int __init aa_create_aafs(void) 2588{ 2589 struct dentry *dent; 2590 int error; 2591 2592 if (!apparmor_initialized) 2593 return 0; 2594 2595 if (aa_sfs_entry.dentry) { 2596 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__); 2597 return -EEXIST; 2598 } 2599 2600 /* setup apparmorfs used to virtualize policy/ */ 2601 aafs_mnt = kern_mount(&aafs_ops); 2602 if (IS_ERR(aafs_mnt)) 2603 panic("can't set apparmorfs up\n"); 2604 aafs_mnt->mnt_sb->s_flags &= ~SB_NOUSER; 2605 2606 /* Populate fs tree. */ 2607 error = entry_create_dir(&aa_sfs_entry, NULL); 2608 if (error) 2609 goto error; 2610 2611 dent = securityfs_create_file(".load", 0666, aa_sfs_entry.dentry, 2612 NULL, &aa_fs_profile_load); 2613 if (IS_ERR(dent)) 2614 goto dent_error; 2615 ns_subload(root_ns) = dent; 2616 2617 dent = securityfs_create_file(".replace", 0666, aa_sfs_entry.dentry, 2618 NULL, &aa_fs_profile_replace); 2619 if (IS_ERR(dent)) 2620 goto dent_error; 2621 ns_subreplace(root_ns) = dent; 2622 2623 dent = securityfs_create_file(".remove", 0666, aa_sfs_entry.dentry, 2624 NULL, &aa_fs_profile_remove); 2625 if (IS_ERR(dent)) 2626 goto dent_error; 2627 ns_subremove(root_ns) = dent; 2628 2629 dent = securityfs_create_file("revision", 0444, aa_sfs_entry.dentry, 2630 NULL, &aa_fs_ns_revision_fops); 2631 if (IS_ERR(dent)) 2632 goto dent_error; 2633 ns_subrevision(root_ns) = dent; 2634 2635 /* policy tree referenced by magic policy symlink */ 2636 mutex_lock_nested(&root_ns->lock, root_ns->level); 2637 error = __aafs_ns_mkdir(root_ns, aafs_mnt->mnt_root, ".policy", 2638 aafs_mnt->mnt_root); 2639 mutex_unlock(&root_ns->lock); 2640 if (error) 2641 goto error; 2642 2643 /* magic symlink similar to nsfs redirects based on task policy */ 2644 dent = securityfs_create_symlink("policy", aa_sfs_entry.dentry, 2645 NULL, &policy_link_iops); 2646 if (IS_ERR(dent)) 2647 goto dent_error; 2648 2649 error = aa_mk_null_file(aa_sfs_entry.dentry); 2650 if (error) 2651 goto error; 2652 2653 /* TODO: add default profile to apparmorfs */ 2654 2655 /* Report that AppArmor fs is enabled */ 2656 aa_info_message("AppArmor Filesystem Enabled"); 2657 return 0; 2658 2659dent_error: 2660 error = PTR_ERR(dent); 2661error: 2662 aa_destroy_aafs(); 2663 AA_ERROR("Error creating AppArmor securityfs\n"); 2664 return error; 2665} 2666 2667fs_initcall(aa_create_aafs);