]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - security/apparmor/apparmorfs.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
UBUNTU: Ubuntu-raspi2-4.10.0-1000.2
[mirror_ubuntu-zesty-kernel.git] / security / apparmor / apparmorfs.c
1 /*
2 * AppArmor security module
3 *
4 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 */
14
15 #include <linux/ctype.h>
16 #include <linux/security.h>
17 #include <linux/vmalloc.h>
18 #include <linux/module.h>
19 #include <linux/seq_file.h>
20 #include <linux/uaccess.h>
21 #include <linux/mount.h>
22 #include <linux/namei.h>
23 #include <linux/capability.h>
24 #include <linux/rcupdate.h>
25 #include <uapi/linux/major.h>
26 #include <linux/fs.h>
27
28 #include "include/apparmor.h"
29 #include "include/apparmorfs.h"
30 #include "include/audit.h"
31 #include "include/context.h"
32 #include "include/crypto.h"
33 #include "include/ipc.h"
34 #include "include/policy_ns.h"
35 #include "include/label.h"
36 #include "include/policy.h"
37 #include "include/resource.h"
38 #include "include/label.h"
39 #include "include/lib.h"
40 #include "include/policy_unpack.h"
41
42 /**
43 * aa_mangle_name - mangle a profile name to std profile layout form
44 * @name: profile name to mangle (NOT NULL)
45 * @target: buffer to store mangled name, same length as @name (MAYBE NULL)
46 *
47 * Returns: length of mangled name
48 */
49 static int mangle_name(const char *name, char *target)
50 {
51 char *t = target;
52
53 while (*name == '/' || *name == '.')
54 name++;
55
56 if (target) {
57 for (; *name; name++) {
58 if (*name == '/')
59 *(t)++ = '.';
60 else if (isspace(*name))
61 *(t)++ = '_';
62 else if (isalnum(*name) || strchr("._-", *name))
63 *(t)++ = *name;
64 }
65
66 *t = 0;
67 } else {
68 int len = 0;
69 for (; *name; name++) {
70 if (isalnum(*name) || isspace(*name) ||
71 strchr("/._-", *name))
72 len++;
73 }
74
75 return len;
76 }
77
78 return t - target;
79 }
80
81 /**
82 * aa_simple_write_to_buffer - common routine for getting policy from user
83 * @userbuf: user buffer to copy data from (NOT NULL)
84 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
85 * @copy_size: size of data to copy from user buffer
86 * @pos: position write is at in the file (NOT NULL)
87 *
88 * Returns: kernel buffer containing copy of user buffer data or an
89 * ERR_PTR on failure.
90 */
91 static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf,
92 size_t alloc_size,
93 size_t copy_size,
94 loff_t *pos)
95 {
96 struct aa_loaddata *data;
97
98 BUG_ON(copy_size > alloc_size);
99
100 if (*pos != 0)
101 /* only writes from pos 0, that is complete writes */
102 return ERR_PTR(-ESPIPE);
103
104 /* freed by caller to simple_write_to_buffer */
105 data = kvmalloc(sizeof(*data) + alloc_size);
106 if (data == NULL)
107 return ERR_PTR(-ENOMEM);
108 kref_init(&data->count);
109 data->size = copy_size;
110 data->hash = NULL;
111 data->abi = 0;
112
113 if (copy_from_user(data->data, userbuf, copy_size)) {
114 kvfree(data);
115 return ERR_PTR(-EFAULT);
116 }
117
118 return data;
119 }
120
121 static ssize_t policy_update(u32 mask, const char __user *buf, size_t size,
122 loff_t *pos, struct aa_ns *ns)
123 {
124 struct aa_label *label;
125 ssize_t error;
126 struct aa_loaddata *data;
127
128 label = aa_begin_current_label(DO_UPDATE);
129
130 /* high level check about policy management - fine grained in
131 * below after unpack
132 */
133 error = aa_may_manage_policy(label, ns, mask);
134 if (error)
135 return error;
136
137 data = aa_simple_write_to_buffer(buf, size, size, pos);
138 error = PTR_ERR(data);
139 if (!IS_ERR(data)) {
140 error = aa_replace_profiles(ns ? ns : labels_ns(label), label,
141 mask, data);
142 aa_put_loaddata(data);
143 }
144 aa_end_current_label(label);
145
146 return error;
147 }
148
149 /* .load file hook fn to load policy */
150 static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
151 loff_t *pos)
152 {
153 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
154 int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns);
155 aa_put_ns(ns);
156
157 return error;
158 }
159
160 static const struct file_operations aa_fs_profile_load = {
161 .write = profile_load,
162 .llseek = default_llseek,
163 };
164
165 /* .replace file hook fn to load and/or replace policy */
166 static ssize_t profile_replace(struct file *f, const char __user *buf,
167 size_t size, loff_t *pos)
168 {
169 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
170 int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY,
171 buf, size, pos, ns);
172 aa_put_ns(ns);
173
174 return error;
175 }
176
177 static const struct file_operations aa_fs_profile_replace = {
178 .write = profile_replace,
179 .llseek = default_llseek,
180 };
181
182 /* .remove file hook fn to remove loaded policy */
183 static ssize_t profile_remove(struct file *f, const char __user *buf,
184 size_t size, loff_t *pos)
185 {
186 struct aa_loaddata *data;
187 struct aa_label *label;
188 ssize_t error;
189 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
190
191 label = aa_begin_current_label(DO_UPDATE);
192 /* high level check about policy management - fine grained in
193 * below after unpack
194 */
195 error = aa_may_manage_policy(label, ns, AA_MAY_REMOVE_POLICY);
196 if (error)
197 goto out;
198
199 /*
200 * aa_remove_profile needs a null terminated string so 1 extra
201 * byte is allocated and the copied data is null terminated.
202 */
203 data = aa_simple_write_to_buffer(buf, size + 1, size, pos);
204
205 error = PTR_ERR(data);
206 if (!IS_ERR(data)) {
207 data->data[size] = 0;
208 error = aa_remove_profiles(ns ? ns : labels_ns(label), label,
209 data->data, size);
210 aa_put_loaddata(data);
211 }
212 out:
213 aa_end_current_label(label);
214 aa_put_ns(ns);
215 return error;
216 }
217
218 static const struct file_operations aa_fs_profile_remove = {
219 .write = profile_remove,
220 .llseek = default_llseek,
221 };
222
223 struct aa_revision {
224 struct aa_ns *ns;
225 long last_read;
226 };
227
228 /* revision file hook fn for policy loads */
229 static int ns_revision_release(struct inode *inode, struct file *file)
230 {
231 struct aa_revision *rev = file->private_data;
232
233 if (rev) {
234 aa_put_ns(rev->ns);
235 kfree(rev);
236 }
237
238 return 0;
239 }
240
241 static ssize_t ns_revision_read(struct file *file, char __user *buf,
242 size_t size, loff_t *ppos)
243 {
244 struct aa_revision *rev = file->private_data;
245 char buffer[32];
246 long last_read;
247 int avail;
248
249 mutex_lock(&rev->ns->lock);
250 last_read = rev->last_read;
251 if (last_read == rev->ns->revision) {
252 mutex_unlock(&rev->ns->lock);
253 if (file->f_flags & O_NONBLOCK)
254 return -EAGAIN;
255 if (wait_event_interruptible(rev->ns->wait,
256 last_read !=
257 READ_ONCE(rev->ns->revision)))
258 return -ERESTARTSYS;
259 mutex_lock(&rev->ns->lock);
260 }
261
262 avail = sprintf(buffer, "%ld\n", rev->ns->revision);
263 if (*ppos + size > avail) {
264 rev->last_read = rev->ns->revision;
265 *ppos = 0;
266 }
267 mutex_unlock(&rev->ns->lock);
268
269 return simple_read_from_buffer(buf, size, ppos, buffer, avail);
270 }
271
272 static int ns_revision_open(struct inode *inode, struct file *file)
273 {
274 struct aa_revision *rev = kzalloc(sizeof(*rev), GFP_KERNEL);
275
276 if (!rev)
277 return -ENOMEM;
278
279 rev->ns = aa_get_ns(inode->i_private);
280 if (!rev->ns)
281 rev->ns = aa_get_current_ns();
282 file->private_data = rev;
283
284 return 0;
285 }
286
287 static unsigned int ns_revision_poll(struct file *file, poll_table *pt)
288 {
289 struct aa_revision *rev = file->private_data;
290 unsigned int mask = 0;
291
292 if (rev) {
293 mutex_lock(&rev->ns->lock);
294 poll_wait(file, &rev->ns->wait, pt);
295 if (rev->last_read < rev->ns->revision)
296 mask |= POLLIN | POLLRDNORM;
297 mutex_unlock(&rev->ns->lock);
298 }
299
300 return mask;
301 }
302
303 void __aa_bump_ns_revision(struct aa_ns *ns)
304 {
305 ns->revision++;
306 wake_up_interruptible(&ns->wait);
307 }
308
309 static const struct file_operations ns_revision_fops = {
310 .owner = THIS_MODULE,
311 .open = ns_revision_open,
312 .poll = ns_revision_poll,
313 .read = ns_revision_read,
314 .llseek = generic_file_llseek,
315 .release = ns_revision_release,
316 };
317
318 static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms,
319 const char *match_str, size_t match_len)
320 {
321 struct aa_perms tmp;
322 struct aa_dfa *dfa;
323 unsigned int state = 0;
324
325 if (profile_unconfined(profile))
326 return;
327 if (profile->file.dfa && *match_str == AA_CLASS_FILE) {
328 dfa = profile->file.dfa;
329 state = aa_dfa_match_len(dfa, profile->file.start,
330 match_str + 1, match_len - 1);
331 tmp = nullperms;
332 if (state) {
333 struct path_cond cond = { };
334 tmp = aa_compute_fperms(dfa, state, &cond);
335 }
336 } else if (profile->policy.dfa) {
337 if (!PROFILE_MEDIATES_SAFE(profile, *match_str))
338 return; /* no change to current perms */
339 dfa = profile->policy.dfa;
340 state = aa_dfa_match_len(dfa, profile->policy.start[0],
341 match_str, match_len);
342 if (state)
343 aa_compute_perms(dfa, state, &tmp);
344 else
345 tmp = nullperms;
346 }
347 aa_apply_modes_to_perms(profile, &tmp);
348 aa_perms_accum_raw(perms, &tmp);
349 }
350
351 /**
352 * query_data - queries a policy and writes its data to buf
353 * @buf: the resulting data is stored here (NOT NULL)
354 * @buf_len: size of buf
355 * @query: query string used to retrieve data
356 * @query_len: size of query including second NUL byte
357 *
358 * The buffers pointed to by buf and query may overlap. The query buffer is
359 * parsed before buf is written to.
360 *
361 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of
362 * the security confinement context and <KEY> is the name of the data to
363 * retrieve. <LABEL> and <KEY> must not be NUL-terminated.
364 *
365 * Don't expect the contents of buf to be preserved on failure.
366 *
367 * Returns: number of characters written to buf or -errno on failure
368 */
369 static ssize_t query_data(char *buf, size_t buf_len,
370 char *query, size_t query_len)
371 {
372 char *out;
373 const char *key;
374 struct label_it i;
375 struct aa_label *label, *curr;
376 struct aa_profile *profile;
377 struct aa_data *data;
378 u32 bytes;
379 u32 blocks;
380 u32 size;
381
382 if (!query_len)
383 return -EINVAL; /* need a query */
384
385 key = query + strnlen(query, query_len) + 1;
386 if (key + 1 >= query + query_len)
387 return -EINVAL; /* not enough space for a non-empty key */
388 if (key + strnlen(key, query + query_len - key) >= query + query_len)
389 return -EINVAL; /* must end with NUL */
390
391 if (buf_len < sizeof(bytes) + sizeof(blocks))
392 return -EINVAL; /* not enough space */
393
394 curr = aa_begin_current_label(DO_UPDATE);
395 label = aa_label_parse(curr, query, GFP_KERNEL, false, false);
396 aa_end_current_label(curr);
397 if (IS_ERR(label))
398 return PTR_ERR(label);
399
400 /* We are going to leave space for two numbers. The first is the total
401 * number of bytes we are writing after the first number. This is so
402 * users can read the full output without reallocation.
403 *
404 * The second number is the number of data blocks we're writing. An
405 * application might be confined by multiple policies having data in
406 * the same key.
407 */
408 memset(buf, 0, sizeof(bytes) + sizeof(blocks));
409 out = buf + sizeof(bytes) + sizeof(blocks);
410
411 blocks = 0;
412 label_for_each_confined(i, label, profile) {
413 if (!profile->data)
414 continue;
415
416 data = rhashtable_lookup_fast(profile->data, &key,
417 profile->data->p);
418
419 if (data) {
420 if (out + sizeof(size) + data->size > buf + buf_len) {
421 aa_put_label(label);
422 return -EINVAL; /* not enough space */
423 }
424 size = __cpu_to_le32(data->size);
425 memcpy(out, &size, sizeof(size));
426 out += sizeof(size);
427 memcpy(out, data->data, data->size);
428 out += data->size;
429 blocks++;
430 }
431 }
432 aa_put_label(label);
433
434 bytes = out - buf - sizeof(bytes);
435 bytes = __cpu_to_le32(bytes);
436 blocks = __cpu_to_le32(blocks);
437 memcpy(buf, &bytes, sizeof(bytes));
438 memcpy(buf + sizeof(bytes), &blocks, sizeof(blocks));
439
440 return out - buf;
441 }
442
443 /**
444 * query_label - queries a label and writes permissions to buf
445 * @buf: the resulting permissions string is stored here (NOT NULL)
446 * @buf_len: size of buf
447 * @query: binary query string to match against the dfa
448 * @query_len: size of query
449 *
450 * The buffers pointed to by buf and query may overlap. The query buffer is
451 * parsed before buf is written to.
452 *
453 * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is
454 * the name of the label, in the current namespace, that is to be queried and
455 * DFA_STRING is a binary string to match against the label(s)'s DFA.
456 *
457 * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters
458 * but must *not* be NUL terminated.
459 *
460 * Returns: number of characters written to buf or -errno on failure
461 */
462 static ssize_t query_label(char *buf, size_t buf_len,
463 char *query, size_t query_len, bool ns_only)
464 {
465 struct aa_profile *profile;
466 struct aa_label *label, *curr;
467 char *label_name, *match_str;
468 size_t label_name_len, match_len;
469 struct aa_perms perms;
470 struct label_it i;
471
472 if (!query_len)
473 return -EINVAL;
474
475 label_name = query;
476 label_name_len = strnlen(query, query_len);
477 if (!label_name_len || label_name_len == query_len)
478 return -EINVAL;
479
480 /**
481 * The extra byte is to account for the null byte between the
482 * profile name and dfa string. profile_name_len is greater
483 * than zero and less than query_len, so a byte can be safely
484 * added or subtracted.
485 */
486 match_str = label_name + label_name_len + 1;
487 match_len = query_len - label_name_len - 1;
488
489 curr = aa_begin_current_label(DO_UPDATE);
490 label = aa_label_parse(curr, label_name, GFP_KERNEL, false, false);
491 aa_end_current_label(curr);
492 if (IS_ERR(label))
493 return PTR_ERR(label);
494
495 perms = allperms;
496 if (ns_only) {
497 label_for_each_in_ns(i, labels_ns(label), label, profile) {
498 profile_query_cb(profile, &perms, match_str, match_len);
499 }
500 } else {
501 label_for_each(i, label, profile) {
502 profile_query_cb(profile, &perms, match_str, match_len);
503 }
504 }
505 aa_put_label(label);
506
507 return scnprintf(buf, buf_len,
508 "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n",
509 perms.allow, perms.deny, perms.audit, perms.quiet);
510 }
511
512 #define QUERY_CMD_LABEL "label\0"
513 #define QUERY_CMD_LABEL_LEN 6
514 #define QUERY_CMD_PROFILE "profile\0"
515 #define QUERY_CMD_PROFILE_LEN 8
516 #define QUERY_CMD_LABELALL "labelall\0"
517 #define QUERY_CMD_LABELALL_LEN 9
518 #define QUERY_CMD_DATA "data\0"
519 #define QUERY_CMD_DATA_LEN 5
520
521 /**
522 * aa_write_access - generic permissions and data query
523 * @file: pointer to open apparmorfs/access file
524 * @ubuf: user buffer containing the complete query string (NOT NULL)
525 * @count: size of ubuf
526 * @ppos: position in the file (MUST BE ZERO)
527 *
528 * Allows for one permissions or data query per open(), write(), and read()
529 * sequence. The only queries currently supported are label-based queries for
530 * permissions or data.
531 *
532 * For permissions queries, ubuf must begin with "label\0", followed by the
533 * profile query specific format described in the query_label() function
534 * documentation.
535 *
536 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where
537 * <LABEL> is the name of the security confinement context and <KEY> is the
538 * name of the data to retrieve.
539 *
540 * Returns: number of bytes written or -errno on failure
541 */
542 static ssize_t aa_write_access(struct file *file, const char __user *ubuf,
543 size_t count, loff_t *ppos)
544 {
545 char *buf;
546 ssize_t len;
547
548 if (*ppos)
549 return -ESPIPE;
550
551 buf = simple_transaction_get(file, ubuf, count);
552 if (IS_ERR(buf))
553 return PTR_ERR(buf);
554
555 if (count > QUERY_CMD_PROFILE_LEN &&
556 !memcmp(buf, QUERY_CMD_PROFILE, QUERY_CMD_PROFILE_LEN)) {
557 len = query_label(buf, SIMPLE_TRANSACTION_LIMIT,
558 buf + QUERY_CMD_PROFILE_LEN,
559 count - QUERY_CMD_PROFILE_LEN, true);
560 } else if (count > QUERY_CMD_LABEL_LEN &&
561 !memcmp(buf, QUERY_CMD_LABEL, QUERY_CMD_LABEL_LEN)) {
562 len = query_label(buf, SIMPLE_TRANSACTION_LIMIT,
563 buf + QUERY_CMD_LABEL_LEN,
564 count - QUERY_CMD_LABEL_LEN, true);
565 } else if (count > QUERY_CMD_LABELALL_LEN &&
566 !memcmp(buf, QUERY_CMD_LABELALL, QUERY_CMD_LABELALL_LEN)) {
567 len = query_label(buf, SIMPLE_TRANSACTION_LIMIT,
568 buf + QUERY_CMD_LABELALL_LEN,
569 count - QUERY_CMD_LABELALL_LEN, false);
570 } else if (count > QUERY_CMD_DATA_LEN &&
571 !memcmp(buf, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) {
572 len = query_data(buf, SIMPLE_TRANSACTION_LIMIT,
573 buf + QUERY_CMD_DATA_LEN,
574 count - QUERY_CMD_DATA_LEN);
575 } else
576 len = -EINVAL;
577
578 if (len < 0)
579 return len;
580
581 simple_transaction_set(file, len);
582
583 return count;
584 }
585
586 static const struct file_operations aa_fs_access = {
587 .write = aa_write_access,
588 .read = simple_transaction_read,
589 .release = simple_transaction_release,
590 .llseek = generic_file_llseek,
591 };
592
593 static int aa_fs_seq_show(struct seq_file *seq, void *v)
594 {
595 struct aa_fs_entry *fs_file = seq->private;
596
597 if (!fs_file)
598 return 0;
599
600 switch (fs_file->v_type) {
601 case AA_FS_TYPE_BOOLEAN:
602 seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
603 break;
604 case AA_FS_TYPE_STRING:
605 seq_printf(seq, "%s\n", fs_file->v.string);
606 break;
607 case AA_FS_TYPE_U64:
608 seq_printf(seq, "%#08lx\n", fs_file->v.u64);
609 break;
610 default:
611 /* Ignore unpritable entry types. */
612 break;
613 }
614
615 return 0;
616 }
617
618 static int aa_fs_seq_open(struct inode *inode, struct file *file)
619 {
620 return single_open(file, aa_fs_seq_show, inode->i_private);
621 }
622
623 const struct file_operations aa_fs_seq_file_ops = {
624 .owner = THIS_MODULE,
625 .open = aa_fs_seq_open,
626 .read = seq_read,
627 .llseek = seq_lseek,
628 .release = single_release,
629 };
630
631 static int aa_fs_seq_profile_open(struct inode *inode, struct file *file,
632 int (*show)(struct seq_file *, void *))
633 {
634 struct aa_proxy *proxy = aa_get_proxy(inode->i_private);
635 int error = single_open(file, show, proxy);
636
637 if (error) {
638 file->private_data = NULL;
639 aa_put_proxy(proxy);
640 }
641
642 return error;
643 }
644
645 static int aa_fs_seq_profile_release(struct inode *inode, struct file *file)
646 {
647 struct seq_file *seq = (struct seq_file *) file->private_data;
648 if (seq)
649 aa_put_proxy(seq->private);
650 return single_release(inode, file);
651 }
652
653 static int aa_fs_seq_profname_show(struct seq_file *seq, void *v)
654 {
655 struct aa_proxy *proxy = seq->private;
656 struct aa_label *label = aa_get_label_rcu(&proxy->label);
657 struct aa_profile *profile = labels_profile(label);
658 seq_printf(seq, "%s\n", profile->base.name);
659 aa_put_label(label);
660
661 return 0;
662 }
663
664 static int aa_fs_seq_profname_open(struct inode *inode, struct file *file)
665 {
666 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_profname_show);
667 }
668
669 static const struct file_operations aa_fs_profname_fops = {
670 .owner = THIS_MODULE,
671 .open = aa_fs_seq_profname_open,
672 .read = seq_read,
673 .llseek = seq_lseek,
674 .release = aa_fs_seq_profile_release,
675 };
676
677 static int aa_fs_seq_profmode_show(struct seq_file *seq, void *v)
678 {
679 struct aa_proxy *proxy = seq->private;
680 struct aa_label *label = aa_get_label_rcu(&proxy->label);
681 struct aa_profile *profile = labels_profile(label);
682 seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]);
683 aa_put_label(label);
684
685 return 0;
686 }
687
688 static int aa_fs_seq_profmode_open(struct inode *inode, struct file *file)
689 {
690 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_profmode_show);
691 }
692
693 static const struct file_operations aa_fs_profmode_fops = {
694 .owner = THIS_MODULE,
695 .open = aa_fs_seq_profmode_open,
696 .read = seq_read,
697 .llseek = seq_lseek,
698 .release = aa_fs_seq_profile_release,
699 };
700
701 static int aa_fs_seq_profattach_show(struct seq_file *seq, void *v)
702 {
703 struct aa_proxy *proxy = seq->private;
704 struct aa_label *label = aa_get_label_rcu(&proxy->label);
705 struct aa_profile *profile = labels_profile(label);
706 if (profile->attach)
707 seq_printf(seq, "%s\n", profile->attach);
708 else if (profile->xmatch)
709 seq_puts(seq, "<unknown>\n");
710 else
711 seq_printf(seq, "%s\n", profile->base.name);
712 aa_put_label(label);
713
714 return 0;
715 }
716
717 static int aa_fs_seq_profattach_open(struct inode *inode, struct file *file)
718 {
719 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_profattach_show);
720 }
721
722 static const struct file_operations aa_fs_profattach_fops = {
723 .owner = THIS_MODULE,
724 .open = aa_fs_seq_profattach_open,
725 .read = seq_read,
726 .llseek = seq_lseek,
727 .release = aa_fs_seq_profile_release,
728 };
729
730 static int aa_fs_seq_hash_show(struct seq_file *seq, void *v)
731 {
732 struct aa_proxy *proxy = seq->private;
733 struct aa_label *label = aa_get_label_rcu(&proxy->label);
734 struct aa_profile *profile = labels_profile(label);
735 unsigned int i, size = aa_hash_size();
736
737 if (profile->hash) {
738 for (i = 0; i < size; i++)
739 seq_printf(seq, "%.2x", profile->hash[i]);
740 seq_puts(seq, "\n");
741 }
742 aa_put_label(label);
743
744 return 0;
745 }
746
747 static int aa_fs_seq_hash_open(struct inode *inode, struct file *file)
748 {
749 return single_open(file, aa_fs_seq_hash_show, inode->i_private);
750 }
751
752 static const struct file_operations aa_fs_seq_hash_fops = {
753 .owner = THIS_MODULE,
754 .open = aa_fs_seq_hash_open,
755 .read = seq_read,
756 .llseek = seq_lseek,
757 .release = single_release,
758 };
759
760 static int aa_fs_seq_show_stacked(struct seq_file *seq, void *v)
761 {
762 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
763 seq_printf(seq, "%s\n", label->size > 1 ? "yes" : "no");
764 aa_end_current_label(label);
765
766 return 0;
767 }
768
769 static int aa_fs_seq_open_stacked(struct inode *inode, struct file *file)
770 {
771 return single_open(file, aa_fs_seq_show_stacked, inode->i_private);
772 }
773
774 static const struct file_operations aa_fs_stacked = {
775 .owner = THIS_MODULE,
776 .open = aa_fs_seq_open_stacked,
777 .read = seq_read,
778 .llseek = seq_lseek,
779 .release = single_release,
780 };
781
782 static int aa_fs_seq_show_ns_stacked(struct seq_file *seq, void *v)
783 {
784 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
785 struct aa_profile *profile;
786 struct label_it it;
787 int count = 1;
788
789 if (label->size > 1) {
790 label_for_each(it, label, profile)
791 if (profile->ns != labels_ns(label)) {
792 count++;
793 break;
794 }
795 }
796
797 seq_printf(seq, "%s\n", count > 1 ? "yes" : "no");
798 aa_end_current_label(label);
799
800 return 0;
801 }
802
803 static int aa_fs_seq_open_ns_stacked(struct inode *inode, struct file *file)
804 {
805 return single_open(file, aa_fs_seq_show_ns_stacked, inode->i_private);
806 }
807
808 static const struct file_operations aa_fs_ns_stacked = {
809 .owner = THIS_MODULE,
810 .open = aa_fs_seq_open_ns_stacked,
811 .read = seq_read,
812 .llseek = seq_lseek,
813 .release = single_release,
814 };
815
816 static int aa_fs_seq_show_ns_level(struct seq_file *seq, void *v)
817 {
818 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
819 seq_printf(seq, "%d\n", labels_ns(label)->level);
820 aa_end_current_label(label);
821
822 return 0;
823 }
824
825 static int aa_fs_seq_open_ns_level(struct inode *inode, struct file *file)
826 {
827 return single_open(file, aa_fs_seq_show_ns_level, inode->i_private);
828 }
829
830 static const struct file_operations aa_fs_ns_level = {
831 .owner = THIS_MODULE,
832 .open = aa_fs_seq_open_ns_level,
833 .read = seq_read,
834 .llseek = seq_lseek,
835 .release = single_release,
836 };
837
838 static int aa_fs_seq_show_ns_name(struct seq_file *seq, void *v)
839 {
840 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
841 seq_printf(seq, "%s\n", labels_ns(label)->base.name);
842 aa_end_current_label(label);
843
844 return 0;
845 }
846
847 static int aa_fs_seq_open_ns_name(struct inode *inode, struct file *file)
848 {
849 return single_open(file, aa_fs_seq_show_ns_name, inode->i_private);
850 }
851
852 static const struct file_operations aa_fs_ns_name = {
853 .owner = THIS_MODULE,
854 .open = aa_fs_seq_open_ns_name,
855 .read = seq_read,
856 .llseek = seq_lseek,
857 .release = single_release,
858 };
859
860 static int rawdata_release(struct inode *inode, struct file *file)
861 {
862 /* TODO: switch to loaddata when profile switched to symlink */
863 aa_put_loaddata(file->private_data);
864
865 return 0;
866 }
867
868 static int aa_fs_seq_raw_abi_show(struct seq_file *seq, void *v)
869 {
870 struct aa_proxy *proxy = seq->private;
871 struct aa_label *label = aa_get_label_rcu(&proxy->label);
872 struct aa_profile *profile = labels_profile(label);
873
874 if (profile->rawdata->abi) {
875 seq_printf(seq, "v%d", profile->rawdata->abi);
876 seq_puts(seq, "\n");
877 }
878 aa_put_label(label);
879
880 return 0;
881 }
882
883 static int aa_fs_seq_raw_abi_open(struct inode *inode, struct file *file)
884 {
885 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_raw_abi_show);
886 }
887
888 static const struct file_operations aa_fs_seq_raw_abi_fops = {
889 .owner = THIS_MODULE,
890 .open = aa_fs_seq_raw_abi_open,
891 .read = seq_read,
892 .llseek = seq_lseek,
893 .release = aa_fs_seq_profile_release,
894 };
895
896 static int aa_fs_seq_raw_hash_show(struct seq_file *seq, void *v)
897 {
898 struct aa_proxy *proxy = seq->private;
899 struct aa_label *label = aa_get_label_rcu(&proxy->label);
900 struct aa_profile *profile = labels_profile(label);
901 unsigned int i, size = aa_hash_size();
902
903 if (profile->rawdata->hash) {
904 for (i = 0; i < size; i++)
905 seq_printf(seq, "%.2x", profile->rawdata->hash[i]);
906 seq_puts(seq, "\n");
907 }
908 aa_put_label(label);
909
910 return 0;
911 }
912
913 static int aa_fs_seq_raw_hash_open(struct inode *inode, struct file *file)
914 {
915 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_raw_hash_show);
916 }
917
918 static const struct file_operations aa_fs_seq_raw_hash_fops = {
919 .owner = THIS_MODULE,
920 .open = aa_fs_seq_raw_hash_open,
921 .read = seq_read,
922 .llseek = seq_lseek,
923 .release = aa_fs_seq_profile_release,
924 };
925
926 static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size,
927 loff_t *ppos)
928 {
929 struct aa_loaddata *rawdata = file->private_data;
930
931 return simple_read_from_buffer(buf, size, ppos, rawdata->data,
932 rawdata->size);
933 }
934
935 static int rawdata_open(struct inode *inode, struct file *file)
936 {
937 struct aa_proxy *proxy = inode->i_private;
938 struct aa_label *label;
939 struct aa_profile *profile;
940
941 if (!policy_view_capable(NULL))
942 return -EACCES;
943 label = aa_get_label_rcu(&proxy->label);
944 profile = labels_profile(label);
945 file->private_data = aa_get_loaddata(profile->rawdata);
946 aa_put_label(label);
947
948 return 0;
949 }
950
951 static const struct file_operations aa_fs_rawdata_fops = {
952 .open = rawdata_open,
953 .read = rawdata_read,
954 .llseek = generic_file_llseek,
955 .release = rawdata_release,
956 };
957
958 /** fns to setup dynamic per profile/namespace files **/
959
960 /**
961 *
962 * Requires: @profile->ns->lock held
963 */
964 void __aa_fs_profile_rmdir(struct aa_profile *profile)
965 {
966 struct aa_profile *child;
967 int i;
968
969 if (!profile)
970 return;
971 AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock));
972
973 list_for_each_entry(child, &profile->base.profiles, base.list)
974 __aa_fs_profile_rmdir(child);
975
976 for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) {
977 struct aa_proxy *proxy;
978 if (!profile->dents[i])
979 continue;
980
981 proxy = d_inode(profile->dents[i])->i_private;
982 securityfs_remove(profile->dents[i]);
983 aa_put_proxy(proxy);
984 profile->dents[i] = NULL;
985 }
986 }
987
988 /**
989 *
990 * Requires: @old->ns->lock held
991 */
992 void __aa_fs_profile_migrate_dents(struct aa_profile *old,
993 struct aa_profile *new)
994 {
995 int i;
996
997 AA_BUG(!old);
998 AA_BUG(!new);
999 AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock));
1000
1001 for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
1002 new->dents[i] = old->dents[i];
1003 if (new->dents[i])
1004 new->dents[i]->d_inode->i_mtime = current_time(new->dents[i]->d_inode);
1005 old->dents[i] = NULL;
1006 }
1007 }
1008
1009 static struct dentry *create_profile_file(struct dentry *dir, const char *name,
1010 struct aa_profile *profile,
1011 const struct file_operations *fops)
1012 {
1013 struct aa_proxy *proxy = aa_get_proxy(profile->label.proxy);
1014 struct dentry *dent;
1015
1016 dent = securityfs_create_file(name, S_IFREG | 0444, dir, proxy, fops);
1017 if (IS_ERR(dent))
1018 aa_put_proxy(proxy);
1019
1020 return dent;
1021 }
1022
1023 /**
1024 *
1025 * Requires: @profile->ns->lock held
1026 */
1027 int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
1028 {
1029 struct aa_profile *child;
1030 struct dentry *dent = NULL, *dir;
1031 int error;
1032
1033 AA_BUG(!profile);
1034 AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock));
1035
1036 if (!parent) {
1037 struct aa_profile *p;
1038 p = aa_deref_parent(profile);
1039 dent = prof_dir(p);
1040 /* adding to parent that previously didn't have children */
1041 dent = securityfs_create_dir("profiles", dent);
1042 if (IS_ERR(dent))
1043 goto fail;
1044 prof_child_dir(p) = parent = dent;
1045 }
1046
1047 if (!profile->dirname) {
1048 int len, id_len;
1049 len = mangle_name(profile->base.name, NULL);
1050 id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
1051
1052 profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
1053 if (!profile->dirname)
1054 goto fail;
1055
1056 mangle_name(profile->base.name, profile->dirname);
1057 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
1058 }
1059
1060 dent = securityfs_create_dir(profile->dirname, parent);
1061 if (IS_ERR(dent))
1062 goto fail;
1063 prof_dir(profile) = dir = dent;
1064
1065 dent = create_profile_file(dir, "name", profile, &aa_fs_profname_fops);
1066 if (IS_ERR(dent))
1067 goto fail;
1068 profile->dents[AAFS_PROF_NAME] = dent;
1069
1070 dent = create_profile_file(dir, "mode", profile, &aa_fs_profmode_fops);
1071 if (IS_ERR(dent))
1072 goto fail;
1073 profile->dents[AAFS_PROF_MODE] = dent;
1074
1075 dent = create_profile_file(dir, "attach", profile,
1076 &aa_fs_profattach_fops);
1077 if (IS_ERR(dent))
1078 goto fail;
1079 profile->dents[AAFS_PROF_ATTACH] = dent;
1080
1081 if (profile->hash) {
1082 dent = create_profile_file(dir, "sha1", profile,
1083 &aa_fs_seq_hash_fops);
1084 if (IS_ERR(dent))
1085 goto fail;
1086 profile->dents[AAFS_PROF_HASH] = dent;
1087 }
1088
1089 if (profile->rawdata) {
1090 dent = create_profile_file(dir, "raw_hash", profile,
1091 &aa_fs_seq_raw_hash_fops);
1092 if (IS_ERR(dent))
1093 goto fail;
1094 profile->dents[AAFS_PROF_RAW_HASH] = dent;
1095
1096 dent = create_profile_file(dir, "raw_abi", profile,
1097 &aa_fs_seq_raw_abi_fops);
1098 if (IS_ERR(dent))
1099 goto fail;
1100 profile->dents[AAFS_PROF_RAW_ABI] = dent;
1101
1102 dent = securityfs_create_file("raw_data", S_IFREG | 0444, dir,
1103 profile->label.proxy,
1104 &aa_fs_rawdata_fops);
1105 if (IS_ERR(dent))
1106 goto fail;
1107 profile->dents[AAFS_PROF_RAW_DATA] = dent;
1108 d_inode(dent)->i_size = profile->rawdata->size;
1109 aa_get_proxy(profile->label.proxy);
1110 }
1111
1112 list_for_each_entry(child, &profile->base.profiles, base.list) {
1113 error = __aa_fs_profile_mkdir(child, prof_child_dir(profile));
1114 if (error)
1115 goto fail2;
1116 }
1117
1118 return 0;
1119
1120 fail:
1121 error = PTR_ERR(dent);
1122
1123 fail2:
1124 __aa_fs_profile_rmdir(profile);
1125
1126 return error;
1127 }
1128
1129 static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
1130 {
1131 struct aa_ns *ns, *parent;
1132 /* TODO: improve permission check */
1133 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
1134 int error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY);
1135 aa_end_current_label(label);
1136 if (error)
1137 return error;
1138
1139 parent = aa_get_ns(dir->i_private);
1140 AA_BUG(d_inode(ns_subns_dir(parent)) != dir);
1141
1142 /* we have to unlock and then relock to get locking order right
1143 * for pin_fs
1144 */
1145 inode_unlock(dir);
1146 securityfs_pin_fs();
1147 inode_lock_nested(dir, I_MUTEX_PARENT);
1148
1149 error = __securityfs_setup_d_inode(dir, dentry, mode | S_IFDIR, NULL,
1150 NULL, NULL);
1151 if (error)
1152 return error;
1153
1154 ns = aa_create_ns(parent, ACCESS_ONCE(dentry->d_name.name), dentry);
1155 if (IS_ERR(ns)) {
1156 error = PTR_ERR(ns);
1157 ns = NULL;
1158 }
1159
1160 aa_put_ns(ns); /* list ref remains */
1161 aa_put_ns(parent);
1162
1163 return error;
1164 }
1165
1166 static int ns_rmdir_op(struct inode *dir, struct dentry *dentry)
1167 {
1168 struct aa_ns *ns, *parent;
1169 /* TODO: improve permission check */
1170 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
1171 int error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY);
1172 aa_end_current_label(label);
1173 if (error)
1174 return error;
1175
1176 parent = aa_get_ns(dir->i_private);
1177 /* rmdir calls the generic securityfs functions to remove files
1178 * from the apparmor dir. It is up to the apparmor ns locking
1179 * to avoid races.
1180 */
1181 inode_unlock(dir);
1182 inode_unlock(dentry->d_inode);
1183
1184 mutex_lock(&parent->lock);
1185 ns = aa_get_ns(__aa_findn_ns(&parent->sub_ns, dentry->d_name.name,
1186 dentry->d_name.len));
1187 if (!ns) {
1188 error = -ENOENT;
1189 goto out;
1190 }
1191 AA_BUG(ns_dir(ns) != dentry);
1192
1193 __aa_remove_ns(ns);
1194 aa_put_ns(ns);
1195
1196 out:
1197 mutex_unlock(&parent->lock);
1198 inode_lock_nested(dir, I_MUTEX_PARENT);
1199 inode_lock(dentry->d_inode);
1200 aa_put_ns(parent);
1201
1202 return error;
1203 }
1204
1205 static const struct inode_operations ns_dir_inode_operations = {
1206 .lookup = simple_lookup,
1207 .mkdir = ns_mkdir_op,
1208 .rmdir = ns_rmdir_op,
1209 };
1210
1211 /**
1212 *
1213 * Requires: @ns->lock held
1214 */
1215 void __aa_fs_ns_rmdir(struct aa_ns *ns)
1216 {
1217 struct aa_ns *sub;
1218 struct aa_profile *child;
1219 int i;
1220
1221 if (!ns)
1222 return;
1223 AA_BUG(!mutex_is_locked(&ns->lock));
1224
1225 list_for_each_entry(child, &ns->base.profiles, base.list)
1226 __aa_fs_profile_rmdir(child);
1227
1228 list_for_each_entry(sub, &ns->sub_ns, base.list) {
1229 mutex_lock(&sub->lock);
1230 __aa_fs_ns_rmdir(sub);
1231 mutex_unlock(&sub->lock);
1232 }
1233
1234 if (ns_subns_dir(ns)) {
1235 sub = d_inode(ns_subns_dir(ns))->i_private;
1236 aa_put_ns(sub);
1237 }
1238 if (ns_subload(ns)) {
1239 sub = d_inode(ns_subload(ns))->i_private;
1240 aa_put_ns(sub);
1241 }
1242 if (ns_subreplace(ns)) {
1243 sub = d_inode(ns_subreplace(ns))->i_private;
1244 aa_put_ns(sub);
1245 }
1246 if (ns_subremove(ns)) {
1247 sub = d_inode(ns_subremove(ns))->i_private;
1248 aa_put_ns(sub);
1249 }
1250 if (ns_subrevision(ns)) {
1251 sub = d_inode(ns_subrevision(ns))->i_private;
1252 aa_put_ns(sub);
1253 }
1254
1255 for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) {
1256 securityfs_remove(ns->dents[i]);
1257 ns->dents[i] = NULL;
1258 }
1259 }
1260
1261 /* assumes cleanup in caller */
1262 static int __aa_fs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir)
1263 {
1264 struct dentry *dent;
1265
1266 AA_BUG(!ns);
1267 AA_BUG(!dir);
1268
1269 dent = securityfs_create_dir("profiles", dir);
1270 if (IS_ERR(dent))
1271 return PTR_ERR(dent);
1272 ns_subprofs_dir(ns) = dent;
1273
1274 dent = securityfs_create_dir("raw_data", dir);
1275 if (IS_ERR(dent))
1276 return PTR_ERR(dent);
1277 ns_subdata_dir(ns) = dent;
1278
1279 dent = securityfs_create_file("revision", 0444, dir, ns,
1280 &ns_revision_fops);
1281 if (IS_ERR(dent))
1282 return PTR_ERR(dent);
1283 ns_subrevision(ns) = dent;
1284
1285 dent = securityfs_create_file(".load", 0666, dir, ns,
1286 &aa_fs_profile_load);
1287 if (IS_ERR(dent))
1288 return PTR_ERR(dent);
1289 aa_get_ns(ns);
1290 ns_subload(ns) = dent;
1291
1292 dent = securityfs_create_file(".replace", 0666, dir, ns,
1293 &aa_fs_profile_replace);
1294 if (IS_ERR(dent))
1295 return PTR_ERR(dent);
1296 aa_get_ns(ns);
1297 ns_subreplace(ns) = dent;
1298
1299 dent = securityfs_create_file(".remove", 0666, dir, ns,
1300 &aa_fs_profile_remove);
1301 if (IS_ERR(dent))
1302 return PTR_ERR(dent);
1303 aa_get_ns(ns);
1304 ns_subremove(ns) = dent;
1305
1306 /* use create_dentry so we can supply private data */
1307 dent = securityfs_create_dentry("namespaces",
1308 S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO,
1309 dir, ns, NULL,
1310 &ns_dir_inode_operations);
1311 if (IS_ERR(dent))
1312 return PTR_ERR(dent);
1313 aa_get_ns(ns);
1314 ns_subns_dir(ns) = dent;
1315
1316 return 0;
1317 }
1318
1319 /**
1320 *
1321 * Requires: @ns->lock held
1322 */
1323 int __aa_fs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
1324 struct dentry *dent)
1325 {
1326 struct aa_ns *sub;
1327 struct aa_profile *child;
1328 struct dentry *dir;
1329 int error;
1330
1331 AA_BUG(!ns);
1332 AA_BUG(!parent);
1333 AA_BUG(!mutex_is_locked(&ns->lock));
1334
1335 if (!name)
1336 name = ns->base.name;
1337
1338 if (!dent) {
1339 /* create ns dir if it doesn't already exist */
1340 dent = securityfs_create_dir(name, parent);
1341 if (IS_ERR(dent))
1342 goto fail;
1343 } else
1344 dget(dent);
1345 ns_dir(ns) = dir = dent;
1346 error = __aa_fs_ns_mkdir_entries(ns, dir);
1347 if (error)
1348 goto fail2;
1349
1350 /* profiles */
1351 list_for_each_entry(child, &ns->base.profiles, base.list) {
1352 error = __aa_fs_profile_mkdir(child, ns_subprofs_dir(ns));
1353 if (error)
1354 goto fail2;
1355 }
1356
1357 /* subnamespaces */
1358 list_for_each_entry(sub, &ns->sub_ns, base.list) {
1359 mutex_lock(&sub->lock);
1360 error = __aa_fs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL);
1361 mutex_unlock(&sub->lock);
1362 if (error)
1363 goto fail2;
1364 }
1365
1366 return 0;
1367
1368 fail:
1369 error = PTR_ERR(dent);
1370
1371 fail2:
1372 __aa_fs_ns_rmdir(ns);
1373
1374 return error;
1375 }
1376
1377
1378 #define list_entry_is_head(pos, head, member) (&pos->member == (head))
1379
1380 /**
1381 * __next_ns - find the next namespace to list
1382 * @root: root namespace to stop search at (NOT NULL)
1383 * @ns: current ns position (NOT NULL)
1384 *
1385 * Find the next namespace from @ns under @root and handle all locking needed
1386 * while switching current namespace.
1387 *
1388 * Returns: next namespace or NULL if at last namespace under @root
1389 * Requires: ns->parent->lock to be held
1390 * NOTE: will not unlock root->lock
1391 */
1392 static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns)
1393 {
1394 struct aa_ns *parent, *next;
1395
1396 AA_BUG(!root);
1397 AA_BUG(!ns);
1398 AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock));
1399
1400 /* is next namespace a child */
1401 if (!list_empty(&ns->sub_ns)) {
1402 next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
1403 mutex_lock(&next->lock);
1404 return next;
1405 }
1406
1407 /* check if the next ns is a sibling, parent, gp, .. */
1408 parent = ns->parent;
1409 while (ns != root) {
1410 mutex_unlock(&ns->lock);
1411 next = list_next_entry(ns, base.list);
1412 if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
1413 mutex_lock(&next->lock);
1414 return next;
1415 }
1416 ns = parent;
1417 parent = parent->parent;
1418 }
1419
1420 return NULL;
1421 }
1422
1423 /**
1424 * __first_profile - find the first profile in a namespace
1425 * @root: namespace that is root of profiles being displayed (NOT NULL)
1426 * @ns: namespace to start in (MAY BE NULL)
1427 *
1428 * Returns: unrefcounted profile or NULL if no profile
1429 * Requires: ns.lock to be held
1430 */
1431 static struct aa_profile *__first_profile(struct aa_ns *root, struct aa_ns *ns)
1432 {
1433 AA_BUG(!root);
1434 AA_BUG(ns && !mutex_is_locked(&ns->lock));
1435
1436 for (; ns; ns = __next_ns(root, ns)) {
1437 if (!list_empty(&ns->base.profiles))
1438 return list_first_entry(&ns->base.profiles,
1439 struct aa_profile, base.list);
1440 }
1441 return NULL;
1442 }
1443
1444 /**
1445 * __next_profile - step to the next profile in a profile tree
1446 * @profile: current profile in tree (NOT NULL)
1447 *
1448 * Perform a depth first traversal on the profile tree in a namespace
1449 *
1450 * Returns: next profile or NULL if done
1451 * Requires: profile->ns.lock to be held
1452 */
1453 static struct aa_profile *__next_profile(struct aa_profile *p)
1454 {
1455 struct aa_profile *parent;
1456 struct aa_ns *ns = p->ns;
1457
1458 AA_BUG(!mutex_is_locked(&profiles_ns(p)->lock));
1459
1460 /* is next profile a child */
1461 if (!list_empty(&p->base.profiles))
1462 return list_first_entry(&p->base.profiles, typeof(*p),
1463 base.list);
1464
1465 /* is next profile a sibling, parent sibling, gp, sibling, .. */
1466 parent = rcu_dereference_protected(p->parent,
1467 mutex_is_locked(&p->ns->lock));
1468 while (parent) {
1469 p = list_next_entry(p, base.list);
1470 if (!list_entry_is_head(p, &parent->base.profiles, base.list))
1471 return p;
1472 p = parent;
1473 parent = rcu_dereference_protected(parent->parent,
1474 mutex_is_locked(&parent->ns->lock));
1475 }
1476
1477 /* is next another profile in the namespace */
1478 p = list_next_entry(p, base.list);
1479 if (!list_entry_is_head(p, &ns->base.profiles, base.list))
1480 return p;
1481
1482 return NULL;
1483 }
1484
1485 /**
1486 * next_profile - step to the next profile in where ever it may be
1487 * @root: root namespace (NOT NULL)
1488 * @profile: current profile (NOT NULL)
1489 *
1490 * Returns: next profile or NULL if there isn't one
1491 */
1492 static struct aa_profile *next_profile(struct aa_ns *root,
1493 struct aa_profile *profile)
1494 {
1495 struct aa_profile *next = __next_profile(profile);
1496 if (next)
1497 return next;
1498
1499 /* finished all profiles in namespace move to next namespace */
1500 return __first_profile(root, __next_ns(root, profile->ns));
1501 }
1502
1503 /**
1504 * p_start - start a depth first traversal of profile tree
1505 * @f: seq_file to fill
1506 * @pos: current position
1507 *
1508 * Returns: first profile under current namespace or NULL if none found
1509 *
1510 * acquires first ns->lock
1511 */
1512 static void *p_start(struct seq_file *f, loff_t *pos)
1513 {
1514 struct aa_profile *profile = NULL;
1515 struct aa_ns *root = aa_get_current_ns();
1516 loff_t l = *pos;
1517 f->private = root;
1518
1519 /* find the first profile */
1520 mutex_lock(&root->lock);
1521 profile = __first_profile(root, root);
1522
1523 /* skip to position */
1524 for (; profile && l > 0; l--)
1525 profile = next_profile(root, profile);
1526
1527 return profile;
1528 }
1529
1530 /**
1531 * p_next - read the next profile entry
1532 * @f: seq_file to fill
1533 * @p: profile previously returned
1534 * @pos: current position
1535 *
1536 * Returns: next profile after @p or NULL if none
1537 *
1538 * may acquire/release locks in namespace tree as necessary
1539 */
1540 static void *p_next(struct seq_file *f, void *p, loff_t *pos)
1541 {
1542 struct aa_profile *profile = p;
1543 struct aa_ns *ns = f->private;
1544 (*pos)++;
1545
1546 return next_profile(ns, profile);
1547 }
1548
1549 /**
1550 * p_stop - stop depth first traversal
1551 * @f: seq_file we are filling
1552 * @p: the last profile writen
1553 *
1554 * Release all locking done by p_start/p_next on namespace tree
1555 */
1556 static void p_stop(struct seq_file *f, void *p)
1557 {
1558 struct aa_profile *profile = p;
1559 struct aa_ns *root = f->private, *ns;
1560
1561 if (profile) {
1562 for (ns = profile->ns; ns && ns != root; ns = ns->parent)
1563 mutex_unlock(&ns->lock);
1564 }
1565 mutex_unlock(&root->lock);
1566 aa_put_ns(root);
1567 }
1568
1569 /**
1570 * seq_show_profile - show a profile entry
1571 * @f: seq_file to file
1572 * @p: current position (profile) (NOT NULL)
1573 *
1574 * Returns: error on failure
1575 */
1576 static int seq_show_profile(struct seq_file *f, void *p)
1577 {
1578 struct aa_profile *profile = (struct aa_profile *)p;
1579 struct aa_ns *root = f->private;
1580
1581 aa_label_seq_xprint(f, root, &profile->label,
1582 FLAG_SHOW_MODE | FLAG_VIEW_SUBNS, GFP_KERNEL);
1583 seq_printf(f, "\n");
1584
1585 return 0;
1586 }
1587
1588 static const struct seq_operations aa_fs_profiles_op = {
1589 .start = p_start,
1590 .next = p_next,
1591 .stop = p_stop,
1592 .show = seq_show_profile,
1593 };
1594
1595 static int profiles_open(struct inode *inode, struct file *file)
1596 {
1597 if (!policy_view_capable(NULL))
1598 return -EACCES;
1599
1600 return seq_open(file, &aa_fs_profiles_op);
1601 }
1602
1603 static int profiles_release(struct inode *inode, struct file *file)
1604 {
1605 return seq_release(inode, file);
1606 }
1607
1608 static const struct file_operations aa_fs_profiles_fops = {
1609 .open = profiles_open,
1610 .read = seq_read,
1611 .llseek = seq_lseek,
1612 .release = profiles_release,
1613 };
1614
1615
1616 /** Base file system setup **/
1617 static struct aa_fs_entry aa_fs_entry_file[] = {
1618 AA_FS_FILE_STRING("mask", "create read write exec append mmap_exec " \
1619 "link lock"),
1620 { }
1621 };
1622
1623 static struct aa_fs_entry aa_fs_entry_ptrace[] = {
1624 AA_FS_FILE_STRING("mask", "read trace"),
1625 { }
1626 };
1627
1628 static struct aa_fs_entry aa_fs_entry_signal[] = {
1629 AA_FS_FILE_STRING("mask", AA_FS_SIG_MASK),
1630 { }
1631 };
1632
1633 static struct aa_fs_entry aa_fs_entry_domain[] = {
1634 AA_FS_FILE_BOOLEAN("change_hat", 1),
1635 AA_FS_FILE_BOOLEAN("change_hatv", 1),
1636 AA_FS_FILE_BOOLEAN("change_onexec", 1),
1637 AA_FS_FILE_BOOLEAN("change_profile", 1),
1638 AA_FS_FILE_BOOLEAN("stack", 1),
1639 AA_FS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1),
1640 AA_FS_FILE_STRING("version", "1.2"),
1641 { }
1642 };
1643
1644 static struct aa_fs_entry aa_fs_entry_versions[] = {
1645 AA_FS_FILE_BOOLEAN("v5", 1),
1646 AA_FS_FILE_BOOLEAN("v6", 1),
1647 AA_FS_FILE_BOOLEAN("v7", 1),
1648 { }
1649 };
1650
1651 static struct aa_fs_entry aa_fs_entry_policy[] = {
1652 AA_FS_DIR("versions", aa_fs_entry_versions),
1653 AA_FS_FILE_BOOLEAN("set_load", 1),
1654 { }
1655 };
1656
1657 static struct aa_fs_entry aa_fs_entry_mount[] = {
1658 AA_FS_FILE_STRING("mask", "mount umount"),
1659 { }
1660 };
1661
1662 static struct aa_fs_entry aa_fs_entry_ns[] = {
1663 AA_FS_FILE_BOOLEAN("profile", 1),
1664 AA_FS_FILE_BOOLEAN("pivot_root", 1),
1665 { }
1666 };
1667
1668 static struct aa_fs_entry aa_fs_entry_dbus[] = {
1669 AA_FS_FILE_STRING("mask", "acquire send receive"),
1670 { }
1671 };
1672
1673 static struct aa_fs_entry aa_fs_entry_query_label[] = {
1674 AA_FS_FILE_STRING("perms", "allow deny audit quiet"),
1675 AA_FS_FILE_BOOLEAN("data", 1),
1676 { }
1677 };
1678
1679 static struct aa_fs_entry aa_fs_entry_query[] = {
1680 AA_FS_DIR("label", aa_fs_entry_query_label),
1681 { }
1682 };
1683 static struct aa_fs_entry aa_fs_entry_features[] = {
1684 AA_FS_DIR("policy", aa_fs_entry_policy),
1685 AA_FS_DIR("domain", aa_fs_entry_domain),
1686 AA_FS_DIR("file", aa_fs_entry_file),
1687 AA_FS_DIR("network", aa_fs_entry_network),
1688 AA_FS_DIR("mount", aa_fs_entry_mount),
1689 AA_FS_DIR("namespaces", aa_fs_entry_ns),
1690 AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
1691 AA_FS_DIR("rlimit", aa_fs_entry_rlimit),
1692 AA_FS_DIR("caps", aa_fs_entry_caps),
1693 AA_FS_DIR("ptrace", aa_fs_entry_ptrace),
1694 AA_FS_DIR("signal", aa_fs_entry_signal),
1695 AA_FS_DIR("dbus", aa_fs_entry_dbus),
1696 AA_FS_DIR("query", aa_fs_entry_query),
1697 { }
1698 };
1699
1700 static struct aa_fs_entry aa_fs_entry_apparmor[] = {
1701 AA_FS_FILE_FOPS(".access", 0666, &aa_fs_access),
1702 AA_FS_FILE_FOPS(".stacked", 0666, &aa_fs_stacked),
1703 AA_FS_FILE_FOPS(".ns_stacked", 0666, &aa_fs_ns_stacked),
1704 AA_FS_FILE_FOPS(".ns_level", 0666, &aa_fs_ns_level),
1705 AA_FS_FILE_FOPS(".ns_name", 0666, &aa_fs_ns_name),
1706 AA_FS_FILE_FOPS("profiles", 0444, &aa_fs_profiles_fops),
1707 AA_FS_DIR("features", aa_fs_entry_features),
1708 { }
1709 };
1710
1711 static struct aa_fs_entry aa_fs_entry =
1712 AA_FS_DIR("apparmor", aa_fs_entry_apparmor);
1713
1714 /**
1715 * aafs_create_file - create a file entry in the apparmor securityfs
1716 * @fs_file: aa_fs_entry to build an entry for (NOT NULL)
1717 * @parent: the parent dentry in the securityfs
1718 *
1719 * Use aafs_remove_file to remove entries created with this fn.
1720 */
1721 static int __init aafs_create_file(struct aa_fs_entry *fs_file,
1722 struct dentry *parent)
1723 {
1724 int error = 0;
1725
1726 fs_file->dentry = securityfs_create_file(fs_file->name,
1727 S_IFREG | fs_file->mode,
1728 parent, fs_file,
1729 fs_file->file_ops);
1730 if (IS_ERR(fs_file->dentry)) {
1731 error = PTR_ERR(fs_file->dentry);
1732 fs_file->dentry = NULL;
1733 }
1734 return error;
1735 }
1736
1737 static void __init aafs_remove_dir(struct aa_fs_entry *fs_dir);
1738 /**
1739 * aafs_create_dir - recursively create a directory entry in the securityfs
1740 * @fs_dir: aa_fs_entry (and all child entries) to build (NOT NULL)
1741 * @parent: the parent dentry in the securityfs
1742 *
1743 * Use aafs_remove_dir to remove entries created with this fn.
1744 */
1745 static int __init aafs_create_dir(struct aa_fs_entry *fs_dir,
1746 struct dentry *parent)
1747 {
1748 struct aa_fs_entry *fs_file;
1749 struct dentry *dir;
1750 int error;
1751
1752 dir = securityfs_create_dir(fs_dir->name, parent);
1753 if (IS_ERR(dir))
1754 return PTR_ERR(dir);
1755 fs_dir->dentry = dir;
1756
1757 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
1758 if (fs_file->v_type == AA_FS_TYPE_DIR)
1759 error = aafs_create_dir(fs_file, fs_dir->dentry);
1760 else
1761 error = aafs_create_file(fs_file, fs_dir->dentry);
1762 if (error)
1763 goto failed;
1764 }
1765
1766 return 0;
1767
1768 failed:
1769 aafs_remove_dir(fs_dir);
1770
1771 return error;
1772 }
1773
1774 /**
1775 * aafs_remove_file - drop a single file entry in the apparmor securityfs
1776 * @fs_file: aa_fs_entry to detach from the securityfs (NOT NULL)
1777 */
1778 static void __init aafs_remove_file(struct aa_fs_entry *fs_file)
1779 {
1780 if (!fs_file->dentry)
1781 return;
1782
1783 securityfs_remove(fs_file->dentry);
1784 fs_file->dentry = NULL;
1785 }
1786
1787 /**
1788 * aafs_remove_dir - recursively drop a directory entry from the securityfs
1789 * @fs_dir: aa_fs_entry (and all child entries) to detach (NOT NULL)
1790 */
1791 static void __init aafs_remove_dir(struct aa_fs_entry *fs_dir)
1792 {
1793 struct aa_fs_entry *fs_file;
1794
1795 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
1796 if (fs_file->v_type == AA_FS_TYPE_DIR)
1797 aafs_remove_dir(fs_file);
1798 else
1799 aafs_remove_file(fs_file);
1800 }
1801
1802 aafs_remove_file(fs_dir);
1803 }
1804
1805 /**
1806 * aa_destroy_aafs - cleanup and free aafs
1807 *
1808 * releases dentries allocated by aa_create_aafs
1809 */
1810 void __init aa_destroy_aafs(void)
1811 {
1812 aafs_remove_dir(&aa_fs_entry);
1813 }
1814
1815
1816 #define NULL_FILE_NAME ".null"
1817 struct path aa_null;
1818
1819 static int aa_mk_null_file(struct dentry *parent)
1820 {
1821 struct vfsmount *mount = NULL;
1822 struct dentry *dentry;
1823 struct inode *inode;
1824 int count = 0;
1825 int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count);
1826 if (error)
1827 return error;
1828
1829 inode_lock(d_inode(parent));
1830 dentry = lookup_one_len(NULL_FILE_NAME, parent, strlen(NULL_FILE_NAME));
1831 if (IS_ERR(dentry)) {
1832 error = PTR_ERR(dentry);
1833 goto out;
1834 }
1835 inode = new_inode(parent->d_inode->i_sb);
1836 if (!inode) {
1837 error = -ENOMEM;
1838 goto out1;
1839 }
1840
1841 inode->i_ino = get_next_ino();
1842 inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
1843 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
1844 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO,
1845 MKDEV(MEM_MAJOR, 3));
1846 d_instantiate(dentry, inode);
1847 aa_null.dentry = dget(dentry);
1848 aa_null.mnt = mntget(mount);
1849
1850 error = 0;
1851
1852 out1:
1853 dput(dentry);
1854 out:
1855 inode_unlock(d_inode(parent));
1856 simple_release_fs(&mount, &count);
1857 return error;
1858 }
1859
1860 /**
1861 * aa_create_aafs - create the apparmor security filesystem
1862 *
1863 * dentries created here are released by aa_destroy_aafs
1864 *
1865 * Returns: error on failure
1866 */
1867 static int __init aa_create_aafs(void)
1868 {
1869 struct dentry *dent;
1870 int error;
1871
1872 if (!apparmor_initialized)
1873 return 0;
1874
1875 if (aa_fs_entry.dentry) {
1876 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
1877 return -EEXIST;
1878 }
1879
1880 /* Populate fs tree. */
1881 error = aafs_create_dir(&aa_fs_entry, NULL);
1882 if (error)
1883 goto error;
1884
1885 dent = securityfs_create_file(".load", 0666, aa_fs_entry.dentry,
1886 NULL, &aa_fs_profile_load);
1887 if (IS_ERR(dent)) {
1888 error = PTR_ERR(dent);
1889 goto error;
1890 }
1891 ns_subload(root_ns) = dent;
1892
1893 dent = securityfs_create_file(".replace", 0666, aa_fs_entry.dentry,
1894 NULL, &aa_fs_profile_replace);
1895 if (IS_ERR(dent)) {
1896 error = PTR_ERR(dent);
1897 goto error;
1898 }
1899 ns_subreplace(root_ns) = dent;
1900
1901 dent = securityfs_create_file(".remove", 0666, aa_fs_entry.dentry,
1902 NULL, &aa_fs_profile_remove);
1903 if (IS_ERR(dent)) {
1904 error = PTR_ERR(dent);
1905 goto error;
1906 }
1907 ns_subremove(root_ns) = dent;
1908
1909 dent = securityfs_create_file("revision", 0444, aa_fs_entry.dentry,
1910 NULL, &ns_revision_fops);
1911 if (IS_ERR(dent)) {
1912 error = PTR_ERR(dent);
1913 goto error;
1914 }
1915 ns_subrevision(root_ns) = dent;
1916
1917 mutex_lock(&root_ns->lock);
1918 error = __aa_fs_ns_mkdir(root_ns, aa_fs_entry.dentry, "policy", NULL);
1919 mutex_unlock(&root_ns->lock);
1920
1921 if (error)
1922 goto error;
1923
1924 error = aa_mk_null_file(aa_fs_entry.dentry);
1925 if (error)
1926 goto error;
1927
1928 if (!aa_g_unconfined_init) {
1929 /* TODO: add default profile to apparmorfs */
1930 }
1931
1932 /* Report that AppArmor fs is enabled */
1933 aa_info_message("AppArmor Filesystem Enabled");
1934 return 0;
1935
1936 error:
1937 aa_destroy_aafs();
1938 AA_ERROR("Error creating AppArmor securityfs\n");
1939 return error;
1940 }
1941
1942 fs_initcall(aa_create_aafs);
ubuntu-zesty-kernel mirror