2 * AppArmor security module
4 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
15 #include <linux/ctype.h>
16 #include <linux/security.h>
17 #include <linux/vmalloc.h>
18 #include <linux/module.h>
19 #include <linux/seq_file.h>
20 #include <linux/uaccess.h>
21 #include <linux/mount.h>
22 #include <linux/namei.h>
23 #include <linux/capability.h>
24 #include <linux/rcupdate.h>
25 #include <uapi/linux/major.h>
28 #include "include/apparmor.h"
29 #include "include/apparmorfs.h"
30 #include "include/audit.h"
31 #include "include/context.h"
32 #include "include/crypto.h"
33 #include "include/ipc.h"
34 #include "include/policy_ns.h"
35 #include "include/label.h"
36 #include "include/policy.h"
37 #include "include/resource.h"
38 #include "include/label.h"
39 #include "include/lib.h"
40 #include "include/policy_unpack.h"
43 * aa_mangle_name - mangle a profile name to std profile layout form
44 * @name: profile name to mangle (NOT NULL)
45 * @target: buffer to store mangled name, same length as @name (MAYBE NULL)
47 * Returns: length of mangled name
49 static int mangle_name(const char *name
, char *target
)
53 while (*name
== '/' || *name
== '.')
57 for (; *name
; name
++) {
60 else if (isspace(*name
))
62 else if (isalnum(*name
) || strchr("._-", *name
))
69 for (; *name
; name
++) {
70 if (isalnum(*name
) || isspace(*name
) ||
71 strchr("/._-", *name
))
82 * aa_simple_write_to_buffer - common routine for getting policy from user
83 * @userbuf: user buffer to copy data from (NOT NULL)
84 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
85 * @copy_size: size of data to copy from user buffer
86 * @pos: position write is at in the file (NOT NULL)
88 * Returns: kernel buffer containing copy of user buffer data or an
91 static struct aa_loaddata
*aa_simple_write_to_buffer(const char __user
*userbuf
,
96 struct aa_loaddata
*data
;
98 BUG_ON(copy_size
> alloc_size
);
101 /* only writes from pos 0, that is complete writes */
102 return ERR_PTR(-ESPIPE
);
104 /* freed by caller to simple_write_to_buffer */
105 data
= kvmalloc(sizeof(*data
) + alloc_size
);
107 return ERR_PTR(-ENOMEM
);
108 kref_init(&data
->count
);
109 data
->size
= copy_size
;
113 if (copy_from_user(data
->data
, userbuf
, copy_size
)) {
115 return ERR_PTR(-EFAULT
);
121 static ssize_t
policy_update(u32 mask
, const char __user
*buf
, size_t size
,
122 loff_t
*pos
, struct aa_ns
*ns
)
124 struct aa_label
*label
;
126 struct aa_loaddata
*data
;
128 label
= aa_begin_current_label(DO_UPDATE
);
130 /* high level check about policy management - fine grained in
133 error
= aa_may_manage_policy(label
, ns
, mask
);
137 data
= aa_simple_write_to_buffer(buf
, size
, size
, pos
);
138 error
= PTR_ERR(data
);
140 error
= aa_replace_profiles(ns
? ns
: labels_ns(label
), label
,
142 aa_put_loaddata(data
);
144 aa_end_current_label(label
);
149 /* .load file hook fn to load policy */
150 static ssize_t
profile_load(struct file
*f
, const char __user
*buf
, size_t size
,
153 struct aa_ns
*ns
= aa_get_ns(f
->f_inode
->i_private
);
154 int error
= policy_update(AA_MAY_LOAD_POLICY
, buf
, size
, pos
, ns
);
160 static const struct file_operations aa_fs_profile_load
= {
161 .write
= profile_load
,
162 .llseek
= default_llseek
,
165 /* .replace file hook fn to load and/or replace policy */
166 static ssize_t
profile_replace(struct file
*f
, const char __user
*buf
,
167 size_t size
, loff_t
*pos
)
169 struct aa_ns
*ns
= aa_get_ns(f
->f_inode
->i_private
);
170 int error
= policy_update(AA_MAY_LOAD_POLICY
| AA_MAY_REPLACE_POLICY
,
177 static const struct file_operations aa_fs_profile_replace
= {
178 .write
= profile_replace
,
179 .llseek
= default_llseek
,
182 /* .remove file hook fn to remove loaded policy */
183 static ssize_t
profile_remove(struct file
*f
, const char __user
*buf
,
184 size_t size
, loff_t
*pos
)
186 struct aa_loaddata
*data
;
187 struct aa_label
*label
;
189 struct aa_ns
*ns
= aa_get_ns(f
->f_inode
->i_private
);
191 label
= aa_begin_current_label(DO_UPDATE
);
192 /* high level check about policy management - fine grained in
195 error
= aa_may_manage_policy(label
, ns
, AA_MAY_REMOVE_POLICY
);
200 * aa_remove_profile needs a null terminated string so 1 extra
201 * byte is allocated and the copied data is null terminated.
203 data
= aa_simple_write_to_buffer(buf
, size
+ 1, size
, pos
);
205 error
= PTR_ERR(data
);
207 data
->data
[size
] = 0;
208 error
= aa_remove_profiles(ns
? ns
: labels_ns(label
), label
,
210 aa_put_loaddata(data
);
213 aa_end_current_label(label
);
218 static const struct file_operations aa_fs_profile_remove
= {
219 .write
= profile_remove
,
220 .llseek
= default_llseek
,
224 static void profile_query_cb(struct aa_profile
*profile
, struct aa_perms
*perms
,
225 const char *match_str
, size_t match_len
)
229 unsigned int state
= 0;
231 if (profile_unconfined(profile
))
233 if (profile
->file
.dfa
&& *match_str
== AA_CLASS_FILE
) {
234 dfa
= profile
->file
.dfa
;
235 state
= aa_dfa_match_len(dfa
, profile
->file
.start
,
236 match_str
+ 1, match_len
- 1);
239 struct path_cond cond
= { };
240 tmp
= aa_compute_fperms(dfa
, state
, &cond
);
242 } else if (profile
->policy
.dfa
) {
243 if (!PROFILE_MEDIATES_SAFE(profile
, *match_str
))
244 return; /* no change to current perms */
245 dfa
= profile
->policy
.dfa
;
246 state
= aa_dfa_match_len(dfa
, profile
->policy
.start
[0],
247 match_str
, match_len
);
249 aa_compute_perms(dfa
, state
, &tmp
);
253 aa_apply_modes_to_perms(profile
, &tmp
);
254 aa_perms_accum_raw(perms
, &tmp
);
258 * query_data - queries a policy and writes its data to buf
259 * @buf: the resulting data is stored here (NOT NULL)
260 * @buf_len: size of buf
261 * @query: query string used to retrieve data
262 * @query_len: size of query including second NUL byte
264 * The buffers pointed to by buf and query may overlap. The query buffer is
265 * parsed before buf is written to.
267 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of
268 * the security confinement context and <KEY> is the name of the data to
269 * retrieve. <LABEL> and <KEY> must not be NUL-terminated.
271 * Don't expect the contents of buf to be preserved on failure.
273 * Returns: number of characters written to buf or -errno on failure
275 static ssize_t
query_data(char *buf
, size_t buf_len
,
276 char *query
, size_t query_len
)
281 struct aa_label
*label
, *curr
;
282 struct aa_profile
*profile
;
283 struct aa_data
*data
;
289 return -EINVAL
; /* need a query */
291 key
= query
+ strnlen(query
, query_len
) + 1;
292 if (key
+ 1 >= query
+ query_len
)
293 return -EINVAL
; /* not enough space for a non-empty key */
294 if (key
+ strnlen(key
, query
+ query_len
- key
) >= query
+ query_len
)
295 return -EINVAL
; /* must end with NUL */
297 if (buf_len
< sizeof(bytes
) + sizeof(blocks
))
298 return -EINVAL
; /* not enough space */
300 curr
= aa_begin_current_label(DO_UPDATE
);
301 label
= aa_label_parse(curr
, query
, GFP_KERNEL
, false, false);
302 aa_end_current_label(curr
);
304 return PTR_ERR(label
);
306 /* We are going to leave space for two numbers. The first is the total
307 * number of bytes we are writing after the first number. This is so
308 * users can read the full output without reallocation.
310 * The second number is the number of data blocks we're writing. An
311 * application might be confined by multiple policies having data in
314 memset(buf
, 0, sizeof(bytes
) + sizeof(blocks
));
315 out
= buf
+ sizeof(bytes
) + sizeof(blocks
);
318 label_for_each_confined(i
, label
, profile
) {
322 data
= rhashtable_lookup_fast(profile
->data
, &key
,
326 if (out
+ sizeof(size
) + data
->size
> buf
+ buf_len
) {
328 return -EINVAL
; /* not enough space */
330 size
= __cpu_to_le32(data
->size
);
331 memcpy(out
, &size
, sizeof(size
));
333 memcpy(out
, data
->data
, data
->size
);
340 bytes
= out
- buf
- sizeof(bytes
);
341 bytes
= __cpu_to_le32(bytes
);
342 blocks
= __cpu_to_le32(blocks
);
343 memcpy(buf
, &bytes
, sizeof(bytes
));
344 memcpy(buf
+ sizeof(bytes
), &blocks
, sizeof(blocks
));
350 * query_label - queries a label and writes permissions to buf
351 * @buf: the resulting permissions string is stored here (NOT NULL)
352 * @buf_len: size of buf
353 * @query: binary query string to match against the dfa
354 * @query_len: size of query
356 * The buffers pointed to by buf and query may overlap. The query buffer is
357 * parsed before buf is written to.
359 * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is
360 * the name of the label, in the current namespace, that is to be queried and
361 * DFA_STRING is a binary string to match against the label(s)'s DFA.
363 * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters
364 * but must *not* be NUL terminated.
366 * Returns: number of characters written to buf or -errno on failure
368 static ssize_t
query_label(char *buf
, size_t buf_len
,
369 char *query
, size_t query_len
, bool ns_only
)
371 struct aa_profile
*profile
;
372 struct aa_label
*label
, *curr
;
373 char *label_name
, *match_str
;
374 size_t label_name_len
, match_len
;
375 struct aa_perms perms
;
382 label_name_len
= strnlen(query
, query_len
);
383 if (!label_name_len
|| label_name_len
== query_len
)
387 * The extra byte is to account for the null byte between the
388 * profile name and dfa string. profile_name_len is greater
389 * than zero and less than query_len, so a byte can be safely
390 * added or subtracted.
392 match_str
= label_name
+ label_name_len
+ 1;
393 match_len
= query_len
- label_name_len
- 1;
395 curr
= aa_begin_current_label(DO_UPDATE
);
396 label
= aa_label_parse(curr
, label_name
, GFP_KERNEL
, false, false);
397 aa_end_current_label(curr
);
399 return PTR_ERR(label
);
403 label_for_each_in_ns(i
, labels_ns(label
), label
, profile
) {
404 profile_query_cb(profile
, &perms
, match_str
, match_len
);
407 label_for_each(i
, label
, profile
) {
408 profile_query_cb(profile
, &perms
, match_str
, match_len
);
413 return scnprintf(buf
, buf_len
,
414 "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n",
415 perms
.allow
, perms
.deny
, perms
.audit
, perms
.quiet
);
418 #define QUERY_CMD_LABEL "label\0"
419 #define QUERY_CMD_LABEL_LEN 6
420 #define QUERY_CMD_PROFILE "profile\0"
421 #define QUERY_CMD_PROFILE_LEN 8
422 #define QUERY_CMD_LABELALL "labelall\0"
423 #define QUERY_CMD_LABELALL_LEN 9
424 #define QUERY_CMD_DATA "data\0"
425 #define QUERY_CMD_DATA_LEN 5
428 * aa_write_access - generic permissions and data query
429 * @file: pointer to open apparmorfs/access file
430 * @ubuf: user buffer containing the complete query string (NOT NULL)
431 * @count: size of ubuf
432 * @ppos: position in the file (MUST BE ZERO)
434 * Allows for one permissions or data query per open(), write(), and read()
435 * sequence. The only queries currently supported are label-based queries for
436 * permissions or data.
438 * For permissions queries, ubuf must begin with "label\0", followed by the
439 * profile query specific format described in the query_label() function
442 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where
443 * <LABEL> is the name of the security confinement context and <KEY> is the
444 * name of the data to retrieve.
446 * Returns: number of bytes written or -errno on failure
448 static ssize_t
aa_write_access(struct file
*file
, const char __user
*ubuf
,
449 size_t count
, loff_t
*ppos
)
457 buf
= simple_transaction_get(file
, ubuf
, count
);
461 if (count
> QUERY_CMD_PROFILE_LEN
&&
462 !memcmp(buf
, QUERY_CMD_PROFILE
, QUERY_CMD_PROFILE_LEN
)) {
463 len
= query_label(buf
, SIMPLE_TRANSACTION_LIMIT
,
464 buf
+ QUERY_CMD_PROFILE_LEN
,
465 count
- QUERY_CMD_PROFILE_LEN
, true);
466 } else if (count
> QUERY_CMD_LABEL_LEN
&&
467 !memcmp(buf
, QUERY_CMD_LABEL
, QUERY_CMD_LABEL_LEN
)) {
468 len
= query_label(buf
, SIMPLE_TRANSACTION_LIMIT
,
469 buf
+ QUERY_CMD_LABEL_LEN
,
470 count
- QUERY_CMD_LABEL_LEN
, true);
471 } else if (count
> QUERY_CMD_LABELALL_LEN
&&
472 !memcmp(buf
, QUERY_CMD_LABELALL
, QUERY_CMD_LABELALL_LEN
)) {
473 len
= query_label(buf
, SIMPLE_TRANSACTION_LIMIT
,
474 buf
+ QUERY_CMD_LABELALL_LEN
,
475 count
- QUERY_CMD_LABELALL_LEN
, false);
476 } else if (count
> QUERY_CMD_DATA_LEN
&&
477 !memcmp(buf
, QUERY_CMD_DATA
, QUERY_CMD_DATA_LEN
)) {
478 len
= query_data(buf
, SIMPLE_TRANSACTION_LIMIT
,
479 buf
+ QUERY_CMD_DATA_LEN
,
480 count
- QUERY_CMD_DATA_LEN
);
487 simple_transaction_set(file
, len
);
492 static const struct file_operations aa_fs_access
= {
493 .write
= aa_write_access
,
494 .read
= simple_transaction_read
,
495 .release
= simple_transaction_release
,
496 .llseek
= generic_file_llseek
,
499 static int aa_fs_seq_show(struct seq_file
*seq
, void *v
)
501 struct aa_fs_entry
*fs_file
= seq
->private;
506 switch (fs_file
->v_type
) {
507 case AA_FS_TYPE_BOOLEAN
:
508 seq_printf(seq
, "%s\n", fs_file
->v
.boolean
? "yes" : "no");
510 case AA_FS_TYPE_STRING
:
511 seq_printf(seq
, "%s\n", fs_file
->v
.string
);
514 seq_printf(seq
, "%#08lx\n", fs_file
->v
.u64
);
517 /* Ignore unpritable entry types. */
524 static int aa_fs_seq_open(struct inode
*inode
, struct file
*file
)
526 return single_open(file
, aa_fs_seq_show
, inode
->i_private
);
529 const struct file_operations aa_fs_seq_file_ops
= {
530 .owner
= THIS_MODULE
,
531 .open
= aa_fs_seq_open
,
534 .release
= single_release
,
537 static int aa_fs_seq_profile_open(struct inode
*inode
, struct file
*file
,
538 int (*show
)(struct seq_file
*, void *))
540 struct aa_proxy
*proxy
= aa_get_proxy(inode
->i_private
);
541 int error
= single_open(file
, show
, proxy
);
544 file
->private_data
= NULL
;
551 static int aa_fs_seq_profile_release(struct inode
*inode
, struct file
*file
)
553 struct seq_file
*seq
= (struct seq_file
*) file
->private_data
;
555 aa_put_proxy(seq
->private);
556 return single_release(inode
, file
);
559 static int aa_fs_seq_profname_show(struct seq_file
*seq
, void *v
)
561 struct aa_proxy
*proxy
= seq
->private;
562 struct aa_label
*label
= aa_get_label_rcu(&proxy
->label
);
563 struct aa_profile
*profile
= labels_profile(label
);
564 seq_printf(seq
, "%s\n", profile
->base
.name
);
570 static int aa_fs_seq_profname_open(struct inode
*inode
, struct file
*file
)
572 return aa_fs_seq_profile_open(inode
, file
, aa_fs_seq_profname_show
);
575 static const struct file_operations aa_fs_profname_fops
= {
576 .owner
= THIS_MODULE
,
577 .open
= aa_fs_seq_profname_open
,
580 .release
= aa_fs_seq_profile_release
,
583 static int aa_fs_seq_profmode_show(struct seq_file
*seq
, void *v
)
585 struct aa_proxy
*proxy
= seq
->private;
586 struct aa_label
*label
= aa_get_label_rcu(&proxy
->label
);
587 struct aa_profile
*profile
= labels_profile(label
);
588 seq_printf(seq
, "%s\n", aa_profile_mode_names
[profile
->mode
]);
594 static int aa_fs_seq_profmode_open(struct inode
*inode
, struct file
*file
)
596 return aa_fs_seq_profile_open(inode
, file
, aa_fs_seq_profmode_show
);
599 static const struct file_operations aa_fs_profmode_fops
= {
600 .owner
= THIS_MODULE
,
601 .open
= aa_fs_seq_profmode_open
,
604 .release
= aa_fs_seq_profile_release
,
607 static int aa_fs_seq_profattach_show(struct seq_file
*seq
, void *v
)
609 struct aa_proxy
*proxy
= seq
->private;
610 struct aa_label
*label
= aa_get_label_rcu(&proxy
->label
);
611 struct aa_profile
*profile
= labels_profile(label
);
613 seq_printf(seq
, "%s\n", profile
->attach
);
614 else if (profile
->xmatch
)
615 seq_puts(seq
, "<unknown>\n");
617 seq_printf(seq
, "%s\n", profile
->base
.name
);
623 static int aa_fs_seq_profattach_open(struct inode
*inode
, struct file
*file
)
625 return aa_fs_seq_profile_open(inode
, file
, aa_fs_seq_profattach_show
);
628 static const struct file_operations aa_fs_profattach_fops
= {
629 .owner
= THIS_MODULE
,
630 .open
= aa_fs_seq_profattach_open
,
633 .release
= aa_fs_seq_profile_release
,
636 static int aa_fs_seq_hash_show(struct seq_file
*seq
, void *v
)
638 struct aa_proxy
*proxy
= seq
->private;
639 struct aa_label
*label
= aa_get_label_rcu(&proxy
->label
);
640 struct aa_profile
*profile
= labels_profile(label
);
641 unsigned int i
, size
= aa_hash_size();
644 for (i
= 0; i
< size
; i
++)
645 seq_printf(seq
, "%.2x", profile
->hash
[i
]);
653 static int aa_fs_seq_hash_open(struct inode
*inode
, struct file
*file
)
655 return single_open(file
, aa_fs_seq_hash_show
, inode
->i_private
);
658 static const struct file_operations aa_fs_seq_hash_fops
= {
659 .owner
= THIS_MODULE
,
660 .open
= aa_fs_seq_hash_open
,
663 .release
= single_release
,
666 static int aa_fs_seq_show_stacked(struct seq_file
*seq
, void *v
)
668 struct aa_label
*label
= aa_begin_current_label(DO_UPDATE
);
669 seq_printf(seq
, "%s\n", label
->size
> 1 ? "yes" : "no");
670 aa_end_current_label(label
);
675 static int aa_fs_seq_open_stacked(struct inode
*inode
, struct file
*file
)
677 return single_open(file
, aa_fs_seq_show_stacked
, inode
->i_private
);
680 static const struct file_operations aa_fs_stacked
= {
681 .owner
= THIS_MODULE
,
682 .open
= aa_fs_seq_open_stacked
,
685 .release
= single_release
,
688 static int aa_fs_seq_show_ns_stacked(struct seq_file
*seq
, void *v
)
690 struct aa_label
*label
= aa_begin_current_label(DO_UPDATE
);
691 struct aa_profile
*profile
;
695 if (label
->size
> 1) {
696 label_for_each(it
, label
, profile
)
697 if (profile
->ns
!= labels_ns(label
)) {
703 seq_printf(seq
, "%s\n", count
> 1 ? "yes" : "no");
704 aa_end_current_label(label
);
709 static int aa_fs_seq_open_ns_stacked(struct inode
*inode
, struct file
*file
)
711 return single_open(file
, aa_fs_seq_show_ns_stacked
, inode
->i_private
);
714 static const struct file_operations aa_fs_ns_stacked
= {
715 .owner
= THIS_MODULE
,
716 .open
= aa_fs_seq_open_ns_stacked
,
719 .release
= single_release
,
722 static int aa_fs_seq_show_ns_level(struct seq_file
*seq
, void *v
)
724 struct aa_label
*label
= aa_begin_current_label(DO_UPDATE
);
725 seq_printf(seq
, "%d\n", labels_ns(label
)->level
);
726 aa_end_current_label(label
);
731 static int aa_fs_seq_open_ns_level(struct inode
*inode
, struct file
*file
)
733 return single_open(file
, aa_fs_seq_show_ns_level
, inode
->i_private
);
736 static const struct file_operations aa_fs_ns_level
= {
737 .owner
= THIS_MODULE
,
738 .open
= aa_fs_seq_open_ns_level
,
741 .release
= single_release
,
744 static int aa_fs_seq_show_ns_name(struct seq_file
*seq
, void *v
)
746 struct aa_label
*label
= aa_begin_current_label(DO_UPDATE
);
747 seq_printf(seq
, "%s\n", labels_ns(label
)->base
.name
);
748 aa_end_current_label(label
);
753 static int aa_fs_seq_open_ns_name(struct inode
*inode
, struct file
*file
)
755 return single_open(file
, aa_fs_seq_show_ns_name
, inode
->i_private
);
758 static const struct file_operations aa_fs_ns_name
= {
759 .owner
= THIS_MODULE
,
760 .open
= aa_fs_seq_open_ns_name
,
763 .release
= single_release
,
766 static int rawdata_release(struct inode
*inode
, struct file
*file
)
768 /* TODO: switch to loaddata when profile switched to symlink */
769 aa_put_loaddata(file
->private_data
);
774 static int aa_fs_seq_raw_abi_show(struct seq_file
*seq
, void *v
)
776 struct aa_proxy
*proxy
= seq
->private;
777 struct aa_label
*label
= aa_get_label_rcu(&proxy
->label
);
778 struct aa_profile
*profile
= labels_profile(label
);
780 if (profile
->rawdata
->abi
) {
781 seq_printf(seq
, "v%d", profile
->rawdata
->abi
);
789 static int aa_fs_seq_raw_abi_open(struct inode
*inode
, struct file
*file
)
791 return aa_fs_seq_profile_open(inode
, file
, aa_fs_seq_raw_abi_show
);
794 static const struct file_operations aa_fs_seq_raw_abi_fops
= {
795 .owner
= THIS_MODULE
,
796 .open
= aa_fs_seq_raw_abi_open
,
799 .release
= aa_fs_seq_profile_release
,
802 static int aa_fs_seq_raw_hash_show(struct seq_file
*seq
, void *v
)
804 struct aa_proxy
*proxy
= seq
->private;
805 struct aa_label
*label
= aa_get_label_rcu(&proxy
->label
);
806 struct aa_profile
*profile
= labels_profile(label
);
807 unsigned int i
, size
= aa_hash_size();
809 if (profile
->rawdata
->hash
) {
810 for (i
= 0; i
< size
; i
++)
811 seq_printf(seq
, "%.2x", profile
->rawdata
->hash
[i
]);
819 static int aa_fs_seq_raw_hash_open(struct inode
*inode
, struct file
*file
)
821 return aa_fs_seq_profile_open(inode
, file
, aa_fs_seq_raw_hash_show
);
824 static const struct file_operations aa_fs_seq_raw_hash_fops
= {
825 .owner
= THIS_MODULE
,
826 .open
= aa_fs_seq_raw_hash_open
,
829 .release
= aa_fs_seq_profile_release
,
832 static ssize_t
rawdata_read(struct file
*file
, char __user
*buf
, size_t size
,
835 struct aa_loaddata
*rawdata
= file
->private_data
;
837 return simple_read_from_buffer(buf
, size
, ppos
, rawdata
->data
,
841 static int rawdata_open(struct inode
*inode
, struct file
*file
)
843 struct aa_proxy
*proxy
= inode
->i_private
;
844 struct aa_label
*label
;
845 struct aa_profile
*profile
;
847 if (!policy_view_capable(NULL
))
849 label
= aa_get_label_rcu(&proxy
->label
);
850 profile
= labels_profile(label
);
851 file
->private_data
= aa_get_loaddata(profile
->rawdata
);
857 static const struct file_operations aa_fs_rawdata_fops
= {
858 .open
= rawdata_open
,
859 .read
= rawdata_read
,
860 .llseek
= generic_file_llseek
,
861 .release
= rawdata_release
,
864 /** fns to setup dynamic per profile/namespace files **/
868 * Requires: @profile->ns->lock held
870 void __aa_fs_profile_rmdir(struct aa_profile
*profile
)
872 struct aa_profile
*child
;
877 AA_BUG(!mutex_is_locked(&profiles_ns(profile
)->lock
));
879 list_for_each_entry(child
, &profile
->base
.profiles
, base
.list
)
880 __aa_fs_profile_rmdir(child
);
882 for (i
= AAFS_PROF_SIZEOF
- 1; i
>= 0; --i
) {
883 struct aa_proxy
*proxy
;
884 if (!profile
->dents
[i
])
887 proxy
= d_inode(profile
->dents
[i
])->i_private
;
888 securityfs_remove(profile
->dents
[i
]);
890 profile
->dents
[i
] = NULL
;
896 * Requires: @old->ns->lock held
898 void __aa_fs_profile_migrate_dents(struct aa_profile
*old
,
899 struct aa_profile
*new)
905 AA_BUG(!mutex_is_locked(&profiles_ns(old
)->lock
));
907 for (i
= 0; i
< AAFS_PROF_SIZEOF
; i
++) {
908 new->dents
[i
] = old
->dents
[i
];
910 new->dents
[i
]->d_inode
->i_mtime
= current_time(new->dents
[i
]->d_inode
);
911 old
->dents
[i
] = NULL
;
915 static struct dentry
*create_profile_file(struct dentry
*dir
, const char *name
,
916 struct aa_profile
*profile
,
917 const struct file_operations
*fops
)
919 struct aa_proxy
*proxy
= aa_get_proxy(profile
->label
.proxy
);
922 dent
= securityfs_create_file(name
, S_IFREG
| 0444, dir
, proxy
, fops
);
931 * Requires: @profile->ns->lock held
933 int __aa_fs_profile_mkdir(struct aa_profile
*profile
, struct dentry
*parent
)
935 struct aa_profile
*child
;
936 struct dentry
*dent
= NULL
, *dir
;
940 AA_BUG(!mutex_is_locked(&profiles_ns(profile
)->lock
));
943 struct aa_profile
*p
;
944 p
= aa_deref_parent(profile
);
946 /* adding to parent that previously didn't have children */
947 dent
= securityfs_create_dir("profiles", dent
);
950 prof_child_dir(p
) = parent
= dent
;
953 if (!profile
->dirname
) {
955 len
= mangle_name(profile
->base
.name
, NULL
);
956 id_len
= snprintf(NULL
, 0, ".%ld", profile
->ns
->uniq_id
);
958 profile
->dirname
= kmalloc(len
+ id_len
+ 1, GFP_KERNEL
);
959 if (!profile
->dirname
)
962 mangle_name(profile
->base
.name
, profile
->dirname
);
963 sprintf(profile
->dirname
+ len
, ".%ld", profile
->ns
->uniq_id
++);
966 dent
= securityfs_create_dir(profile
->dirname
, parent
);
969 prof_dir(profile
) = dir
= dent
;
971 dent
= create_profile_file(dir
, "name", profile
, &aa_fs_profname_fops
);
974 profile
->dents
[AAFS_PROF_NAME
] = dent
;
976 dent
= create_profile_file(dir
, "mode", profile
, &aa_fs_profmode_fops
);
979 profile
->dents
[AAFS_PROF_MODE
] = dent
;
981 dent
= create_profile_file(dir
, "attach", profile
,
982 &aa_fs_profattach_fops
);
985 profile
->dents
[AAFS_PROF_ATTACH
] = dent
;
988 dent
= create_profile_file(dir
, "sha1", profile
,
989 &aa_fs_seq_hash_fops
);
992 profile
->dents
[AAFS_PROF_HASH
] = dent
;
995 if (profile
->rawdata
) {
996 dent
= create_profile_file(dir
, "raw_hash", profile
,
997 &aa_fs_seq_raw_hash_fops
);
1000 profile
->dents
[AAFS_PROF_RAW_HASH
] = dent
;
1002 dent
= create_profile_file(dir
, "raw_abi", profile
,
1003 &aa_fs_seq_raw_abi_fops
);
1006 profile
->dents
[AAFS_PROF_RAW_ABI
] = dent
;
1008 dent
= securityfs_create_file("raw_data", S_IFREG
| 0444, dir
,
1009 profile
->label
.proxy
,
1010 &aa_fs_rawdata_fops
);
1013 profile
->dents
[AAFS_PROF_RAW_DATA
] = dent
;
1014 d_inode(dent
)->i_size
= profile
->rawdata
->size
;
1015 aa_get_proxy(profile
->label
.proxy
);
1018 list_for_each_entry(child
, &profile
->base
.profiles
, base
.list
) {
1019 error
= __aa_fs_profile_mkdir(child
, prof_child_dir(profile
));
1027 error
= PTR_ERR(dent
);
1030 __aa_fs_profile_rmdir(profile
);
1035 static int ns_mkdir_op(struct inode
*dir
, struct dentry
*dentry
, umode_t mode
)
1037 struct aa_ns
*ns
, *parent
;
1038 /* TODO: improve permission check */
1039 struct aa_label
*label
= aa_begin_current_label(DO_UPDATE
);
1040 int error
= aa_may_manage_policy(label
, NULL
, AA_MAY_LOAD_POLICY
);
1041 aa_end_current_label(label
);
1045 parent
= aa_get_ns(dir
->i_private
);
1046 AA_BUG(d_inode(ns_subns_dir(parent
)) != dir
);
1048 /* we have to unlock and then relock to get locking order right
1052 securityfs_pin_fs();
1053 inode_lock_nested(dir
, I_MUTEX_PARENT
);
1055 error
= __securityfs_setup_d_inode(dir
, dentry
, mode
| S_IFDIR
, NULL
,
1060 ns
= aa_create_ns(parent
, ACCESS_ONCE(dentry
->d_name
.name
), dentry
);
1062 error
= PTR_ERR(ns
);
1066 aa_put_ns(ns
); /* list ref remains */
1072 static int ns_rmdir_op(struct inode
*dir
, struct dentry
*dentry
)
1074 struct aa_ns
*ns
, *parent
;
1075 /* TODO: improve permission check */
1076 struct aa_label
*label
= aa_begin_current_label(DO_UPDATE
);
1077 int error
= aa_may_manage_policy(label
, NULL
, AA_MAY_LOAD_POLICY
);
1078 aa_end_current_label(label
);
1082 parent
= aa_get_ns(dir
->i_private
);
1083 /* rmdir calls the generic securityfs functions to remove files
1084 * from the apparmor dir. It is up to the apparmor ns locking
1088 inode_unlock(dentry
->d_inode
);
1090 mutex_lock(&parent
->lock
);
1091 ns
= aa_get_ns(__aa_findn_ns(&parent
->sub_ns
, dentry
->d_name
.name
,
1092 dentry
->d_name
.len
));
1097 AA_BUG(ns_dir(ns
) != dentry
);
1103 mutex_unlock(&parent
->lock
);
1104 inode_lock_nested(dir
, I_MUTEX_PARENT
);
1105 inode_lock(dentry
->d_inode
);
1111 static const struct inode_operations ns_dir_inode_operations
= {
1112 .lookup
= simple_lookup
,
1113 .mkdir
= ns_mkdir_op
,
1114 .rmdir
= ns_rmdir_op
,
1119 * Requires: @ns->lock held
1121 void __aa_fs_ns_rmdir(struct aa_ns
*ns
)
1124 struct aa_profile
*child
;
1129 AA_BUG(!mutex_is_locked(&ns
->lock
));
1131 list_for_each_entry(child
, &ns
->base
.profiles
, base
.list
)
1132 __aa_fs_profile_rmdir(child
);
1134 list_for_each_entry(sub
, &ns
->sub_ns
, base
.list
) {
1135 mutex_lock(&sub
->lock
);
1136 __aa_fs_ns_rmdir(sub
);
1137 mutex_unlock(&sub
->lock
);
1140 if (ns_subns_dir(ns
)) {
1141 sub
= d_inode(ns_subns_dir(ns
))->i_private
;
1144 if (ns_subload(ns
)) {
1145 sub
= d_inode(ns_subload(ns
))->i_private
;
1148 if (ns_subreplace(ns
)) {
1149 sub
= d_inode(ns_subreplace(ns
))->i_private
;
1152 if (ns_subremove(ns
)) {
1153 sub
= d_inode(ns_subremove(ns
))->i_private
;
1157 for (i
= AAFS_NS_SIZEOF
- 1; i
>= 0; --i
) {
1158 securityfs_remove(ns
->dents
[i
]);
1159 ns
->dents
[i
] = NULL
;
1163 /* assumes cleanup in caller */
1164 static int __aa_fs_ns_mkdir_entries(struct aa_ns
*ns
, struct dentry
*dir
)
1166 struct dentry
*dent
;
1171 dent
= securityfs_create_dir("profiles", dir
);
1173 return PTR_ERR(dent
);
1174 ns_subprofs_dir(ns
) = dent
;
1176 dent
= securityfs_create_dir("raw_data", dir
);
1178 return PTR_ERR(dent
);
1179 ns_subdata_dir(ns
) = dent
;
1181 dent
= securityfs_create_file(".load", 0666, dir
, ns
,
1182 &aa_fs_profile_load
);
1184 return PTR_ERR(dent
);
1186 ns_subload(ns
) = dent
;
1188 dent
= securityfs_create_file(".replace", 0666, dir
, ns
,
1189 &aa_fs_profile_replace
);
1191 return PTR_ERR(dent
);
1193 ns_subreplace(ns
) = dent
;
1195 dent
= securityfs_create_file(".remove", 0666, dir
, ns
,
1196 &aa_fs_profile_remove
);
1198 return PTR_ERR(dent
);
1200 ns_subremove(ns
) = dent
;
1202 /* use create_dentry so we can supply private data */
1203 dent
= securityfs_create_dentry("namespaces",
1204 S_IFDIR
| S_IRWXU
| S_IRUGO
| S_IXUGO
,
1206 &ns_dir_inode_operations
);
1208 return PTR_ERR(dent
);
1210 ns_subns_dir(ns
) = dent
;
1217 * Requires: @ns->lock held
1219 int __aa_fs_ns_mkdir(struct aa_ns
*ns
, struct dentry
*parent
, const char *name
,
1220 struct dentry
*dent
)
1223 struct aa_profile
*child
;
1229 AA_BUG(!mutex_is_locked(&ns
->lock
));
1232 name
= ns
->base
.name
;
1235 /* create ns dir if it doesn't already exist */
1236 dent
= securityfs_create_dir(name
, parent
);
1241 ns_dir(ns
) = dir
= dent
;
1242 error
= __aa_fs_ns_mkdir_entries(ns
, dir
);
1247 list_for_each_entry(child
, &ns
->base
.profiles
, base
.list
) {
1248 error
= __aa_fs_profile_mkdir(child
, ns_subprofs_dir(ns
));
1254 list_for_each_entry(sub
, &ns
->sub_ns
, base
.list
) {
1255 mutex_lock(&sub
->lock
);
1256 error
= __aa_fs_ns_mkdir(sub
, ns_subns_dir(ns
), NULL
, NULL
);
1257 mutex_unlock(&sub
->lock
);
1265 error
= PTR_ERR(dent
);
1268 __aa_fs_ns_rmdir(ns
);
1274 #define list_entry_is_head(pos, head, member) (&pos->member == (head))
1277 * __next_ns - find the next namespace to list
1278 * @root: root namespace to stop search at (NOT NULL)
1279 * @ns: current ns position (NOT NULL)
1281 * Find the next namespace from @ns under @root and handle all locking needed
1282 * while switching current namespace.
1284 * Returns: next namespace or NULL if at last namespace under @root
1285 * Requires: ns->parent->lock to be held
1286 * NOTE: will not unlock root->lock
1288 static struct aa_ns
*__next_ns(struct aa_ns
*root
, struct aa_ns
*ns
)
1290 struct aa_ns
*parent
, *next
;
1294 AA_BUG(ns
!= root
&& !mutex_is_locked(&ns
->parent
->lock
));
1296 /* is next namespace a child */
1297 if (!list_empty(&ns
->sub_ns
)) {
1298 next
= list_first_entry(&ns
->sub_ns
, typeof(*ns
), base
.list
);
1299 mutex_lock(&next
->lock
);
1303 /* check if the next ns is a sibling, parent, gp, .. */
1304 parent
= ns
->parent
;
1305 while (ns
!= root
) {
1306 mutex_unlock(&ns
->lock
);
1307 next
= list_next_entry(ns
, base
.list
);
1308 if (!list_entry_is_head(next
, &parent
->sub_ns
, base
.list
)) {
1309 mutex_lock(&next
->lock
);
1313 parent
= parent
->parent
;
1320 * __first_profile - find the first profile in a namespace
1321 * @root: namespace that is root of profiles being displayed (NOT NULL)
1322 * @ns: namespace to start in (MAY BE NULL)
1324 * Returns: unrefcounted profile or NULL if no profile
1325 * Requires: ns.lock to be held
1327 static struct aa_profile
*__first_profile(struct aa_ns
*root
, struct aa_ns
*ns
)
1330 AA_BUG(ns
&& !mutex_is_locked(&ns
->lock
));
1332 for (; ns
; ns
= __next_ns(root
, ns
)) {
1333 if (!list_empty(&ns
->base
.profiles
))
1334 return list_first_entry(&ns
->base
.profiles
,
1335 struct aa_profile
, base
.list
);
1341 * __next_profile - step to the next profile in a profile tree
1342 * @profile: current profile in tree (NOT NULL)
1344 * Perform a depth first traversal on the profile tree in a namespace
1346 * Returns: next profile or NULL if done
1347 * Requires: profile->ns.lock to be held
1349 static struct aa_profile
*__next_profile(struct aa_profile
*p
)
1351 struct aa_profile
*parent
;
1352 struct aa_ns
*ns
= p
->ns
;
1354 AA_BUG(!mutex_is_locked(&profiles_ns(p
)->lock
));
1356 /* is next profile a child */
1357 if (!list_empty(&p
->base
.profiles
))
1358 return list_first_entry(&p
->base
.profiles
, typeof(*p
),
1361 /* is next profile a sibling, parent sibling, gp, sibling, .. */
1362 parent
= rcu_dereference_protected(p
->parent
,
1363 mutex_is_locked(&p
->ns
->lock
));
1365 p
= list_next_entry(p
, base
.list
);
1366 if (!list_entry_is_head(p
, &parent
->base
.profiles
, base
.list
))
1369 parent
= rcu_dereference_protected(parent
->parent
,
1370 mutex_is_locked(&parent
->ns
->lock
));
1373 /* is next another profile in the namespace */
1374 p
= list_next_entry(p
, base
.list
);
1375 if (!list_entry_is_head(p
, &ns
->base
.profiles
, base
.list
))
1382 * next_profile - step to the next profile in where ever it may be
1383 * @root: root namespace (NOT NULL)
1384 * @profile: current profile (NOT NULL)
1386 * Returns: next profile or NULL if there isn't one
1388 static struct aa_profile
*next_profile(struct aa_ns
*root
,
1389 struct aa_profile
*profile
)
1391 struct aa_profile
*next
= __next_profile(profile
);
1395 /* finished all profiles in namespace move to next namespace */
1396 return __first_profile(root
, __next_ns(root
, profile
->ns
));
1400 * p_start - start a depth first traversal of profile tree
1401 * @f: seq_file to fill
1402 * @pos: current position
1404 * Returns: first profile under current namespace or NULL if none found
1406 * acquires first ns->lock
1408 static void *p_start(struct seq_file
*f
, loff_t
*pos
)
1410 struct aa_profile
*profile
= NULL
;
1411 struct aa_ns
*root
= aa_get_current_ns();
1415 /* find the first profile */
1416 mutex_lock(&root
->lock
);
1417 profile
= __first_profile(root
, root
);
1419 /* skip to position */
1420 for (; profile
&& l
> 0; l
--)
1421 profile
= next_profile(root
, profile
);
1427 * p_next - read the next profile entry
1428 * @f: seq_file to fill
1429 * @p: profile previously returned
1430 * @pos: current position
1432 * Returns: next profile after @p or NULL if none
1434 * may acquire/release locks in namespace tree as necessary
1436 static void *p_next(struct seq_file
*f
, void *p
, loff_t
*pos
)
1438 struct aa_profile
*profile
= p
;
1439 struct aa_ns
*ns
= f
->private;
1442 return next_profile(ns
, profile
);
1446 * p_stop - stop depth first traversal
1447 * @f: seq_file we are filling
1448 * @p: the last profile writen
1450 * Release all locking done by p_start/p_next on namespace tree
1452 static void p_stop(struct seq_file
*f
, void *p
)
1454 struct aa_profile
*profile
= p
;
1455 struct aa_ns
*root
= f
->private, *ns
;
1458 for (ns
= profile
->ns
; ns
&& ns
!= root
; ns
= ns
->parent
)
1459 mutex_unlock(&ns
->lock
);
1461 mutex_unlock(&root
->lock
);
1466 * seq_show_profile - show a profile entry
1467 * @f: seq_file to file
1468 * @p: current position (profile) (NOT NULL)
1470 * Returns: error on failure
1472 static int seq_show_profile(struct seq_file
*f
, void *p
)
1474 struct aa_profile
*profile
= (struct aa_profile
*)p
;
1475 struct aa_ns
*root
= f
->private;
1477 aa_label_seq_xprint(f
, root
, &profile
->label
,
1478 FLAG_SHOW_MODE
| FLAG_VIEW_SUBNS
, GFP_KERNEL
);
1479 seq_printf(f
, "\n");
1484 static const struct seq_operations aa_fs_profiles_op
= {
1488 .show
= seq_show_profile
,
1491 static int profiles_open(struct inode
*inode
, struct file
*file
)
1493 if (!policy_view_capable(NULL
))
1496 return seq_open(file
, &aa_fs_profiles_op
);
1499 static int profiles_release(struct inode
*inode
, struct file
*file
)
1501 return seq_release(inode
, file
);
1504 static const struct file_operations aa_fs_profiles_fops
= {
1505 .open
= profiles_open
,
1507 .llseek
= seq_lseek
,
1508 .release
= profiles_release
,
1512 /** Base file system setup **/
1513 static struct aa_fs_entry aa_fs_entry_file
[] = {
1514 AA_FS_FILE_STRING("mask", "create read write exec append mmap_exec " \
1519 static struct aa_fs_entry aa_fs_entry_ptrace
[] = {
1520 AA_FS_FILE_STRING("mask", "read trace"),
1524 static struct aa_fs_entry aa_fs_entry_signal
[] = {
1525 AA_FS_FILE_STRING("mask", AA_FS_SIG_MASK
),
1529 static struct aa_fs_entry aa_fs_entry_domain
[] = {
1530 AA_FS_FILE_BOOLEAN("change_hat", 1),
1531 AA_FS_FILE_BOOLEAN("change_hatv", 1),
1532 AA_FS_FILE_BOOLEAN("change_onexec", 1),
1533 AA_FS_FILE_BOOLEAN("change_profile", 1),
1534 AA_FS_FILE_BOOLEAN("stack", 1),
1535 AA_FS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1),
1536 AA_FS_FILE_STRING("version", "1.2"),
1540 static struct aa_fs_entry aa_fs_entry_versions
[] = {
1541 AA_FS_FILE_BOOLEAN("v5", 1),
1542 AA_FS_FILE_BOOLEAN("v6", 1),
1543 AA_FS_FILE_BOOLEAN("v7", 1),
1547 static struct aa_fs_entry aa_fs_entry_policy
[] = {
1548 AA_FS_DIR("versions", aa_fs_entry_versions
),
1549 AA_FS_FILE_BOOLEAN("set_load", 1),
1553 static struct aa_fs_entry aa_fs_entry_mount
[] = {
1554 AA_FS_FILE_STRING("mask", "mount umount"),
1558 static struct aa_fs_entry aa_fs_entry_ns
[] = {
1559 AA_FS_FILE_BOOLEAN("profile", 1),
1560 AA_FS_FILE_BOOLEAN("pivot_root", 1),
1564 static struct aa_fs_entry aa_fs_entry_dbus
[] = {
1565 AA_FS_FILE_STRING("mask", "acquire send receive"),
1569 static struct aa_fs_entry aa_fs_entry_query_label
[] = {
1570 AA_FS_FILE_STRING("perms", "allow deny audit quiet"),
1571 AA_FS_FILE_BOOLEAN("data", 1),
1575 static struct aa_fs_entry aa_fs_entry_query
[] = {
1576 AA_FS_DIR("label", aa_fs_entry_query_label
),
1579 static struct aa_fs_entry aa_fs_entry_features
[] = {
1580 AA_FS_DIR("policy", aa_fs_entry_policy
),
1581 AA_FS_DIR("domain", aa_fs_entry_domain
),
1582 AA_FS_DIR("file", aa_fs_entry_file
),
1583 AA_FS_DIR("network", aa_fs_entry_network
),
1584 AA_FS_DIR("mount", aa_fs_entry_mount
),
1585 AA_FS_DIR("namespaces", aa_fs_entry_ns
),
1586 AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK
),
1587 AA_FS_DIR("rlimit", aa_fs_entry_rlimit
),
1588 AA_FS_DIR("caps", aa_fs_entry_caps
),
1589 AA_FS_DIR("ptrace", aa_fs_entry_ptrace
),
1590 AA_FS_DIR("signal", aa_fs_entry_signal
),
1591 AA_FS_DIR("dbus", aa_fs_entry_dbus
),
1592 AA_FS_DIR("query", aa_fs_entry_query
),
1596 static struct aa_fs_entry aa_fs_entry_apparmor
[] = {
1597 AA_FS_FILE_FOPS(".access", 0666, &aa_fs_access
),
1598 AA_FS_FILE_FOPS(".stacked", 0666, &aa_fs_stacked
),
1599 AA_FS_FILE_FOPS(".ns_stacked", 0666, &aa_fs_ns_stacked
),
1600 AA_FS_FILE_FOPS(".ns_level", 0666, &aa_fs_ns_level
),
1601 AA_FS_FILE_FOPS(".ns_name", 0666, &aa_fs_ns_name
),
1602 AA_FS_FILE_FOPS("profiles", 0444, &aa_fs_profiles_fops
),
1603 AA_FS_DIR("features", aa_fs_entry_features
),
1607 static struct aa_fs_entry aa_fs_entry
=
1608 AA_FS_DIR("apparmor", aa_fs_entry_apparmor
);
1611 * aafs_create_file - create a file entry in the apparmor securityfs
1612 * @fs_file: aa_fs_entry to build an entry for (NOT NULL)
1613 * @parent: the parent dentry in the securityfs
1615 * Use aafs_remove_file to remove entries created with this fn.
1617 static int __init
aafs_create_file(struct aa_fs_entry
*fs_file
,
1618 struct dentry
*parent
)
1622 fs_file
->dentry
= securityfs_create_file(fs_file
->name
,
1623 S_IFREG
| fs_file
->mode
,
1626 if (IS_ERR(fs_file
->dentry
)) {
1627 error
= PTR_ERR(fs_file
->dentry
);
1628 fs_file
->dentry
= NULL
;
1633 static void __init
aafs_remove_dir(struct aa_fs_entry
*fs_dir
);
1635 * aafs_create_dir - recursively create a directory entry in the securityfs
1636 * @fs_dir: aa_fs_entry (and all child entries) to build (NOT NULL)
1637 * @parent: the parent dentry in the securityfs
1639 * Use aafs_remove_dir to remove entries created with this fn.
1641 static int __init
aafs_create_dir(struct aa_fs_entry
*fs_dir
,
1642 struct dentry
*parent
)
1644 struct aa_fs_entry
*fs_file
;
1648 dir
= securityfs_create_dir(fs_dir
->name
, parent
);
1650 return PTR_ERR(dir
);
1651 fs_dir
->dentry
= dir
;
1653 for (fs_file
= fs_dir
->v
.files
; fs_file
&& fs_file
->name
; ++fs_file
) {
1654 if (fs_file
->v_type
== AA_FS_TYPE_DIR
)
1655 error
= aafs_create_dir(fs_file
, fs_dir
->dentry
);
1657 error
= aafs_create_file(fs_file
, fs_dir
->dentry
);
1665 aafs_remove_dir(fs_dir
);
1671 * aafs_remove_file - drop a single file entry in the apparmor securityfs
1672 * @fs_file: aa_fs_entry to detach from the securityfs (NOT NULL)
1674 static void __init
aafs_remove_file(struct aa_fs_entry
*fs_file
)
1676 if (!fs_file
->dentry
)
1679 securityfs_remove(fs_file
->dentry
);
1680 fs_file
->dentry
= NULL
;
1684 * aafs_remove_dir - recursively drop a directory entry from the securityfs
1685 * @fs_dir: aa_fs_entry (and all child entries) to detach (NOT NULL)
1687 static void __init
aafs_remove_dir(struct aa_fs_entry
*fs_dir
)
1689 struct aa_fs_entry
*fs_file
;
1691 for (fs_file
= fs_dir
->v
.files
; fs_file
&& fs_file
->name
; ++fs_file
) {
1692 if (fs_file
->v_type
== AA_FS_TYPE_DIR
)
1693 aafs_remove_dir(fs_file
);
1695 aafs_remove_file(fs_file
);
1698 aafs_remove_file(fs_dir
);
1702 * aa_destroy_aafs - cleanup and free aafs
1704 * releases dentries allocated by aa_create_aafs
1706 void __init
aa_destroy_aafs(void)
1708 aafs_remove_dir(&aa_fs_entry
);
1712 #define NULL_FILE_NAME ".null"
1713 struct path aa_null
;
1715 static int aa_mk_null_file(struct dentry
*parent
)
1717 struct vfsmount
*mount
= NULL
;
1718 struct dentry
*dentry
;
1719 struct inode
*inode
;
1721 int error
= simple_pin_fs(parent
->d_sb
->s_type
, &mount
, &count
);
1725 inode_lock(d_inode(parent
));
1726 dentry
= lookup_one_len(NULL_FILE_NAME
, parent
, strlen(NULL_FILE_NAME
));
1727 if (IS_ERR(dentry
)) {
1728 error
= PTR_ERR(dentry
);
1731 inode
= new_inode(parent
->d_inode
->i_sb
);
1737 inode
->i_ino
= get_next_ino();
1738 inode
->i_mode
= S_IFCHR
| S_IRUGO
| S_IWUGO
;
1739 inode
->i_atime
= inode
->i_mtime
= inode
->i_ctime
= CURRENT_TIME
;
1740 init_special_inode(inode
, S_IFCHR
| S_IRUGO
| S_IWUGO
,
1741 MKDEV(MEM_MAJOR
, 3));
1742 d_instantiate(dentry
, inode
);
1743 aa_null
.dentry
= dget(dentry
);
1744 aa_null
.mnt
= mntget(mount
);
1751 inode_unlock(d_inode(parent
));
1752 simple_release_fs(&mount
, &count
);
1757 * aa_create_aafs - create the apparmor security filesystem
1759 * dentries created here are released by aa_destroy_aafs
1761 * Returns: error on failure
1763 static int __init
aa_create_aafs(void)
1765 struct dentry
*dent
;
1768 if (!apparmor_initialized
)
1771 if (aa_fs_entry
.dentry
) {
1772 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__
);
1776 /* Populate fs tree. */
1777 error
= aafs_create_dir(&aa_fs_entry
, NULL
);
1781 dent
= securityfs_create_file(".load", 0666, aa_fs_entry
.dentry
,
1782 NULL
, &aa_fs_profile_load
);
1784 error
= PTR_ERR(dent
);
1787 ns_subload(root_ns
) = dent
;
1789 dent
= securityfs_create_file(".replace", 0666, aa_fs_entry
.dentry
,
1790 NULL
, &aa_fs_profile_replace
);
1792 error
= PTR_ERR(dent
);
1795 ns_subreplace(root_ns
) = dent
;
1797 dent
= securityfs_create_file(".remove", 0666, aa_fs_entry
.dentry
,
1798 NULL
, &aa_fs_profile_remove
);
1800 error
= PTR_ERR(dent
);
1803 ns_subremove(root_ns
) = dent
;
1805 mutex_lock(&root_ns
->lock
);
1806 error
= __aa_fs_ns_mkdir(root_ns
, aa_fs_entry
.dentry
, "policy", NULL
);
1807 mutex_unlock(&root_ns
->lock
);
1812 error
= aa_mk_null_file(aa_fs_entry
.dentry
);
1816 if (!aa_g_unconfined_init
) {
1817 /* TODO: add default profile to apparmorfs */
1820 /* Report that AppArmor fs is enabled */
1821 aa_info_message("AppArmor Filesystem Enabled");
1826 AA_ERROR("Error creating AppArmor securityfs\n");
1830 fs_initcall(aa_create_aafs
);