lib.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * AppArmor security module
  4. *
  5. * This file contains basic common functions used in AppArmor
  6. *
  7. * Copyright (C) 1998-2008 Novell/SUSE
  8. * Copyright 2009-2010 Canonical Ltd.
  9. */
  10. #include <linux/ctype.h>
  11. #include <linux/mm.h>
  12. #include <linux/slab.h>
  13. #include <linux/string.h>
  14. #include <linux/vmalloc.h>
  15. #include "include/audit.h"
  16. #include "include/apparmor.h"
  17. #include "include/lib.h"
  18. #include "include/perms.h"
  19. #include "include/policy.h"
  20. struct aa_perms nullperms;
  21. struct aa_perms allperms = { .allow = ALL_PERMS_MASK,
  22. .quiet = ALL_PERMS_MASK,
  23. .hide = ALL_PERMS_MASK };
  24. struct val_table_ent {
  25. const char *str;
  26. int value;
  27. };
  28. static struct val_table_ent debug_values_table[] = {
  29. { "N", DEBUG_NONE },
  30. { "none", DEBUG_NONE },
  31. { "n", DEBUG_NONE },
  32. { "0", DEBUG_NONE },
  33. { "all", DEBUG_ALL },
  34. { "Y", DEBUG_ALL },
  35. { "y", DEBUG_ALL },
  36. { "1", DEBUG_ALL },
  37. { "abs_root", DEBUG_LABEL_ABS_ROOT },
  38. { "label", DEBUG_LABEL },
  39. { "domain", DEBUG_DOMAIN },
  40. { "policy", DEBUG_POLICY },
  41. { "interface", DEBUG_INTERFACE },
  42. { "unpack", DEBUG_UNPACK },
  43. { "tags", DEBUG_TAGS },
  44. { NULL, 0 }
  45. };
  46. static struct val_table_ent *val_table_find_ent(struct val_table_ent *table,
  47. const char *name, size_t len)
  48. {
  49. struct val_table_ent *entry;
  50. for (entry = table; entry->str != NULL; entry++) {
  51. if (strncmp(entry->str, name, len) == 0 &&
  52. strlen(entry->str) == len)
  53. return entry;
  54. }
  55. return NULL;
  56. }
  57. int aa_parse_debug_params(const char *str)
  58. {
  59. struct val_table_ent *ent;
  60. const char *next;
  61. int val = 0;
  62. do {
  63. size_t n = strcspn(str, "\r\n,");
  64. next = str + n;
  65. ent = val_table_find_ent(debug_values_table, str, next - str);
  66. if (ent)
  67. val |= ent->value;
  68. else
  69. AA_DEBUG(DEBUG_INTERFACE, "unknown debug type '%.*s'",
  70. (int)(next - str), str);
  71. str = next + 1;
  72. } while (*next != 0);
  73. return val;
  74. }
  75. /**
  76. * val_mask_to_str - convert a perm mask to its short string
  77. * @str: character buffer to store string in (at least 10 characters)
  78. * @size: size of the @str buffer
  79. * @table: NUL-terminated character buffer of permission characters (NOT NULL)
  80. * @mask: permission mask to convert
  81. */
  82. static int val_mask_to_str(char *str, size_t size,
  83. const struct val_table_ent *table, u32 mask)
  84. {
  85. const struct val_table_ent *ent;
  86. int total = 0;
  87. for (ent = table; ent->str; ent++) {
  88. if (ent->value && (ent->value & mask) == ent->value) {
  89. int len = scnprintf(str, size, "%s%s", total ? "," : "",
  90. ent->str);
  91. size -= len;
  92. str += len;
  93. total += len;
  94. mask &= ~ent->value;
  95. }
  96. }
  97. return total;
  98. }
  99. int aa_print_debug_params(char *buffer)
  100. {
  101. if (!aa_g_debug)
  102. return sprintf(buffer, "N");
  103. return val_mask_to_str(buffer, PAGE_SIZE, debug_values_table,
  104. aa_g_debug);
  105. }
  106. bool aa_resize_str_table(struct aa_str_table *t, int newsize, gfp_t gfp)
  107. {
  108. struct aa_str_table_ent *n;
  109. int i;
  110. if (t->size == newsize)
  111. return true;
  112. n = kzalloc_objs(*n, newsize, gfp);
  113. if (!n)
  114. return false;
  115. for (i = 0; i < min(t->size, newsize); i++)
  116. n[i] = t->table[i];
  117. for (; i < t->size; i++)
  118. kfree_sensitive(t->table[i].strs);
  119. if (newsize > t->size)
  120. memset(&n[t->size], 0, (newsize-t->size)*sizeof(*n));
  121. kfree_sensitive(t->table);
  122. t->table = n;
  123. t->size = newsize;
  124. return true;
  125. }
  126. /**
  127. * aa_destroy_str_table - free entries str table
  128. * @t: the string table to free (MAYBE NULL)
  129. */
  130. void aa_destroy_str_table(struct aa_str_table *t)
  131. {
  132. int i;
  133. if (t) {
  134. if (!t->table)
  135. return;
  136. for (i = 0; i < t->size; i++)
  137. kfree_sensitive(t->table[i].strs);
  138. kfree_sensitive(t->table);
  139. t->table = NULL;
  140. t->size = 0;
  141. }
  142. }
  143. /**
  144. * skipn_spaces - Removes leading whitespace from @str.
  145. * @str: The string to be stripped.
  146. * @n: length of str to parse, will stop at \0 if encountered before n
  147. *
  148. * Returns a pointer to the first non-whitespace character in @str.
  149. * if all whitespace will return NULL
  150. */
  151. const char *skipn_spaces(const char *str, size_t n)
  152. {
  153. for (; n && isspace(*str); --n)
  154. ++str;
  155. if (n)
  156. return (char *)str;
  157. return NULL;
  158. }
  159. const char *aa_splitn_fqname(const char *fqname, size_t n, const char **ns_name,
  160. size_t *ns_len)
  161. {
  162. const char *end = fqname + n;
  163. const char *name = skipn_spaces(fqname, n);
  164. *ns_name = NULL;
  165. *ns_len = 0;
  166. if (!name)
  167. return NULL;
  168. if (name[0] == ':') {
  169. char *split = strnchr(&name[1], end - &name[1], ':');
  170. *ns_name = skipn_spaces(&name[1], end - &name[1]);
  171. if (!*ns_name)
  172. return NULL;
  173. if (split) {
  174. *ns_len = split - *ns_name;
  175. if (*ns_len == 0)
  176. *ns_name = NULL;
  177. split++;
  178. if (end - split > 1 && strncmp(split, "//", 2) == 0)
  179. split += 2;
  180. name = skipn_spaces(split, end - split);
  181. } else {
  182. /* a ns name without a following profile is allowed */
  183. name = NULL;
  184. *ns_len = end - *ns_name;
  185. }
  186. }
  187. if (name && *name == 0)
  188. name = NULL;
  189. return name;
  190. }
  191. /**
  192. * aa_info_message - log a none profile related status message
  193. * @str: message to log
  194. */
  195. void aa_info_message(const char *str)
  196. {
  197. if (audit_enabled) {
  198. DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_NONE, NULL);
  199. ad.info = str;
  200. aa_audit_msg(AUDIT_APPARMOR_STATUS, &ad, NULL);
  201. }
  202. printk(KERN_INFO "AppArmor: %s\n", str);
  203. }
  204. __counted char *aa_str_alloc(int size, gfp_t gfp)
  205. {
  206. struct counted_str *str;
  207. str = kmalloc_flex(*str, name, size, gfp);
  208. if (!str)
  209. return NULL;
  210. kref_init(&str->count);
  211. return str->name;
  212. }
  213. void aa_str_kref(struct kref *kref)
  214. {
  215. kfree(container_of(kref, struct counted_str, count));
  216. }
  217. const char aa_file_perm_chrs[] = "xwracd km l ";
  218. const char *aa_file_perm_names[] = {
  219. "exec",
  220. "write",
  221. "read",
  222. "append",
  223. "create",
  224. "delete",
  225. "open",
  226. "rename",
  227. "setattr",
  228. "getattr",
  229. "setcred",
  230. "getcred",
  231. "chmod",
  232. "chown",
  233. "chgrp",
  234. "lock",
  235. "mmap",
  236. "mprot",
  237. "link",
  238. "snapshot",
  239. "unknown",
  240. "unknown",
  241. "unknown",
  242. "unknown",
  243. "unknown",
  244. "unknown",
  245. "unknown",
  246. "unknown",
  247. "stack",
  248. "change_onexec",
  249. "change_profile",
  250. "change_hat",
  251. };
  252. /**
  253. * aa_perm_mask_to_str - convert a perm mask to its short string
  254. * @str: character buffer to store string in (at least 10 characters)
  255. * @str_size: size of the @str buffer
  256. * @chrs: NUL-terminated character buffer of permission characters
  257. * @mask: permission mask to convert
  258. */
  259. void aa_perm_mask_to_str(char *str, size_t str_size, const char *chrs, u32 mask)
  260. {
  261. unsigned int i, perm = 1;
  262. size_t num_chrs = strlen(chrs);
  263. for (i = 0; i < num_chrs; perm <<= 1, i++) {
  264. if (mask & perm) {
  265. /* Ensure that one byte is left for NUL-termination */
  266. if (WARN_ON_ONCE(str_size <= 1))
  267. break;
  268. *str++ = chrs[i];
  269. str_size--;
  270. }
  271. }
  272. *str = '\0';
  273. }
  274. void aa_audit_perm_names(struct audit_buffer *ab, const char * const *names,
  275. u32 mask)
  276. {
  277. const char *fmt = "%s";
  278. unsigned int i, perm = 1;
  279. bool prev = false;
  280. for (i = 0; i < 32; perm <<= 1, i++) {
  281. if (mask & perm) {
  282. audit_log_format(ab, fmt, names[i]);
  283. if (!prev) {
  284. prev = true;
  285. fmt = " %s";
  286. }
  287. }
  288. }
  289. }
  290. void aa_audit_perm_mask(struct audit_buffer *ab, u32 mask, const char *chrs,
  291. u32 chrsmask, const char * const *names, u32 namesmask)
  292. {
  293. char str[33];
  294. audit_log_format(ab, "\"");
  295. if ((mask & chrsmask) && chrs) {
  296. aa_perm_mask_to_str(str, sizeof(str), chrs, mask & chrsmask);
  297. mask &= ~chrsmask;
  298. audit_log_format(ab, "%s", str);
  299. if (mask & namesmask)
  300. audit_log_format(ab, " ");
  301. }
  302. if ((mask & namesmask) && names)
  303. aa_audit_perm_names(ab, names, mask & namesmask);
  304. audit_log_format(ab, "\"");
  305. }
  306. /**
  307. * aa_apply_modes_to_perms - apply namespace and profile flags to perms
  308. * @profile: that perms where computed from
  309. * @perms: perms to apply mode modifiers to
  310. *
  311. * TODO: split into profile and ns based flags for when accumulating perms
  312. */
  313. void aa_apply_modes_to_perms(struct aa_profile *profile, struct aa_perms *perms)
  314. {
  315. switch (AUDIT_MODE(profile)) {
  316. case AUDIT_ALL:
  317. perms->audit = ALL_PERMS_MASK;
  318. fallthrough;
  319. case AUDIT_NOQUIET:
  320. perms->quiet = 0;
  321. break;
  322. case AUDIT_QUIET:
  323. perms->audit = 0;
  324. fallthrough;
  325. case AUDIT_QUIET_DENIED:
  326. perms->quiet = ALL_PERMS_MASK;
  327. break;
  328. }
  329. if (KILL_MODE(profile))
  330. perms->kill = ALL_PERMS_MASK;
  331. else if (COMPLAIN_MODE(profile))
  332. perms->complain = ALL_PERMS_MASK;
  333. else if (USER_MODE(profile))
  334. perms->prompt = ALL_PERMS_MASK;
  335. }
  336. void aa_profile_match_label(struct aa_profile *profile,
  337. struct aa_ruleset *rules,
  338. struct aa_label *label,
  339. int type, u32 request, struct aa_perms *perms)
  340. {
  341. /* TODO: doesn't yet handle extended types */
  342. aa_state_t state;
  343. state = aa_dfa_next(rules->policy->dfa,
  344. rules->policy->start[AA_CLASS_LABEL],
  345. type);
  346. aa_label_match(profile, rules, label, state, false, request, perms);
  347. }
  348. /**
  349. * aa_check_perms - do audit mode selection based on perms set
  350. * @profile: profile being checked
  351. * @perms: perms computed for the request
  352. * @request: requested perms
  353. * @ad: initialized audit structure (MAY BE NULL if not auditing)
  354. * @cb: callback fn for type specific fields (MAY BE NULL)
  355. *
  356. * Returns: 0 if permission else error code
  357. *
  358. * Note: profile audit modes need to be set before calling by setting the
  359. * perm masks appropriately.
  360. *
  361. * If not auditing then complain mode is not enabled and the
  362. * error code will indicate whether there was an explicit deny
  363. * with a positive value.
  364. */
  365. int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
  366. u32 request, struct apparmor_audit_data *ad,
  367. void (*cb)(struct audit_buffer *, void *))
  368. {
  369. int type, error;
  370. u32 denied = request & (~perms->allow | perms->deny);
  371. if (likely(!denied)) {
  372. /* mask off perms that are not being force audited */
  373. request &= perms->audit;
  374. if (!request || !ad)
  375. return 0;
  376. type = AUDIT_APPARMOR_AUDIT;
  377. error = 0;
  378. } else {
  379. error = -EACCES;
  380. if (denied & perms->kill)
  381. type = AUDIT_APPARMOR_KILL;
  382. else if (denied == (denied & perms->complain))
  383. type = AUDIT_APPARMOR_ALLOWED;
  384. else
  385. type = AUDIT_APPARMOR_DENIED;
  386. if (denied == (denied & perms->hide))
  387. error = -ENOENT;
  388. denied &= ~perms->quiet;
  389. if (!ad || !denied)
  390. return error;
  391. }
  392. if (ad) {
  393. ad->subj_label = &profile->label;
  394. ad->request = request;
  395. ad->denied = denied;
  396. ad->error = error;
  397. aa_audit_msg(type, ad, cb);
  398. }
  399. if (type == AUDIT_APPARMOR_ALLOWED)
  400. error = 0;
  401. return error;
  402. }
  403. /**
  404. * aa_policy_init - initialize a policy structure
  405. * @policy: policy to initialize (NOT NULL)
  406. * @prefix: prefix name if any is required. (MAYBE NULL)
  407. * @name: name of the policy, init will make a copy of it (NOT NULL)
  408. * @gfp: allocation mode
  409. *
  410. * Note: this fn creates a copy of strings passed in
  411. *
  412. * Returns: true if policy init successful
  413. */
  414. bool aa_policy_init(struct aa_policy *policy, const char *prefix,
  415. const char *name, gfp_t gfp)
  416. {
  417. char *hname;
  418. size_t hname_sz;
  419. hname_sz = (prefix ? strlen(prefix) + 2 : 0) + strlen(name) + 1;
  420. /* freed by policy_free */
  421. hname = aa_str_alloc(hname_sz, gfp);
  422. if (!hname)
  423. return false;
  424. if (prefix)
  425. scnprintf(hname, hname_sz, "%s//%s", prefix, name);
  426. else
  427. strscpy(hname, name, hname_sz);
  428. policy->hname = hname;
  429. /* base.name is a substring of fqname */
  430. policy->name = basename(policy->hname);
  431. INIT_LIST_HEAD(&policy->list);
  432. INIT_LIST_HEAD(&policy->profiles);
  433. return true;
  434. }
  435. /**
  436. * aa_policy_destroy - free the elements referenced by @policy
  437. * @policy: policy that is to have its elements freed (NOT NULL)
  438. */
  439. void aa_policy_destroy(struct aa_policy *policy)
  440. {
  441. AA_BUG(on_list_rcu(&policy->profiles));
  442. AA_BUG(on_list_rcu(&policy->list));
  443. /* don't free name as its a subset of hname */
  444. aa_put_str(policy->hname);
  445. }