apparmorfs.c 68 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * AppArmor security module
  4. *
  5. * This file contains AppArmor /sys/kernel/security/apparmor interface functions
  6. *
  7. * Copyright (C) 1998-2008 Novell/SUSE
  8. * Copyright 2009-2010 Canonical Ltd.
  9. */
  10. #include <linux/ctype.h>
  11. #include <linux/security.h>
  12. #include <linux/vmalloc.h>
  13. #include <linux/init.h>
  14. #include <linux/seq_file.h>
  15. #include <linux/uaccess.h>
  16. #include <linux/mount.h>
  17. #include <linux/namei.h>
  18. #include <linux/capability.h>
  19. #include <linux/rcupdate.h>
  20. #include <linux/fs.h>
  21. #include <linux/fs_context.h>
  22. #include <linux/poll.h>
  23. #include <linux/zstd.h>
  24. #include <uapi/linux/major.h>
  25. #include <uapi/linux/magic.h>
  26. #include "include/apparmor.h"
  27. #include "include/apparmorfs.h"
  28. #include "include/audit.h"
  29. #include "include/cred.h"
  30. #include "include/crypto.h"
  31. #include "include/ipc.h"
  32. #include "include/label.h"
  33. #include "include/lib.h"
  34. #include "include/policy.h"
  35. #include "include/policy_ns.h"
  36. #include "include/resource.h"
  37. #include "include/policy_unpack.h"
  38. #include "include/task.h"
  39. /*
  40. * The apparmor filesystem interface used for policy load and introspection
  41. * The interface is split into two main components based on their function
  42. * a securityfs component:
  43. * used for static files that are always available, and which allows
  44. * userspace to specify the location of the security filesystem.
  45. *
  46. * fns and data are prefixed with
  47. * aa_sfs_
  48. *
  49. * an apparmorfs component:
  50. * used loaded policy content and introspection. It is not part of a
  51. * regular mounted filesystem and is available only through the magic
  52. * policy symlink in the root of the securityfs apparmor/ directory.
  53. * Tasks queries will be magically redirected to the correct portion
  54. * of the policy tree based on their confinement.
  55. *
  56. * fns and data are prefixed with
  57. * aafs_
  58. *
  59. * The aa_fs_ prefix is used to indicate the fn is used by both the
  60. * securityfs and apparmorfs filesystems.
  61. */
  62. #define IREF_POISON 101
  63. /*
  64. * support fns
  65. */
  66. struct rawdata_f_data {
  67. struct aa_loaddata *loaddata;
  68. };
  69. #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
  70. #define RAWDATA_F_DATA_BUF(p) (char *)(p + 1)
  71. static void rawdata_f_data_free(struct rawdata_f_data *private)
  72. {
  73. if (!private)
  74. return;
  75. aa_put_i_loaddata(private->loaddata);
  76. kvfree(private);
  77. }
  78. static struct rawdata_f_data *rawdata_f_data_alloc(size_t size)
  79. {
  80. struct rawdata_f_data *ret;
  81. if (size > SIZE_MAX - sizeof(*ret))
  82. return ERR_PTR(-EINVAL);
  83. ret = kvzalloc(sizeof(*ret) + size, GFP_KERNEL);
  84. if (!ret)
  85. return ERR_PTR(-ENOMEM);
  86. return ret;
  87. }
  88. #endif
  89. /**
  90. * mangle_name - mangle a profile name to std profile layout form
  91. * @name: profile name to mangle (NOT NULL)
  92. * @target: buffer to store mangled name, same length as @name (MAYBE NULL)
  93. *
  94. * Returns: length of mangled name
  95. */
  96. static int mangle_name(const char *name, char *target)
  97. {
  98. char *t = target;
  99. while (*name == '/' || *name == '.')
  100. name++;
  101. if (target) {
  102. for (; *name; name++) {
  103. if (*name == '/')
  104. *(t)++ = '.';
  105. else if (isspace(*name))
  106. *(t)++ = '_';
  107. else if (isalnum(*name) || strchr("._-", *name))
  108. *(t)++ = *name;
  109. }
  110. *t = 0;
  111. } else {
  112. int len = 0;
  113. for (; *name; name++) {
  114. if (isalnum(*name) || isspace(*name) ||
  115. strchr("/._-", *name))
  116. len++;
  117. }
  118. return len;
  119. }
  120. return t - target;
  121. }
  122. /*
  123. * aafs - core fns and data for the policy tree
  124. */
  125. #define AAFS_NAME "apparmorfs"
  126. static struct vfsmount *aafs_mnt;
  127. static int aafs_count;
  128. static int aafs_show_path(struct seq_file *seq, struct dentry *dentry)
  129. {
  130. seq_printf(seq, "%s:[%lu]", AAFS_NAME, d_inode(dentry)->i_ino);
  131. return 0;
  132. }
  133. static struct aa_ns *get_ns_common_ref(struct aa_common_ref *ref)
  134. {
  135. if (ref) {
  136. struct aa_label *reflabel = container_of(ref, struct aa_label,
  137. count);
  138. return aa_get_ns(labels_ns(reflabel));
  139. }
  140. return NULL;
  141. }
  142. static struct aa_proxy *get_proxy_common_ref(struct aa_common_ref *ref)
  143. {
  144. if (ref)
  145. return aa_get_proxy(container_of(ref, struct aa_proxy, count));
  146. return NULL;
  147. }
  148. static struct aa_loaddata *get_loaddata_common_ref(struct aa_common_ref *ref)
  149. {
  150. if (ref)
  151. return aa_get_i_loaddata(container_of(ref, struct aa_loaddata,
  152. count));
  153. return NULL;
  154. }
  155. static void aa_put_common_ref(struct aa_common_ref *ref)
  156. {
  157. if (!ref)
  158. return;
  159. switch (ref->reftype) {
  160. case REF_RAWDATA:
  161. aa_put_i_loaddata(container_of(ref, struct aa_loaddata,
  162. count));
  163. break;
  164. case REF_PROXY:
  165. aa_put_proxy(container_of(ref, struct aa_proxy,
  166. count));
  167. break;
  168. case REF_NS:
  169. /* ns count is held on its unconfined label */
  170. aa_put_ns(labels_ns(container_of(ref, struct aa_label, count)));
  171. break;
  172. default:
  173. AA_BUG(true, "unknown refcount type");
  174. break;
  175. }
  176. }
  177. static void aa_get_common_ref(struct aa_common_ref *ref)
  178. {
  179. kref_get(&ref->count);
  180. }
  181. static void aafs_evict(struct inode *inode)
  182. {
  183. struct aa_common_ref *ref = inode->i_private;
  184. clear_inode(inode);
  185. aa_put_common_ref(ref);
  186. inode->i_private = (void *) IREF_POISON;
  187. }
  188. static void aafs_free_inode(struct inode *inode)
  189. {
  190. if (S_ISLNK(inode->i_mode))
  191. kfree(inode->i_link);
  192. free_inode_nonrcu(inode);
  193. }
  194. static const struct super_operations aafs_super_ops = {
  195. .statfs = simple_statfs,
  196. .evict_inode = aafs_evict,
  197. .free_inode = aafs_free_inode,
  198. .show_path = aafs_show_path,
  199. };
  200. static int apparmorfs_fill_super(struct super_block *sb, struct fs_context *fc)
  201. {
  202. static struct tree_descr files[] = { {""} };
  203. int error;
  204. error = simple_fill_super(sb, AAFS_MAGIC, files);
  205. if (error)
  206. return error;
  207. sb->s_op = &aafs_super_ops;
  208. return 0;
  209. }
  210. static int apparmorfs_get_tree(struct fs_context *fc)
  211. {
  212. return get_tree_single(fc, apparmorfs_fill_super);
  213. }
  214. static const struct fs_context_operations apparmorfs_context_ops = {
  215. .get_tree = apparmorfs_get_tree,
  216. };
  217. static int apparmorfs_init_fs_context(struct fs_context *fc)
  218. {
  219. fc->ops = &apparmorfs_context_ops;
  220. return 0;
  221. }
  222. static struct file_system_type aafs_ops = {
  223. .owner = THIS_MODULE,
  224. .name = AAFS_NAME,
  225. .init_fs_context = apparmorfs_init_fs_context,
  226. .kill_sb = kill_anon_super,
  227. };
  228. /**
  229. * __aafs_setup_d_inode - basic inode setup for apparmorfs
  230. * @dir: parent directory for the dentry
  231. * @dentry: dentry we are setting the inode up for
  232. * @mode: permissions the file should have
  233. * @data: data to store on inode.i_private, available in open()
  234. * @link: if symlink, symlink target string
  235. * @fops: struct file_operations that should be used
  236. * @iops: struct of inode_operations that should be used
  237. */
  238. static int __aafs_setup_d_inode(struct inode *dir, struct dentry *dentry,
  239. umode_t mode, void *data, char *link,
  240. const struct file_operations *fops,
  241. const struct inode_operations *iops)
  242. {
  243. struct inode *inode = new_inode(dir->i_sb);
  244. AA_BUG(!dir);
  245. AA_BUG(!dentry);
  246. if (!inode)
  247. return -ENOMEM;
  248. inode->i_ino = get_next_ino();
  249. inode->i_mode = mode;
  250. simple_inode_init_ts(inode);
  251. inode->i_private = data;
  252. if (S_ISDIR(mode)) {
  253. inode->i_op = iops ? iops : &simple_dir_inode_operations;
  254. inode->i_fop = &simple_dir_operations;
  255. inc_nlink(inode);
  256. inc_nlink(dir);
  257. } else if (S_ISLNK(mode)) {
  258. inode->i_op = iops ? iops : &simple_symlink_inode_operations;
  259. inode->i_link = link;
  260. } else {
  261. inode->i_fop = fops;
  262. }
  263. d_instantiate(dentry, inode);
  264. dget(dentry);
  265. return 0;
  266. }
  267. /**
  268. * aafs_create - create a dentry in the apparmorfs filesystem
  269. *
  270. * @name: name of dentry to create
  271. * @mode: permissions the file should have
  272. * @parent: parent directory for this dentry
  273. * @data: data to store on inode.i_private, available in open()
  274. * @link: if symlink, symlink target string
  275. * @fops: struct file_operations that should be used for
  276. * @iops: struct of inode_operations that should be used
  277. *
  278. * This is the basic "create a xxx" function for apparmorfs.
  279. *
  280. * Returns a pointer to a dentry if it succeeds, that must be free with
  281. * aafs_remove(). Will return ERR_PTR on failure.
  282. */
  283. static struct dentry *aafs_create(const char *name, umode_t mode,
  284. struct dentry *parent,
  285. struct aa_common_ref *data, void *link,
  286. const struct file_operations *fops,
  287. const struct inode_operations *iops)
  288. {
  289. struct dentry *dentry;
  290. struct inode *dir;
  291. int error;
  292. AA_BUG(!name);
  293. AA_BUG(!parent);
  294. if (!(mode & S_IFMT))
  295. mode = (mode & S_IALLUGO) | S_IFREG;
  296. error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
  297. if (error)
  298. return ERR_PTR(error);
  299. dir = d_inode(parent);
  300. inode_lock(dir);
  301. dentry = lookup_noperm(&QSTR(name), parent);
  302. if (IS_ERR(dentry)) {
  303. error = PTR_ERR(dentry);
  304. goto fail_lock;
  305. }
  306. if (d_really_is_positive(dentry)) {
  307. error = -EEXIST;
  308. goto fail_dentry;
  309. }
  310. error = __aafs_setup_d_inode(dir, dentry, mode, data, link, fops, iops);
  311. if (error)
  312. goto fail_dentry;
  313. inode_unlock(dir);
  314. if (data)
  315. aa_get_common_ref(data);
  316. return dentry;
  317. fail_dentry:
  318. dput(dentry);
  319. fail_lock:
  320. inode_unlock(dir);
  321. simple_release_fs(&aafs_mnt, &aafs_count);
  322. return ERR_PTR(error);
  323. }
  324. /**
  325. * aafs_create_file - create a file in the apparmorfs filesystem
  326. *
  327. * @name: name of dentry to create
  328. * @mode: permissions the file should have
  329. * @parent: parent directory for this dentry
  330. * @data: data to store on inode.i_private, available in open()
  331. * @fops: struct file_operations that should be used for
  332. *
  333. * see aafs_create
  334. */
  335. static struct dentry *aafs_create_file(const char *name, umode_t mode,
  336. struct dentry *parent,
  337. struct aa_common_ref *data,
  338. const struct file_operations *fops)
  339. {
  340. return aafs_create(name, mode, parent, data, NULL, fops, NULL);
  341. }
  342. /**
  343. * aafs_create_dir - create a directory in the apparmorfs filesystem
  344. *
  345. * @name: name of dentry to create
  346. * @parent: parent directory for this dentry
  347. *
  348. * see aafs_create
  349. */
  350. static struct dentry *aafs_create_dir(const char *name, struct dentry *parent)
  351. {
  352. return aafs_create(name, S_IFDIR | 0755, parent, NULL, NULL, NULL,
  353. NULL);
  354. }
  355. /**
  356. * aafs_remove - removes a file or directory from the apparmorfs filesystem
  357. *
  358. * @dentry: dentry of the file/directory/symlink to removed.
  359. */
  360. static void aafs_remove(struct dentry *dentry)
  361. {
  362. struct inode *dir;
  363. if (!dentry || IS_ERR(dentry))
  364. return;
  365. /* ->d_parent is stable as rename is not supported */
  366. dir = d_inode(dentry->d_parent);
  367. dentry = start_removing_dentry(dentry->d_parent, dentry);
  368. if (!IS_ERR(dentry) && simple_positive(dentry)) {
  369. if (d_is_dir(dentry)) {
  370. if (!WARN_ON(!simple_empty(dentry))) {
  371. __simple_rmdir(dir, dentry);
  372. dput(dentry);
  373. }
  374. } else {
  375. __simple_unlink(dir, dentry);
  376. dput(dentry);
  377. }
  378. d_delete(dentry);
  379. }
  380. end_removing(dentry);
  381. simple_release_fs(&aafs_mnt, &aafs_count);
  382. }
  383. /*
  384. * aa_fs - policy load/replace/remove
  385. */
  386. /**
  387. * aa_simple_write_to_buffer - common routine for getting policy from user
  388. * @userbuf: user buffer to copy data from (NOT NULL)
  389. * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
  390. * @copy_size: size of data to copy from user buffer
  391. * @pos: position write is at in the file (NOT NULL)
  392. *
  393. * Returns: kernel buffer containing copy of user buffer data or an
  394. * ERR_PTR on failure.
  395. */
  396. static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf,
  397. size_t alloc_size,
  398. size_t copy_size,
  399. loff_t *pos)
  400. {
  401. struct aa_loaddata *data;
  402. AA_BUG(copy_size > alloc_size);
  403. if (*pos != 0)
  404. /* only writes from pos 0, that is complete writes */
  405. return ERR_PTR(-ESPIPE);
  406. /* freed by caller to simple_write_to_buffer */
  407. data = aa_loaddata_alloc(alloc_size);
  408. if (IS_ERR(data))
  409. return data;
  410. data->size = copy_size;
  411. if (copy_from_user(data->data, userbuf, copy_size)) {
  412. /* trigger free - don't need to put pcount */
  413. aa_put_i_loaddata(data);
  414. return ERR_PTR(-EFAULT);
  415. }
  416. return data;
  417. }
  418. static ssize_t policy_update(u32 mask, const char __user *buf, size_t size,
  419. loff_t *pos, struct aa_ns *ns,
  420. const struct cred *ocred)
  421. {
  422. struct aa_loaddata *data;
  423. struct aa_label *label;
  424. ssize_t error;
  425. label = begin_current_label_crit_section();
  426. /* high level check about policy management - fine grained in
  427. * below after unpack
  428. */
  429. error = aa_may_manage_policy(current_cred(), label, ns, ocred, mask);
  430. if (error)
  431. goto end_section;
  432. data = aa_simple_write_to_buffer(buf, size, size, pos);
  433. error = PTR_ERR(data);
  434. if (!IS_ERR(data)) {
  435. error = aa_replace_profiles(ns, label, mask, data);
  436. /* put pcount, which will put count and free if no
  437. * profiles referencing it.
  438. */
  439. aa_put_profile_loaddata(data);
  440. }
  441. end_section:
  442. end_current_label_crit_section(label);
  443. return error;
  444. }
  445. /* .load file hook fn to load policy */
  446. static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
  447. loff_t *pos)
  448. {
  449. struct aa_ns *ns = get_ns_common_ref(f->f_inode->i_private);
  450. int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns,
  451. f->f_cred);
  452. aa_put_ns(ns);
  453. return error;
  454. }
  455. static const struct file_operations aa_fs_profile_load = {
  456. .write = profile_load,
  457. .llseek = default_llseek,
  458. };
  459. /* .replace file hook fn to load and/or replace policy */
  460. static ssize_t profile_replace(struct file *f, const char __user *buf,
  461. size_t size, loff_t *pos)
  462. {
  463. struct aa_ns *ns = get_ns_common_ref(f->f_inode->i_private);
  464. int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY,
  465. buf, size, pos, ns, f->f_cred);
  466. aa_put_ns(ns);
  467. return error;
  468. }
  469. static const struct file_operations aa_fs_profile_replace = {
  470. .write = profile_replace,
  471. .llseek = default_llseek,
  472. };
  473. /* .remove file hook fn to remove loaded policy */
  474. static ssize_t profile_remove(struct file *f, const char __user *buf,
  475. size_t size, loff_t *pos)
  476. {
  477. struct aa_loaddata *data;
  478. struct aa_label *label;
  479. ssize_t error;
  480. struct aa_ns *ns = get_ns_common_ref(f->f_inode->i_private);
  481. label = begin_current_label_crit_section();
  482. /* high level check about policy management - fine grained in
  483. * below after unpack
  484. */
  485. error = aa_may_manage_policy(current_cred(), label, ns,
  486. f->f_cred, AA_MAY_REMOVE_POLICY);
  487. if (error)
  488. goto out;
  489. /*
  490. * aa_remove_profile needs a null terminated string so 1 extra
  491. * byte is allocated and the copied data is null terminated.
  492. */
  493. data = aa_simple_write_to_buffer(buf, size + 1, size, pos);
  494. error = PTR_ERR(data);
  495. if (!IS_ERR(data)) {
  496. data->data[size] = 0;
  497. error = aa_remove_profiles(ns, label, data->data, size);
  498. aa_put_profile_loaddata(data);
  499. }
  500. out:
  501. end_current_label_crit_section(label);
  502. aa_put_ns(ns);
  503. return error;
  504. }
  505. static const struct file_operations aa_fs_profile_remove = {
  506. .write = profile_remove,
  507. .llseek = default_llseek,
  508. };
  509. struct aa_revision {
  510. struct aa_ns *ns;
  511. long last_read;
  512. };
  513. /* revision file hook fn for policy loads */
  514. static int ns_revision_release(struct inode *inode, struct file *file)
  515. {
  516. struct aa_revision *rev = file->private_data;
  517. if (rev) {
  518. aa_put_ns(rev->ns);
  519. kfree(rev);
  520. }
  521. return 0;
  522. }
  523. static ssize_t ns_revision_read(struct file *file, char __user *buf,
  524. size_t size, loff_t *ppos)
  525. {
  526. struct aa_revision *rev = file->private_data;
  527. char buffer[32];
  528. long last_read;
  529. int avail;
  530. mutex_lock_nested(&rev->ns->lock, rev->ns->level);
  531. last_read = rev->last_read;
  532. if (last_read == rev->ns->revision) {
  533. mutex_unlock(&rev->ns->lock);
  534. if (file->f_flags & O_NONBLOCK)
  535. return -EAGAIN;
  536. if (wait_event_interruptible(rev->ns->wait,
  537. last_read !=
  538. READ_ONCE(rev->ns->revision)))
  539. return -ERESTARTSYS;
  540. mutex_lock_nested(&rev->ns->lock, rev->ns->level);
  541. }
  542. avail = sprintf(buffer, "%ld\n", rev->ns->revision);
  543. if (*ppos + size > avail) {
  544. rev->last_read = rev->ns->revision;
  545. *ppos = 0;
  546. }
  547. mutex_unlock(&rev->ns->lock);
  548. return simple_read_from_buffer(buf, size, ppos, buffer, avail);
  549. }
  550. static int ns_revision_open(struct inode *inode, struct file *file)
  551. {
  552. struct aa_revision *rev = kzalloc_obj(*rev);
  553. if (!rev)
  554. return -ENOMEM;
  555. rev->ns = get_ns_common_ref(inode->i_private);
  556. if (!rev->ns)
  557. rev->ns = aa_get_current_ns();
  558. file->private_data = rev;
  559. return 0;
  560. }
  561. static __poll_t ns_revision_poll(struct file *file, poll_table *pt)
  562. {
  563. struct aa_revision *rev = file->private_data;
  564. __poll_t mask = 0;
  565. if (rev) {
  566. mutex_lock_nested(&rev->ns->lock, rev->ns->level);
  567. poll_wait(file, &rev->ns->wait, pt);
  568. if (rev->last_read < rev->ns->revision)
  569. mask |= EPOLLIN | EPOLLRDNORM;
  570. mutex_unlock(&rev->ns->lock);
  571. }
  572. return mask;
  573. }
  574. void __aa_bump_ns_revision(struct aa_ns *ns)
  575. {
  576. WRITE_ONCE(ns->revision, READ_ONCE(ns->revision) + 1);
  577. wake_up_interruptible(&ns->wait);
  578. }
  579. static const struct file_operations aa_fs_ns_revision_fops = {
  580. .owner = THIS_MODULE,
  581. .open = ns_revision_open,
  582. .poll = ns_revision_poll,
  583. .read = ns_revision_read,
  584. .llseek = generic_file_llseek,
  585. .release = ns_revision_release,
  586. };
  587. static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms,
  588. const char *match_str, size_t match_len)
  589. {
  590. struct aa_ruleset *rules = profile->label.rules[0];
  591. struct aa_perms tmp = { };
  592. aa_state_t state = DFA_NOMATCH;
  593. if (profile_unconfined(profile))
  594. return;
  595. if (rules->file->dfa && *match_str == AA_CLASS_FILE) {
  596. state = aa_dfa_match_len(rules->file->dfa,
  597. rules->file->start[AA_CLASS_FILE],
  598. match_str + 1, match_len - 1);
  599. if (state) {
  600. struct path_cond cond = { };
  601. tmp = *(aa_lookup_condperms(current_fsuid(),
  602. rules->file, state, &cond));
  603. }
  604. } else if (rules->policy->dfa) {
  605. if (!RULE_MEDIATES(rules, *match_str))
  606. return; /* no change to current perms */
  607. /* old user space does not correctly detect dbus mediation
  608. * support so we may get dbus policy and requests when
  609. * the abi doesn't support it. This can cause mediation
  610. * regressions, so explicitly test for this situation.
  611. */
  612. if (*match_str == AA_CLASS_DBUS &&
  613. !RULE_MEDIATES_v9NET(rules))
  614. return; /* no change to current perms */
  615. state = aa_dfa_match_len(rules->policy->dfa,
  616. rules->policy->start[0],
  617. match_str, match_len);
  618. if (state)
  619. tmp = *aa_lookup_perms(rules->policy, state);
  620. }
  621. aa_apply_modes_to_perms(profile, &tmp);
  622. aa_perms_accum_raw(perms, &tmp);
  623. }
  624. /**
  625. * query_data - queries a policy and writes its data to buf
  626. * @buf: the resulting data is stored here (NOT NULL)
  627. * @buf_len: size of buf
  628. * @query: query string used to retrieve data
  629. * @query_len: size of query including second NUL byte
  630. *
  631. * The buffers pointed to by buf and query may overlap. The query buffer is
  632. * parsed before buf is written to.
  633. *
  634. * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of
  635. * the security confinement context and <KEY> is the name of the data to
  636. * retrieve. <LABEL> and <KEY> must not be NUL-terminated.
  637. *
  638. * Don't expect the contents of buf to be preserved on failure.
  639. *
  640. * Returns: number of characters written to buf or -errno on failure
  641. */
  642. static ssize_t query_data(char *buf, size_t buf_len,
  643. char *query, size_t query_len)
  644. {
  645. char *out;
  646. const char *key;
  647. struct label_it i;
  648. struct aa_label *label, *curr;
  649. struct aa_profile *profile;
  650. struct aa_data *data;
  651. u32 bytes, blocks;
  652. __le32 outle32;
  653. if (!query_len)
  654. return -EINVAL; /* need a query */
  655. key = query + strnlen(query, query_len) + 1;
  656. if (key + 1 >= query + query_len)
  657. return -EINVAL; /* not enough space for a non-empty key */
  658. if (key + strnlen(key, query + query_len - key) >= query + query_len)
  659. return -EINVAL; /* must end with NUL */
  660. if (buf_len < sizeof(bytes) + sizeof(blocks))
  661. return -EINVAL; /* not enough space */
  662. curr = begin_current_label_crit_section();
  663. label = aa_label_parse(curr, query, GFP_KERNEL, false, false);
  664. end_current_label_crit_section(curr);
  665. if (IS_ERR(label))
  666. return PTR_ERR(label);
  667. /* We are going to leave space for two numbers. The first is the total
  668. * number of bytes we are writing after the first number. This is so
  669. * users can read the full output without reallocation.
  670. *
  671. * The second number is the number of data blocks we're writing. An
  672. * application might be confined by multiple policies having data in
  673. * the same key.
  674. */
  675. memset(buf, 0, sizeof(bytes) + sizeof(blocks));
  676. out = buf + sizeof(bytes) + sizeof(blocks);
  677. blocks = 0;
  678. label_for_each_confined(i, label, profile) {
  679. if (!profile->data)
  680. continue;
  681. data = rhashtable_lookup_fast(profile->data, &key,
  682. profile->data->p);
  683. if (data) {
  684. if (out + sizeof(outle32) + data->size > buf +
  685. buf_len) {
  686. aa_put_label(label);
  687. return -EINVAL; /* not enough space */
  688. }
  689. outle32 = __cpu_to_le32(data->size);
  690. memcpy(out, &outle32, sizeof(outle32));
  691. out += sizeof(outle32);
  692. memcpy(out, data->data, data->size);
  693. out += data->size;
  694. blocks++;
  695. }
  696. }
  697. aa_put_label(label);
  698. outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
  699. memcpy(buf, &outle32, sizeof(outle32));
  700. outle32 = __cpu_to_le32(blocks);
  701. memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
  702. return out - buf;
  703. }
  704. /**
  705. * query_label - queries a label and writes permissions to buf
  706. * @buf: the resulting permissions string is stored here (NOT NULL)
  707. * @buf_len: size of buf
  708. * @query: binary query string to match against the dfa
  709. * @query_len: size of query
  710. * @view_only: only compute for querier's view
  711. *
  712. * The buffers pointed to by buf and query may overlap. The query buffer is
  713. * parsed before buf is written to.
  714. *
  715. * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is
  716. * the name of the label, in the current namespace, that is to be queried and
  717. * DFA_STRING is a binary string to match against the label(s)'s DFA.
  718. *
  719. * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters
  720. * but must *not* be NUL terminated.
  721. *
  722. * Returns: number of characters written to buf or -errno on failure
  723. */
  724. static ssize_t query_label(char *buf, size_t buf_len,
  725. char *query, size_t query_len, bool view_only)
  726. {
  727. struct aa_profile *profile;
  728. struct aa_label *label, *curr;
  729. char *label_name, *match_str;
  730. size_t label_name_len, match_len;
  731. struct aa_perms perms;
  732. struct label_it i;
  733. if (!query_len)
  734. return -EINVAL;
  735. label_name = query;
  736. label_name_len = strnlen(query, query_len);
  737. if (!label_name_len || label_name_len == query_len)
  738. return -EINVAL;
  739. /**
  740. * The extra byte is to account for the null byte between the
  741. * profile name and dfa string. profile_name_len is greater
  742. * than zero and less than query_len, so a byte can be safely
  743. * added or subtracted.
  744. */
  745. match_str = label_name + label_name_len + 1;
  746. match_len = query_len - label_name_len - 1;
  747. curr = begin_current_label_crit_section();
  748. label = aa_label_parse(curr, label_name, GFP_KERNEL, false, false);
  749. end_current_label_crit_section(curr);
  750. if (IS_ERR(label))
  751. return PTR_ERR(label);
  752. perms = allperms;
  753. if (view_only) {
  754. label_for_each_in_scope(i, labels_ns(label), label, profile) {
  755. profile_query_cb(profile, &perms, match_str, match_len);
  756. }
  757. } else {
  758. label_for_each(i, label, profile) {
  759. profile_query_cb(profile, &perms, match_str, match_len);
  760. }
  761. }
  762. aa_put_label(label);
  763. return scnprintf(buf, buf_len,
  764. "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n",
  765. perms.allow, perms.deny, perms.audit, perms.quiet);
  766. }
  767. /*
  768. * Transaction based IO.
  769. * The file expects a write which triggers the transaction, and then
  770. * possibly a read(s) which collects the result - which is stored in a
  771. * file-local buffer. Once a new write is performed, a new set of results
  772. * are stored in the file-local buffer.
  773. */
  774. struct multi_transaction {
  775. struct kref count;
  776. ssize_t size;
  777. char data[];
  778. };
  779. #define MULTI_TRANSACTION_LIMIT (PAGE_SIZE - sizeof(struct multi_transaction))
  780. static void multi_transaction_kref(struct kref *kref)
  781. {
  782. struct multi_transaction *t;
  783. t = container_of(kref, struct multi_transaction, count);
  784. free_page((unsigned long) t);
  785. }
  786. static struct multi_transaction *
  787. get_multi_transaction(struct multi_transaction *t)
  788. {
  789. if (t)
  790. kref_get(&(t->count));
  791. return t;
  792. }
  793. static void put_multi_transaction(struct multi_transaction *t)
  794. {
  795. if (t)
  796. kref_put(&(t->count), multi_transaction_kref);
  797. }
  798. /* does not increment @new's count */
  799. static void multi_transaction_set(struct file *file,
  800. struct multi_transaction *new, size_t n)
  801. {
  802. struct multi_transaction *old;
  803. AA_BUG(n > MULTI_TRANSACTION_LIMIT);
  804. new->size = n;
  805. spin_lock(&file->f_lock);
  806. old = (struct multi_transaction *) file->private_data;
  807. file->private_data = new;
  808. spin_unlock(&file->f_lock);
  809. put_multi_transaction(old);
  810. }
  811. static struct multi_transaction *multi_transaction_new(struct file *file,
  812. const char __user *buf,
  813. size_t size)
  814. {
  815. struct multi_transaction *t;
  816. if (size > MULTI_TRANSACTION_LIMIT - 1)
  817. return ERR_PTR(-EFBIG);
  818. t = (struct multi_transaction *)get_zeroed_page(GFP_KERNEL);
  819. if (!t)
  820. return ERR_PTR(-ENOMEM);
  821. kref_init(&t->count);
  822. if (copy_from_user(t->data, buf, size)) {
  823. put_multi_transaction(t);
  824. return ERR_PTR(-EFAULT);
  825. }
  826. return t;
  827. }
  828. static ssize_t multi_transaction_read(struct file *file, char __user *buf,
  829. size_t size, loff_t *pos)
  830. {
  831. struct multi_transaction *t;
  832. ssize_t ret;
  833. spin_lock(&file->f_lock);
  834. t = get_multi_transaction(file->private_data);
  835. spin_unlock(&file->f_lock);
  836. if (!t)
  837. return 0;
  838. ret = simple_read_from_buffer(buf, size, pos, t->data, t->size);
  839. put_multi_transaction(t);
  840. return ret;
  841. }
  842. static int multi_transaction_release(struct inode *inode, struct file *file)
  843. {
  844. put_multi_transaction(file->private_data);
  845. return 0;
  846. }
  847. #define QUERY_CMD_LABEL "label\0"
  848. #define QUERY_CMD_LABEL_LEN 6
  849. #define QUERY_CMD_PROFILE "profile\0"
  850. #define QUERY_CMD_PROFILE_LEN 8
  851. #define QUERY_CMD_LABELALL "labelall\0"
  852. #define QUERY_CMD_LABELALL_LEN 9
  853. #define QUERY_CMD_DATA "data\0"
  854. #define QUERY_CMD_DATA_LEN 5
  855. /**
  856. * aa_write_access - generic permissions and data query
  857. * @file: pointer to open apparmorfs/access file
  858. * @ubuf: user buffer containing the complete query string (NOT NULL)
  859. * @count: size of ubuf
  860. * @ppos: position in the file (MUST BE ZERO)
  861. *
  862. * Allows for one permissions or data query per open(), write(), and read()
  863. * sequence. The only queries currently supported are label-based queries for
  864. * permissions or data.
  865. *
  866. * For permissions queries, ubuf must begin with "label\0", followed by the
  867. * profile query specific format described in the query_label() function
  868. * documentation.
  869. *
  870. * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where
  871. * <LABEL> is the name of the security confinement context and <KEY> is the
  872. * name of the data to retrieve.
  873. *
  874. * Returns: number of bytes written or -errno on failure
  875. */
  876. static ssize_t aa_write_access(struct file *file, const char __user *ubuf,
  877. size_t count, loff_t *ppos)
  878. {
  879. struct multi_transaction *t;
  880. ssize_t len;
  881. if (*ppos)
  882. return -ESPIPE;
  883. t = multi_transaction_new(file, ubuf, count);
  884. if (IS_ERR(t))
  885. return PTR_ERR(t);
  886. if (count > QUERY_CMD_PROFILE_LEN &&
  887. !memcmp(t->data, QUERY_CMD_PROFILE, QUERY_CMD_PROFILE_LEN)) {
  888. len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
  889. t->data + QUERY_CMD_PROFILE_LEN,
  890. count - QUERY_CMD_PROFILE_LEN, true);
  891. } else if (count > QUERY_CMD_LABEL_LEN &&
  892. !memcmp(t->data, QUERY_CMD_LABEL, QUERY_CMD_LABEL_LEN)) {
  893. len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
  894. t->data + QUERY_CMD_LABEL_LEN,
  895. count - QUERY_CMD_LABEL_LEN, true);
  896. } else if (count > QUERY_CMD_LABELALL_LEN &&
  897. !memcmp(t->data, QUERY_CMD_LABELALL,
  898. QUERY_CMD_LABELALL_LEN)) {
  899. len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
  900. t->data + QUERY_CMD_LABELALL_LEN,
  901. count - QUERY_CMD_LABELALL_LEN, false);
  902. } else if (count > QUERY_CMD_DATA_LEN &&
  903. !memcmp(t->data, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) {
  904. len = query_data(t->data, MULTI_TRANSACTION_LIMIT,
  905. t->data + QUERY_CMD_DATA_LEN,
  906. count - QUERY_CMD_DATA_LEN);
  907. } else
  908. len = -EINVAL;
  909. if (len < 0) {
  910. put_multi_transaction(t);
  911. return len;
  912. }
  913. multi_transaction_set(file, t, len);
  914. return count;
  915. }
  916. static const struct file_operations aa_sfs_access = {
  917. .write = aa_write_access,
  918. .read = multi_transaction_read,
  919. .release = multi_transaction_release,
  920. .llseek = generic_file_llseek,
  921. };
  922. static int aa_sfs_seq_show(struct seq_file *seq, void *v)
  923. {
  924. struct aa_sfs_entry *fs_file = seq->private;
  925. if (!fs_file)
  926. return 0;
  927. switch (fs_file->v_type) {
  928. case AA_SFS_TYPE_BOOLEAN:
  929. seq_printf(seq, "%s\n", str_yes_no(fs_file->v.boolean));
  930. break;
  931. case AA_SFS_TYPE_STRING:
  932. seq_printf(seq, "%s\n", fs_file->v.string);
  933. break;
  934. case AA_SFS_TYPE_U64:
  935. seq_printf(seq, "%#08lx\n", fs_file->v.u64);
  936. break;
  937. default:
  938. /* Ignore unprintable entry types. */
  939. break;
  940. }
  941. return 0;
  942. }
  943. static int aa_sfs_seq_open(struct inode *inode, struct file *file)
  944. {
  945. return single_open(file, aa_sfs_seq_show, inode->i_private);
  946. }
  947. const struct file_operations aa_sfs_seq_file_ops = {
  948. .owner = THIS_MODULE,
  949. .open = aa_sfs_seq_open,
  950. .read = seq_read,
  951. .llseek = seq_lseek,
  952. .release = single_release,
  953. };
  954. /*
  955. * profile based file operations
  956. * policy/profiles/XXXX/profiles/ *
  957. */
  958. #define SEQ_PROFILE_FOPS(NAME) \
  959. static int seq_profile_ ##NAME ##_open(struct inode *inode, struct file *file)\
  960. { \
  961. return seq_profile_open(inode, file, seq_profile_ ##NAME ##_show); \
  962. } \
  963. \
  964. static const struct file_operations seq_profile_ ##NAME ##_fops = { \
  965. .owner = THIS_MODULE, \
  966. .open = seq_profile_ ##NAME ##_open, \
  967. .read = seq_read, \
  968. .llseek = seq_lseek, \
  969. .release = seq_profile_release, \
  970. } \
  971. static int seq_profile_open(struct inode *inode, struct file *file,
  972. int (*show)(struct seq_file *, void *))
  973. {
  974. struct aa_proxy *proxy = get_proxy_common_ref(inode->i_private);
  975. int error = single_open(file, show, proxy);
  976. if (error) {
  977. file->private_data = NULL;
  978. aa_put_proxy(proxy);
  979. }
  980. return error;
  981. }
  982. static int seq_profile_release(struct inode *inode, struct file *file)
  983. {
  984. struct seq_file *seq = (struct seq_file *) file->private_data;
  985. if (seq)
  986. aa_put_proxy(seq->private);
  987. return single_release(inode, file);
  988. }
  989. static int seq_profile_name_show(struct seq_file *seq, void *v)
  990. {
  991. struct aa_proxy *proxy = seq->private;
  992. struct aa_label *label = aa_get_label_rcu(&proxy->label);
  993. struct aa_profile *profile = labels_profile(label);
  994. seq_printf(seq, "%s\n", profile->base.name);
  995. aa_put_label(label);
  996. return 0;
  997. }
  998. static int seq_profile_mode_show(struct seq_file *seq, void *v)
  999. {
  1000. struct aa_proxy *proxy = seq->private;
  1001. struct aa_label *label = aa_get_label_rcu(&proxy->label);
  1002. struct aa_profile *profile = labels_profile(label);
  1003. seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]);
  1004. aa_put_label(label);
  1005. return 0;
  1006. }
  1007. static int seq_profile_attach_show(struct seq_file *seq, void *v)
  1008. {
  1009. struct aa_proxy *proxy = seq->private;
  1010. struct aa_label *label = aa_get_label_rcu(&proxy->label);
  1011. struct aa_profile *profile = labels_profile(label);
  1012. if (profile->attach.xmatch_str)
  1013. seq_printf(seq, "%s\n", profile->attach.xmatch_str);
  1014. else if (profile->attach.xmatch->dfa)
  1015. seq_puts(seq, "<unknown>\n");
  1016. else
  1017. seq_printf(seq, "%s\n", profile->base.name);
  1018. aa_put_label(label);
  1019. return 0;
  1020. }
  1021. static int seq_profile_hash_show(struct seq_file *seq, void *v)
  1022. {
  1023. struct aa_proxy *proxy = seq->private;
  1024. struct aa_label *label = aa_get_label_rcu(&proxy->label);
  1025. struct aa_profile *profile = labels_profile(label);
  1026. unsigned int i, size = aa_hash_size();
  1027. if (profile->hash) {
  1028. for (i = 0; i < size; i++)
  1029. seq_printf(seq, "%.2x", profile->hash[i]);
  1030. seq_putc(seq, '\n');
  1031. }
  1032. aa_put_label(label);
  1033. return 0;
  1034. }
  1035. SEQ_PROFILE_FOPS(name);
  1036. SEQ_PROFILE_FOPS(mode);
  1037. SEQ_PROFILE_FOPS(attach);
  1038. SEQ_PROFILE_FOPS(hash);
  1039. /*
  1040. * namespace based files
  1041. * several root files and
  1042. * policy/ *
  1043. */
  1044. #define SEQ_NS_FOPS(NAME) \
  1045. static int seq_ns_ ##NAME ##_open(struct inode *inode, struct file *file) \
  1046. { \
  1047. return single_open(file, seq_ns_ ##NAME ##_show, inode->i_private); \
  1048. } \
  1049. \
  1050. static const struct file_operations seq_ns_ ##NAME ##_fops = { \
  1051. .owner = THIS_MODULE, \
  1052. .open = seq_ns_ ##NAME ##_open, \
  1053. .read = seq_read, \
  1054. .llseek = seq_lseek, \
  1055. .release = single_release, \
  1056. } \
  1057. static int seq_ns_stacked_show(struct seq_file *seq, void *v)
  1058. {
  1059. struct aa_label *label;
  1060. label = begin_current_label_crit_section();
  1061. seq_printf(seq, "%s\n", str_yes_no(label->size > 1));
  1062. end_current_label_crit_section(label);
  1063. return 0;
  1064. }
  1065. static int seq_ns_nsstacked_show(struct seq_file *seq, void *v)
  1066. {
  1067. struct aa_label *label;
  1068. struct aa_profile *profile;
  1069. struct label_it it;
  1070. int count = 1;
  1071. label = begin_current_label_crit_section();
  1072. if (label->size > 1) {
  1073. label_for_each(it, label, profile)
  1074. if (profile->ns != labels_ns(label)) {
  1075. count++;
  1076. break;
  1077. }
  1078. }
  1079. seq_printf(seq, "%s\n", str_yes_no(count > 1));
  1080. end_current_label_crit_section(label);
  1081. return 0;
  1082. }
  1083. static int seq_ns_level_show(struct seq_file *seq, void *v)
  1084. {
  1085. struct aa_label *label;
  1086. label = begin_current_label_crit_section();
  1087. seq_printf(seq, "%d\n", labels_ns(label)->level);
  1088. end_current_label_crit_section(label);
  1089. return 0;
  1090. }
  1091. static int seq_ns_name_show(struct seq_file *seq, void *v)
  1092. {
  1093. struct aa_label *label = begin_current_label_crit_section();
  1094. seq_printf(seq, "%s\n", labels_ns(label)->base.name);
  1095. end_current_label_crit_section(label);
  1096. return 0;
  1097. }
  1098. static int seq_ns_compress_min_show(struct seq_file *seq, void *v)
  1099. {
  1100. seq_printf(seq, "%d\n", AA_MIN_CLEVEL);
  1101. return 0;
  1102. }
  1103. static int seq_ns_compress_max_show(struct seq_file *seq, void *v)
  1104. {
  1105. seq_printf(seq, "%d\n", AA_MAX_CLEVEL);
  1106. return 0;
  1107. }
  1108. SEQ_NS_FOPS(stacked);
  1109. SEQ_NS_FOPS(nsstacked);
  1110. SEQ_NS_FOPS(level);
  1111. SEQ_NS_FOPS(name);
  1112. SEQ_NS_FOPS(compress_min);
  1113. SEQ_NS_FOPS(compress_max);
  1114. /* policy/raw_data/ * file ops */
  1115. #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
  1116. #define SEQ_RAWDATA_FOPS(NAME) \
  1117. static int seq_rawdata_ ##NAME ##_open(struct inode *inode, struct file *file)\
  1118. { \
  1119. return seq_rawdata_open(inode, file, seq_rawdata_ ##NAME ##_show); \
  1120. } \
  1121. \
  1122. static const struct file_operations seq_rawdata_ ##NAME ##_fops = { \
  1123. .owner = THIS_MODULE, \
  1124. .open = seq_rawdata_ ##NAME ##_open, \
  1125. .read = seq_read, \
  1126. .llseek = seq_lseek, \
  1127. .release = seq_rawdata_release, \
  1128. } \
  1129. static int seq_rawdata_open(struct inode *inode, struct file *file,
  1130. int (*show)(struct seq_file *, void *))
  1131. {
  1132. struct aa_loaddata *data = get_loaddata_common_ref(inode->i_private);
  1133. int error;
  1134. if (!data)
  1135. return -ENOENT;
  1136. error = single_open(file, show, data);
  1137. if (error) {
  1138. AA_BUG(file->private_data &&
  1139. ((struct seq_file *)file->private_data)->private);
  1140. aa_put_i_loaddata(data);
  1141. }
  1142. return error;
  1143. }
  1144. static int seq_rawdata_release(struct inode *inode, struct file *file)
  1145. {
  1146. struct seq_file *seq = (struct seq_file *) file->private_data;
  1147. if (seq)
  1148. aa_put_i_loaddata(seq->private);
  1149. return single_release(inode, file);
  1150. }
  1151. static int seq_rawdata_abi_show(struct seq_file *seq, void *v)
  1152. {
  1153. struct aa_loaddata *data = seq->private;
  1154. seq_printf(seq, "v%d\n", data->abi);
  1155. return 0;
  1156. }
  1157. static int seq_rawdata_revision_show(struct seq_file *seq, void *v)
  1158. {
  1159. struct aa_loaddata *data = seq->private;
  1160. seq_printf(seq, "%ld\n", data->revision);
  1161. return 0;
  1162. }
  1163. static int seq_rawdata_hash_show(struct seq_file *seq, void *v)
  1164. {
  1165. struct aa_loaddata *data = seq->private;
  1166. unsigned int i, size = aa_hash_size();
  1167. if (data->hash) {
  1168. for (i = 0; i < size; i++)
  1169. seq_printf(seq, "%.2x", data->hash[i]);
  1170. seq_putc(seq, '\n');
  1171. }
  1172. return 0;
  1173. }
  1174. static int seq_rawdata_compressed_size_show(struct seq_file *seq, void *v)
  1175. {
  1176. struct aa_loaddata *data = seq->private;
  1177. seq_printf(seq, "%zu\n", data->compressed_size);
  1178. return 0;
  1179. }
  1180. SEQ_RAWDATA_FOPS(abi);
  1181. SEQ_RAWDATA_FOPS(revision);
  1182. SEQ_RAWDATA_FOPS(hash);
  1183. SEQ_RAWDATA_FOPS(compressed_size);
  1184. static int decompress_zstd(char *src, size_t slen, char *dst, size_t dlen)
  1185. {
  1186. if (slen < dlen) {
  1187. const size_t wksp_len = zstd_dctx_workspace_bound();
  1188. zstd_dctx *ctx;
  1189. void *wksp;
  1190. size_t out_len;
  1191. int ret = 0;
  1192. wksp = kvzalloc(wksp_len, GFP_KERNEL);
  1193. if (!wksp) {
  1194. ret = -ENOMEM;
  1195. goto cleanup;
  1196. }
  1197. ctx = zstd_init_dctx(wksp, wksp_len);
  1198. if (ctx == NULL) {
  1199. ret = -ENOMEM;
  1200. goto cleanup;
  1201. }
  1202. out_len = zstd_decompress_dctx(ctx, dst, dlen, src, slen);
  1203. if (zstd_is_error(out_len)) {
  1204. ret = -EINVAL;
  1205. goto cleanup;
  1206. }
  1207. cleanup:
  1208. kvfree(wksp);
  1209. return ret;
  1210. }
  1211. if (dlen < slen)
  1212. return -EINVAL;
  1213. memcpy(dst, src, slen);
  1214. return 0;
  1215. }
  1216. static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size,
  1217. loff_t *ppos)
  1218. {
  1219. struct rawdata_f_data *private = file->private_data;
  1220. return simple_read_from_buffer(buf, size, ppos,
  1221. RAWDATA_F_DATA_BUF(private),
  1222. private->loaddata->size);
  1223. }
  1224. static int rawdata_release(struct inode *inode, struct file *file)
  1225. {
  1226. rawdata_f_data_free(file->private_data);
  1227. return 0;
  1228. }
  1229. static int rawdata_open(struct inode *inode, struct file *file)
  1230. {
  1231. int error;
  1232. struct aa_loaddata *loaddata;
  1233. struct rawdata_f_data *private;
  1234. if (!aa_current_policy_view_capable(NULL))
  1235. return -EACCES;
  1236. loaddata = get_loaddata_common_ref(inode->i_private);
  1237. if (!loaddata)
  1238. return -ENOENT;
  1239. private = rawdata_f_data_alloc(loaddata->size);
  1240. if (IS_ERR(private)) {
  1241. error = PTR_ERR(private);
  1242. goto fail_private_alloc;
  1243. }
  1244. private->loaddata = loaddata;
  1245. error = decompress_zstd(loaddata->data, loaddata->compressed_size,
  1246. RAWDATA_F_DATA_BUF(private),
  1247. loaddata->size);
  1248. if (error)
  1249. goto fail_decompress;
  1250. file->private_data = private;
  1251. return 0;
  1252. fail_decompress:
  1253. rawdata_f_data_free(private);
  1254. return error;
  1255. fail_private_alloc:
  1256. aa_put_i_loaddata(loaddata);
  1257. return error;
  1258. }
  1259. static const struct file_operations rawdata_fops = {
  1260. .open = rawdata_open,
  1261. .read = rawdata_read,
  1262. .llseek = generic_file_llseek,
  1263. .release = rawdata_release,
  1264. };
  1265. static void remove_rawdata_dents(struct aa_loaddata *rawdata)
  1266. {
  1267. int i;
  1268. for (i = 0; i < AAFS_LOADDATA_NDENTS; i++) {
  1269. if (!IS_ERR_OR_NULL(rawdata->dents[i])) {
  1270. aafs_remove(rawdata->dents[i]);
  1271. rawdata->dents[i] = NULL;
  1272. }
  1273. }
  1274. }
  1275. void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata)
  1276. {
  1277. AA_BUG(rawdata->ns && !mutex_is_locked(&rawdata->ns->lock));
  1278. if (rawdata->ns) {
  1279. remove_rawdata_dents(rawdata);
  1280. list_del_init(&rawdata->list);
  1281. aa_put_ns(rawdata->ns);
  1282. rawdata->ns = NULL;
  1283. }
  1284. }
  1285. int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata)
  1286. {
  1287. struct dentry *dent, *dir;
  1288. AA_BUG(!ns);
  1289. AA_BUG(!rawdata);
  1290. AA_BUG(!mutex_is_locked(&ns->lock));
  1291. AA_BUG(!ns_subdata_dir(ns));
  1292. /*
  1293. * just use ns revision dir was originally created at. This is
  1294. * under ns->lock and if load is successful revision will be
  1295. * bumped and is guaranteed to be unique
  1296. */
  1297. rawdata->name = kasprintf(GFP_KERNEL, "%ld", ns->revision);
  1298. if (!rawdata->name)
  1299. return -ENOMEM;
  1300. dir = aafs_create_dir(rawdata->name, ns_subdata_dir(ns));
  1301. if (IS_ERR(dir))
  1302. /* ->name freed when rawdata freed */
  1303. return PTR_ERR(dir);
  1304. rawdata->dents[AAFS_LOADDATA_DIR] = dir;
  1305. dent = aafs_create_file("abi", S_IFREG | 0444, dir, &rawdata->count,
  1306. &seq_rawdata_abi_fops);
  1307. if (IS_ERR(dent))
  1308. goto fail;
  1309. rawdata->dents[AAFS_LOADDATA_ABI] = dent;
  1310. dent = aafs_create_file("revision", S_IFREG | 0444, dir,
  1311. &rawdata->count,
  1312. &seq_rawdata_revision_fops);
  1313. if (IS_ERR(dent))
  1314. goto fail;
  1315. rawdata->dents[AAFS_LOADDATA_REVISION] = dent;
  1316. if (aa_g_hash_policy) {
  1317. dent = aafs_create_file("sha256", S_IFREG | 0444, dir,
  1318. &rawdata->count,
  1319. &seq_rawdata_hash_fops);
  1320. if (IS_ERR(dent))
  1321. goto fail;
  1322. rawdata->dents[AAFS_LOADDATA_HASH] = dent;
  1323. }
  1324. dent = aafs_create_file("compressed_size", S_IFREG | 0444, dir,
  1325. &rawdata->count,
  1326. &seq_rawdata_compressed_size_fops);
  1327. if (IS_ERR(dent))
  1328. goto fail;
  1329. rawdata->dents[AAFS_LOADDATA_COMPRESSED_SIZE] = dent;
  1330. dent = aafs_create_file("raw_data", S_IFREG | 0444, dir,
  1331. &rawdata->count, &rawdata_fops);
  1332. if (IS_ERR(dent))
  1333. goto fail;
  1334. rawdata->dents[AAFS_LOADDATA_DATA] = dent;
  1335. d_inode(dent)->i_size = rawdata->size;
  1336. rawdata->ns = aa_get_ns(ns);
  1337. list_add(&rawdata->list, &ns->rawdata_list);
  1338. return 0;
  1339. fail:
  1340. remove_rawdata_dents(rawdata);
  1341. return PTR_ERR(dent);
  1342. }
  1343. #endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
  1344. /** fns to setup dynamic per profile/namespace files **/
  1345. /*
  1346. *
  1347. * Requires: @profile->ns->lock held
  1348. */
  1349. void __aafs_profile_rmdir(struct aa_profile *profile)
  1350. {
  1351. struct aa_profile *child;
  1352. int i;
  1353. if (!profile)
  1354. return;
  1355. list_for_each_entry(child, &profile->base.profiles, base.list)
  1356. __aafs_profile_rmdir(child);
  1357. for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) {
  1358. if (!profile->dents[i])
  1359. continue;
  1360. aafs_remove(profile->dents[i]);
  1361. profile->dents[i] = NULL;
  1362. }
  1363. }
  1364. /*
  1365. *
  1366. * Requires: @old->ns->lock held
  1367. */
  1368. void __aafs_profile_migrate_dents(struct aa_profile *old,
  1369. struct aa_profile *new)
  1370. {
  1371. int i;
  1372. AA_BUG(!old);
  1373. AA_BUG(!new);
  1374. AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock));
  1375. for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
  1376. new->dents[i] = old->dents[i];
  1377. if (new->dents[i]) {
  1378. struct inode *inode = d_inode(new->dents[i]);
  1379. inode_set_mtime_to_ts(inode,
  1380. inode_set_ctime_current(inode));
  1381. }
  1382. old->dents[i] = NULL;
  1383. }
  1384. }
  1385. static struct dentry *create_profile_file(struct dentry *dir, const char *name,
  1386. struct aa_profile *profile,
  1387. const struct file_operations *fops)
  1388. {
  1389. return aafs_create_file(name, S_IFREG | 0444, dir, &profile->label.proxy->count, fops);
  1390. }
  1391. #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
  1392. static int profile_depth(struct aa_profile *profile)
  1393. {
  1394. int depth = 0;
  1395. rcu_read_lock();
  1396. for (depth = 0; profile; profile = rcu_access_pointer(profile->parent))
  1397. depth++;
  1398. rcu_read_unlock();
  1399. return depth;
  1400. }
  1401. static char *gen_symlink_name(int depth, const char *dirname, const char *fname)
  1402. {
  1403. char *buffer, *s;
  1404. int error;
  1405. const char *path = "../../";
  1406. size_t path_len = strlen(path);
  1407. int size;
  1408. /* Extra 11 bytes: "raw_data" (9) + two slashes "//" (2) */
  1409. size = depth * path_len + strlen(dirname) + strlen(fname) + 11;
  1410. s = buffer = kmalloc(size, GFP_KERNEL);
  1411. if (!buffer)
  1412. return ERR_PTR(-ENOMEM);
  1413. for (; depth > 0; depth--) {
  1414. memcpy(s, path, path_len);
  1415. s += path_len;
  1416. size -= path_len;
  1417. }
  1418. error = snprintf(s, size, "raw_data/%s/%s", dirname, fname);
  1419. if (error >= size || error < 0) {
  1420. kfree(buffer);
  1421. return ERR_PTR(-ENAMETOOLONG);
  1422. }
  1423. return buffer;
  1424. }
  1425. static const char *rawdata_get_link_base(struct dentry *dentry,
  1426. struct inode *inode,
  1427. struct delayed_call *done,
  1428. const char *name)
  1429. {
  1430. struct aa_common_ref *ref = inode->i_private;
  1431. struct aa_proxy *proxy = container_of(ref, struct aa_proxy, count);
  1432. struct aa_label *label;
  1433. struct aa_profile *profile;
  1434. char *target;
  1435. int depth;
  1436. if (!dentry)
  1437. return ERR_PTR(-ECHILD);
  1438. label = aa_get_label_rcu(&proxy->label);
  1439. profile = labels_profile(label);
  1440. /* rawdata can be null when aa_g_export_binary is unset during
  1441. * runtime and a profile is replaced
  1442. */
  1443. if (!profile->rawdata) {
  1444. aa_put_label(label);
  1445. return ERR_PTR(-ENOENT);
  1446. }
  1447. depth = profile_depth(profile);
  1448. target = gen_symlink_name(depth, profile->rawdata->name, name);
  1449. aa_put_label(label);
  1450. if (IS_ERR(target))
  1451. return target;
  1452. set_delayed_call(done, kfree_link, target);
  1453. return target;
  1454. }
  1455. static const char *rawdata_get_link_sha256(struct dentry *dentry,
  1456. struct inode *inode,
  1457. struct delayed_call *done)
  1458. {
  1459. return rawdata_get_link_base(dentry, inode, done, "sha256");
  1460. }
  1461. static const char *rawdata_get_link_abi(struct dentry *dentry,
  1462. struct inode *inode,
  1463. struct delayed_call *done)
  1464. {
  1465. return rawdata_get_link_base(dentry, inode, done, "abi");
  1466. }
  1467. static const char *rawdata_get_link_data(struct dentry *dentry,
  1468. struct inode *inode,
  1469. struct delayed_call *done)
  1470. {
  1471. return rawdata_get_link_base(dentry, inode, done, "raw_data");
  1472. }
  1473. static const struct inode_operations rawdata_link_sha256_iops = {
  1474. .get_link = rawdata_get_link_sha256,
  1475. };
  1476. static const struct inode_operations rawdata_link_abi_iops = {
  1477. .get_link = rawdata_get_link_abi,
  1478. };
  1479. static const struct inode_operations rawdata_link_data_iops = {
  1480. .get_link = rawdata_get_link_data,
  1481. };
  1482. #endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
  1483. /*
  1484. * Requires: @profile->ns->lock held
  1485. */
  1486. int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
  1487. {
  1488. struct aa_profile *child;
  1489. struct dentry *dent = NULL, *dir;
  1490. int error;
  1491. AA_BUG(!profile);
  1492. AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock));
  1493. if (!parent) {
  1494. struct aa_profile *p;
  1495. p = aa_deref_parent(profile);
  1496. dent = prof_dir(p);
  1497. if (!dent) {
  1498. error = -ENOENT;
  1499. goto fail2;
  1500. }
  1501. /* adding to parent that previously didn't have children */
  1502. dent = aafs_create_dir("profiles", dent);
  1503. if (IS_ERR(dent))
  1504. goto fail;
  1505. prof_child_dir(p) = parent = dent;
  1506. }
  1507. if (!profile->dirname) {
  1508. int len, id_len;
  1509. len = mangle_name(profile->base.name, NULL);
  1510. id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
  1511. profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
  1512. if (!profile->dirname) {
  1513. error = -ENOMEM;
  1514. goto fail2;
  1515. }
  1516. mangle_name(profile->base.name, profile->dirname);
  1517. sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
  1518. }
  1519. dent = aafs_create_dir(profile->dirname, parent);
  1520. if (IS_ERR(dent))
  1521. goto fail;
  1522. prof_dir(profile) = dir = dent;
  1523. dent = create_profile_file(dir, "name", profile,
  1524. &seq_profile_name_fops);
  1525. if (IS_ERR(dent))
  1526. goto fail;
  1527. profile->dents[AAFS_PROF_NAME] = dent;
  1528. dent = create_profile_file(dir, "mode", profile,
  1529. &seq_profile_mode_fops);
  1530. if (IS_ERR(dent))
  1531. goto fail;
  1532. profile->dents[AAFS_PROF_MODE] = dent;
  1533. dent = create_profile_file(dir, "attach", profile,
  1534. &seq_profile_attach_fops);
  1535. if (IS_ERR(dent))
  1536. goto fail;
  1537. profile->dents[AAFS_PROF_ATTACH] = dent;
  1538. if (profile->hash) {
  1539. dent = create_profile_file(dir, "sha256", profile,
  1540. &seq_profile_hash_fops);
  1541. if (IS_ERR(dent))
  1542. goto fail;
  1543. profile->dents[AAFS_PROF_HASH] = dent;
  1544. }
  1545. #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
  1546. if (profile->rawdata) {
  1547. if (aa_g_hash_policy) {
  1548. dent = aafs_create("raw_sha256", S_IFLNK | 0444, dir,
  1549. &profile->label.proxy->count, NULL,
  1550. NULL, &rawdata_link_sha256_iops);
  1551. if (IS_ERR(dent))
  1552. goto fail;
  1553. profile->dents[AAFS_PROF_RAW_HASH] = dent;
  1554. }
  1555. dent = aafs_create("raw_abi", S_IFLNK | 0444, dir,
  1556. &profile->label.proxy->count, NULL, NULL,
  1557. &rawdata_link_abi_iops);
  1558. if (IS_ERR(dent))
  1559. goto fail;
  1560. profile->dents[AAFS_PROF_RAW_ABI] = dent;
  1561. dent = aafs_create("raw_data", S_IFLNK | 0444, dir,
  1562. &profile->label.proxy->count, NULL, NULL,
  1563. &rawdata_link_data_iops);
  1564. if (IS_ERR(dent))
  1565. goto fail;
  1566. profile->dents[AAFS_PROF_RAW_DATA] = dent;
  1567. }
  1568. #endif /*CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
  1569. list_for_each_entry(child, &profile->base.profiles, base.list) {
  1570. error = __aafs_profile_mkdir(child, prof_child_dir(profile));
  1571. if (error)
  1572. goto fail2;
  1573. }
  1574. return 0;
  1575. fail:
  1576. error = PTR_ERR(dent);
  1577. fail2:
  1578. __aafs_profile_rmdir(profile);
  1579. return error;
  1580. }
  1581. static struct dentry *ns_mkdir_op(struct mnt_idmap *idmap, struct inode *dir,
  1582. struct dentry *dentry, umode_t mode)
  1583. {
  1584. struct aa_ns *ns, *parent;
  1585. /* TODO: improve permission check */
  1586. struct aa_label *label;
  1587. int error;
  1588. label = begin_current_label_crit_section();
  1589. error = aa_may_manage_policy(current_cred(), label, NULL, NULL,
  1590. AA_MAY_LOAD_POLICY);
  1591. end_current_label_crit_section(label);
  1592. if (error)
  1593. return ERR_PTR(error);
  1594. parent = get_ns_common_ref(dir->i_private);
  1595. AA_BUG(d_inode(ns_subns_dir(parent)) != dir);
  1596. /* we have to unlock and then relock to get locking order right
  1597. * for pin_fs
  1598. */
  1599. inode_unlock(dir);
  1600. error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
  1601. mutex_lock_nested(&parent->lock, parent->level);
  1602. inode_lock_nested(dir, I_MUTEX_PARENT);
  1603. if (error)
  1604. goto out;
  1605. error = __aafs_setup_d_inode(dir, dentry, mode | S_IFDIR, NULL,
  1606. NULL, NULL, NULL);
  1607. if (error)
  1608. goto out_pin;
  1609. ns = __aa_find_or_create_ns(parent, READ_ONCE(dentry->d_name.name),
  1610. dentry);
  1611. if (IS_ERR(ns)) {
  1612. error = PTR_ERR(ns);
  1613. ns = NULL;
  1614. }
  1615. aa_put_ns(ns); /* list ref remains */
  1616. out_pin:
  1617. if (error)
  1618. simple_release_fs(&aafs_mnt, &aafs_count);
  1619. out:
  1620. mutex_unlock(&parent->lock);
  1621. aa_put_ns(parent);
  1622. return ERR_PTR(error);
  1623. }
  1624. static int ns_rmdir_op(struct inode *dir, struct dentry *dentry)
  1625. {
  1626. struct aa_ns *ns, *parent;
  1627. /* TODO: improve permission check */
  1628. struct aa_label *label;
  1629. int error;
  1630. label = begin_current_label_crit_section();
  1631. error = aa_may_manage_policy(current_cred(), label, NULL, NULL,
  1632. AA_MAY_LOAD_POLICY);
  1633. end_current_label_crit_section(label);
  1634. if (error)
  1635. return error;
  1636. parent = get_ns_common_ref(dir->i_private);
  1637. /* rmdir calls the generic securityfs functions to remove files
  1638. * from the apparmor dir. It is up to the apparmor ns locking
  1639. * to avoid races.
  1640. */
  1641. inode_unlock(dir);
  1642. inode_unlock(dentry->d_inode);
  1643. mutex_lock_nested(&parent->lock, parent->level);
  1644. ns = aa_get_ns(__aa_findn_ns(&parent->sub_ns, dentry->d_name.name,
  1645. dentry->d_name.len));
  1646. if (!ns) {
  1647. error = -ENOENT;
  1648. goto out;
  1649. }
  1650. AA_BUG(ns_dir(ns) != dentry);
  1651. __aa_remove_ns(ns);
  1652. aa_put_ns(ns);
  1653. out:
  1654. mutex_unlock(&parent->lock);
  1655. inode_lock_nested(dir, I_MUTEX_PARENT);
  1656. inode_lock(dentry->d_inode);
  1657. aa_put_ns(parent);
  1658. return error;
  1659. }
  1660. static const struct inode_operations ns_dir_inode_operations = {
  1661. .lookup = simple_lookup,
  1662. .mkdir = ns_mkdir_op,
  1663. .rmdir = ns_rmdir_op,
  1664. };
  1665. static void __aa_fs_list_remove_rawdata(struct aa_ns *ns)
  1666. {
  1667. struct aa_loaddata *ent, *tmp;
  1668. AA_BUG(!mutex_is_locked(&ns->lock));
  1669. list_for_each_entry_safe(ent, tmp, &ns->rawdata_list, list)
  1670. __aa_fs_remove_rawdata(ent);
  1671. }
  1672. /*
  1673. *
  1674. * Requires: @ns->lock held
  1675. */
  1676. void __aafs_ns_rmdir(struct aa_ns *ns)
  1677. {
  1678. struct aa_ns *sub;
  1679. struct aa_profile *child;
  1680. int i;
  1681. if (!ns)
  1682. return;
  1683. AA_BUG(!mutex_is_locked(&ns->lock));
  1684. list_for_each_entry(child, &ns->base.profiles, base.list)
  1685. __aafs_profile_rmdir(child);
  1686. list_for_each_entry(sub, &ns->sub_ns, base.list) {
  1687. mutex_lock_nested(&sub->lock, sub->level);
  1688. __aafs_ns_rmdir(sub);
  1689. mutex_unlock(&sub->lock);
  1690. }
  1691. __aa_fs_list_remove_rawdata(ns);
  1692. for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) {
  1693. aafs_remove(ns->dents[i]);
  1694. ns->dents[i] = NULL;
  1695. }
  1696. }
  1697. /* assumes cleanup in caller */
  1698. static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir)
  1699. {
  1700. struct dentry *dent;
  1701. AA_BUG(!ns);
  1702. AA_BUG(!dir);
  1703. dent = aafs_create_dir("profiles", dir);
  1704. if (IS_ERR(dent))
  1705. return PTR_ERR(dent);
  1706. ns_subprofs_dir(ns) = dent;
  1707. dent = aafs_create_dir("raw_data", dir);
  1708. if (IS_ERR(dent))
  1709. return PTR_ERR(dent);
  1710. ns_subdata_dir(ns) = dent;
  1711. dent = aafs_create_file("revision", 0444, dir,
  1712. &ns->unconfined->label.count,
  1713. &aa_fs_ns_revision_fops);
  1714. if (IS_ERR(dent))
  1715. return PTR_ERR(dent);
  1716. ns_subrevision(ns) = dent;
  1717. dent = aafs_create_file(".load", 0640, dir,
  1718. &ns->unconfined->label.count,
  1719. &aa_fs_profile_load);
  1720. if (IS_ERR(dent))
  1721. return PTR_ERR(dent);
  1722. ns_subload(ns) = dent;
  1723. dent = aafs_create_file(".replace", 0640, dir,
  1724. &ns->unconfined->label.count,
  1725. &aa_fs_profile_replace);
  1726. if (IS_ERR(dent))
  1727. return PTR_ERR(dent);
  1728. ns_subreplace(ns) = dent;
  1729. dent = aafs_create_file(".remove", 0640, dir,
  1730. &ns->unconfined->label.count,
  1731. &aa_fs_profile_remove);
  1732. if (IS_ERR(dent))
  1733. return PTR_ERR(dent);
  1734. ns_subremove(ns) = dent;
  1735. /* use create_dentry so we can supply private data */
  1736. dent = aafs_create("namespaces", S_IFDIR | 0755, dir,
  1737. &ns->unconfined->label.count,
  1738. NULL, NULL, &ns_dir_inode_operations);
  1739. if (IS_ERR(dent))
  1740. return PTR_ERR(dent);
  1741. ns_subns_dir(ns) = dent;
  1742. return 0;
  1743. }
  1744. /*
  1745. * Requires: @ns->lock held
  1746. */
  1747. int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
  1748. struct dentry *dent)
  1749. {
  1750. struct aa_ns *sub;
  1751. struct aa_profile *child;
  1752. struct dentry *dir;
  1753. int error;
  1754. AA_BUG(!ns);
  1755. AA_BUG(!parent);
  1756. AA_BUG(!mutex_is_locked(&ns->lock));
  1757. if (!name)
  1758. name = ns->base.name;
  1759. if (!dent) {
  1760. /* create ns dir if it doesn't already exist */
  1761. dent = aafs_create_dir(name, parent);
  1762. if (IS_ERR(dent))
  1763. goto fail;
  1764. } else
  1765. dget(dent);
  1766. ns_dir(ns) = dir = dent;
  1767. error = __aafs_ns_mkdir_entries(ns, dir);
  1768. if (error)
  1769. goto fail2;
  1770. /* profiles */
  1771. list_for_each_entry(child, &ns->base.profiles, base.list) {
  1772. error = __aafs_profile_mkdir(child, ns_subprofs_dir(ns));
  1773. if (error)
  1774. goto fail2;
  1775. }
  1776. /* subnamespaces */
  1777. list_for_each_entry(sub, &ns->sub_ns, base.list) {
  1778. mutex_lock_nested(&sub->lock, sub->level);
  1779. error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL);
  1780. mutex_unlock(&sub->lock);
  1781. if (error)
  1782. goto fail2;
  1783. }
  1784. return 0;
  1785. fail:
  1786. error = PTR_ERR(dent);
  1787. fail2:
  1788. __aafs_ns_rmdir(ns);
  1789. return error;
  1790. }
  1791. /**
  1792. * __next_ns - find the next namespace to list
  1793. * @root: root namespace to stop search at (NOT NULL)
  1794. * @ns: current ns position (NOT NULL)
  1795. *
  1796. * Find the next namespace from @ns under @root and handle all locking needed
  1797. * while switching current namespace.
  1798. *
  1799. * Returns: next namespace or NULL if at last namespace under @root
  1800. * Requires: ns->parent->lock to be held
  1801. * NOTE: will not unlock root->lock
  1802. */
  1803. static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns)
  1804. {
  1805. struct aa_ns *parent, *next;
  1806. AA_BUG(!root);
  1807. AA_BUG(!ns);
  1808. AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock));
  1809. /* is next namespace a child */
  1810. if (!list_empty(&ns->sub_ns)) {
  1811. next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
  1812. mutex_lock_nested(&next->lock, next->level);
  1813. return next;
  1814. }
  1815. /* check if the next ns is a sibling, parent, gp, .. */
  1816. parent = ns->parent;
  1817. while (ns != root) {
  1818. mutex_unlock(&ns->lock);
  1819. next = list_next_entry(ns, base.list);
  1820. if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
  1821. mutex_lock_nested(&next->lock, next->level);
  1822. return next;
  1823. }
  1824. ns = parent;
  1825. parent = parent->parent;
  1826. }
  1827. return NULL;
  1828. }
  1829. /**
  1830. * __first_profile - find the first profile in a namespace
  1831. * @root: namespace that is root of profiles being displayed (NOT NULL)
  1832. * @ns: namespace to start in (NOT NULL)
  1833. *
  1834. * Returns: unrefcounted profile or NULL if no profile
  1835. * Requires: profile->ns.lock to be held
  1836. */
  1837. static struct aa_profile *__first_profile(struct aa_ns *root,
  1838. struct aa_ns *ns)
  1839. {
  1840. AA_BUG(!root);
  1841. AA_BUG(ns && !mutex_is_locked(&ns->lock));
  1842. for (; ns; ns = __next_ns(root, ns)) {
  1843. if (!list_empty(&ns->base.profiles))
  1844. return list_first_entry(&ns->base.profiles,
  1845. struct aa_profile, base.list);
  1846. }
  1847. return NULL;
  1848. }
  1849. /**
  1850. * __next_profile - step to the next profile in a profile tree
  1851. * @p: current profile in tree (NOT NULL)
  1852. *
  1853. * Perform a depth first traversal on the profile tree in a namespace
  1854. *
  1855. * Returns: next profile or NULL if done
  1856. * Requires: profile->ns.lock to be held
  1857. */
  1858. static struct aa_profile *__next_profile(struct aa_profile *p)
  1859. {
  1860. struct aa_profile *parent;
  1861. struct aa_ns *ns = p->ns;
  1862. AA_BUG(!mutex_is_locked(&profiles_ns(p)->lock));
  1863. /* is next profile a child */
  1864. if (!list_empty(&p->base.profiles))
  1865. return list_first_entry(&p->base.profiles, typeof(*p),
  1866. base.list);
  1867. /* is next profile a sibling, parent sibling, gp, sibling, .. */
  1868. parent = rcu_dereference_protected(p->parent,
  1869. mutex_is_locked(&p->ns->lock));
  1870. while (parent) {
  1871. p = list_next_entry(p, base.list);
  1872. if (!list_entry_is_head(p, &parent->base.profiles, base.list))
  1873. return p;
  1874. p = parent;
  1875. parent = rcu_dereference_protected(parent->parent,
  1876. mutex_is_locked(&parent->ns->lock));
  1877. }
  1878. /* is next another profile in the namespace */
  1879. p = list_next_entry(p, base.list);
  1880. if (!list_entry_is_head(p, &ns->base.profiles, base.list))
  1881. return p;
  1882. return NULL;
  1883. }
  1884. /**
  1885. * next_profile - step to the next profile in where ever it may be
  1886. * @root: root namespace (NOT NULL)
  1887. * @profile: current profile (NOT NULL)
  1888. *
  1889. * Returns: next profile or NULL if there isn't one
  1890. */
  1891. static struct aa_profile *next_profile(struct aa_ns *root,
  1892. struct aa_profile *profile)
  1893. {
  1894. struct aa_profile *next = __next_profile(profile);
  1895. if (next)
  1896. return next;
  1897. /* finished all profiles in namespace move to next namespace */
  1898. return __first_profile(root, __next_ns(root, profile->ns));
  1899. }
  1900. /**
  1901. * p_start - start a depth first traversal of profile tree
  1902. * @f: seq_file to fill
  1903. * @pos: current position
  1904. *
  1905. * Returns: first profile under current namespace or NULL if none found
  1906. *
  1907. * acquires first ns->lock
  1908. */
  1909. static void *p_start(struct seq_file *f, loff_t *pos)
  1910. {
  1911. struct aa_profile *profile = NULL;
  1912. struct aa_ns *root = aa_get_current_ns();
  1913. loff_t l = *pos;
  1914. f->private = root;
  1915. /* find the first profile */
  1916. mutex_lock_nested(&root->lock, root->level);
  1917. profile = __first_profile(root, root);
  1918. /* skip to position */
  1919. for (; profile && l > 0; l--)
  1920. profile = next_profile(root, profile);
  1921. return profile;
  1922. }
  1923. /**
  1924. * p_next - read the next profile entry
  1925. * @f: seq_file to fill
  1926. * @p: profile previously returned
  1927. * @pos: current position
  1928. *
  1929. * Returns: next profile after @p or NULL if none
  1930. *
  1931. * may acquire/release locks in namespace tree as necessary
  1932. */
  1933. static void *p_next(struct seq_file *f, void *p, loff_t *pos)
  1934. {
  1935. struct aa_profile *profile = p;
  1936. struct aa_ns *ns = f->private;
  1937. (*pos)++;
  1938. return next_profile(ns, profile);
  1939. }
  1940. /**
  1941. * p_stop - stop depth first traversal
  1942. * @f: seq_file we are filling
  1943. * @p: the last profile written
  1944. *
  1945. * Release all locking done by p_start/p_next on namespace tree
  1946. */
  1947. static void p_stop(struct seq_file *f, void *p)
  1948. {
  1949. struct aa_profile *profile = p;
  1950. struct aa_ns *root = f->private, *ns;
  1951. if (profile) {
  1952. for (ns = profile->ns; ns && ns != root; ns = ns->parent)
  1953. mutex_unlock(&ns->lock);
  1954. }
  1955. mutex_unlock(&root->lock);
  1956. aa_put_ns(root);
  1957. }
  1958. /**
  1959. * seq_show_profile - show a profile entry
  1960. * @f: seq_file to file
  1961. * @p: current position (profile) (NOT NULL)
  1962. *
  1963. * Returns: error on failure
  1964. */
  1965. static int seq_show_profile(struct seq_file *f, void *p)
  1966. {
  1967. struct aa_profile *profile = (struct aa_profile *)p;
  1968. struct aa_ns *root = f->private;
  1969. aa_label_seq_xprint(f, root, &profile->label,
  1970. FLAG_SHOW_MODE | FLAG_VIEW_SUBNS, GFP_KERNEL);
  1971. seq_putc(f, '\n');
  1972. return 0;
  1973. }
  1974. static const struct seq_operations aa_sfs_profiles_op = {
  1975. .start = p_start,
  1976. .next = p_next,
  1977. .stop = p_stop,
  1978. .show = seq_show_profile,
  1979. };
  1980. static int profiles_open(struct inode *inode, struct file *file)
  1981. {
  1982. if (!aa_current_policy_view_capable(NULL))
  1983. return -EACCES;
  1984. return seq_open(file, &aa_sfs_profiles_op);
  1985. }
  1986. static int profiles_release(struct inode *inode, struct file *file)
  1987. {
  1988. return seq_release(inode, file);
  1989. }
  1990. static const struct file_operations aa_sfs_profiles_fops = {
  1991. .open = profiles_open,
  1992. .read = seq_read,
  1993. .llseek = seq_lseek,
  1994. .release = profiles_release,
  1995. };
  1996. /** Base file system setup **/
  1997. static struct aa_sfs_entry aa_sfs_entry_file[] = {
  1998. AA_SFS_FILE_STRING("mask",
  1999. "create read write exec append mmap_exec link lock"),
  2000. { }
  2001. };
  2002. static struct aa_sfs_entry aa_sfs_entry_ptrace[] = {
  2003. AA_SFS_FILE_STRING("mask", "read trace"),
  2004. { }
  2005. };
  2006. static struct aa_sfs_entry aa_sfs_entry_signal[] = {
  2007. AA_SFS_FILE_STRING("mask", AA_SFS_SIG_MASK),
  2008. { }
  2009. };
  2010. static struct aa_sfs_entry aa_sfs_entry_attach[] = {
  2011. AA_SFS_FILE_BOOLEAN("xattr", 1),
  2012. { }
  2013. };
  2014. static struct aa_sfs_entry aa_sfs_entry_domain[] = {
  2015. AA_SFS_FILE_BOOLEAN("change_hat", 1),
  2016. AA_SFS_FILE_BOOLEAN("change_hatv", 1),
  2017. AA_SFS_FILE_BOOLEAN("unconfined_allowed_children", 1),
  2018. AA_SFS_FILE_BOOLEAN("change_onexec", 1),
  2019. AA_SFS_FILE_BOOLEAN("change_profile", 1),
  2020. AA_SFS_FILE_BOOLEAN("stack", 1),
  2021. AA_SFS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1),
  2022. AA_SFS_FILE_BOOLEAN("post_nnp_subset", 1),
  2023. AA_SFS_FILE_BOOLEAN("computed_longest_left", 1),
  2024. AA_SFS_DIR("attach_conditions", aa_sfs_entry_attach),
  2025. AA_SFS_FILE_BOOLEAN("disconnected.path", 1),
  2026. AA_SFS_FILE_BOOLEAN("kill.signal", 1),
  2027. AA_SFS_FILE_STRING("version", "1.2"),
  2028. { }
  2029. };
  2030. static struct aa_sfs_entry aa_sfs_entry_unconfined[] = {
  2031. AA_SFS_FILE_BOOLEAN("change_profile", 1),
  2032. { }
  2033. };
  2034. static struct aa_sfs_entry aa_sfs_entry_versions[] = {
  2035. AA_SFS_FILE_BOOLEAN("v5", 1),
  2036. AA_SFS_FILE_BOOLEAN("v6", 1),
  2037. AA_SFS_FILE_BOOLEAN("v7", 1),
  2038. AA_SFS_FILE_BOOLEAN("v8", 1),
  2039. AA_SFS_FILE_BOOLEAN("v9", 1),
  2040. { }
  2041. };
  2042. #define PERMS32STR "allow deny subtree cond kill complain prompt audit quiet hide xindex tag label"
  2043. static struct aa_sfs_entry aa_sfs_entry_policy[] = {
  2044. AA_SFS_DIR("versions", aa_sfs_entry_versions),
  2045. AA_SFS_FILE_BOOLEAN("set_load", 1),
  2046. /* number of out of band transitions supported */
  2047. AA_SFS_FILE_U64("outofband", MAX_OOB_SUPPORTED),
  2048. AA_SFS_FILE_U64("permstable32_version", 3),
  2049. AA_SFS_FILE_STRING("permstable32", PERMS32STR),
  2050. AA_SFS_FILE_U64("state32", 1),
  2051. AA_SFS_DIR("unconfined_restrictions", aa_sfs_entry_unconfined),
  2052. { }
  2053. };
  2054. static struct aa_sfs_entry aa_sfs_entry_mount[] = {
  2055. AA_SFS_FILE_STRING("mask", "mount umount pivot_root"),
  2056. AA_SFS_FILE_STRING("move_mount", "detached"),
  2057. { }
  2058. };
  2059. static struct aa_sfs_entry aa_sfs_entry_ns[] = {
  2060. AA_SFS_FILE_BOOLEAN("profile", 1),
  2061. AA_SFS_FILE_BOOLEAN("pivot_root", 0),
  2062. AA_SFS_FILE_STRING("mask", "userns_create"),
  2063. { }
  2064. };
  2065. static struct aa_sfs_entry aa_sfs_entry_dbus[] = {
  2066. AA_SFS_FILE_STRING("mask", "acquire send receive"),
  2067. { }
  2068. };
  2069. static struct aa_sfs_entry aa_sfs_entry_query_label[] = {
  2070. AA_SFS_FILE_STRING("perms", "allow deny audit quiet"),
  2071. AA_SFS_FILE_BOOLEAN("data", 1),
  2072. AA_SFS_FILE_BOOLEAN("multi_transaction", 1),
  2073. { }
  2074. };
  2075. static struct aa_sfs_entry aa_sfs_entry_query[] = {
  2076. AA_SFS_DIR("label", aa_sfs_entry_query_label),
  2077. { }
  2078. };
  2079. static struct aa_sfs_entry aa_sfs_entry_io_uring[] = {
  2080. AA_SFS_FILE_STRING("mask", "sqpoll override_creds"),
  2081. { }
  2082. };
  2083. static struct aa_sfs_entry aa_sfs_entry_features[] = {
  2084. AA_SFS_DIR("policy", aa_sfs_entry_policy),
  2085. AA_SFS_DIR("domain", aa_sfs_entry_domain),
  2086. AA_SFS_DIR("file", aa_sfs_entry_file),
  2087. AA_SFS_DIR("network_v8", aa_sfs_entry_network),
  2088. AA_SFS_DIR("network_v9", aa_sfs_entry_networkv9),
  2089. AA_SFS_DIR("mount", aa_sfs_entry_mount),
  2090. AA_SFS_DIR("namespaces", aa_sfs_entry_ns),
  2091. AA_SFS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
  2092. AA_SFS_DIR("rlimit", aa_sfs_entry_rlimit),
  2093. AA_SFS_DIR("caps", aa_sfs_entry_caps),
  2094. AA_SFS_DIR("ptrace", aa_sfs_entry_ptrace),
  2095. AA_SFS_DIR("signal", aa_sfs_entry_signal),
  2096. AA_SFS_DIR("dbus", aa_sfs_entry_dbus),
  2097. AA_SFS_DIR("query", aa_sfs_entry_query),
  2098. AA_SFS_DIR("io_uring", aa_sfs_entry_io_uring),
  2099. { }
  2100. };
  2101. static struct aa_sfs_entry aa_sfs_entry_apparmor[] = {
  2102. AA_SFS_FILE_FOPS(".access", 0666, &aa_sfs_access),
  2103. AA_SFS_FILE_FOPS(".stacked", 0444, &seq_ns_stacked_fops),
  2104. AA_SFS_FILE_FOPS(".ns_stacked", 0444, &seq_ns_nsstacked_fops),
  2105. AA_SFS_FILE_FOPS(".ns_level", 0444, &seq_ns_level_fops),
  2106. AA_SFS_FILE_FOPS(".ns_name", 0444, &seq_ns_name_fops),
  2107. AA_SFS_FILE_FOPS("profiles", 0444, &aa_sfs_profiles_fops),
  2108. AA_SFS_FILE_FOPS("raw_data_compression_level_min", 0444, &seq_ns_compress_min_fops),
  2109. AA_SFS_FILE_FOPS("raw_data_compression_level_max", 0444, &seq_ns_compress_max_fops),
  2110. AA_SFS_DIR("features", aa_sfs_entry_features),
  2111. { }
  2112. };
  2113. static struct aa_sfs_entry aa_sfs_entry =
  2114. AA_SFS_DIR("apparmor", aa_sfs_entry_apparmor);
  2115. /**
  2116. * entry_create_file - create a file entry in the apparmor securityfs
  2117. * @fs_file: aa_sfs_entry to build an entry for (NOT NULL)
  2118. * @parent: the parent dentry in the securityfs
  2119. *
  2120. * Use entry_remove_file to remove entries created with this fn.
  2121. */
  2122. static int __init entry_create_file(struct aa_sfs_entry *fs_file,
  2123. struct dentry *parent)
  2124. {
  2125. int error = 0;
  2126. fs_file->dentry = securityfs_create_file(fs_file->name,
  2127. S_IFREG | fs_file->mode,
  2128. parent, fs_file,
  2129. fs_file->file_ops);
  2130. if (IS_ERR(fs_file->dentry)) {
  2131. error = PTR_ERR(fs_file->dentry);
  2132. fs_file->dentry = NULL;
  2133. }
  2134. return error;
  2135. }
  2136. static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir);
  2137. /**
  2138. * entry_create_dir - recursively create a directory entry in the securityfs
  2139. * @fs_dir: aa_sfs_entry (and all child entries) to build (NOT NULL)
  2140. * @parent: the parent dentry in the securityfs
  2141. *
  2142. * Use entry_remove_dir to remove entries created with this fn.
  2143. */
  2144. static int __init entry_create_dir(struct aa_sfs_entry *fs_dir,
  2145. struct dentry *parent)
  2146. {
  2147. struct aa_sfs_entry *fs_file;
  2148. struct dentry *dir;
  2149. int error;
  2150. dir = securityfs_create_dir(fs_dir->name, parent);
  2151. if (IS_ERR(dir))
  2152. return PTR_ERR(dir);
  2153. fs_dir->dentry = dir;
  2154. for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
  2155. if (fs_file->v_type == AA_SFS_TYPE_DIR)
  2156. error = entry_create_dir(fs_file, fs_dir->dentry);
  2157. else
  2158. error = entry_create_file(fs_file, fs_dir->dentry);
  2159. if (error)
  2160. goto failed;
  2161. }
  2162. return 0;
  2163. failed:
  2164. entry_remove_dir(fs_dir);
  2165. return error;
  2166. }
  2167. /**
  2168. * entry_remove_file - drop a single file entry in the apparmor securityfs
  2169. * @fs_file: aa_sfs_entry to detach from the securityfs (NOT NULL)
  2170. */
  2171. static void __init entry_remove_file(struct aa_sfs_entry *fs_file)
  2172. {
  2173. if (!fs_file->dentry)
  2174. return;
  2175. securityfs_remove(fs_file->dentry);
  2176. fs_file->dentry = NULL;
  2177. }
  2178. /**
  2179. * entry_remove_dir - recursively drop a directory entry from the securityfs
  2180. * @fs_dir: aa_sfs_entry (and all child entries) to detach (NOT NULL)
  2181. */
  2182. static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir)
  2183. {
  2184. struct aa_sfs_entry *fs_file;
  2185. for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
  2186. if (fs_file->v_type == AA_SFS_TYPE_DIR)
  2187. entry_remove_dir(fs_file);
  2188. else
  2189. entry_remove_file(fs_file);
  2190. }
  2191. entry_remove_file(fs_dir);
  2192. }
  2193. /**
  2194. * aa_destroy_aafs - cleanup and free aafs
  2195. *
  2196. * releases dentries allocated by aa_create_aafs
  2197. */
  2198. void __init aa_destroy_aafs(void)
  2199. {
  2200. entry_remove_dir(&aa_sfs_entry);
  2201. }
  2202. #define NULL_FILE_NAME ".null"
  2203. struct path aa_null;
  2204. static int aa_mk_null_file(struct dentry *parent)
  2205. {
  2206. struct vfsmount *mount = NULL;
  2207. struct dentry *dentry;
  2208. struct inode *inode;
  2209. int count = 0;
  2210. int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count);
  2211. if (error)
  2212. return error;
  2213. inode_lock(d_inode(parent));
  2214. dentry = lookup_noperm(&QSTR(NULL_FILE_NAME), parent);
  2215. if (IS_ERR(dentry)) {
  2216. error = PTR_ERR(dentry);
  2217. goto out;
  2218. }
  2219. inode = new_inode(parent->d_inode->i_sb);
  2220. if (!inode) {
  2221. error = -ENOMEM;
  2222. goto out1;
  2223. }
  2224. inode->i_ino = get_next_ino();
  2225. inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
  2226. simple_inode_init_ts(inode);
  2227. init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO,
  2228. MKDEV(MEM_MAJOR, 3));
  2229. d_instantiate(dentry, inode);
  2230. aa_null.dentry = dget(dentry);
  2231. aa_null.mnt = mntget(mount);
  2232. error = 0;
  2233. out1:
  2234. dput(dentry);
  2235. out:
  2236. inode_unlock(d_inode(parent));
  2237. simple_release_fs(&mount, &count);
  2238. return error;
  2239. }
  2240. static const char *policy_get_link(struct dentry *dentry,
  2241. struct inode *inode,
  2242. struct delayed_call *done)
  2243. {
  2244. struct aa_ns *ns;
  2245. struct path path;
  2246. int error;
  2247. if (!dentry)
  2248. return ERR_PTR(-ECHILD);
  2249. ns = aa_get_current_ns();
  2250. path.mnt = mntget(aafs_mnt);
  2251. path.dentry = dget(ns_dir(ns));
  2252. error = nd_jump_link(&path);
  2253. aa_put_ns(ns);
  2254. return ERR_PTR(error);
  2255. }
  2256. static int policy_readlink(struct dentry *dentry, char __user *buffer,
  2257. int buflen)
  2258. {
  2259. char name[32];
  2260. int res;
  2261. res = snprintf(name, sizeof(name), "%s:[%lu]", AAFS_NAME,
  2262. d_inode(dentry)->i_ino);
  2263. if (res > 0 && res < sizeof(name))
  2264. res = readlink_copy(buffer, buflen, name, strlen(name));
  2265. else
  2266. res = -ENOENT;
  2267. return res;
  2268. }
  2269. static const struct inode_operations policy_link_iops = {
  2270. .readlink = policy_readlink,
  2271. .get_link = policy_get_link,
  2272. };
  2273. /**
  2274. * aa_create_aafs - create the apparmor security filesystem
  2275. *
  2276. * dentries created here are released by aa_destroy_aafs
  2277. *
  2278. * Returns: error on failure
  2279. */
  2280. int __init aa_create_aafs(void)
  2281. {
  2282. struct dentry *dent;
  2283. int error;
  2284. if (!apparmor_initialized)
  2285. return 0;
  2286. if (aa_sfs_entry.dentry) {
  2287. AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
  2288. return -EEXIST;
  2289. }
  2290. /* setup apparmorfs used to virtualize policy/ */
  2291. aafs_mnt = kern_mount(&aafs_ops);
  2292. if (IS_ERR(aafs_mnt))
  2293. panic("can't set apparmorfs up\n");
  2294. aafs_mnt->mnt_sb->s_flags &= ~SB_NOUSER;
  2295. /* Populate fs tree. */
  2296. error = entry_create_dir(&aa_sfs_entry, NULL);
  2297. if (error)
  2298. goto error;
  2299. dent = securityfs_create_file(".load", 0666, aa_sfs_entry.dentry,
  2300. NULL, &aa_fs_profile_load);
  2301. if (IS_ERR(dent))
  2302. goto dent_error;
  2303. ns_subload(root_ns) = dent;
  2304. dent = securityfs_create_file(".replace", 0666, aa_sfs_entry.dentry,
  2305. NULL, &aa_fs_profile_replace);
  2306. if (IS_ERR(dent))
  2307. goto dent_error;
  2308. ns_subreplace(root_ns) = dent;
  2309. dent = securityfs_create_file(".remove", 0666, aa_sfs_entry.dentry,
  2310. NULL, &aa_fs_profile_remove);
  2311. if (IS_ERR(dent))
  2312. goto dent_error;
  2313. ns_subremove(root_ns) = dent;
  2314. dent = securityfs_create_file("revision", 0444, aa_sfs_entry.dentry,
  2315. NULL, &aa_fs_ns_revision_fops);
  2316. if (IS_ERR(dent))
  2317. goto dent_error;
  2318. ns_subrevision(root_ns) = dent;
  2319. /* policy tree referenced by magic policy symlink */
  2320. mutex_lock_nested(&root_ns->lock, root_ns->level);
  2321. error = __aafs_ns_mkdir(root_ns, aafs_mnt->mnt_root, ".policy",
  2322. aafs_mnt->mnt_root);
  2323. mutex_unlock(&root_ns->lock);
  2324. if (error)
  2325. goto error;
  2326. /* magic symlink similar to nsfs redirects based on task policy */
  2327. dent = securityfs_create_symlink("policy", aa_sfs_entry.dentry,
  2328. NULL, &policy_link_iops);
  2329. if (IS_ERR(dent))
  2330. goto dent_error;
  2331. error = aa_mk_null_file(aa_sfs_entry.dentry);
  2332. if (error)
  2333. goto error;
  2334. /* TODO: add default profile to apparmorfs */
  2335. /* Report that AppArmor fs is enabled */
  2336. aa_info_message("AppArmor Filesystem Enabled");
  2337. return 0;
  2338. dent_error:
  2339. error = PTR_ERR(dent);
  2340. error:
  2341. aa_destroy_aafs();
  2342. AA_ERROR("Error creating AppArmor securityfs\n");
  2343. return error;
  2344. }