]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - security/apparmor/apparmorfs.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
UBUNTU: SAUCE: apparmor: add label data availability to the feature set
[mirror_ubuntu-zesty-kernel.git] / security / apparmor / apparmorfs.c
1 /*
2 * AppArmor security module
3 *
4 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 */
14
15 #include <linux/ctype.h>
16 #include <linux/security.h>
17 #include <linux/vmalloc.h>
18 #include <linux/module.h>
19 #include <linux/seq_file.h>
20 #include <linux/uaccess.h>
21 #include <linux/mount.h>
22 #include <linux/namei.h>
23 #include <linux/capability.h>
24 #include <linux/rcupdate.h>
25 #include <uapi/linux/major.h>
26 #include <linux/fs.h>
27
28 #include "include/apparmor.h"
29 #include "include/apparmorfs.h"
30 #include "include/audit.h"
31 #include "include/context.h"
32 #include "include/crypto.h"
33 #include "include/ipc.h"
34 #include "include/policy_ns.h"
35 #include "include/label.h"
36 #include "include/policy.h"
37 #include "include/resource.h"
38 #include "include/label.h"
39 #include "include/lib.h"
40 #include "include/policy_unpack.h"
41
42 /**
43 * aa_mangle_name - mangle a profile name to std profile layout form
44 * @name: profile name to mangle (NOT NULL)
45 * @target: buffer to store mangled name, same length as @name (MAYBE NULL)
46 *
47 * Returns: length of mangled name
48 */
49 static int mangle_name(const char *name, char *target)
50 {
51 char *t = target;
52
53 while (*name == '/' || *name == '.')
54 name++;
55
56 if (target) {
57 for (; *name; name++) {
58 if (*name == '/')
59 *(t)++ = '.';
60 else if (isspace(*name))
61 *(t)++ = '_';
62 else if (isalnum(*name) || strchr("._-", *name))
63 *(t)++ = *name;
64 }
65
66 *t = 0;
67 } else {
68 int len = 0;
69 for (; *name; name++) {
70 if (isalnum(*name) || isspace(*name) ||
71 strchr("/._-", *name))
72 len++;
73 }
74
75 return len;
76 }
77
78 return t - target;
79 }
80
81 /**
82 * aa_simple_write_to_buffer - common routine for getting policy from user
83 * @userbuf: user buffer to copy data from (NOT NULL)
84 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
85 * @copy_size: size of data to copy from user buffer
86 * @pos: position write is at in the file (NOT NULL)
87 *
88 * Returns: kernel buffer containing copy of user buffer data or an
89 * ERR_PTR on failure.
90 */
91 static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf,
92 size_t alloc_size,
93 size_t copy_size,
94 loff_t *pos)
95 {
96 struct aa_loaddata *data;
97
98 BUG_ON(copy_size > alloc_size);
99
100 if (*pos != 0)
101 /* only writes from pos 0, that is complete writes */
102 return ERR_PTR(-ESPIPE);
103
104 /* freed by caller to simple_write_to_buffer */
105 data = kvmalloc(sizeof(*data) + alloc_size);
106 if (data == NULL)
107 return ERR_PTR(-ENOMEM);
108 kref_init(&data->count);
109 data->size = copy_size;
110 data->hash = NULL;
111 data->abi = 0;
112
113 if (copy_from_user(data->data, userbuf, copy_size)) {
114 kvfree(data);
115 return ERR_PTR(-EFAULT);
116 }
117
118 return data;
119 }
120
121 static ssize_t policy_update(u32 mask, const char __user *buf, size_t size,
122 loff_t *pos, struct aa_ns *ns)
123 {
124 struct aa_label *label;
125 ssize_t error;
126 struct aa_loaddata *data;
127
128 label = aa_begin_current_label(DO_UPDATE);
129
130 /* high level check about policy management - fine grained in
131 * below after unpack
132 */
133 error = aa_may_manage_policy(label, ns, mask);
134 if (error)
135 return error;
136
137 data = aa_simple_write_to_buffer(buf, size, size, pos);
138 error = PTR_ERR(data);
139 if (!IS_ERR(data)) {
140 error = aa_replace_profiles(ns ? ns : labels_ns(label), label,
141 mask, data);
142 aa_put_loaddata(data);
143 }
144 aa_end_current_label(label);
145
146 return error;
147 }
148
149 /* .load file hook fn to load policy */
150 static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
151 loff_t *pos)
152 {
153 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
154 int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns);
155 aa_put_ns(ns);
156
157 return error;
158 }
159
160 static const struct file_operations aa_fs_profile_load = {
161 .write = profile_load,
162 .llseek = default_llseek,
163 };
164
165 /* .replace file hook fn to load and/or replace policy */
166 static ssize_t profile_replace(struct file *f, const char __user *buf,
167 size_t size, loff_t *pos)
168 {
169 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
170 int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY,
171 buf, size, pos, ns);
172 aa_put_ns(ns);
173
174 return error;
175 }
176
177 static const struct file_operations aa_fs_profile_replace = {
178 .write = profile_replace,
179 .llseek = default_llseek,
180 };
181
182 /* .remove file hook fn to remove loaded policy */
183 static ssize_t profile_remove(struct file *f, const char __user *buf,
184 size_t size, loff_t *pos)
185 {
186 struct aa_loaddata *data;
187 struct aa_label *label;
188 ssize_t error;
189 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
190
191 label = aa_begin_current_label(DO_UPDATE);
192 /* high level check about policy management - fine grained in
193 * below after unpack
194 */
195 error = aa_may_manage_policy(label, ns, AA_MAY_REMOVE_POLICY);
196 if (error)
197 goto out;
198
199 /*
200 * aa_remove_profile needs a null terminated string so 1 extra
201 * byte is allocated and the copied data is null terminated.
202 */
203 data = aa_simple_write_to_buffer(buf, size + 1, size, pos);
204
205 error = PTR_ERR(data);
206 if (!IS_ERR(data)) {
207 data->data[size] = 0;
208 error = aa_remove_profiles(ns ? ns : labels_ns(label), label,
209 data->data, size);
210 aa_put_loaddata(data);
211 }
212 out:
213 aa_end_current_label(label);
214 aa_put_ns(ns);
215 return error;
216 }
217
218 static const struct file_operations aa_fs_profile_remove = {
219 .write = profile_remove,
220 .llseek = default_llseek,
221 };
222
223
224 static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms,
225 const char *match_str, size_t match_len)
226 {
227 struct aa_perms tmp;
228 struct aa_dfa *dfa;
229 unsigned int state = 0;
230
231 if (profile_unconfined(profile))
232 return;
233 if (profile->file.dfa && *match_str == AA_CLASS_FILE) {
234 dfa = profile->file.dfa;
235 state = aa_dfa_match_len(dfa, profile->file.start,
236 match_str + 1, match_len - 1);
237 tmp = nullperms;
238 if (state) {
239 struct path_cond cond = { };
240 tmp = aa_compute_fperms(dfa, state, &cond);
241 }
242 } else if (profile->policy.dfa) {
243 if (!PROFILE_MEDIATES_SAFE(profile, *match_str))
244 return; /* no change to current perms */
245 dfa = profile->policy.dfa;
246 state = aa_dfa_match_len(dfa, profile->policy.start[0],
247 match_str, match_len);
248 if (state)
249 aa_compute_perms(dfa, state, &tmp);
250 else
251 tmp = nullperms;
252 }
253 aa_apply_modes_to_perms(profile, &tmp);
254 aa_perms_accum_raw(perms, &tmp);
255 }
256
257 /**
258 * query_data - queries a policy and writes its data to buf
259 * @buf: the resulting data is stored here (NOT NULL)
260 * @buf_len: size of buf
261 * @query: query string used to retrieve data
262 * @query_len: size of query including second NUL byte
263 *
264 * The buffers pointed to by buf and query may overlap. The query buffer is
265 * parsed before buf is written to.
266 *
267 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of
268 * the security confinement context and <KEY> is the name of the data to
269 * retrieve. <LABEL> and <KEY> must not be NUL-terminated.
270 *
271 * Don't expect the contents of buf to be preserved on failure.
272 *
273 * Returns: number of characters written to buf or -errno on failure
274 */
275 static ssize_t query_data(char *buf, size_t buf_len,
276 char *query, size_t query_len)
277 {
278 char *out;
279 const char *key;
280 struct label_it i;
281 struct aa_label *label, *curr;
282 struct aa_profile *profile;
283 struct aa_data *data;
284 u32 bytes;
285 u32 blocks;
286 u32 size;
287
288 if (!query_len)
289 return -EINVAL; /* need a query */
290
291 key = query + strnlen(query, query_len) + 1;
292 if (key + 1 >= query + query_len)
293 return -EINVAL; /* not enough space for a non-empty key */
294 if (key + strnlen(key, query + query_len - key) >= query + query_len)
295 return -EINVAL; /* must end with NUL */
296
297 if (buf_len < sizeof(bytes) + sizeof(blocks))
298 return -EINVAL; /* not enough space */
299
300 curr = aa_begin_current_label(DO_UPDATE);
301 label = aa_label_parse(curr, query, GFP_KERNEL, false, false);
302 aa_end_current_label(curr);
303 if (IS_ERR(label))
304 return PTR_ERR(label);
305
306 /* We are going to leave space for two numbers. The first is the total
307 * number of bytes we are writing after the first number. This is so
308 * users can read the full output without reallocation.
309 *
310 * The second number is the number of data blocks we're writing. An
311 * application might be confined by multiple policies having data in
312 * the same key.
313 */
314 memset(buf, 0, sizeof(bytes) + sizeof(blocks));
315 out = buf + sizeof(bytes) + sizeof(blocks);
316
317 blocks = 0;
318 label_for_each_confined(i, label, profile) {
319 if (!profile->data)
320 continue;
321
322 data = rhashtable_lookup_fast(profile->data, &key,
323 profile->data->p);
324
325 if (data) {
326 if (out + sizeof(size) + data->size > buf + buf_len) {
327 aa_put_label(label);
328 return -EINVAL; /* not enough space */
329 }
330 size = __cpu_to_le32(data->size);
331 memcpy(out, &size, sizeof(size));
332 out += sizeof(size);
333 memcpy(out, data->data, data->size);
334 out += data->size;
335 blocks++;
336 }
337 }
338 aa_put_label(label);
339
340 bytes = out - buf - sizeof(bytes);
341 bytes = __cpu_to_le32(bytes);
342 blocks = __cpu_to_le32(blocks);
343 memcpy(buf, &bytes, sizeof(bytes));
344 memcpy(buf + sizeof(bytes), &blocks, sizeof(blocks));
345
346 return out - buf;
347 }
348
349 /**
350 * query_label - queries a label and writes permissions to buf
351 * @buf: the resulting permissions string is stored here (NOT NULL)
352 * @buf_len: size of buf
353 * @query: binary query string to match against the dfa
354 * @query_len: size of query
355 *
356 * The buffers pointed to by buf and query may overlap. The query buffer is
357 * parsed before buf is written to.
358 *
359 * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is
360 * the name of the label, in the current namespace, that is to be queried and
361 * DFA_STRING is a binary string to match against the label(s)'s DFA.
362 *
363 * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters
364 * but must *not* be NUL terminated.
365 *
366 * Returns: number of characters written to buf or -errno on failure
367 */
368 static ssize_t query_label(char *buf, size_t buf_len,
369 char *query, size_t query_len, bool ns_only)
370 {
371 struct aa_profile *profile;
372 struct aa_label *label, *curr;
373 char *label_name, *match_str;
374 size_t label_name_len, match_len;
375 struct aa_perms perms;
376 struct label_it i;
377
378 if (!query_len)
379 return -EINVAL;
380
381 label_name = query;
382 label_name_len = strnlen(query, query_len);
383 if (!label_name_len || label_name_len == query_len)
384 return -EINVAL;
385
386 /**
387 * The extra byte is to account for the null byte between the
388 * profile name and dfa string. profile_name_len is greater
389 * than zero and less than query_len, so a byte can be safely
390 * added or subtracted.
391 */
392 match_str = label_name + label_name_len + 1;
393 match_len = query_len - label_name_len - 1;
394
395 curr = aa_begin_current_label(DO_UPDATE);
396 label = aa_label_parse(curr, label_name, GFP_KERNEL, false, false);
397 aa_end_current_label(curr);
398 if (IS_ERR(label))
399 return PTR_ERR(label);
400
401 perms = allperms;
402 if (ns_only) {
403 label_for_each_in_ns(i, labels_ns(label), label, profile) {
404 profile_query_cb(profile, &perms, match_str, match_len);
405 }
406 } else {
407 label_for_each(i, label, profile) {
408 profile_query_cb(profile, &perms, match_str, match_len);
409 }
410 }
411 aa_put_label(label);
412
413 return scnprintf(buf, buf_len,
414 "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n",
415 perms.allow, perms.deny, perms.audit, perms.quiet);
416 }
417
418 #define QUERY_CMD_LABEL "label\0"
419 #define QUERY_CMD_LABEL_LEN 6
420 #define QUERY_CMD_PROFILE "profile\0"
421 #define QUERY_CMD_PROFILE_LEN 8
422 #define QUERY_CMD_LABELALL "labelall\0"
423 #define QUERY_CMD_LABELALL_LEN 9
424 #define QUERY_CMD_DATA "data\0"
425 #define QUERY_CMD_DATA_LEN 5
426
427 /**
428 * aa_write_access - generic permissions and data query
429 * @file: pointer to open apparmorfs/access file
430 * @ubuf: user buffer containing the complete query string (NOT NULL)
431 * @count: size of ubuf
432 * @ppos: position in the file (MUST BE ZERO)
433 *
434 * Allows for one permissions or data query per open(), write(), and read()
435 * sequence. The only queries currently supported are label-based queries for
436 * permissions or data.
437 *
438 * For permissions queries, ubuf must begin with "label\0", followed by the
439 * profile query specific format described in the query_label() function
440 * documentation.
441 *
442 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where
443 * <LABEL> is the name of the security confinement context and <KEY> is the
444 * name of the data to retrieve.
445 *
446 * Returns: number of bytes written or -errno on failure
447 */
448 static ssize_t aa_write_access(struct file *file, const char __user *ubuf,
449 size_t count, loff_t *ppos)
450 {
451 char *buf;
452 ssize_t len;
453
454 if (*ppos)
455 return -ESPIPE;
456
457 buf = simple_transaction_get(file, ubuf, count);
458 if (IS_ERR(buf))
459 return PTR_ERR(buf);
460
461 if (count > QUERY_CMD_PROFILE_LEN &&
462 !memcmp(buf, QUERY_CMD_PROFILE, QUERY_CMD_PROFILE_LEN)) {
463 len = query_label(buf, SIMPLE_TRANSACTION_LIMIT,
464 buf + QUERY_CMD_PROFILE_LEN,
465 count - QUERY_CMD_PROFILE_LEN, true);
466 } else if (count > QUERY_CMD_LABEL_LEN &&
467 !memcmp(buf, QUERY_CMD_LABEL, QUERY_CMD_LABEL_LEN)) {
468 len = query_label(buf, SIMPLE_TRANSACTION_LIMIT,
469 buf + QUERY_CMD_LABEL_LEN,
470 count - QUERY_CMD_LABEL_LEN, true);
471 } else if (count > QUERY_CMD_LABELALL_LEN &&
472 !memcmp(buf, QUERY_CMD_LABELALL, QUERY_CMD_LABELALL_LEN)) {
473 len = query_label(buf, SIMPLE_TRANSACTION_LIMIT,
474 buf + QUERY_CMD_LABELALL_LEN,
475 count - QUERY_CMD_LABELALL_LEN, false);
476 } else if (count > QUERY_CMD_DATA_LEN &&
477 !memcmp(buf, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) {
478 len = query_data(buf, SIMPLE_TRANSACTION_LIMIT,
479 buf + QUERY_CMD_DATA_LEN,
480 count - QUERY_CMD_DATA_LEN);
481 } else
482 len = -EINVAL;
483
484 if (len < 0)
485 return len;
486
487 simple_transaction_set(file, len);
488
489 return count;
490 }
491
492 static const struct file_operations aa_fs_access = {
493 .write = aa_write_access,
494 .read = simple_transaction_read,
495 .release = simple_transaction_release,
496 .llseek = generic_file_llseek,
497 };
498
499 static int aa_fs_seq_show(struct seq_file *seq, void *v)
500 {
501 struct aa_fs_entry *fs_file = seq->private;
502
503 if (!fs_file)
504 return 0;
505
506 switch (fs_file->v_type) {
507 case AA_FS_TYPE_BOOLEAN:
508 seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
509 break;
510 case AA_FS_TYPE_STRING:
511 seq_printf(seq, "%s\n", fs_file->v.string);
512 break;
513 case AA_FS_TYPE_U64:
514 seq_printf(seq, "%#08lx\n", fs_file->v.u64);
515 break;
516 default:
517 /* Ignore unpritable entry types. */
518 break;
519 }
520
521 return 0;
522 }
523
524 static int aa_fs_seq_open(struct inode *inode, struct file *file)
525 {
526 return single_open(file, aa_fs_seq_show, inode->i_private);
527 }
528
529 const struct file_operations aa_fs_seq_file_ops = {
530 .owner = THIS_MODULE,
531 .open = aa_fs_seq_open,
532 .read = seq_read,
533 .llseek = seq_lseek,
534 .release = single_release,
535 };
536
537 static int aa_fs_seq_profile_open(struct inode *inode, struct file *file,
538 int (*show)(struct seq_file *, void *))
539 {
540 struct aa_proxy *proxy = aa_get_proxy(inode->i_private);
541 int error = single_open(file, show, proxy);
542
543 if (error) {
544 file->private_data = NULL;
545 aa_put_proxy(proxy);
546 }
547
548 return error;
549 }
550
551 static int aa_fs_seq_profile_release(struct inode *inode, struct file *file)
552 {
553 struct seq_file *seq = (struct seq_file *) file->private_data;
554 if (seq)
555 aa_put_proxy(seq->private);
556 return single_release(inode, file);
557 }
558
559 static int aa_fs_seq_profname_show(struct seq_file *seq, void *v)
560 {
561 struct aa_proxy *proxy = seq->private;
562 struct aa_label *label = aa_get_label_rcu(&proxy->label);
563 struct aa_profile *profile = labels_profile(label);
564 seq_printf(seq, "%s\n", profile->base.name);
565 aa_put_label(label);
566
567 return 0;
568 }
569
570 static int aa_fs_seq_profname_open(struct inode *inode, struct file *file)
571 {
572 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_profname_show);
573 }
574
575 static const struct file_operations aa_fs_profname_fops = {
576 .owner = THIS_MODULE,
577 .open = aa_fs_seq_profname_open,
578 .read = seq_read,
579 .llseek = seq_lseek,
580 .release = aa_fs_seq_profile_release,
581 };
582
583 static int aa_fs_seq_profmode_show(struct seq_file *seq, void *v)
584 {
585 struct aa_proxy *proxy = seq->private;
586 struct aa_label *label = aa_get_label_rcu(&proxy->label);
587 struct aa_profile *profile = labels_profile(label);
588 seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]);
589 aa_put_label(label);
590
591 return 0;
592 }
593
594 static int aa_fs_seq_profmode_open(struct inode *inode, struct file *file)
595 {
596 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_profmode_show);
597 }
598
599 static const struct file_operations aa_fs_profmode_fops = {
600 .owner = THIS_MODULE,
601 .open = aa_fs_seq_profmode_open,
602 .read = seq_read,
603 .llseek = seq_lseek,
604 .release = aa_fs_seq_profile_release,
605 };
606
607 static int aa_fs_seq_profattach_show(struct seq_file *seq, void *v)
608 {
609 struct aa_proxy *proxy = seq->private;
610 struct aa_label *label = aa_get_label_rcu(&proxy->label);
611 struct aa_profile *profile = labels_profile(label);
612 if (profile->attach)
613 seq_printf(seq, "%s\n", profile->attach);
614 else if (profile->xmatch)
615 seq_puts(seq, "<unknown>\n");
616 else
617 seq_printf(seq, "%s\n", profile->base.name);
618 aa_put_label(label);
619
620 return 0;
621 }
622
623 static int aa_fs_seq_profattach_open(struct inode *inode, struct file *file)
624 {
625 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_profattach_show);
626 }
627
628 static const struct file_operations aa_fs_profattach_fops = {
629 .owner = THIS_MODULE,
630 .open = aa_fs_seq_profattach_open,
631 .read = seq_read,
632 .llseek = seq_lseek,
633 .release = aa_fs_seq_profile_release,
634 };
635
636 static int aa_fs_seq_hash_show(struct seq_file *seq, void *v)
637 {
638 struct aa_proxy *proxy = seq->private;
639 struct aa_label *label = aa_get_label_rcu(&proxy->label);
640 struct aa_profile *profile = labels_profile(label);
641 unsigned int i, size = aa_hash_size();
642
643 if (profile->hash) {
644 for (i = 0; i < size; i++)
645 seq_printf(seq, "%.2x", profile->hash[i]);
646 seq_puts(seq, "\n");
647 }
648 aa_put_label(label);
649
650 return 0;
651 }
652
653 static int aa_fs_seq_hash_open(struct inode *inode, struct file *file)
654 {
655 return single_open(file, aa_fs_seq_hash_show, inode->i_private);
656 }
657
658 static const struct file_operations aa_fs_seq_hash_fops = {
659 .owner = THIS_MODULE,
660 .open = aa_fs_seq_hash_open,
661 .read = seq_read,
662 .llseek = seq_lseek,
663 .release = single_release,
664 };
665
666 static int aa_fs_seq_show_stacked(struct seq_file *seq, void *v)
667 {
668 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
669 seq_printf(seq, "%s\n", label->size > 1 ? "yes" : "no");
670 aa_end_current_label(label);
671
672 return 0;
673 }
674
675 static int aa_fs_seq_open_stacked(struct inode *inode, struct file *file)
676 {
677 return single_open(file, aa_fs_seq_show_stacked, inode->i_private);
678 }
679
680 static const struct file_operations aa_fs_stacked = {
681 .owner = THIS_MODULE,
682 .open = aa_fs_seq_open_stacked,
683 .read = seq_read,
684 .llseek = seq_lseek,
685 .release = single_release,
686 };
687
688 static int aa_fs_seq_show_ns_stacked(struct seq_file *seq, void *v)
689 {
690 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
691 struct aa_profile *profile;
692 struct label_it it;
693 int count = 1;
694
695 if (label->size > 1) {
696 label_for_each(it, label, profile)
697 if (profile->ns != labels_ns(label)) {
698 count++;
699 break;
700 }
701 }
702
703 seq_printf(seq, "%s\n", count > 1 ? "yes" : "no");
704 aa_end_current_label(label);
705
706 return 0;
707 }
708
709 static int aa_fs_seq_open_ns_stacked(struct inode *inode, struct file *file)
710 {
711 return single_open(file, aa_fs_seq_show_ns_stacked, inode->i_private);
712 }
713
714 static const struct file_operations aa_fs_ns_stacked = {
715 .owner = THIS_MODULE,
716 .open = aa_fs_seq_open_ns_stacked,
717 .read = seq_read,
718 .llseek = seq_lseek,
719 .release = single_release,
720 };
721
722 static int aa_fs_seq_show_ns_level(struct seq_file *seq, void *v)
723 {
724 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
725 seq_printf(seq, "%d\n", labels_ns(label)->level);
726 aa_end_current_label(label);
727
728 return 0;
729 }
730
731 static int aa_fs_seq_open_ns_level(struct inode *inode, struct file *file)
732 {
733 return single_open(file, aa_fs_seq_show_ns_level, inode->i_private);
734 }
735
736 static const struct file_operations aa_fs_ns_level = {
737 .owner = THIS_MODULE,
738 .open = aa_fs_seq_open_ns_level,
739 .read = seq_read,
740 .llseek = seq_lseek,
741 .release = single_release,
742 };
743
744 static int aa_fs_seq_show_ns_name(struct seq_file *seq, void *v)
745 {
746 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
747 seq_printf(seq, "%s\n", labels_ns(label)->base.name);
748 aa_end_current_label(label);
749
750 return 0;
751 }
752
753 static int aa_fs_seq_open_ns_name(struct inode *inode, struct file *file)
754 {
755 return single_open(file, aa_fs_seq_show_ns_name, inode->i_private);
756 }
757
758 static const struct file_operations aa_fs_ns_name = {
759 .owner = THIS_MODULE,
760 .open = aa_fs_seq_open_ns_name,
761 .read = seq_read,
762 .llseek = seq_lseek,
763 .release = single_release,
764 };
765
766 static int rawdata_release(struct inode *inode, struct file *file)
767 {
768 /* TODO: switch to loaddata when profile switched to symlink */
769 aa_put_loaddata(file->private_data);
770
771 return 0;
772 }
773
774 static int aa_fs_seq_raw_abi_show(struct seq_file *seq, void *v)
775 {
776 struct aa_proxy *proxy = seq->private;
777 struct aa_label *label = aa_get_label_rcu(&proxy->label);
778 struct aa_profile *profile = labels_profile(label);
779
780 if (profile->rawdata->abi) {
781 seq_printf(seq, "v%d", profile->rawdata->abi);
782 seq_puts(seq, "\n");
783 }
784 aa_put_label(label);
785
786 return 0;
787 }
788
789 static int aa_fs_seq_raw_abi_open(struct inode *inode, struct file *file)
790 {
791 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_raw_abi_show);
792 }
793
794 static const struct file_operations aa_fs_seq_raw_abi_fops = {
795 .owner = THIS_MODULE,
796 .open = aa_fs_seq_raw_abi_open,
797 .read = seq_read,
798 .llseek = seq_lseek,
799 .release = aa_fs_seq_profile_release,
800 };
801
802 static int aa_fs_seq_raw_hash_show(struct seq_file *seq, void *v)
803 {
804 struct aa_proxy *proxy = seq->private;
805 struct aa_label *label = aa_get_label_rcu(&proxy->label);
806 struct aa_profile *profile = labels_profile(label);
807 unsigned int i, size = aa_hash_size();
808
809 if (profile->rawdata->hash) {
810 for (i = 0; i < size; i++)
811 seq_printf(seq, "%.2x", profile->rawdata->hash[i]);
812 seq_puts(seq, "\n");
813 }
814 aa_put_label(label);
815
816 return 0;
817 }
818
819 static int aa_fs_seq_raw_hash_open(struct inode *inode, struct file *file)
820 {
821 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_raw_hash_show);
822 }
823
824 static const struct file_operations aa_fs_seq_raw_hash_fops = {
825 .owner = THIS_MODULE,
826 .open = aa_fs_seq_raw_hash_open,
827 .read = seq_read,
828 .llseek = seq_lseek,
829 .release = aa_fs_seq_profile_release,
830 };
831
832 static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size,
833 loff_t *ppos)
834 {
835 struct aa_loaddata *rawdata = file->private_data;
836
837 return simple_read_from_buffer(buf, size, ppos, rawdata->data,
838 rawdata->size);
839 }
840
841 static int rawdata_open(struct inode *inode, struct file *file)
842 {
843 struct aa_proxy *proxy = inode->i_private;
844 struct aa_label *label;
845 struct aa_profile *profile;
846
847 if (!policy_view_capable(NULL))
848 return -EACCES;
849 label = aa_get_label_rcu(&proxy->label);
850 profile = labels_profile(label);
851 file->private_data = aa_get_loaddata(profile->rawdata);
852 aa_put_label(label);
853
854 return 0;
855 }
856
857 static const struct file_operations aa_fs_rawdata_fops = {
858 .open = rawdata_open,
859 .read = rawdata_read,
860 .llseek = generic_file_llseek,
861 .release = rawdata_release,
862 };
863
864 /** fns to setup dynamic per profile/namespace files **/
865
866 /**
867 *
868 * Requires: @profile->ns->lock held
869 */
870 void __aa_fs_profile_rmdir(struct aa_profile *profile)
871 {
872 struct aa_profile *child;
873 int i;
874
875 if (!profile)
876 return;
877 AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock));
878
879 list_for_each_entry(child, &profile->base.profiles, base.list)
880 __aa_fs_profile_rmdir(child);
881
882 for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) {
883 struct aa_proxy *proxy;
884 if (!profile->dents[i])
885 continue;
886
887 proxy = d_inode(profile->dents[i])->i_private;
888 securityfs_remove(profile->dents[i]);
889 aa_put_proxy(proxy);
890 profile->dents[i] = NULL;
891 }
892 }
893
894 /**
895 *
896 * Requires: @old->ns->lock held
897 */
898 void __aa_fs_profile_migrate_dents(struct aa_profile *old,
899 struct aa_profile *new)
900 {
901 int i;
902
903 AA_BUG(!old);
904 AA_BUG(!new);
905 AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock));
906
907 for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
908 new->dents[i] = old->dents[i];
909 if (new->dents[i])
910 new->dents[i]->d_inode->i_mtime = current_time(new->dents[i]->d_inode);
911 old->dents[i] = NULL;
912 }
913 }
914
915 static struct dentry *create_profile_file(struct dentry *dir, const char *name,
916 struct aa_profile *profile,
917 const struct file_operations *fops)
918 {
919 struct aa_proxy *proxy = aa_get_proxy(profile->label.proxy);
920 struct dentry *dent;
921
922 dent = securityfs_create_file(name, S_IFREG | 0444, dir, proxy, fops);
923 if (IS_ERR(dent))
924 aa_put_proxy(proxy);
925
926 return dent;
927 }
928
929 /**
930 *
931 * Requires: @profile->ns->lock held
932 */
933 int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
934 {
935 struct aa_profile *child;
936 struct dentry *dent = NULL, *dir;
937 int error;
938
939 AA_BUG(!profile);
940 AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock));
941
942 if (!parent) {
943 struct aa_profile *p;
944 p = aa_deref_parent(profile);
945 dent = prof_dir(p);
946 /* adding to parent that previously didn't have children */
947 dent = securityfs_create_dir("profiles", dent);
948 if (IS_ERR(dent))
949 goto fail;
950 prof_child_dir(p) = parent = dent;
951 }
952
953 if (!profile->dirname) {
954 int len, id_len;
955 len = mangle_name(profile->base.name, NULL);
956 id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
957
958 profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
959 if (!profile->dirname)
960 goto fail;
961
962 mangle_name(profile->base.name, profile->dirname);
963 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
964 }
965
966 dent = securityfs_create_dir(profile->dirname, parent);
967 if (IS_ERR(dent))
968 goto fail;
969 prof_dir(profile) = dir = dent;
970
971 dent = create_profile_file(dir, "name", profile, &aa_fs_profname_fops);
972 if (IS_ERR(dent))
973 goto fail;
974 profile->dents[AAFS_PROF_NAME] = dent;
975
976 dent = create_profile_file(dir, "mode", profile, &aa_fs_profmode_fops);
977 if (IS_ERR(dent))
978 goto fail;
979 profile->dents[AAFS_PROF_MODE] = dent;
980
981 dent = create_profile_file(dir, "attach", profile,
982 &aa_fs_profattach_fops);
983 if (IS_ERR(dent))
984 goto fail;
985 profile->dents[AAFS_PROF_ATTACH] = dent;
986
987 if (profile->hash) {
988 dent = create_profile_file(dir, "sha1", profile,
989 &aa_fs_seq_hash_fops);
990 if (IS_ERR(dent))
991 goto fail;
992 profile->dents[AAFS_PROF_HASH] = dent;
993 }
994
995 if (profile->rawdata) {
996 dent = create_profile_file(dir, "raw_hash", profile,
997 &aa_fs_seq_raw_hash_fops);
998 if (IS_ERR(dent))
999 goto fail;
1000 profile->dents[AAFS_PROF_RAW_HASH] = dent;
1001
1002 dent = create_profile_file(dir, "raw_abi", profile,
1003 &aa_fs_seq_raw_abi_fops);
1004 if (IS_ERR(dent))
1005 goto fail;
1006 profile->dents[AAFS_PROF_RAW_ABI] = dent;
1007
1008 dent = securityfs_create_file("raw_data", S_IFREG | 0444, dir,
1009 profile->label.proxy,
1010 &aa_fs_rawdata_fops);
1011 if (IS_ERR(dent))
1012 goto fail;
1013 profile->dents[AAFS_PROF_RAW_DATA] = dent;
1014 d_inode(dent)->i_size = profile->rawdata->size;
1015 aa_get_proxy(profile->label.proxy);
1016 }
1017
1018 list_for_each_entry(child, &profile->base.profiles, base.list) {
1019 error = __aa_fs_profile_mkdir(child, prof_child_dir(profile));
1020 if (error)
1021 goto fail2;
1022 }
1023
1024 return 0;
1025
1026 fail:
1027 error = PTR_ERR(dent);
1028
1029 fail2:
1030 __aa_fs_profile_rmdir(profile);
1031
1032 return error;
1033 }
1034
1035 static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
1036 {
1037 struct aa_ns *ns, *parent;
1038 /* TODO: improve permission check */
1039 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
1040 int error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY);
1041 aa_end_current_label(label);
1042 if (error)
1043 return error;
1044
1045 parent = aa_get_ns(dir->i_private);
1046 AA_BUG(d_inode(ns_subns_dir(parent)) != dir);
1047
1048 /* we have to unlock and then relock to get locking order right
1049 * for pin_fs
1050 */
1051 inode_unlock(dir);
1052 securityfs_pin_fs();
1053 inode_lock_nested(dir, I_MUTEX_PARENT);
1054
1055 error = __securityfs_setup_d_inode(dir, dentry, mode | S_IFDIR, NULL,
1056 NULL, NULL);
1057 if (error)
1058 return error;
1059
1060 ns = aa_create_ns(parent, ACCESS_ONCE(dentry->d_name.name), dentry);
1061 if (IS_ERR(ns)) {
1062 error = PTR_ERR(ns);
1063 ns = NULL;
1064 }
1065
1066 aa_put_ns(ns); /* list ref remains */
1067 aa_put_ns(parent);
1068
1069 return error;
1070 }
1071
1072 static int ns_rmdir_op(struct inode *dir, struct dentry *dentry)
1073 {
1074 struct aa_ns *ns, *parent;
1075 /* TODO: improve permission check */
1076 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
1077 int error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY);
1078 aa_end_current_label(label);
1079 if (error)
1080 return error;
1081
1082 parent = aa_get_ns(dir->i_private);
1083 /* rmdir calls the generic securityfs functions to remove files
1084 * from the apparmor dir. It is up to the apparmor ns locking
1085 * to avoid races.
1086 */
1087 inode_unlock(dir);
1088 inode_unlock(dentry->d_inode);
1089
1090 mutex_lock(&parent->lock);
1091 ns = aa_get_ns(__aa_findn_ns(&parent->sub_ns, dentry->d_name.name,
1092 dentry->d_name.len));
1093 if (!ns) {
1094 error = -ENOENT;
1095 goto out;
1096 }
1097 AA_BUG(ns_dir(ns) != dentry);
1098
1099 __aa_remove_ns(ns);
1100 aa_put_ns(ns);
1101
1102 out:
1103 mutex_unlock(&parent->lock);
1104 inode_lock_nested(dir, I_MUTEX_PARENT);
1105 inode_lock(dentry->d_inode);
1106 aa_put_ns(parent);
1107
1108 return error;
1109 }
1110
1111 static const struct inode_operations ns_dir_inode_operations = {
1112 .lookup = simple_lookup,
1113 .mkdir = ns_mkdir_op,
1114 .rmdir = ns_rmdir_op,
1115 };
1116
1117 /**
1118 *
1119 * Requires: @ns->lock held
1120 */
1121 void __aa_fs_ns_rmdir(struct aa_ns *ns)
1122 {
1123 struct aa_ns *sub;
1124 struct aa_profile *child;
1125 int i;
1126
1127 if (!ns)
1128 return;
1129 AA_BUG(!mutex_is_locked(&ns->lock));
1130
1131 list_for_each_entry(child, &ns->base.profiles, base.list)
1132 __aa_fs_profile_rmdir(child);
1133
1134 list_for_each_entry(sub, &ns->sub_ns, base.list) {
1135 mutex_lock(&sub->lock);
1136 __aa_fs_ns_rmdir(sub);
1137 mutex_unlock(&sub->lock);
1138 }
1139
1140 if (ns_subns_dir(ns)) {
1141 sub = d_inode(ns_subns_dir(ns))->i_private;
1142 aa_put_ns(sub);
1143 }
1144 if (ns_subload(ns)) {
1145 sub = d_inode(ns_subload(ns))->i_private;
1146 aa_put_ns(sub);
1147 }
1148 if (ns_subreplace(ns)) {
1149 sub = d_inode(ns_subreplace(ns))->i_private;
1150 aa_put_ns(sub);
1151 }
1152 if (ns_subremove(ns)) {
1153 sub = d_inode(ns_subremove(ns))->i_private;
1154 aa_put_ns(sub);
1155 }
1156
1157 for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) {
1158 securityfs_remove(ns->dents[i]);
1159 ns->dents[i] = NULL;
1160 }
1161 }
1162
1163 /* assumes cleanup in caller */
1164 static int __aa_fs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir)
1165 {
1166 struct dentry *dent;
1167
1168 AA_BUG(!ns);
1169 AA_BUG(!dir);
1170
1171 dent = securityfs_create_dir("profiles", dir);
1172 if (IS_ERR(dent))
1173 return PTR_ERR(dent);
1174 ns_subprofs_dir(ns) = dent;
1175
1176 dent = securityfs_create_dir("raw_data", dir);
1177 if (IS_ERR(dent))
1178 return PTR_ERR(dent);
1179 ns_subdata_dir(ns) = dent;
1180
1181 dent = securityfs_create_file(".load", 0666, dir, ns,
1182 &aa_fs_profile_load);
1183 if (IS_ERR(dent))
1184 return PTR_ERR(dent);
1185 aa_get_ns(ns);
1186 ns_subload(ns) = dent;
1187
1188 dent = securityfs_create_file(".replace", 0666, dir, ns,
1189 &aa_fs_profile_replace);
1190 if (IS_ERR(dent))
1191 return PTR_ERR(dent);
1192 aa_get_ns(ns);
1193 ns_subreplace(ns) = dent;
1194
1195 dent = securityfs_create_file(".remove", 0666, dir, ns,
1196 &aa_fs_profile_remove);
1197 if (IS_ERR(dent))
1198 return PTR_ERR(dent);
1199 aa_get_ns(ns);
1200 ns_subremove(ns) = dent;
1201
1202 /* use create_dentry so we can supply private data */
1203 dent = securityfs_create_dentry("namespaces",
1204 S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO,
1205 dir, ns, NULL,
1206 &ns_dir_inode_operations);
1207 if (IS_ERR(dent))
1208 return PTR_ERR(dent);
1209 aa_get_ns(ns);
1210 ns_subns_dir(ns) = dent;
1211
1212 return 0;
1213 }
1214
1215 /**
1216 *
1217 * Requires: @ns->lock held
1218 */
1219 int __aa_fs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
1220 struct dentry *dent)
1221 {
1222 struct aa_ns *sub;
1223 struct aa_profile *child;
1224 struct dentry *dir;
1225 int error;
1226
1227 AA_BUG(!ns);
1228 AA_BUG(!parent);
1229 AA_BUG(!mutex_is_locked(&ns->lock));
1230
1231 if (!name)
1232 name = ns->base.name;
1233
1234 if (!dent) {
1235 /* create ns dir if it doesn't already exist */
1236 dent = securityfs_create_dir(name, parent);
1237 if (IS_ERR(dent))
1238 goto fail;
1239 } else
1240 dget(dent);
1241 ns_dir(ns) = dir = dent;
1242 error = __aa_fs_ns_mkdir_entries(ns, dir);
1243 if (error)
1244 goto fail2;
1245
1246 /* profiles */
1247 list_for_each_entry(child, &ns->base.profiles, base.list) {
1248 error = __aa_fs_profile_mkdir(child, ns_subprofs_dir(ns));
1249 if (error)
1250 goto fail2;
1251 }
1252
1253 /* subnamespaces */
1254 list_for_each_entry(sub, &ns->sub_ns, base.list) {
1255 mutex_lock(&sub->lock);
1256 error = __aa_fs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL);
1257 mutex_unlock(&sub->lock);
1258 if (error)
1259 goto fail2;
1260 }
1261
1262 return 0;
1263
1264 fail:
1265 error = PTR_ERR(dent);
1266
1267 fail2:
1268 __aa_fs_ns_rmdir(ns);
1269
1270 return error;
1271 }
1272
1273
1274 #define list_entry_is_head(pos, head, member) (&pos->member == (head))
1275
1276 /**
1277 * __next_ns - find the next namespace to list
1278 * @root: root namespace to stop search at (NOT NULL)
1279 * @ns: current ns position (NOT NULL)
1280 *
1281 * Find the next namespace from @ns under @root and handle all locking needed
1282 * while switching current namespace.
1283 *
1284 * Returns: next namespace or NULL if at last namespace under @root
1285 * Requires: ns->parent->lock to be held
1286 * NOTE: will not unlock root->lock
1287 */
1288 static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns)
1289 {
1290 struct aa_ns *parent, *next;
1291
1292 AA_BUG(!root);
1293 AA_BUG(!ns);
1294 AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock));
1295
1296 /* is next namespace a child */
1297 if (!list_empty(&ns->sub_ns)) {
1298 next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
1299 mutex_lock(&next->lock);
1300 return next;
1301 }
1302
1303 /* check if the next ns is a sibling, parent, gp, .. */
1304 parent = ns->parent;
1305 while (ns != root) {
1306 mutex_unlock(&ns->lock);
1307 next = list_next_entry(ns, base.list);
1308 if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
1309 mutex_lock(&next->lock);
1310 return next;
1311 }
1312 ns = parent;
1313 parent = parent->parent;
1314 }
1315
1316 return NULL;
1317 }
1318
1319 /**
1320 * __first_profile - find the first profile in a namespace
1321 * @root: namespace that is root of profiles being displayed (NOT NULL)
1322 * @ns: namespace to start in (MAY BE NULL)
1323 *
1324 * Returns: unrefcounted profile or NULL if no profile
1325 * Requires: ns.lock to be held
1326 */
1327 static struct aa_profile *__first_profile(struct aa_ns *root, struct aa_ns *ns)
1328 {
1329 AA_BUG(!root);
1330 AA_BUG(ns && !mutex_is_locked(&ns->lock));
1331
1332 for (; ns; ns = __next_ns(root, ns)) {
1333 if (!list_empty(&ns->base.profiles))
1334 return list_first_entry(&ns->base.profiles,
1335 struct aa_profile, base.list);
1336 }
1337 return NULL;
1338 }
1339
1340 /**
1341 * __next_profile - step to the next profile in a profile tree
1342 * @profile: current profile in tree (NOT NULL)
1343 *
1344 * Perform a depth first traversal on the profile tree in a namespace
1345 *
1346 * Returns: next profile or NULL if done
1347 * Requires: profile->ns.lock to be held
1348 */
1349 static struct aa_profile *__next_profile(struct aa_profile *p)
1350 {
1351 struct aa_profile *parent;
1352 struct aa_ns *ns = p->ns;
1353
1354 AA_BUG(!mutex_is_locked(&profiles_ns(p)->lock));
1355
1356 /* is next profile a child */
1357 if (!list_empty(&p->base.profiles))
1358 return list_first_entry(&p->base.profiles, typeof(*p),
1359 base.list);
1360
1361 /* is next profile a sibling, parent sibling, gp, sibling, .. */
1362 parent = rcu_dereference_protected(p->parent,
1363 mutex_is_locked(&p->ns->lock));
1364 while (parent) {
1365 p = list_next_entry(p, base.list);
1366 if (!list_entry_is_head(p, &parent->base.profiles, base.list))
1367 return p;
1368 p = parent;
1369 parent = rcu_dereference_protected(parent->parent,
1370 mutex_is_locked(&parent->ns->lock));
1371 }
1372
1373 /* is next another profile in the namespace */
1374 p = list_next_entry(p, base.list);
1375 if (!list_entry_is_head(p, &ns->base.profiles, base.list))
1376 return p;
1377
1378 return NULL;
1379 }
1380
1381 /**
1382 * next_profile - step to the next profile in where ever it may be
1383 * @root: root namespace (NOT NULL)
1384 * @profile: current profile (NOT NULL)
1385 *
1386 * Returns: next profile or NULL if there isn't one
1387 */
1388 static struct aa_profile *next_profile(struct aa_ns *root,
1389 struct aa_profile *profile)
1390 {
1391 struct aa_profile *next = __next_profile(profile);
1392 if (next)
1393 return next;
1394
1395 /* finished all profiles in namespace move to next namespace */
1396 return __first_profile(root, __next_ns(root, profile->ns));
1397 }
1398
1399 /**
1400 * p_start - start a depth first traversal of profile tree
1401 * @f: seq_file to fill
1402 * @pos: current position
1403 *
1404 * Returns: first profile under current namespace or NULL if none found
1405 *
1406 * acquires first ns->lock
1407 */
1408 static void *p_start(struct seq_file *f, loff_t *pos)
1409 {
1410 struct aa_profile *profile = NULL;
1411 struct aa_ns *root = aa_get_current_ns();
1412 loff_t l = *pos;
1413 f->private = root;
1414
1415 /* find the first profile */
1416 mutex_lock(&root->lock);
1417 profile = __first_profile(root, root);
1418
1419 /* skip to position */
1420 for (; profile && l > 0; l--)
1421 profile = next_profile(root, profile);
1422
1423 return profile;
1424 }
1425
1426 /**
1427 * p_next - read the next profile entry
1428 * @f: seq_file to fill
1429 * @p: profile previously returned
1430 * @pos: current position
1431 *
1432 * Returns: next profile after @p or NULL if none
1433 *
1434 * may acquire/release locks in namespace tree as necessary
1435 */
1436 static void *p_next(struct seq_file *f, void *p, loff_t *pos)
1437 {
1438 struct aa_profile *profile = p;
1439 struct aa_ns *ns = f->private;
1440 (*pos)++;
1441
1442 return next_profile(ns, profile);
1443 }
1444
1445 /**
1446 * p_stop - stop depth first traversal
1447 * @f: seq_file we are filling
1448 * @p: the last profile writen
1449 *
1450 * Release all locking done by p_start/p_next on namespace tree
1451 */
1452 static void p_stop(struct seq_file *f, void *p)
1453 {
1454 struct aa_profile *profile = p;
1455 struct aa_ns *root = f->private, *ns;
1456
1457 if (profile) {
1458 for (ns = profile->ns; ns && ns != root; ns = ns->parent)
1459 mutex_unlock(&ns->lock);
1460 }
1461 mutex_unlock(&root->lock);
1462 aa_put_ns(root);
1463 }
1464
1465 /**
1466 * seq_show_profile - show a profile entry
1467 * @f: seq_file to file
1468 * @p: current position (profile) (NOT NULL)
1469 *
1470 * Returns: error on failure
1471 */
1472 static int seq_show_profile(struct seq_file *f, void *p)
1473 {
1474 struct aa_profile *profile = (struct aa_profile *)p;
1475 struct aa_ns *root = f->private;
1476
1477 aa_label_seq_xprint(f, root, &profile->label,
1478 FLAG_SHOW_MODE | FLAG_VIEW_SUBNS, GFP_KERNEL);
1479 seq_printf(f, "\n");
1480
1481 return 0;
1482 }
1483
1484 static const struct seq_operations aa_fs_profiles_op = {
1485 .start = p_start,
1486 .next = p_next,
1487 .stop = p_stop,
1488 .show = seq_show_profile,
1489 };
1490
1491 static int profiles_open(struct inode *inode, struct file *file)
1492 {
1493 if (!policy_view_capable(NULL))
1494 return -EACCES;
1495
1496 return seq_open(file, &aa_fs_profiles_op);
1497 }
1498
1499 static int profiles_release(struct inode *inode, struct file *file)
1500 {
1501 return seq_release(inode, file);
1502 }
1503
1504 static const struct file_operations aa_fs_profiles_fops = {
1505 .open = profiles_open,
1506 .read = seq_read,
1507 .llseek = seq_lseek,
1508 .release = profiles_release,
1509 };
1510
1511
1512 /** Base file system setup **/
1513 static struct aa_fs_entry aa_fs_entry_file[] = {
1514 AA_FS_FILE_STRING("mask", "create read write exec append mmap_exec " \
1515 "link lock"),
1516 { }
1517 };
1518
1519 static struct aa_fs_entry aa_fs_entry_ptrace[] = {
1520 AA_FS_FILE_STRING("mask", "read trace"),
1521 { }
1522 };
1523
1524 static struct aa_fs_entry aa_fs_entry_signal[] = {
1525 AA_FS_FILE_STRING("mask", AA_FS_SIG_MASK),
1526 { }
1527 };
1528
1529 static struct aa_fs_entry aa_fs_entry_domain[] = {
1530 AA_FS_FILE_BOOLEAN("change_hat", 1),
1531 AA_FS_FILE_BOOLEAN("change_hatv", 1),
1532 AA_FS_FILE_BOOLEAN("change_onexec", 1),
1533 AA_FS_FILE_BOOLEAN("change_profile", 1),
1534 AA_FS_FILE_BOOLEAN("stack", 1),
1535 AA_FS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1),
1536 AA_FS_FILE_STRING("version", "1.2"),
1537 { }
1538 };
1539
1540 static struct aa_fs_entry aa_fs_entry_versions[] = {
1541 AA_FS_FILE_BOOLEAN("v5", 1),
1542 AA_FS_FILE_BOOLEAN("v6", 1),
1543 AA_FS_FILE_BOOLEAN("v7", 1),
1544 { }
1545 };
1546
1547 static struct aa_fs_entry aa_fs_entry_policy[] = {
1548 AA_FS_DIR("versions", aa_fs_entry_versions),
1549 AA_FS_FILE_BOOLEAN("set_load", 1),
1550 { }
1551 };
1552
1553 static struct aa_fs_entry aa_fs_entry_mount[] = {
1554 AA_FS_FILE_STRING("mask", "mount umount"),
1555 { }
1556 };
1557
1558 static struct aa_fs_entry aa_fs_entry_ns[] = {
1559 AA_FS_FILE_BOOLEAN("profile", 1),
1560 AA_FS_FILE_BOOLEAN("pivot_root", 1),
1561 { }
1562 };
1563
1564 static struct aa_fs_entry aa_fs_entry_dbus[] = {
1565 AA_FS_FILE_STRING("mask", "acquire send receive"),
1566 { }
1567 };
1568
1569 static struct aa_fs_entry aa_fs_entry_query_label[] = {
1570 AA_FS_FILE_STRING("perms", "allow deny audit quiet"),
1571 AA_FS_FILE_BOOLEAN("data", 1),
1572 { }
1573 };
1574
1575 static struct aa_fs_entry aa_fs_entry_query[] = {
1576 AA_FS_DIR("label", aa_fs_entry_query_label),
1577 { }
1578 };
1579 static struct aa_fs_entry aa_fs_entry_features[] = {
1580 AA_FS_DIR("policy", aa_fs_entry_policy),
1581 AA_FS_DIR("domain", aa_fs_entry_domain),
1582 AA_FS_DIR("file", aa_fs_entry_file),
1583 AA_FS_DIR("network", aa_fs_entry_network),
1584 AA_FS_DIR("mount", aa_fs_entry_mount),
1585 AA_FS_DIR("namespaces", aa_fs_entry_ns),
1586 AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
1587 AA_FS_DIR("rlimit", aa_fs_entry_rlimit),
1588 AA_FS_DIR("caps", aa_fs_entry_caps),
1589 AA_FS_DIR("ptrace", aa_fs_entry_ptrace),
1590 AA_FS_DIR("signal", aa_fs_entry_signal),
1591 AA_FS_DIR("dbus", aa_fs_entry_dbus),
1592 AA_FS_DIR("query", aa_fs_entry_query),
1593 { }
1594 };
1595
1596 static struct aa_fs_entry aa_fs_entry_apparmor[] = {
1597 AA_FS_FILE_FOPS(".access", 0666, &aa_fs_access),
1598 AA_FS_FILE_FOPS(".stacked", 0666, &aa_fs_stacked),
1599 AA_FS_FILE_FOPS(".ns_stacked", 0666, &aa_fs_ns_stacked),
1600 AA_FS_FILE_FOPS(".ns_level", 0666, &aa_fs_ns_level),
1601 AA_FS_FILE_FOPS(".ns_name", 0666, &aa_fs_ns_name),
1602 AA_FS_FILE_FOPS("profiles", 0444, &aa_fs_profiles_fops),
1603 AA_FS_DIR("features", aa_fs_entry_features),
1604 { }
1605 };
1606
1607 static struct aa_fs_entry aa_fs_entry =
1608 AA_FS_DIR("apparmor", aa_fs_entry_apparmor);
1609
1610 /**
1611 * aafs_create_file - create a file entry in the apparmor securityfs
1612 * @fs_file: aa_fs_entry to build an entry for (NOT NULL)
1613 * @parent: the parent dentry in the securityfs
1614 *
1615 * Use aafs_remove_file to remove entries created with this fn.
1616 */
1617 static int __init aafs_create_file(struct aa_fs_entry *fs_file,
1618 struct dentry *parent)
1619 {
1620 int error = 0;
1621
1622 fs_file->dentry = securityfs_create_file(fs_file->name,
1623 S_IFREG | fs_file->mode,
1624 parent, fs_file,
1625 fs_file->file_ops);
1626 if (IS_ERR(fs_file->dentry)) {
1627 error = PTR_ERR(fs_file->dentry);
1628 fs_file->dentry = NULL;
1629 }
1630 return error;
1631 }
1632
1633 static void __init aafs_remove_dir(struct aa_fs_entry *fs_dir);
1634 /**
1635 * aafs_create_dir - recursively create a directory entry in the securityfs
1636 * @fs_dir: aa_fs_entry (and all child entries) to build (NOT NULL)
1637 * @parent: the parent dentry in the securityfs
1638 *
1639 * Use aafs_remove_dir to remove entries created with this fn.
1640 */
1641 static int __init aafs_create_dir(struct aa_fs_entry *fs_dir,
1642 struct dentry *parent)
1643 {
1644 struct aa_fs_entry *fs_file;
1645 struct dentry *dir;
1646 int error;
1647
1648 dir = securityfs_create_dir(fs_dir->name, parent);
1649 if (IS_ERR(dir))
1650 return PTR_ERR(dir);
1651 fs_dir->dentry = dir;
1652
1653 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
1654 if (fs_file->v_type == AA_FS_TYPE_DIR)
1655 error = aafs_create_dir(fs_file, fs_dir->dentry);
1656 else
1657 error = aafs_create_file(fs_file, fs_dir->dentry);
1658 if (error)
1659 goto failed;
1660 }
1661
1662 return 0;
1663
1664 failed:
1665 aafs_remove_dir(fs_dir);
1666
1667 return error;
1668 }
1669
1670 /**
1671 * aafs_remove_file - drop a single file entry in the apparmor securityfs
1672 * @fs_file: aa_fs_entry to detach from the securityfs (NOT NULL)
1673 */
1674 static void __init aafs_remove_file(struct aa_fs_entry *fs_file)
1675 {
1676 if (!fs_file->dentry)
1677 return;
1678
1679 securityfs_remove(fs_file->dentry);
1680 fs_file->dentry = NULL;
1681 }
1682
1683 /**
1684 * aafs_remove_dir - recursively drop a directory entry from the securityfs
1685 * @fs_dir: aa_fs_entry (and all child entries) to detach (NOT NULL)
1686 */
1687 static void __init aafs_remove_dir(struct aa_fs_entry *fs_dir)
1688 {
1689 struct aa_fs_entry *fs_file;
1690
1691 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
1692 if (fs_file->v_type == AA_FS_TYPE_DIR)
1693 aafs_remove_dir(fs_file);
1694 else
1695 aafs_remove_file(fs_file);
1696 }
1697
1698 aafs_remove_file(fs_dir);
1699 }
1700
1701 /**
1702 * aa_destroy_aafs - cleanup and free aafs
1703 *
1704 * releases dentries allocated by aa_create_aafs
1705 */
1706 void __init aa_destroy_aafs(void)
1707 {
1708 aafs_remove_dir(&aa_fs_entry);
1709 }
1710
1711
1712 #define NULL_FILE_NAME ".null"
1713 struct path aa_null;
1714
1715 static int aa_mk_null_file(struct dentry *parent)
1716 {
1717 struct vfsmount *mount = NULL;
1718 struct dentry *dentry;
1719 struct inode *inode;
1720 int count = 0;
1721 int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count);
1722 if (error)
1723 return error;
1724
1725 inode_lock(d_inode(parent));
1726 dentry = lookup_one_len(NULL_FILE_NAME, parent, strlen(NULL_FILE_NAME));
1727 if (IS_ERR(dentry)) {
1728 error = PTR_ERR(dentry);
1729 goto out;
1730 }
1731 inode = new_inode(parent->d_inode->i_sb);
1732 if (!inode) {
1733 error = -ENOMEM;
1734 goto out1;
1735 }
1736
1737 inode->i_ino = get_next_ino();
1738 inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
1739 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
1740 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO,
1741 MKDEV(MEM_MAJOR, 3));
1742 d_instantiate(dentry, inode);
1743 aa_null.dentry = dget(dentry);
1744 aa_null.mnt = mntget(mount);
1745
1746 error = 0;
1747
1748 out1:
1749 dput(dentry);
1750 out:
1751 inode_unlock(d_inode(parent));
1752 simple_release_fs(&mount, &count);
1753 return error;
1754 }
1755
1756 /**
1757 * aa_create_aafs - create the apparmor security filesystem
1758 *
1759 * dentries created here are released by aa_destroy_aafs
1760 *
1761 * Returns: error on failure
1762 */
1763 static int __init aa_create_aafs(void)
1764 {
1765 struct dentry *dent;
1766 int error;
1767
1768 if (!apparmor_initialized)
1769 return 0;
1770
1771 if (aa_fs_entry.dentry) {
1772 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
1773 return -EEXIST;
1774 }
1775
1776 /* Populate fs tree. */
1777 error = aafs_create_dir(&aa_fs_entry, NULL);
1778 if (error)
1779 goto error;
1780
1781 dent = securityfs_create_file(".load", 0666, aa_fs_entry.dentry,
1782 NULL, &aa_fs_profile_load);
1783 if (IS_ERR(dent)) {
1784 error = PTR_ERR(dent);
1785 goto error;
1786 }
1787 ns_subload(root_ns) = dent;
1788
1789 dent = securityfs_create_file(".replace", 0666, aa_fs_entry.dentry,
1790 NULL, &aa_fs_profile_replace);
1791 if (IS_ERR(dent)) {
1792 error = PTR_ERR(dent);
1793 goto error;
1794 }
1795 ns_subreplace(root_ns) = dent;
1796
1797 dent = securityfs_create_file(".remove", 0666, aa_fs_entry.dentry,
1798 NULL, &aa_fs_profile_remove);
1799 if (IS_ERR(dent)) {
1800 error = PTR_ERR(dent);
1801 goto error;
1802 }
1803 ns_subremove(root_ns) = dent;
1804
1805 mutex_lock(&root_ns->lock);
1806 error = __aa_fs_ns_mkdir(root_ns, aa_fs_entry.dentry, "policy", NULL);
1807 mutex_unlock(&root_ns->lock);
1808
1809 if (error)
1810 goto error;
1811
1812 error = aa_mk_null_file(aa_fs_entry.dentry);
1813 if (error)
1814 goto error;
1815
1816 if (!aa_g_unconfined_init) {
1817 /* TODO: add default profile to apparmorfs */
1818 }
1819
1820 /* Report that AppArmor fs is enabled */
1821 aa_info_message("AppArmor Filesystem Enabled");
1822 return 0;
1823
1824 error:
1825 aa_destroy_aafs();
1826 AA_ERROR("Error creating AppArmor securityfs\n");
1827 return error;
1828 }
1829
1830 fs_initcall(aa_create_aafs);
ubuntu-zesty-kernel mirror