path.c 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * AppArmor security module
  4. *
  5. * This file contains AppArmor function for pathnames
  6. *
  7. * Copyright (C) 1998-2008 Novell/SUSE
  8. * Copyright 2009-2010 Canonical Ltd.
  9. */
  10. #include <linux/magic.h>
  11. #include <linux/mount.h>
  12. #include <linux/namei.h>
  13. #include <linux/nsproxy.h>
  14. #include <linux/path.h>
  15. #include <linux/sched.h>
  16. #include <linux/slab.h>
  17. #include <linux/fs_struct.h>
  18. #include "include/apparmor.h"
  19. #include "include/path.h"
  20. #include "include/policy.h"
  21. /* modified from dcache.c */
  22. static int prepend(char **buffer, int buflen, const char *str, int namelen)
  23. {
  24. buflen -= namelen;
  25. if (buflen < 0)
  26. return -ENAMETOOLONG;
  27. *buffer -= namelen;
  28. memcpy(*buffer, str, namelen);
  29. return 0;
  30. }
  31. #define CHROOT_NSCONNECT (PATH_CHROOT_REL | PATH_CHROOT_NSCONNECT)
  32. /* If the path is not connected to the expected root,
  33. * check if it is a sysctl and handle specially else remove any
  34. * leading / that __d_path may have returned.
  35. * Unless
  36. * specifically directed to connect the path,
  37. * OR
  38. * if in a chroot and doing chroot relative paths and the path
  39. * resolves to the namespace root (would be connected outside
  40. * of chroot) and specifically directed to connect paths to
  41. * namespace root.
  42. */
  43. static int disconnect(const struct path *path, char *buf, char **name,
  44. int flags, const char *disconnected)
  45. {
  46. int error = 0;
  47. if (!(flags & PATH_CONNECT_PATH) &&
  48. !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) &&
  49. our_mnt(path->mnt))) {
  50. /* disconnected path, don't return pathname starting
  51. * with '/'
  52. */
  53. error = -EACCES;
  54. if (**name == '/')
  55. *name = *name + 1;
  56. } else {
  57. if (**name != '/')
  58. /* CONNECT_PATH with missing root */
  59. error = prepend(name, *name - buf, "/", 1);
  60. if (!error && disconnected)
  61. error = prepend(name, *name - buf, disconnected,
  62. strlen(disconnected));
  63. }
  64. return error;
  65. }
  66. /**
  67. * d_namespace_path - lookup a name associated with a given path
  68. * @path: path to lookup (NOT NULL)
  69. * @buf: buffer to store path to (NOT NULL)
  70. * @name: Returns - pointer for start of path name with in @buf (NOT NULL)
  71. * @flags: flags controlling path lookup
  72. * @disconnected: string to prefix to disconnected paths
  73. *
  74. * Handle path name lookup.
  75. *
  76. * Returns: %0 else error code if path lookup fails
  77. * When no error the path name is returned in @name which points to
  78. * a position in @buf
  79. */
  80. static int d_namespace_path(const struct path *path, char *buf, char **name,
  81. int flags, const char *disconnected)
  82. {
  83. char *res;
  84. int error = 0;
  85. int connected = 1;
  86. int isdir = (flags & PATH_IS_DIR) ? 1 : 0;
  87. int buflen = aa_g_path_max - isdir;
  88. if (path->mnt->mnt_flags & MNT_INTERNAL) {
  89. /* it's not mounted anywhere */
  90. res = dentry_path(path->dentry, buf, buflen);
  91. *name = res;
  92. if (IS_ERR(res)) {
  93. *name = buf;
  94. return PTR_ERR(res);
  95. }
  96. if (path->dentry->d_sb->s_magic == PROC_SUPER_MAGIC &&
  97. strncmp(*name, "/sys/", 5) == 0) {
  98. /* TODO: convert over to using a per namespace
  99. * control instead of hard coded /proc
  100. */
  101. error = prepend(name, *name - buf, "/proc", 5);
  102. goto out;
  103. } else
  104. error = disconnect(path, buf, name, flags,
  105. disconnected);
  106. goto out;
  107. }
  108. /* resolve paths relative to chroot?*/
  109. if (flags & PATH_CHROOT_REL) {
  110. struct path root;
  111. get_fs_root(current->fs, &root);
  112. res = __d_path(path, &root, buf, buflen);
  113. path_put(&root);
  114. } else {
  115. res = d_absolute_path(path, buf, buflen);
  116. if (!our_mnt(path->mnt))
  117. connected = 0;
  118. }
  119. /* handle error conditions - and still allow a partial path to
  120. * be returned.
  121. */
  122. if (IS_ERR_OR_NULL(res)) {
  123. if (PTR_ERR(res) == -ENAMETOOLONG) {
  124. error = -ENAMETOOLONG;
  125. *name = buf;
  126. goto out;
  127. }
  128. connected = 0;
  129. res = dentry_path_raw(path->dentry, buf, buflen);
  130. if (IS_ERR(res)) {
  131. error = PTR_ERR(res);
  132. *name = buf;
  133. goto out;
  134. }
  135. } else if (!our_mnt(path->mnt))
  136. connected = 0;
  137. *name = res;
  138. if (!connected)
  139. error = disconnect(path, buf, name, flags, disconnected);
  140. /* Handle two cases:
  141. * 1. A deleted dentry && profile is not allowing mediation of deleted
  142. * 2. On some filesystems, newly allocated dentries appear to the
  143. * security_path hooks as a deleted dentry except without an inode
  144. * allocated.
  145. */
  146. if (d_unlinked(path->dentry) && d_is_positive(path->dentry) &&
  147. !(flags & (PATH_MEDIATE_DELETED | PATH_DELEGATE_DELETED))) {
  148. error = -ENOENT;
  149. goto out;
  150. }
  151. out:
  152. /* Append "/" to directory paths, except for root "/" which
  153. * already ends in a slash.
  154. */
  155. if (!error && isdir) {
  156. bool is_root = (*name)[0] == '/' && (*name)[1] == '\0';
  157. if (!is_root)
  158. buf[aa_g_path_max - 2] = '/';
  159. }
  160. return error;
  161. }
  162. /**
  163. * aa_path_name - get the pathname to a buffer ensure dir / is appended
  164. * @path: path the file (NOT NULL)
  165. * @flags: flags controlling path name generation
  166. * @buffer: buffer to put name in (NOT NULL)
  167. * @name: Returns - the generated path name if !error (NOT NULL)
  168. * @info: Returns - information on why the path lookup failed (MAYBE NULL)
  169. * @disconnected: string to prepend to disconnected paths
  170. *
  171. * @name is a pointer to the beginning of the pathname (which usually differs
  172. * from the beginning of the buffer), or NULL. If there is an error @name
  173. * may contain a partial or invalid name that can be used for audit purposes,
  174. * but it can not be used for mediation.
  175. *
  176. * We need PATH_IS_DIR to indicate whether the file is a directory or not
  177. * because the file may not yet exist, and so we cannot check the inode's
  178. * file type.
  179. *
  180. * Returns: %0 else error code if could retrieve name
  181. */
  182. int aa_path_name(const struct path *path, int flags, char *buffer,
  183. const char **name, const char **info, const char *disconnected)
  184. {
  185. char *str = NULL;
  186. int error = d_namespace_path(path, buffer, &str, flags, disconnected);
  187. if (info && error) {
  188. if (error == -ENOENT)
  189. *info = "Failed name lookup - deleted entry";
  190. else if (error == -EACCES)
  191. *info = "Failed name lookup - disconnected path";
  192. else if (error == -ENAMETOOLONG)
  193. *info = "Failed name lookup - name too long";
  194. else
  195. *info = "Failed name lookup";
  196. }
  197. *name = str;
  198. return error;
  199. }