]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - security/apparmor/policy_unpack.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
apparmor: add the base fns() for domain labels
[mirror_ubuntu-bionic-kernel.git] / security / apparmor / policy_unpack.c
CommitLineData
736ec752
JJ		 1/*
2 * AppArmor security module
3 *
4 * This file contains AppArmor functions for unpacking policy loaded from
5 * userspace.
6 *
7 * Copyright (C) 1998-2008 Novell/SUSE
8 * Copyright 2009-2010 Canonical Ltd.
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as
12 * published by the Free Software Foundation, version 2 of the
13 * License.
14 *
d410fa4e
RD		 15 * AppArmor uses a serialized binary format for loading policy. To find
16 * policy format documentation look in Documentation/security/apparmor.txt
736ec752
JJ		 17 * All policy is validated before it is used.
18 */
19
20#include <asm/unaligned.h>
21#include <linux/ctype.h>
22#include <linux/errno.h>
23
24#include "include/apparmor.h"
25#include "include/audit.h"
26#include "include/context.h"
f8eb8a13 27#include "include/crypto.h"
736ec752
JJ		 28#include "include/match.h"
29#include "include/policy.h"
30#include "include/policy_unpack.h"
736ec752 31
474d6b75 32#define K_ABI_MASK 0x3ff
5ebfb128 33#define FORCE_COMPLAIN_FLAG 0x800
474d6b75
JJ		 34#define VERSION_LT(X, Y) (((X) & K_ABI_MASK) < ((Y) & K_ABI_MASK))
35#define VERSION_GT(X, Y) (((X) & K_ABI_MASK) > ((Y) & K_ABI_MASK))
36
37#define v5 5 /* base version */
38#define v6 6 /* per entry policydb mediation check */
39#define v7 7 /* full network masking */
5ebfb128 40
736ec752
JJ		 41/*
42 * The AppArmor interface treats data as a type byte followed by the
43 * actual data. The interface has the notion of a a named entry
44 * which has a name (AA_NAME typecode followed by name string) followed by
45 * the entries typecode and data. Named types allow for optional
46 * elements and extensions to be added and tested for without breaking
47 * backwards compatibility.
48 */
49
50enum aa_code {
51 AA_U8,
52 AA_U16,
53 AA_U32,
54 AA_U64,
55 AA_NAME, /* same as string except it is items name */
56 AA_STRING,
57 AA_BLOB,
58 AA_STRUCT,
59 AA_STRUCTEND,
60 AA_LIST,
61 AA_LISTEND,
62 AA_ARRAY,
63 AA_ARRAYEND,
64};
65
66/*
67 * aa_ext is the read of the buffer containing the serialized profile. The
68 * data is copied into a kernel buffer in apparmorfs and then handed off to
69 * the unpack routines.
70 */
71struct aa_ext {
72 void *start;
73 void *end;
74 void *pos; /* pointer to current position in the buffer */
75 u32 version;
76};
77
78/* audit callback for unpack fields */
79static void audit_cb(struct audit_buffer *ab, void *va)
80{
81 struct common_audit_data *sa = va;
ef88a7ac
JJ		 82
83 if (aad(sa)->iface.ns) {
84 audit_log_format(ab, " ns=");
85 audit_log_untrustedstring(ab, aad(sa)->iface.ns);
86 }
87 if (aad(sa)->iface.name) {
736ec752 88 audit_log_format(ab, " name=");
ef88a7ac 89 audit_log_untrustedstring(ab, aad(sa)->iface.name);
736ec752 90 }
ef88a7ac
JJ		 91 if (aad(sa)->iface.pos)
92 audit_log_format(ab, " offset=%ld", aad(sa)->iface.pos);
736ec752
JJ		 93}
94
95/**
96 * audit_iface - do audit message for policy unpacking/load/replace/remove
97 * @new: profile if it has been allocated (MAYBE NULL)
04dc715e 98 * @ns_name: name of the ns the profile is to be loaded to (MAY BE NULL)
736ec752
JJ		 99 * @name: name of the profile being manipulated (MAYBE NULL)
100 * @info: any extra info about the failure (MAYBE NULL)
b1b4bc2e 101 * @e: buffer position info
736ec752
JJ		 102 * @error: error code
103 *
104 * Returns: %0 or error
105 */
04dc715e
JJ		 106static int audit_iface(struct aa_profile *new, const char *ns_name,
107 const char *name, const char *info, struct aa_ext *e,
108 int error)
736ec752 109{
cf797c0e 110 struct aa_profile *profile = aa_current_raw_profile();
ef88a7ac 111 DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, NULL);
b1b4bc2e 112 if (e)
ef88a7ac
JJ		 113 aad(&sa)->iface.pos = e->pos - e->start;
114 aad(&sa)->iface.ns = ns_name;
115 if (new)
116 aad(&sa)->iface.name = new->base.hname;
117 else
118 aad(&sa)->iface.name = name;
119 aad(&sa)->info = info;
120 aad(&sa)->error = error;
736ec752 121
ef88a7ac 122 return aa_audit(AUDIT_APPARMOR_STATUS, profile, &sa, audit_cb);
736ec752
JJ		 123}
124
5d5182ca
JJ		 125void __aa_loaddata_update(struct aa_loaddata *data, long revision)
126{
127 AA_BUG(!data);
128 AA_BUG(!data->ns);
129 AA_BUG(!data->dents[AAFS_LOADDATA_REVISION]);
130 AA_BUG(!mutex_is_locked(&data->ns->lock));
131 AA_BUG(data->revision > revision);
132
133 data->revision = revision;
134 d_inode(data->dents[AAFS_LOADDATA_DIR])->i_mtime =
135 current_time(d_inode(data->dents[AAFS_LOADDATA_DIR]));
136 d_inode(data->dents[AAFS_LOADDATA_REVISION])->i_mtime =
137 current_time(d_inode(data->dents[AAFS_LOADDATA_REVISION]));
138}
139
140bool aa_rawdata_eq(struct aa_loaddata *l, struct aa_loaddata *r)
141{
142 if (l->size != r->size)
143 return false;
144 if (aa_g_hash_policy && memcmp(l->hash, r->hash, aa_hash_size()) != 0)
145 return false;
146 return memcmp(l->data, r->data, r->size) == 0;
147}
148
149/*
150 * need to take the ns mutex lock which is NOT safe most places that
151 * put_loaddata is called, so we have to delay freeing it
152 */
153static void do_loaddata_free(struct work_struct *work)
154{
155 struct aa_loaddata *d = container_of(work, struct aa_loaddata, work);
156 struct aa_ns *ns = aa_get_ns(d->ns);
157
158 if (ns) {
159 mutex_lock(&ns->lock);
160 __aa_fs_remove_rawdata(d);
161 mutex_unlock(&ns->lock);
162 aa_put_ns(ns);
163 }
164
165 kzfree(d->hash);
166 kfree(d->name);
167 kvfree(d);
168}
169
5ac8c355
JJ		 170void aa_loaddata_kref(struct kref *kref)
171{
172 struct aa_loaddata *d = container_of(kref, struct aa_loaddata, count);
173
174 if (d) {
5d5182ca
JJ		 175 INIT_WORK(&d->work, do_loaddata_free);
176 schedule_work(&d->work);
5ac8c355
JJ		 177 }
178}
179
5d5182ca
JJ		 180struct aa_loaddata *aa_loaddata_alloc(size_t size)
181{
182 struct aa_loaddata *d = kvzalloc(sizeof(*d) + size, GFP_KERNEL);
183
184 if (d == NULL)
185 return ERR_PTR(-ENOMEM);
186 kref_init(&d->count);
187 INIT_LIST_HEAD(&d->list);
188
189 return d;
190}
191
736ec752
JJ		 192/* test if read will be in packed data bounds */
193static bool inbounds(struct aa_ext *e, size_t size)
194{
195 return (size <= e->end - e->pos);
196}
197
198/**
199 * aa_u16_chunck - test and do bounds checking for a u16 size based chunk
200 * @e: serialized data read head (NOT NULL)
201 * @chunk: start address for chunk of data (NOT NULL)
202 *
203 * Returns: the size of chunk found with the read head at the end of the chunk.
204 */
205static size_t unpack_u16_chunk(struct aa_ext *e, char **chunk)
206{
207 size_t size = 0;
208
209 if (!inbounds(e, sizeof(u16)))
210 return 0;
2c17cd36
JJ		 211 size = le16_to_cpu(get_unaligned((__le16 *) e->pos));
212 e->pos += sizeof(__le16);
736ec752
JJ		 213 if (!inbounds(e, size))
214 return 0;
215 *chunk = e->pos;
216 e->pos += size;
217 return size;
218}
219
220/* unpack control byte */
221static bool unpack_X(struct aa_ext *e, enum aa_code code)
222{
223 if (!inbounds(e, 1))
224 return 0;
225 if (*(u8 *) e->pos != code)
226 return 0;
227 e->pos++;
228 return 1;
229}
230
231/**
232 * unpack_nameX - check is the next element is of type X with a name of @name
233 * @e: serialized data extent information (NOT NULL)
234 * @code: type code
235 * @name: name to match to the serialized element. (MAYBE NULL)
236 *
237 * check that the next serialized data element is of type X and has a tag
238 * name @name. If @name is specified then there must be a matching
239 * name element in the stream. If @name is NULL any name element will be
240 * skipped and only the typecode will be tested.
241 *
242 * Returns 1 on success (both type code and name tests match) and the read
243 * head is advanced past the headers
244 *
245 * Returns: 0 if either match fails, the read head does not move
246 */
247static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name)
248{
249 /*
250 * May need to reset pos if name or type doesn't match
251 */
252 void *pos = e->pos;
253 /*
254 * Check for presence of a tagname, and if present name size
255 * AA_NAME tag value is a u16.
256 */
257 if (unpack_X(e, AA_NAME)) {
258 char *tag = NULL;
259 size_t size = unpack_u16_chunk(e, &tag);
260 /* if a name is specified it must match. otherwise skip tag */
261 if (name && (!size || strcmp(name, tag)))
262 goto fail;
263 } else if (name) {
264 /* if a name is specified and there is no name tag fail */
265 goto fail;
266 }
267
268 /* now check if type code matches */
269 if (unpack_X(e, code))
270 return 1;
271
272fail:
273 e->pos = pos;
274 return 0;
275}
276
277static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name)
278{
279 if (unpack_nameX(e, AA_U32, name)) {
280 if (!inbounds(e, sizeof(u32)))
281 return 0;
282 if (data)
2c17cd36 283 *data = le32_to_cpu(get_unaligned((__le32 *) e->pos));
736ec752
JJ		 284 e->pos += sizeof(u32);
285 return 1;
286 }
287 return 0;
288}
289
290static bool unpack_u64(struct aa_ext *e, u64 *data, const char *name)
291{
292 if (unpack_nameX(e, AA_U64, name)) {
293 if (!inbounds(e, sizeof(u64)))
294 return 0;
295 if (data)
2c17cd36 296 *data = le64_to_cpu(get_unaligned((__le64 *) e->pos));
736ec752
JJ		 297 e->pos += sizeof(u64);
298 return 1;
299 }
300 return 0;
301}
302
303static size_t unpack_array(struct aa_ext *e, const char *name)
304{
305 if (unpack_nameX(e, AA_ARRAY, name)) {
306 int size;
307 if (!inbounds(e, sizeof(u16)))
308 return 0;
2c17cd36 309 size = (int)le16_to_cpu(get_unaligned((__le16 *) e->pos));
736ec752
JJ		 310 e->pos += sizeof(u16);
311 return size;
312 }
313 return 0;
314}
315
316static size_t unpack_blob(struct aa_ext *e, char **blob, const char *name)
317{
318 if (unpack_nameX(e, AA_BLOB, name)) {
319 u32 size;
320 if (!inbounds(e, sizeof(u32)))
321 return 0;
2c17cd36 322 size = le32_to_cpu(get_unaligned((__le32 *) e->pos));
736ec752
JJ		 323 e->pos += sizeof(u32);
324 if (inbounds(e, (size_t) size)) {
325 *blob = e->pos;
326 e->pos += size;
327 return size;
328 }
329 }
330 return 0;
331}
332
333static int unpack_str(struct aa_ext *e, const char **string, const char *name)
334{
335 char *src_str;
336 size_t size = 0;
337 void *pos = e->pos;
338 *string = NULL;
339 if (unpack_nameX(e, AA_STRING, name)) {
340 size = unpack_u16_chunk(e, &src_str);
341 if (size) {
342 /* strings are null terminated, length is size - 1 */
343 if (src_str[size - 1] != 0)
344 goto fail;
345 *string = src_str;
346 }
347 }
348 return size;
349
350fail:
351 e->pos = pos;
352 return 0;
353}
354
355static int unpack_strdup(struct aa_ext *e, char **string, const char *name)
356{
357 const char *tmp;
358 void *pos = e->pos;
359 int res = unpack_str(e, &tmp, name);
360 *string = NULL;
361
362 if (!res)
363 return 0;
364
365 *string = kmemdup(tmp, res, GFP_KERNEL);
366 if (!*string) {
367 e->pos = pos;
368 return 0;
369 }
370
371 return res;
372}
373
180a6f59
JJ		 374#define DFA_VALID_PERM_MASK 0xffffffff
375#define DFA_VALID_PERM2_MASK 0xffffffff
376
736ec752
JJ		 377/**
378 * verify_accept - verify the accept tables of a dfa
379 * @dfa: dfa to verify accept tables of (NOT NULL)
380 * @flags: flags governing dfa
381 *
382 * Returns: 1 if valid accept tables else 0 if error
383 */
384static bool verify_accept(struct aa_dfa *dfa, int flags)
385{
386 int i;
387
388 /* verify accept permissions */
389 for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) {
390 int mode = ACCEPT_TABLE(dfa)[i];
391
392 if (mode & ~DFA_VALID_PERM_MASK)
393 return 0;
394
395 if (ACCEPT_TABLE2(dfa)[i] & ~DFA_VALID_PERM2_MASK)
396 return 0;
397 }
398 return 1;
399}
400
401/**
402 * unpack_dfa - unpack a file rule dfa
403 * @e: serialized data extent information (NOT NULL)
404 *
405 * returns dfa or ERR_PTR or NULL if no dfa
406 */
407static struct aa_dfa *unpack_dfa(struct aa_ext *e)
408{
409 char *blob = NULL;
410 size_t size;
411 struct aa_dfa *dfa = NULL;
412
413 size = unpack_blob(e, &blob, "aadfa");
414 if (size) {
415 /*
416 * The dfa is aligned with in the blob to 8 bytes
417 * from the beginning of the stream.
dd51c848 418 * alignment adjust needed by dfa unpack
736ec752 419 */
dd51c848
JJ		 420 size_t sz = blob - (char *) e->start -
421 ((e->pos - e->start) & 7);
736ec752
JJ		 422 size_t pad = ALIGN(sz, 8) - sz;
423 int flags = TO_ACCEPT1_FLAG(YYTD_DATA32) |
abbf8734 424 TO_ACCEPT2_FLAG(YYTD_DATA32) | DFA_FLAG_VERIFY_STATES;
736ec752
JJ		 425 dfa = aa_dfa_unpack(blob + pad, size - pad, flags);
426
427 if (IS_ERR(dfa))
428 return dfa;
429
430 if (!verify_accept(dfa, flags))
431 goto fail;
432 }
433
434 return dfa;
435
436fail:
437 aa_put_dfa(dfa);
438 return ERR_PTR(-EPROTO);
439}
440
441/**
442 * unpack_trans_table - unpack a profile transition table
443 * @e: serialized data extent information (NOT NULL)
444 * @profile: profile to add the accept table to (NOT NULL)
445 *
25985edc 446 * Returns: 1 if table successfully unpacked
736ec752
JJ		 447 */
448static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
449{
450 void *pos = e->pos;
451
452 /* exec table is optional */
453 if (unpack_nameX(e, AA_STRUCT, "xtable")) {
454 int i, size;
455
456 size = unpack_array(e, NULL);
457 /* currently 4 exec bits and entries 0-3 are reserved iupcx */
458 if (size > 16 - 4)
459 goto fail;
460 profile->file.trans.table = kzalloc(sizeof(char *) * size,
461 GFP_KERNEL);
462 if (!profile->file.trans.table)
463 goto fail;
464
465 profile->file.trans.size = size;
466 for (i = 0; i < size; i++) {
467 char *str;
7ee95850 468 int c, j, size2 = unpack_strdup(e, &str, NULL);
736ec752
JJ		 469 /* unpack_strdup verifies that the last character is
470 * null termination byte.
471 */
7ee95850 472 if (!size2)
736ec752
JJ		 473 goto fail;
474 profile->file.trans.table[i] = str;
475 /* verify that name doesn't start with space */
476 if (isspace(*str))
477 goto fail;
478
479 /* count internal # of internal \0 */
7ee95850 480 for (c = j = 0; j < size2 - 2; j++) {
736ec752
JJ		 481 if (!str[j])
482 c++;
483 }
484 if (*str == ':') {
485 /* beginning with : requires an embedded \0,
486 * verify that exactly 1 internal \0 exists
487 * trailing \0 already verified by unpack_strdup
488 */
489 if (c != 1)
490 goto fail;
491 /* first character after : must be valid */
492 if (!str[1])
493 goto fail;
494 } else if (c)
495 /* fail - all other cases with embedded \0 */
496 goto fail;
497 }
498 if (!unpack_nameX(e, AA_ARRAYEND, NULL))
499 goto fail;
500 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
501 goto fail;
502 }
503 return 1;
504
505fail:
506 aa_free_domain_entries(&profile->file.trans);
507 e->pos = pos;
508 return 0;
509}
510
511static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile)
512{
513 void *pos = e->pos;
514
515 /* rlimits are optional */
516 if (unpack_nameX(e, AA_STRUCT, "rlimits")) {
517 int i, size;
518 u32 tmp = 0;
519 if (!unpack_u32(e, &tmp, NULL))
520 goto fail;
521 profile->rlimits.mask = tmp;
522
523 size = unpack_array(e, NULL);
524 if (size > RLIM_NLIMITS)
525 goto fail;
526 for (i = 0; i < size; i++) {
7ee95850 527 u64 tmp2 = 0;
736ec752 528 int a = aa_map_resource(i);
7ee95850 529 if (!unpack_u64(e, &tmp2, NULL))
736ec752 530 goto fail;
7ee95850 531 profile->rlimits.limits[a].rlim_max = tmp2;
736ec752
JJ		 532 }
533 if (!unpack_nameX(e, AA_ARRAYEND, NULL))
534 goto fail;
535 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
536 goto fail;
537 }
538 return 1;
539
540fail:
541 e->pos = pos;
542 return 0;
543}
544
e025be0f
WH		 545static void *kvmemdup(const void *src, size_t len)
546{
a7c3e901 547 void *p = kvmalloc(len, GFP_KERNEL);
e025be0f
WH		 548
549 if (p)
550 memcpy(p, src, len);
551 return p;
552}
553
554static u32 strhash(const void *data, u32 len, u32 seed)
555{
556 const char * const *key = data;
557
558 return jhash(*key, strlen(*key), seed);
559}
560
561static int datacmp(struct rhashtable_compare_arg *arg, const void *obj)
562{
563 const struct aa_data *data = obj;
564 const char * const *key = arg->key;
565
566 return strcmp(data->key, *key);
567}
568
736ec752
JJ		 569/**
570 * unpack_profile - unpack a serialized profile
571 * @e: serialized data extent information (NOT NULL)
572 *
573 * NOTE: unpack profile sets audit struct if there is a failure
574 */
04dc715e 575static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
736ec752
JJ		 576{
577 struct aa_profile *profile = NULL;
04dc715e
JJ		 578 const char *tmpname, *tmpns = NULL, *name = NULL;
579 size_t ns_len;
e025be0f
WH		 580 struct rhashtable_params params = { 0 };
581 char *key = NULL;
582 struct aa_data *data;
ad5ff3db 583 int i, error = -EPROTO;
736ec752
JJ		 584 kernel_cap_t tmpcap;
585 u32 tmp;
586
04dc715e
JJ		 587 *ns_name = NULL;
588
736ec752
JJ		 589 /* check that we have the right struct being passed */
590 if (!unpack_nameX(e, AA_STRUCT, "profile"))
591 goto fail;
592 if (!unpack_str(e, &name, NULL))
593 goto fail;
04dc715e
JJ		 594 if (*name == '\0')
595 goto fail;
596
597 tmpname = aa_splitn_fqname(name, strlen(name), &tmpns, &ns_len);
598 if (tmpns) {
599 *ns_name = kstrndup(tmpns, ns_len, GFP_KERNEL);
600 if (!*ns_name)
601 goto fail;
602 name = tmpname;
603 }
736ec752 604
30b026a8 605 profile = aa_alloc_profile(name, GFP_KERNEL);
736ec752
JJ		 606 if (!profile)
607 return ERR_PTR(-ENOMEM);
608
609 /* profile renaming is optional */
610 (void) unpack_str(e, &profile->rename, "rename");
611
556d0be7
JJ		 612 /* attachment string is optional */
613 (void) unpack_str(e, &profile->attach, "attach");
614
736ec752
JJ		 615 /* xmatch is optional and may be NULL */
616 profile->xmatch = unpack_dfa(e);
617 if (IS_ERR(profile->xmatch)) {
618 error = PTR_ERR(profile->xmatch);
619 profile->xmatch = NULL;
620 goto fail;
621 }
622 /* xmatch_len is not optional if xmatch is set */
623 if (profile->xmatch) {
624 if (!unpack_u32(e, &tmp, NULL))
625 goto fail;
626 profile->xmatch_len = tmp;
627 }
628
72c8a768
JJ		 629 /* disconnected attachment string is optional */
630 (void) unpack_str(e, &profile->disconnected, "disconnected");
631
736ec752
JJ		 632 /* per profile debug flags (complain, audit) */
633 if (!unpack_nameX(e, AA_STRUCT, "flags"))
634 goto fail;
635 if (!unpack_u32(e, &tmp, NULL))
636 goto fail;
03816507 637 if (tmp & PACKED_FLAG_HAT)
736ec752
JJ		 638 profile->flags |= PFLAG_HAT;
639 if (!unpack_u32(e, &tmp, NULL))
640 goto fail;
5ebfb128 641 if (tmp == PACKED_MODE_COMPLAIN || (e->version & FORCE_COMPLAIN_FLAG))
736ec752 642 profile->mode = APPARMOR_COMPLAIN;
03816507
JJ		 643 else if (tmp == PACKED_MODE_KILL)
644 profile->mode = APPARMOR_KILL;
645 else if (tmp == PACKED_MODE_UNCONFINED)
646 profile->mode = APPARMOR_UNCONFINED;
736ec752
JJ		 647 if (!unpack_u32(e, &tmp, NULL))
648 goto fail;
649 if (tmp)
650 profile->audit = AUDIT_ALL;
651
652 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
653 goto fail;
654
655 /* path_flags is optional */
656 if (unpack_u32(e, &profile->path_flags, "path_flags"))
657 profile->path_flags |= profile->flags & PFLAG_MEDIATE_DELETED;
658 else
659 /* set a default value if path_flags field is not present */
660 profile->path_flags = PFLAG_MEDIATE_DELETED;
661
662 if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL))
663 goto fail;
664 if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL))
665 goto fail;
666 if (!unpack_u32(e, &(profile->caps.quiet.cap[0]), NULL))
667 goto fail;
668 if (!unpack_u32(e, &tmpcap.cap[0], NULL))
669 goto fail;
670
671 if (unpack_nameX(e, AA_STRUCT, "caps64")) {
672 /* optional upper half of 64 bit caps */
673 if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL))
674 goto fail;
675 if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL))
676 goto fail;
677 if (!unpack_u32(e, &(profile->caps.quiet.cap[1]), NULL))
678 goto fail;
679 if (!unpack_u32(e, &(tmpcap.cap[1]), NULL))
680 goto fail;
681 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
682 goto fail;
683 }
684
685 if (unpack_nameX(e, AA_STRUCT, "capsx")) {
686 /* optional extended caps mediation mask */
687 if (!unpack_u32(e, &(profile->caps.extended.cap[0]), NULL))
688 goto fail;
689 if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL))
690 goto fail;
cdbd2884
JJ		 691 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
692 goto fail;
736ec752
JJ		 693 }
694
695 if (!unpack_rlimits(e, profile))
696 goto fail;
697
ad5ff3db
JJ		 698 if (unpack_nameX(e, AA_STRUCT, "policydb")) {
699 /* generic policy dfa - optional and may be NULL */
700 profile->policy.dfa = unpack_dfa(e);
701 if (IS_ERR(profile->policy.dfa)) {
702 error = PTR_ERR(profile->policy.dfa);
703 profile->policy.dfa = NULL;
704 goto fail;
5f20fdfe
JJ		 705 } else if (!profile->policy.dfa) {
706 error = -EPROTO;
707 goto fail;
ad5ff3db
JJ		 708 }
709 if (!unpack_u32(e, &profile->policy.start[0], "start"))
710 /* default start state */
711 profile->policy.start[0] = DFA_START;
712 /* setup class index */
713 for (i = AA_CLASS_FILE; i <= AA_CLASS_LAST; i++) {
714 profile->policy.start[i] =
715 aa_dfa_next(profile->policy.dfa,
716 profile->policy.start[0],
717 i);
718 }
719 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
720 goto fail;
11c236b8
JJ		 721 } else
722 profile->policy.dfa = aa_get_dfa(nulldfa);
ad5ff3db 723
736ec752
JJ		 724 /* get file rules */
725 profile->file.dfa = unpack_dfa(e);
726 if (IS_ERR(profile->file.dfa)) {
727 error = PTR_ERR(profile->file.dfa);
728 profile->file.dfa = NULL;
729 goto fail;
6604d4c1
JJ		 730 } else if (profile->file.dfa) {
731 if (!unpack_u32(e, &profile->file.start, "dfa_start"))
732 /* default start state */
733 profile->file.start = DFA_START;
734 } else if (profile->policy.dfa &&
735 profile->policy.start[AA_CLASS_FILE]) {
736 profile->file.dfa = aa_get_dfa(profile->policy.dfa);
737 profile->file.start = profile->policy.start[AA_CLASS_FILE];
11c236b8
JJ		 738 } else
739 profile->file.dfa = aa_get_dfa(nulldfa);
736ec752 740
736ec752
JJ		 741 if (!unpack_trans_table(e, profile))
742 goto fail;
743
e025be0f
WH		 744 if (unpack_nameX(e, AA_STRUCT, "data")) {
745 profile->data = kzalloc(sizeof(*profile->data), GFP_KERNEL);
746 if (!profile->data)
747 goto fail;
748
749 params.nelem_hint = 3;
750 params.key_len = sizeof(void *);
751 params.key_offset = offsetof(struct aa_data, key);
752 params.head_offset = offsetof(struct aa_data, head);
753 params.hashfn = strhash;
754 params.obj_cmpfn = datacmp;
755
756 if (rhashtable_init(profile->data, &params))
757 goto fail;
758
759 while (unpack_strdup(e, &key, NULL)) {
760 data = kzalloc(sizeof(*data), GFP_KERNEL);
761 if (!data) {
762 kzfree(key);
763 goto fail;
764 }
765
766 data->key = key;
767 data->size = unpack_blob(e, &data->data, NULL);
768 data->data = kvmemdup(data->data, data->size);
769 if (data->size && !data->data) {
770 kzfree(data->key);
771 kzfree(data);
772 goto fail;
773 }
774
775 rhashtable_insert_fast(profile->data, &data->head,
776 profile->data->p);
777 }
778
779 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
780 goto fail;
781 }
782
736ec752
JJ		 783 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
784 goto fail;
785
786 return profile;
787
788fail:
789 if (profile)
790 name = NULL;
791 else if (!name)
792 name = "unknown";
04dc715e
JJ		 793 audit_iface(profile, NULL, name, "failed to unpack profile", e,
794 error);
8651e1d6 795 aa_free_profile(profile);
736ec752
JJ		 796
797 return ERR_PTR(error);
798}
799
800/**
801 * verify_head - unpack serialized stream header
802 * @e: serialized data read head (NOT NULL)
dd51c848 803 * @required: whether the header is required or optional
736ec752
JJ		 804 * @ns: Returns - namespace if one is specified else NULL (NOT NULL)
805 *
806 * Returns: error or 0 if header is good
807 */
dd51c848 808static int verify_header(struct aa_ext *e, int required, const char **ns)
736ec752
JJ		 809{
810 int error = -EPROTONOSUPPORT;
dd51c848
JJ		 811 const char *name = NULL;
812 *ns = NULL;
813
736ec752
JJ		 814 /* get the interface version */
815 if (!unpack_u32(e, &e->version, "version")) {
dd51c848 816 if (required) {
04dc715e 817 audit_iface(NULL, NULL, NULL, "invalid profile format",
dd51c848
JJ		 818 e, error);
819 return error;
820 }
736ec752
JJ		 821 }
822
474d6b75
JJ		 823 /* Check that the interface version is currently supported.
824 * if not specified use previous version
825 * Mask off everything that is not kernel abi version
826 */
827 if (VERSION_LT(e->version, v5) && VERSION_GT(e->version, v7)) {
04dc715e 828 audit_iface(NULL, NULL, NULL, "unsupported interface version",
474d6b75
JJ		 829 e, error);
830 return error;
831 }
dd51c848 832
736ec752 833 /* read the namespace if present */
dd51c848 834 if (unpack_str(e, &name, "namespace")) {
04dc715e
JJ		 835 if (*name == '\0') {
836 audit_iface(NULL, NULL, NULL, "invalid namespace name",
837 e, error);
838 return error;
839 }
dd51c848 840 if (*ns && strcmp(*ns, name))
04dc715e
JJ		 841 audit_iface(NULL, NULL, NULL, "invalid ns change", e,
842 error);
dd51c848
JJ		 843 else if (!*ns)
844 *ns = name;
845 }
736ec752
JJ		 846
847 return 0;
848}
849
850static bool verify_xindex(int xindex, int table_size)
851{
852 int index, xtype;
853 xtype = xindex & AA_X_TYPE_MASK;
854 index = xindex & AA_X_INDEX_MASK;
23ca7b64 855 if (xtype == AA_X_TABLE && index >= table_size)
736ec752
JJ		 856 return 0;
857 return 1;
858}
859
860/* verify dfa xindexes are in range of transition tables */
861static bool verify_dfa_xindex(struct aa_dfa *dfa, int table_size)
862{
863 int i;
864 for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) {
865 if (!verify_xindex(dfa_user_xindex(dfa, i), table_size))
866 return 0;
867 if (!verify_xindex(dfa_other_xindex(dfa, i), table_size))
868 return 0;
869 }
870 return 1;
871}
872
873/**
874 * verify_profile - Do post unpack analysis to verify profile consistency
875 * @profile: profile to verify (NOT NULL)
876 *
877 * Returns: 0 if passes verification else error
878 */
879static int verify_profile(struct aa_profile *profile)
880{
abbf8734
JJ		 881 if (profile->file.dfa &&
882 !verify_dfa_xindex(profile->file.dfa,
883 profile->file.trans.size)) {
04dc715e 884 audit_iface(profile, NULL, NULL, "Invalid named transition",
abbf8734
JJ		 885 NULL, -EPROTO);
886 return -EPROTO;
736ec752
JJ		 887 }
888
889 return 0;
890}
891
dd51c848
JJ		 892void aa_load_ent_free(struct aa_load_ent *ent)
893{
894 if (ent) {
895 aa_put_profile(ent->rename);
896 aa_put_profile(ent->old);
897 aa_put_profile(ent->new);
04dc715e 898 kfree(ent->ns_name);
dd51c848
JJ		 899 kzfree(ent);
900 }
901}
902
903struct aa_load_ent *aa_load_ent_alloc(void)
904{
905 struct aa_load_ent *ent = kzalloc(sizeof(*ent), GFP_KERNEL);
906 if (ent)
907 INIT_LIST_HEAD(&ent->list);
908 return ent;
909}
910
736ec752 911/**
dd51c848 912 * aa_unpack - unpack packed binary profile(s) data loaded from user space
736ec752 913 * @udata: user data copied to kmem (NOT NULL)
dd51c848 914 * @lh: list to place unpacked profiles in a aa_repl_ws
736ec752
JJ		 915 * @ns: Returns namespace profile is in if specified else NULL (NOT NULL)
916 *
dd51c848
JJ		 917 * Unpack user data and return refcounted allocated profile(s) stored in
918 * @lh in order of discovery, with the list chain stored in base.list
919 * or error
736ec752 920 *
dd51c848 921 * Returns: profile(s) on @lh else error pointer if fails to unpack
736ec752 922 */
5ac8c355
JJ		 923int aa_unpack(struct aa_loaddata *udata, struct list_head *lh,
924 const char **ns)
736ec752 925{
dd51c848 926 struct aa_load_ent *tmp, *ent;
736ec752
JJ		 927 struct aa_profile *profile = NULL;
928 int error;
929 struct aa_ext e = {
5ac8c355
JJ		 930 .start = udata->data,
931 .end = udata->data + udata->size,
932 .pos = udata->data,
736ec752
JJ		 933 };
934
dd51c848
JJ		 935 *ns = NULL;
936 while (e.pos < e.end) {
04dc715e 937 char *ns_name = NULL;
f8eb8a13 938 void *start;
dd51c848
JJ		 939 error = verify_header(&e, e.pos == e.start, ns);
940 if (error)
941 goto fail;
736ec752 942
f8eb8a13 943 start = e.pos;
04dc715e 944 profile = unpack_profile(&e, &ns_name);
dd51c848
JJ		 945 if (IS_ERR(profile)) {
946 error = PTR_ERR(profile);
947 goto fail;
948 }
949
950 error = verify_profile(profile);
f8eb8a13
JJ		 951 if (error)
952 goto fail_profile;
953
31f75bfe
JJ		 954 if (aa_g_hash_policy)
955 error = aa_calc_profile_hash(profile, e.version, start,
6059f71f 956 e.pos - start);
f8eb8a13
JJ		 957 if (error)
958 goto fail_profile;
dd51c848
JJ		 959
960 ent = aa_load_ent_alloc();
961 if (!ent) {
962 error = -ENOMEM;
f8eb8a13 963 goto fail_profile;
dd51c848 964 }
736ec752 965
dd51c848 966 ent->new = profile;
04dc715e 967 ent->ns_name = ns_name;
dd51c848 968 list_add_tail(&ent->list, lh);
736ec752 969 }
5ac8c355 970 udata->abi = e.version & K_ABI_MASK;
31f75bfe
JJ		 971 if (aa_g_hash_policy) {
972 udata->hash = aa_calc_hash(udata->data, udata->size);
973 if (IS_ERR(udata->hash)) {
974 error = PTR_ERR(udata->hash);
975 udata->hash = NULL;
976 goto fail;
977 }
5ac8c355 978 }
dd51c848
JJ		 979 return 0;
980
f8eb8a13
JJ		 981fail_profile:
982 aa_put_profile(profile);
983
dd51c848
JJ		 984fail:
985 list_for_each_entry_safe(ent, tmp, lh, list) {
986 list_del_init(&ent->list);
987 aa_load_ent_free(ent);
988 }
989
990 return error;
736ec752 991}
ubuntu-bionic-kernel mirror