policy_fs.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
  4. */
  5. #include <linux/fs.h>
  6. #include <linux/namei.h>
  7. #include <linux/types.h>
  8. #include <linux/dcache.h>
  9. #include <linux/security.h>
  10. #include "ipe.h"
  11. #include "policy.h"
  12. #include "eval.h"
  13. #include "fs.h"
  14. #include "audit.h"
  15. #define MAX_VERSION_SIZE ARRAY_SIZE("65535.65535.65535")
  16. /**
  17. * struct ipefs_file - defines a file in securityfs.
  18. *
  19. * @name: file name inside the policy subdirectory
  20. * @access: file permissions
  21. * @fops: &file_operations specific to this file
  22. */
  23. struct ipefs_file {
  24. const char *name;
  25. umode_t access;
  26. const struct file_operations *fops;
  27. };
  28. /**
  29. * read_pkcs7() - Read handler for "ipe/policies/$name/pkcs7".
  30. * @f: Supplies a file structure representing the securityfs node.
  31. * @data: Supplies a buffer passed to the write syscall.
  32. * @len: Supplies the length of @data.
  33. * @offset: unused.
  34. *
  35. * @data will be populated with the pkcs7 blob representing the policy
  36. * on success. If the policy is unsigned (like the boot policy), this
  37. * will return -ENOENT.
  38. *
  39. * Return:
  40. * * Length of buffer written - Success
  41. * * %-ENOENT - Policy initializing/deleted or is unsigned
  42. */
  43. static ssize_t read_pkcs7(struct file *f, char __user *data,
  44. size_t len, loff_t *offset)
  45. {
  46. const struct ipe_policy *p = NULL;
  47. struct inode *root = NULL;
  48. int rc = 0;
  49. root = d_inode(f->f_path.dentry->d_parent);
  50. inode_lock_shared(root);
  51. p = (struct ipe_policy *)root->i_private;
  52. if (!p) {
  53. rc = -ENOENT;
  54. goto out;
  55. }
  56. if (!p->pkcs7) {
  57. rc = -ENOENT;
  58. goto out;
  59. }
  60. rc = simple_read_from_buffer(data, len, offset, p->pkcs7, p->pkcs7len);
  61. out:
  62. inode_unlock_shared(root);
  63. return rc;
  64. }
  65. /**
  66. * read_policy() - Read handler for "ipe/policies/$name/policy".
  67. * @f: Supplies a file structure representing the securityfs node.
  68. * @data: Supplies a buffer passed to the write syscall.
  69. * @len: Supplies the length of @data.
  70. * @offset: unused.
  71. *
  72. * @data will be populated with the plain-text version of the policy
  73. * on success.
  74. *
  75. * Return:
  76. * * Length of buffer written - Success
  77. * * %-ENOENT - Policy initializing/deleted
  78. */
  79. static ssize_t read_policy(struct file *f, char __user *data,
  80. size_t len, loff_t *offset)
  81. {
  82. const struct ipe_policy *p = NULL;
  83. struct inode *root = NULL;
  84. int rc = 0;
  85. root = d_inode(f->f_path.dentry->d_parent);
  86. inode_lock_shared(root);
  87. p = (struct ipe_policy *)root->i_private;
  88. if (!p) {
  89. rc = -ENOENT;
  90. goto out;
  91. }
  92. rc = simple_read_from_buffer(data, len, offset, p->text, p->textlen);
  93. out:
  94. inode_unlock_shared(root);
  95. return rc;
  96. }
  97. /**
  98. * read_name() - Read handler for "ipe/policies/$name/name".
  99. * @f: Supplies a file structure representing the securityfs node.
  100. * @data: Supplies a buffer passed to the write syscall.
  101. * @len: Supplies the length of @data.
  102. * @offset: unused.
  103. *
  104. * @data will be populated with the policy_name attribute on success.
  105. *
  106. * Return:
  107. * * Length of buffer written - Success
  108. * * %-ENOENT - Policy initializing/deleted
  109. */
  110. static ssize_t read_name(struct file *f, char __user *data,
  111. size_t len, loff_t *offset)
  112. {
  113. const struct ipe_policy *p = NULL;
  114. struct inode *root = NULL;
  115. int rc = 0;
  116. root = d_inode(f->f_path.dentry->d_parent);
  117. inode_lock_shared(root);
  118. p = (struct ipe_policy *)root->i_private;
  119. if (!p) {
  120. rc = -ENOENT;
  121. goto out;
  122. }
  123. rc = simple_read_from_buffer(data, len, offset, p->parsed->name,
  124. strlen(p->parsed->name));
  125. out:
  126. inode_unlock_shared(root);
  127. return rc;
  128. }
  129. /**
  130. * read_version() - Read handler for "ipe/policies/$name/version".
  131. * @f: Supplies a file structure representing the securityfs node.
  132. * @data: Supplies a buffer passed to the write syscall.
  133. * @len: Supplies the length of @data.
  134. * @offset: unused.
  135. *
  136. * @data will be populated with the version string on success.
  137. *
  138. * Return:
  139. * * Length of buffer written - Success
  140. * * %-ENOENT - Policy initializing/deleted
  141. */
  142. static ssize_t read_version(struct file *f, char __user *data,
  143. size_t len, loff_t *offset)
  144. {
  145. char buffer[MAX_VERSION_SIZE] = { 0 };
  146. const struct ipe_policy *p = NULL;
  147. struct inode *root = NULL;
  148. size_t strsize = 0;
  149. ssize_t rc = 0;
  150. root = d_inode(f->f_path.dentry->d_parent);
  151. inode_lock_shared(root);
  152. p = (struct ipe_policy *)root->i_private;
  153. if (!p) {
  154. rc = -ENOENT;
  155. goto out;
  156. }
  157. strsize = scnprintf(buffer, ARRAY_SIZE(buffer), "%hu.%hu.%hu",
  158. p->parsed->version.major, p->parsed->version.minor,
  159. p->parsed->version.rev);
  160. rc = simple_read_from_buffer(data, len, offset, buffer, strsize);
  161. out:
  162. inode_unlock_shared(root);
  163. return rc;
  164. }
  165. /**
  166. * setactive() - Write handler for "ipe/policies/$name/active".
  167. * @f: Supplies a file structure representing the securityfs node.
  168. * @data: Supplies a buffer passed to the write syscall.
  169. * @len: Supplies the length of @data.
  170. * @offset: unused.
  171. *
  172. * Return:
  173. * * Length of buffer written - Success
  174. * * %-EPERM - Insufficient permission
  175. * * %-EINVAL - Invalid input
  176. * * %-ENOENT - Policy initializing/deleted
  177. */
  178. static ssize_t setactive(struct file *f, const char __user *data,
  179. size_t len, loff_t *offset)
  180. {
  181. const struct ipe_policy *p = NULL;
  182. struct inode *root = NULL;
  183. bool value = false;
  184. int rc = 0;
  185. if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN))
  186. return -EPERM;
  187. rc = kstrtobool_from_user(data, len, &value);
  188. if (rc)
  189. return rc;
  190. if (!value)
  191. return -EINVAL;
  192. root = d_inode(f->f_path.dentry->d_parent);
  193. inode_lock(root);
  194. p = (struct ipe_policy *)root->i_private;
  195. if (!p) {
  196. rc = -ENOENT;
  197. goto out;
  198. }
  199. rc = ipe_set_active_pol(p);
  200. out:
  201. inode_unlock(root);
  202. return (rc < 0) ? rc : len;
  203. }
  204. /**
  205. * getactive() - Read handler for "ipe/policies/$name/active".
  206. * @f: Supplies a file structure representing the securityfs node.
  207. * @data: Supplies a buffer passed to the write syscall.
  208. * @len: Supplies the length of @data.
  209. * @offset: unused.
  210. *
  211. * @data will be populated with the 1 or 0 depending on if the
  212. * corresponding policy is active.
  213. *
  214. * Return:
  215. * * Length of buffer written - Success
  216. * * %-ENOENT - Policy initializing/deleted
  217. */
  218. static ssize_t getactive(struct file *f, char __user *data,
  219. size_t len, loff_t *offset)
  220. {
  221. const struct ipe_policy *p = NULL;
  222. struct inode *root = NULL;
  223. const char *str;
  224. int rc = 0;
  225. root = d_inode(f->f_path.dentry->d_parent);
  226. inode_lock_shared(root);
  227. p = (struct ipe_policy *)root->i_private;
  228. if (!p) {
  229. inode_unlock_shared(root);
  230. return -ENOENT;
  231. }
  232. inode_unlock_shared(root);
  233. str = (p == rcu_access_pointer(ipe_active_policy)) ? "1" : "0";
  234. rc = simple_read_from_buffer(data, len, offset, str, 1);
  235. return rc;
  236. }
  237. /**
  238. * update_policy() - Write handler for "ipe/policies/$name/update".
  239. * @f: Supplies a file structure representing the securityfs node.
  240. * @data: Supplies a buffer passed to the write syscall.
  241. * @len: Supplies the length of @data.
  242. * @offset: unused.
  243. *
  244. * On success this updates the policy represented by $name,
  245. * in-place.
  246. *
  247. * Return:
  248. * * Length of buffer written - Success
  249. * * %-EPERM - Insufficient permission
  250. * * %-ENOMEM - Out of memory (OOM)
  251. * * %-ENOENT - Policy was deleted while updating
  252. * * %-EINVAL - Policy name mismatch
  253. * * %-ESTALE - Policy version too old
  254. */
  255. static ssize_t update_policy(struct file *f, const char __user *data,
  256. size_t len, loff_t *offset)
  257. {
  258. struct inode *root = NULL;
  259. char *copy = NULL;
  260. int rc = 0;
  261. if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN)) {
  262. rc = -EPERM;
  263. goto out;
  264. }
  265. copy = memdup_user(data, len);
  266. if (IS_ERR(copy)) {
  267. rc = PTR_ERR(copy);
  268. copy = NULL;
  269. goto out;
  270. }
  271. root = d_inode(f->f_path.dentry->d_parent);
  272. inode_lock(root);
  273. rc = ipe_update_policy(root, NULL, 0, copy, len);
  274. inode_unlock(root);
  275. out:
  276. kfree(copy);
  277. if (rc) {
  278. ipe_audit_policy_load(ERR_PTR(rc));
  279. return rc;
  280. }
  281. return len;
  282. }
  283. /**
  284. * delete_policy() - write handler for "ipe/policies/$name/delete".
  285. * @f: Supplies a file structure representing the securityfs node.
  286. * @data: Supplies a buffer passed to the write syscall.
  287. * @len: Supplies the length of @data.
  288. * @offset: unused.
  289. *
  290. * On success this deletes the policy represented by $name.
  291. *
  292. * Return:
  293. * * Length of buffer written - Success
  294. * * %-EPERM - Insufficient permission/deleting active policy
  295. * * %-EINVAL - Invalid input
  296. * * %-ENOENT - Policy initializing/deleted
  297. */
  298. static ssize_t delete_policy(struct file *f, const char __user *data,
  299. size_t len, loff_t *offset)
  300. {
  301. struct ipe_policy *ap = NULL;
  302. struct ipe_policy *p = NULL;
  303. struct inode *root = NULL;
  304. bool value = false;
  305. int rc = 0;
  306. if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN))
  307. return -EPERM;
  308. rc = kstrtobool_from_user(data, len, &value);
  309. if (rc)
  310. return rc;
  311. if (!value)
  312. return -EINVAL;
  313. root = d_inode(f->f_path.dentry->d_parent);
  314. inode_lock(root);
  315. p = (struct ipe_policy *)root->i_private;
  316. if (!p) {
  317. inode_unlock(root);
  318. return -ENOENT;
  319. }
  320. mutex_lock(&ipe_policy_lock);
  321. ap = rcu_dereference_protected(ipe_active_policy,
  322. lockdep_is_held(&ipe_policy_lock));
  323. if (p == ap) {
  324. mutex_unlock(&ipe_policy_lock);
  325. inode_unlock(root);
  326. return -EPERM;
  327. }
  328. mutex_unlock(&ipe_policy_lock);
  329. root->i_private = NULL;
  330. inode_unlock(root);
  331. synchronize_rcu();
  332. ipe_free_policy(p);
  333. return len;
  334. }
  335. static const struct file_operations content_fops = {
  336. .read = read_policy,
  337. };
  338. static const struct file_operations pkcs7_fops = {
  339. .read = read_pkcs7,
  340. };
  341. static const struct file_operations name_fops = {
  342. .read = read_name,
  343. };
  344. static const struct file_operations ver_fops = {
  345. .read = read_version,
  346. };
  347. static const struct file_operations active_fops = {
  348. .write = setactive,
  349. .read = getactive,
  350. };
  351. static const struct file_operations update_fops = {
  352. .write = update_policy,
  353. };
  354. static const struct file_operations delete_fops = {
  355. .write = delete_policy,
  356. };
  357. /*
  358. * policy_subdir - files under a policy subdirectory
  359. */
  360. static const struct ipefs_file policy_subdir[] = {
  361. { "pkcs7", 0444, &pkcs7_fops },
  362. { "policy", 0444, &content_fops },
  363. { "name", 0444, &name_fops },
  364. { "version", 0444, &ver_fops },
  365. { "active", 0600, &active_fops },
  366. { "update", 0200, &update_fops },
  367. { "delete", 0200, &delete_fops },
  368. };
  369. /**
  370. * ipe_del_policyfs_node() - Delete a securityfs entry for @p.
  371. * @p: Supplies a pointer to the policy to delete a securityfs entry for.
  372. */
  373. void ipe_del_policyfs_node(struct ipe_policy *p)
  374. {
  375. securityfs_remove(p->policyfs);
  376. p->policyfs = NULL;
  377. }
  378. /**
  379. * ipe_new_policyfs_node() - Create a securityfs entry for @p.
  380. * @p: Supplies a pointer to the policy to create a securityfs entry for.
  381. *
  382. * Return: %0 on success. If an error occurs, the function will return
  383. * the -errno.
  384. */
  385. int ipe_new_policyfs_node(struct ipe_policy *p)
  386. {
  387. const struct ipefs_file *f = NULL;
  388. struct dentry *policyfs = NULL;
  389. struct inode *root = NULL;
  390. struct dentry *d = NULL;
  391. size_t i = 0;
  392. int rc = 0;
  393. if (p->policyfs)
  394. return 0;
  395. policyfs = securityfs_create_dir(p->parsed->name, policy_root);
  396. if (IS_ERR(policyfs))
  397. return PTR_ERR(policyfs);
  398. root = d_inode(policyfs);
  399. for (i = 0; i < ARRAY_SIZE(policy_subdir); ++i) {
  400. f = &policy_subdir[i];
  401. d = securityfs_create_file(f->name, f->access, policyfs,
  402. NULL, f->fops);
  403. if (IS_ERR(d)) {
  404. rc = PTR_ERR(d);
  405. goto err;
  406. }
  407. }
  408. inode_lock(root);
  409. p->policyfs = policyfs;
  410. root->i_private = p;
  411. inode_unlock(root);
  412. return 0;
  413. err:
  414. securityfs_remove(policyfs);
  415. return rc;
  416. }