2 * AppArmor security module
4 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
15 #include <linux/ctype.h>
16 #include <linux/security.h>
17 #include <linux/vmalloc.h>
18 #include <linux/module.h>
19 #include <linux/seq_file.h>
20 #include <linux/uaccess.h>
21 #include <linux/mount.h>
22 #include <linux/namei.h>
23 #include <linux/capability.h>
24 #include <linux/rcupdate.h>
25 #include <uapi/linux/major.h>
28 #include "include/apparmor.h"
29 #include "include/apparmorfs.h"
30 #include "include/audit.h"
31 #include "include/context.h"
32 #include "include/crypto.h"
33 #include "include/ipc.h"
34 #include "include/policy_ns.h"
35 #include "include/label.h"
36 #include "include/policy.h"
37 #include "include/resource.h"
38 #include "include/label.h"
39 #include "include/lib.h"
40 #include "include/policy_unpack.h"
43 * aa_mangle_name - mangle a profile name to std profile layout form
44 * @name: profile name to mangle (NOT NULL)
45 * @target: buffer to store mangled name, same length as @name (MAYBE NULL)
47 * Returns: length of mangled name
49 static int mangle_name(const char *name
, char *target
)
53 while (*name
== '/' || *name
== '.')
57 for (; *name
; name
++) {
60 else if (isspace(*name
))
62 else if (isalnum(*name
) || strchr("._-", *name
))
69 for (; *name
; name
++) {
70 if (isalnum(*name
) || isspace(*name
) ||
71 strchr("/._-", *name
))
82 * aa_simple_write_to_buffer - common routine for getting policy from user
83 * @userbuf: user buffer to copy data from (NOT NULL)
84 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
85 * @copy_size: size of data to copy from user buffer
86 * @pos: position write is at in the file (NOT NULL)
88 * Returns: kernel buffer containing copy of user buffer data or an
91 static struct aa_loaddata
*aa_simple_write_to_buffer(const char __user
*userbuf
,
96 struct aa_loaddata
*data
;
98 BUG_ON(copy_size
> alloc_size
);
101 /* only writes from pos 0, that is complete writes */
102 return ERR_PTR(-ESPIPE
);
104 /* freed by caller to simple_write_to_buffer */
105 data
= kvmalloc(sizeof(*data
) + alloc_size
);
107 return ERR_PTR(-ENOMEM
);
108 kref_init(&data
->count
);
109 data
->size
= copy_size
;
113 if (copy_from_user(data
->data
, userbuf
, copy_size
)) {
115 return ERR_PTR(-EFAULT
);
121 static ssize_t
policy_update(u32 mask
, const char __user
*buf
, size_t size
,
122 loff_t
*pos
, struct aa_ns
*ns
)
124 struct aa_label
*label
;
126 struct aa_loaddata
*data
;
128 label
= aa_begin_current_label(DO_UPDATE
);
130 /* high level check about policy management - fine grained in
133 error
= aa_may_manage_policy(label
, ns
, mask
);
137 data
= aa_simple_write_to_buffer(buf
, size
, size
, pos
);
138 error
= PTR_ERR(data
);
140 error
= aa_replace_profiles(ns
? ns
: labels_ns(label
), label
,
142 aa_put_loaddata(data
);
144 aa_end_current_label(label
);
149 /* .load file hook fn to load policy */
150 static ssize_t
profile_load(struct file
*f
, const char __user
*buf
, size_t size
,
153 struct aa_ns
*ns
= aa_get_ns(f
->f_inode
->i_private
);
154 int error
= policy_update(AA_MAY_LOAD_POLICY
, buf
, size
, pos
, ns
);
160 static const struct file_operations aa_fs_profile_load
= {
161 .write
= profile_load
,
162 .llseek
= default_llseek
,
165 /* .replace file hook fn to load and/or replace policy */
166 static ssize_t
profile_replace(struct file
*f
, const char __user
*buf
,
167 size_t size
, loff_t
*pos
)
169 struct aa_ns
*ns
= aa_get_ns(f
->f_inode
->i_private
);
170 int error
= policy_update(AA_MAY_LOAD_POLICY
| AA_MAY_REPLACE_POLICY
,
177 static const struct file_operations aa_fs_profile_replace
= {
178 .write
= profile_replace
,
179 .llseek
= default_llseek
,
182 /* .remove file hook fn to remove loaded policy */
183 static ssize_t
profile_remove(struct file
*f
, const char __user
*buf
,
184 size_t size
, loff_t
*pos
)
186 struct aa_loaddata
*data
;
187 struct aa_label
*label
;
189 struct aa_ns
*ns
= aa_get_ns(f
->f_inode
->i_private
);
191 label
= aa_begin_current_label(DO_UPDATE
);
192 /* high level check about policy management - fine grained in
195 error
= aa_may_manage_policy(label
, ns
, AA_MAY_REMOVE_POLICY
);
200 * aa_remove_profile needs a null terminated string so 1 extra
201 * byte is allocated and the copied data is null terminated.
203 data
= aa_simple_write_to_buffer(buf
, size
+ 1, size
, pos
);
205 error
= PTR_ERR(data
);
207 data
->data
[size
] = 0;
208 error
= aa_remove_profiles(ns
? ns
: labels_ns(label
), label
,
210 aa_put_loaddata(data
);
213 aa_end_current_label(label
);
218 static const struct file_operations aa_fs_profile_remove
= {
219 .write
= profile_remove
,
220 .llseek
= default_llseek
,
228 /* revision file hook fn for policy loads */
229 static int ns_revision_release(struct inode
*inode
, struct file
*file
)
231 struct aa_revision
*rev
= file
->private_data
;
241 static ssize_t
ns_revision_read(struct file
*file
, char __user
*buf
,
242 size_t size
, loff_t
*ppos
)
244 struct aa_revision
*rev
= file
->private_data
;
249 mutex_lock(&rev
->ns
->lock
);
250 last_read
= rev
->last_read
;
251 if (last_read
== rev
->ns
->revision
) {
252 mutex_unlock(&rev
->ns
->lock
);
253 if (file
->f_flags
& O_NONBLOCK
)
255 if (wait_event_interruptible(rev
->ns
->wait
,
257 READ_ONCE(rev
->ns
->revision
)))
259 mutex_lock(&rev
->ns
->lock
);
262 avail
= sprintf(buffer
, "%ld\n", rev
->ns
->revision
);
263 if (*ppos
+ size
> avail
) {
264 rev
->last_read
= rev
->ns
->revision
;
267 mutex_unlock(&rev
->ns
->lock
);
269 return simple_read_from_buffer(buf
, size
, ppos
, buffer
, avail
);
272 static int ns_revision_open(struct inode
*inode
, struct file
*file
)
274 struct aa_revision
*rev
= kzalloc(sizeof(*rev
), GFP_KERNEL
);
279 rev
->ns
= aa_get_ns(inode
->i_private
);
281 rev
->ns
= aa_get_current_ns();
282 file
->private_data
= rev
;
287 static unsigned int ns_revision_poll(struct file
*file
, poll_table
*pt
)
289 struct aa_revision
*rev
= file
->private_data
;
290 unsigned int mask
= 0;
293 mutex_lock(&rev
->ns
->lock
);
294 poll_wait(file
, &rev
->ns
->wait
, pt
);
295 if (rev
->last_read
< rev
->ns
->revision
)
296 mask
|= POLLIN
| POLLRDNORM
;
297 mutex_unlock(&rev
->ns
->lock
);
303 void __aa_bump_ns_revision(struct aa_ns
*ns
)
306 wake_up_interruptible(&ns
->wait
);
309 static const struct file_operations ns_revision_fops
= {
310 .owner
= THIS_MODULE
,
311 .open
= ns_revision_open
,
312 .poll
= ns_revision_poll
,
313 .read
= ns_revision_read
,
314 .llseek
= generic_file_llseek
,
315 .release
= ns_revision_release
,
318 static void profile_query_cb(struct aa_profile
*profile
, struct aa_perms
*perms
,
319 const char *match_str
, size_t match_len
)
323 unsigned int state
= 0;
325 if (profile_unconfined(profile
))
327 if (profile
->file
.dfa
&& *match_str
== AA_CLASS_FILE
) {
328 dfa
= profile
->file
.dfa
;
329 state
= aa_dfa_match_len(dfa
, profile
->file
.start
,
330 match_str
+ 1, match_len
- 1);
333 struct path_cond cond
= { };
334 tmp
= aa_compute_fperms(dfa
, state
, &cond
);
336 } else if (profile
->policy
.dfa
) {
337 if (!PROFILE_MEDIATES_SAFE(profile
, *match_str
))
338 return; /* no change to current perms */
339 dfa
= profile
->policy
.dfa
;
340 state
= aa_dfa_match_len(dfa
, profile
->policy
.start
[0],
341 match_str
, match_len
);
343 aa_compute_perms(dfa
, state
, &tmp
);
347 aa_apply_modes_to_perms(profile
, &tmp
);
348 aa_perms_accum_raw(perms
, &tmp
);
352 * query_data - queries a policy and writes its data to buf
353 * @buf: the resulting data is stored here (NOT NULL)
354 * @buf_len: size of buf
355 * @query: query string used to retrieve data
356 * @query_len: size of query including second NUL byte
358 * The buffers pointed to by buf and query may overlap. The query buffer is
359 * parsed before buf is written to.
361 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of
362 * the security confinement context and <KEY> is the name of the data to
363 * retrieve. <LABEL> and <KEY> must not be NUL-terminated.
365 * Don't expect the contents of buf to be preserved on failure.
367 * Returns: number of characters written to buf or -errno on failure
369 static ssize_t
query_data(char *buf
, size_t buf_len
,
370 char *query
, size_t query_len
)
375 struct aa_label
*label
, *curr
;
376 struct aa_profile
*profile
;
377 struct aa_data
*data
;
383 return -EINVAL
; /* need a query */
385 key
= query
+ strnlen(query
, query_len
) + 1;
386 if (key
+ 1 >= query
+ query_len
)
387 return -EINVAL
; /* not enough space for a non-empty key */
388 if (key
+ strnlen(key
, query
+ query_len
- key
) >= query
+ query_len
)
389 return -EINVAL
; /* must end with NUL */
391 if (buf_len
< sizeof(bytes
) + sizeof(blocks
))
392 return -EINVAL
; /* not enough space */
394 curr
= aa_begin_current_label(DO_UPDATE
);
395 label
= aa_label_parse(curr
, query
, GFP_KERNEL
, false, false);
396 aa_end_current_label(curr
);
398 return PTR_ERR(label
);
400 /* We are going to leave space for two numbers. The first is the total
401 * number of bytes we are writing after the first number. This is so
402 * users can read the full output without reallocation.
404 * The second number is the number of data blocks we're writing. An
405 * application might be confined by multiple policies having data in
408 memset(buf
, 0, sizeof(bytes
) + sizeof(blocks
));
409 out
= buf
+ sizeof(bytes
) + sizeof(blocks
);
412 label_for_each_confined(i
, label
, profile
) {
416 data
= rhashtable_lookup_fast(profile
->data
, &key
,
420 if (out
+ sizeof(size
) + data
->size
> buf
+ buf_len
) {
422 return -EINVAL
; /* not enough space */
424 size
= __cpu_to_le32(data
->size
);
425 memcpy(out
, &size
, sizeof(size
));
427 memcpy(out
, data
->data
, data
->size
);
434 bytes
= out
- buf
- sizeof(bytes
);
435 bytes
= __cpu_to_le32(bytes
);
436 blocks
= __cpu_to_le32(blocks
);
437 memcpy(buf
, &bytes
, sizeof(bytes
));
438 memcpy(buf
+ sizeof(bytes
), &blocks
, sizeof(blocks
));
444 * query_label - queries a label and writes permissions to buf
445 * @buf: the resulting permissions string is stored here (NOT NULL)
446 * @buf_len: size of buf
447 * @query: binary query string to match against the dfa
448 * @query_len: size of query
450 * The buffers pointed to by buf and query may overlap. The query buffer is
451 * parsed before buf is written to.
453 * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is
454 * the name of the label, in the current namespace, that is to be queried and
455 * DFA_STRING is a binary string to match against the label(s)'s DFA.
457 * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters
458 * but must *not* be NUL terminated.
460 * Returns: number of characters written to buf or -errno on failure
462 static ssize_t
query_label(char *buf
, size_t buf_len
,
463 char *query
, size_t query_len
, bool ns_only
)
465 struct aa_profile
*profile
;
466 struct aa_label
*label
, *curr
;
467 char *label_name
, *match_str
;
468 size_t label_name_len
, match_len
;
469 struct aa_perms perms
;
476 label_name_len
= strnlen(query
, query_len
);
477 if (!label_name_len
|| label_name_len
== query_len
)
481 * The extra byte is to account for the null byte between the
482 * profile name and dfa string. profile_name_len is greater
483 * than zero and less than query_len, so a byte can be safely
484 * added or subtracted.
486 match_str
= label_name
+ label_name_len
+ 1;
487 match_len
= query_len
- label_name_len
- 1;
489 curr
= aa_begin_current_label(DO_UPDATE
);
490 label
= aa_label_parse(curr
, label_name
, GFP_KERNEL
, false, false);
491 aa_end_current_label(curr
);
493 return PTR_ERR(label
);
497 label_for_each_in_ns(i
, labels_ns(label
), label
, profile
) {
498 profile_query_cb(profile
, &perms
, match_str
, match_len
);
501 label_for_each(i
, label
, profile
) {
502 profile_query_cb(profile
, &perms
, match_str
, match_len
);
507 return scnprintf(buf
, buf_len
,
508 "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n",
509 perms
.allow
, perms
.deny
, perms
.audit
, perms
.quiet
);
512 #define QUERY_CMD_LABEL "label\0"
513 #define QUERY_CMD_LABEL_LEN 6
514 #define QUERY_CMD_PROFILE "profile\0"
515 #define QUERY_CMD_PROFILE_LEN 8
516 #define QUERY_CMD_LABELALL "labelall\0"
517 #define QUERY_CMD_LABELALL_LEN 9
518 #define QUERY_CMD_DATA "data\0"
519 #define QUERY_CMD_DATA_LEN 5
522 * aa_write_access - generic permissions and data query
523 * @file: pointer to open apparmorfs/access file
524 * @ubuf: user buffer containing the complete query string (NOT NULL)
525 * @count: size of ubuf
526 * @ppos: position in the file (MUST BE ZERO)
528 * Allows for one permissions or data query per open(), write(), and read()
529 * sequence. The only queries currently supported are label-based queries for
530 * permissions or data.
532 * For permissions queries, ubuf must begin with "label\0", followed by the
533 * profile query specific format described in the query_label() function
536 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where
537 * <LABEL> is the name of the security confinement context and <KEY> is the
538 * name of the data to retrieve.
540 * Returns: number of bytes written or -errno on failure
542 static ssize_t
aa_write_access(struct file
*file
, const char __user
*ubuf
,
543 size_t count
, loff_t
*ppos
)
551 buf
= simple_transaction_get(file
, ubuf
, count
);
555 if (count
> QUERY_CMD_PROFILE_LEN
&&
556 !memcmp(buf
, QUERY_CMD_PROFILE
, QUERY_CMD_PROFILE_LEN
)) {
557 len
= query_label(buf
, SIMPLE_TRANSACTION_LIMIT
,
558 buf
+ QUERY_CMD_PROFILE_LEN
,
559 count
- QUERY_CMD_PROFILE_LEN
, true);
560 } else if (count
> QUERY_CMD_LABEL_LEN
&&
561 !memcmp(buf
, QUERY_CMD_LABEL
, QUERY_CMD_LABEL_LEN
)) {
562 len
= query_label(buf
, SIMPLE_TRANSACTION_LIMIT
,
563 buf
+ QUERY_CMD_LABEL_LEN
,
564 count
- QUERY_CMD_LABEL_LEN
, true);
565 } else if (count
> QUERY_CMD_LABELALL_LEN
&&
566 !memcmp(buf
, QUERY_CMD_LABELALL
, QUERY_CMD_LABELALL_LEN
)) {
567 len
= query_label(buf
, SIMPLE_TRANSACTION_LIMIT
,
568 buf
+ QUERY_CMD_LABELALL_LEN
,
569 count
- QUERY_CMD_LABELALL_LEN
, false);
570 } else if (count
> QUERY_CMD_DATA_LEN
&&
571 !memcmp(buf
, QUERY_CMD_DATA
, QUERY_CMD_DATA_LEN
)) {
572 len
= query_data(buf
, SIMPLE_TRANSACTION_LIMIT
,
573 buf
+ QUERY_CMD_DATA_LEN
,
574 count
- QUERY_CMD_DATA_LEN
);
581 simple_transaction_set(file
, len
);
586 static const struct file_operations aa_fs_access
= {
587 .write
= aa_write_access
,
588 .read
= simple_transaction_read
,
589 .release
= simple_transaction_release
,
590 .llseek
= generic_file_llseek
,
593 static int aa_fs_seq_show(struct seq_file
*seq
, void *v
)
595 struct aa_fs_entry
*fs_file
= seq
->private;
600 switch (fs_file
->v_type
) {
601 case AA_FS_TYPE_BOOLEAN
:
602 seq_printf(seq
, "%s\n", fs_file
->v
.boolean
? "yes" : "no");
604 case AA_FS_TYPE_STRING
:
605 seq_printf(seq
, "%s\n", fs_file
->v
.string
);
608 seq_printf(seq
, "%#08lx\n", fs_file
->v
.u64
);
611 /* Ignore unpritable entry types. */
618 static int aa_fs_seq_open(struct inode
*inode
, struct file
*file
)
620 return single_open(file
, aa_fs_seq_show
, inode
->i_private
);
623 const struct file_operations aa_fs_seq_file_ops
= {
624 .owner
= THIS_MODULE
,
625 .open
= aa_fs_seq_open
,
628 .release
= single_release
,
631 static int aa_fs_seq_profile_open(struct inode
*inode
, struct file
*file
,
632 int (*show
)(struct seq_file
*, void *))
634 struct aa_proxy
*proxy
= aa_get_proxy(inode
->i_private
);
635 int error
= single_open(file
, show
, proxy
);
638 file
->private_data
= NULL
;
645 static int aa_fs_seq_profile_release(struct inode
*inode
, struct file
*file
)
647 struct seq_file
*seq
= (struct seq_file
*) file
->private_data
;
649 aa_put_proxy(seq
->private);
650 return single_release(inode
, file
);
653 static int aa_fs_seq_profname_show(struct seq_file
*seq
, void *v
)
655 struct aa_proxy
*proxy
= seq
->private;
656 struct aa_label
*label
= aa_get_label_rcu(&proxy
->label
);
657 struct aa_profile
*profile
= labels_profile(label
);
658 seq_printf(seq
, "%s\n", profile
->base
.name
);
664 static int aa_fs_seq_profname_open(struct inode
*inode
, struct file
*file
)
666 return aa_fs_seq_profile_open(inode
, file
, aa_fs_seq_profname_show
);
669 static const struct file_operations aa_fs_profname_fops
= {
670 .owner
= THIS_MODULE
,
671 .open
= aa_fs_seq_profname_open
,
674 .release
= aa_fs_seq_profile_release
,
677 static int aa_fs_seq_profmode_show(struct seq_file
*seq
, void *v
)
679 struct aa_proxy
*proxy
= seq
->private;
680 struct aa_label
*label
= aa_get_label_rcu(&proxy
->label
);
681 struct aa_profile
*profile
= labels_profile(label
);
682 seq_printf(seq
, "%s\n", aa_profile_mode_names
[profile
->mode
]);
688 static int aa_fs_seq_profmode_open(struct inode
*inode
, struct file
*file
)
690 return aa_fs_seq_profile_open(inode
, file
, aa_fs_seq_profmode_show
);
693 static const struct file_operations aa_fs_profmode_fops
= {
694 .owner
= THIS_MODULE
,
695 .open
= aa_fs_seq_profmode_open
,
698 .release
= aa_fs_seq_profile_release
,
701 static int aa_fs_seq_profattach_show(struct seq_file
*seq
, void *v
)
703 struct aa_proxy
*proxy
= seq
->private;
704 struct aa_label
*label
= aa_get_label_rcu(&proxy
->label
);
705 struct aa_profile
*profile
= labels_profile(label
);
707 seq_printf(seq
, "%s\n", profile
->attach
);
708 else if (profile
->xmatch
)
709 seq_puts(seq
, "<unknown>\n");
711 seq_printf(seq
, "%s\n", profile
->base
.name
);
717 static int aa_fs_seq_profattach_open(struct inode
*inode
, struct file
*file
)
719 return aa_fs_seq_profile_open(inode
, file
, aa_fs_seq_profattach_show
);
722 static const struct file_operations aa_fs_profattach_fops
= {
723 .owner
= THIS_MODULE
,
724 .open
= aa_fs_seq_profattach_open
,
727 .release
= aa_fs_seq_profile_release
,
730 static int aa_fs_seq_hash_show(struct seq_file
*seq
, void *v
)
732 struct aa_proxy
*proxy
= seq
->private;
733 struct aa_label
*label
= aa_get_label_rcu(&proxy
->label
);
734 struct aa_profile
*profile
= labels_profile(label
);
735 unsigned int i
, size
= aa_hash_size();
738 for (i
= 0; i
< size
; i
++)
739 seq_printf(seq
, "%.2x", profile
->hash
[i
]);
747 static int aa_fs_seq_hash_open(struct inode
*inode
, struct file
*file
)
749 return single_open(file
, aa_fs_seq_hash_show
, inode
->i_private
);
752 static const struct file_operations aa_fs_seq_hash_fops
= {
753 .owner
= THIS_MODULE
,
754 .open
= aa_fs_seq_hash_open
,
757 .release
= single_release
,
760 static int aa_fs_seq_show_stacked(struct seq_file
*seq
, void *v
)
762 struct aa_label
*label
= aa_begin_current_label(DO_UPDATE
);
763 seq_printf(seq
, "%s\n", label
->size
> 1 ? "yes" : "no");
764 aa_end_current_label(label
);
769 static int aa_fs_seq_open_stacked(struct inode
*inode
, struct file
*file
)
771 return single_open(file
, aa_fs_seq_show_stacked
, inode
->i_private
);
774 static const struct file_operations aa_fs_stacked
= {
775 .owner
= THIS_MODULE
,
776 .open
= aa_fs_seq_open_stacked
,
779 .release
= single_release
,
782 static int aa_fs_seq_show_ns_stacked(struct seq_file
*seq
, void *v
)
784 struct aa_label
*label
= aa_begin_current_label(DO_UPDATE
);
785 struct aa_profile
*profile
;
789 if (label
->size
> 1) {
790 label_for_each(it
, label
, profile
)
791 if (profile
->ns
!= labels_ns(label
)) {
797 seq_printf(seq
, "%s\n", count
> 1 ? "yes" : "no");
798 aa_end_current_label(label
);
803 static int aa_fs_seq_open_ns_stacked(struct inode
*inode
, struct file
*file
)
805 return single_open(file
, aa_fs_seq_show_ns_stacked
, inode
->i_private
);
808 static const struct file_operations aa_fs_ns_stacked
= {
809 .owner
= THIS_MODULE
,
810 .open
= aa_fs_seq_open_ns_stacked
,
813 .release
= single_release
,
816 static int aa_fs_seq_show_ns_level(struct seq_file
*seq
, void *v
)
818 struct aa_label
*label
= aa_begin_current_label(DO_UPDATE
);
819 seq_printf(seq
, "%d\n", labels_ns(label
)->level
);
820 aa_end_current_label(label
);
825 static int aa_fs_seq_open_ns_level(struct inode
*inode
, struct file
*file
)
827 return single_open(file
, aa_fs_seq_show_ns_level
, inode
->i_private
);
830 static const struct file_operations aa_fs_ns_level
= {
831 .owner
= THIS_MODULE
,
832 .open
= aa_fs_seq_open_ns_level
,
835 .release
= single_release
,
838 static int aa_fs_seq_show_ns_name(struct seq_file
*seq
, void *v
)
840 struct aa_label
*label
= aa_begin_current_label(DO_UPDATE
);
841 seq_printf(seq
, "%s\n", labels_ns(label
)->base
.name
);
842 aa_end_current_label(label
);
847 static int aa_fs_seq_open_ns_name(struct inode
*inode
, struct file
*file
)
849 return single_open(file
, aa_fs_seq_show_ns_name
, inode
->i_private
);
852 static const struct file_operations aa_fs_ns_name
= {
853 .owner
= THIS_MODULE
,
854 .open
= aa_fs_seq_open_ns_name
,
857 .release
= single_release
,
860 static int rawdata_release(struct inode
*inode
, struct file
*file
)
862 /* TODO: switch to loaddata when profile switched to symlink */
863 aa_put_loaddata(file
->private_data
);
868 static int aa_fs_seq_raw_abi_show(struct seq_file
*seq
, void *v
)
870 struct aa_proxy
*proxy
= seq
->private;
871 struct aa_label
*label
= aa_get_label_rcu(&proxy
->label
);
872 struct aa_profile
*profile
= labels_profile(label
);
874 if (profile
->rawdata
->abi
) {
875 seq_printf(seq
, "v%d", profile
->rawdata
->abi
);
883 static int aa_fs_seq_raw_abi_open(struct inode
*inode
, struct file
*file
)
885 return aa_fs_seq_profile_open(inode
, file
, aa_fs_seq_raw_abi_show
);
888 static const struct file_operations aa_fs_seq_raw_abi_fops
= {
889 .owner
= THIS_MODULE
,
890 .open
= aa_fs_seq_raw_abi_open
,
893 .release
= aa_fs_seq_profile_release
,
896 static int aa_fs_seq_raw_hash_show(struct seq_file
*seq
, void *v
)
898 struct aa_proxy
*proxy
= seq
->private;
899 struct aa_label
*label
= aa_get_label_rcu(&proxy
->label
);
900 struct aa_profile
*profile
= labels_profile(label
);
901 unsigned int i
, size
= aa_hash_size();
903 if (profile
->rawdata
->hash
) {
904 for (i
= 0; i
< size
; i
++)
905 seq_printf(seq
, "%.2x", profile
->rawdata
->hash
[i
]);
913 static int aa_fs_seq_raw_hash_open(struct inode
*inode
, struct file
*file
)
915 return aa_fs_seq_profile_open(inode
, file
, aa_fs_seq_raw_hash_show
);
918 static const struct file_operations aa_fs_seq_raw_hash_fops
= {
919 .owner
= THIS_MODULE
,
920 .open
= aa_fs_seq_raw_hash_open
,
923 .release
= aa_fs_seq_profile_release
,
926 static ssize_t
rawdata_read(struct file
*file
, char __user
*buf
, size_t size
,
929 struct aa_loaddata
*rawdata
= file
->private_data
;
931 return simple_read_from_buffer(buf
, size
, ppos
, rawdata
->data
,
935 static int rawdata_open(struct inode
*inode
, struct file
*file
)
937 struct aa_proxy
*proxy
= inode
->i_private
;
938 struct aa_label
*label
;
939 struct aa_profile
*profile
;
941 if (!policy_view_capable(NULL
))
943 label
= aa_get_label_rcu(&proxy
->label
);
944 profile
= labels_profile(label
);
945 file
->private_data
= aa_get_loaddata(profile
->rawdata
);
951 static const struct file_operations aa_fs_rawdata_fops
= {
952 .open
= rawdata_open
,
953 .read
= rawdata_read
,
954 .llseek
= generic_file_llseek
,
955 .release
= rawdata_release
,
958 /** fns to setup dynamic per profile/namespace files **/
962 * Requires: @profile->ns->lock held
964 void __aa_fs_profile_rmdir(struct aa_profile
*profile
)
966 struct aa_profile
*child
;
971 AA_BUG(!mutex_is_locked(&profiles_ns(profile
)->lock
));
973 list_for_each_entry(child
, &profile
->base
.profiles
, base
.list
)
974 __aa_fs_profile_rmdir(child
);
976 for (i
= AAFS_PROF_SIZEOF
- 1; i
>= 0; --i
) {
977 struct aa_proxy
*proxy
;
978 if (!profile
->dents
[i
])
981 proxy
= d_inode(profile
->dents
[i
])->i_private
;
982 securityfs_remove(profile
->dents
[i
]);
984 profile
->dents
[i
] = NULL
;
990 * Requires: @old->ns->lock held
992 void __aa_fs_profile_migrate_dents(struct aa_profile
*old
,
993 struct aa_profile
*new)
999 AA_BUG(!mutex_is_locked(&profiles_ns(old
)->lock
));
1001 for (i
= 0; i
< AAFS_PROF_SIZEOF
; i
++) {
1002 new->dents
[i
] = old
->dents
[i
];
1004 new->dents
[i
]->d_inode
->i_mtime
= current_time(new->dents
[i
]->d_inode
);
1005 old
->dents
[i
] = NULL
;
1009 static struct dentry
*create_profile_file(struct dentry
*dir
, const char *name
,
1010 struct aa_profile
*profile
,
1011 const struct file_operations
*fops
)
1013 struct aa_proxy
*proxy
= aa_get_proxy(profile
->label
.proxy
);
1014 struct dentry
*dent
;
1016 dent
= securityfs_create_file(name
, S_IFREG
| 0444, dir
, proxy
, fops
);
1018 aa_put_proxy(proxy
);
1025 * Requires: @profile->ns->lock held
1027 int __aa_fs_profile_mkdir(struct aa_profile
*profile
, struct dentry
*parent
)
1029 struct aa_profile
*child
;
1030 struct dentry
*dent
= NULL
, *dir
;
1034 AA_BUG(!mutex_is_locked(&profiles_ns(profile
)->lock
));
1037 struct aa_profile
*p
;
1038 p
= aa_deref_parent(profile
);
1040 /* adding to parent that previously didn't have children */
1041 dent
= securityfs_create_dir("profiles", dent
);
1044 prof_child_dir(p
) = parent
= dent
;
1047 if (!profile
->dirname
) {
1049 len
= mangle_name(profile
->base
.name
, NULL
);
1050 id_len
= snprintf(NULL
, 0, ".%ld", profile
->ns
->uniq_id
);
1052 profile
->dirname
= kmalloc(len
+ id_len
+ 1, GFP_KERNEL
);
1053 if (!profile
->dirname
)
1056 mangle_name(profile
->base
.name
, profile
->dirname
);
1057 sprintf(profile
->dirname
+ len
, ".%ld", profile
->ns
->uniq_id
++);
1060 dent
= securityfs_create_dir(profile
->dirname
, parent
);
1063 prof_dir(profile
) = dir
= dent
;
1065 dent
= create_profile_file(dir
, "name", profile
, &aa_fs_profname_fops
);
1068 profile
->dents
[AAFS_PROF_NAME
] = dent
;
1070 dent
= create_profile_file(dir
, "mode", profile
, &aa_fs_profmode_fops
);
1073 profile
->dents
[AAFS_PROF_MODE
] = dent
;
1075 dent
= create_profile_file(dir
, "attach", profile
,
1076 &aa_fs_profattach_fops
);
1079 profile
->dents
[AAFS_PROF_ATTACH
] = dent
;
1081 if (profile
->hash
) {
1082 dent
= create_profile_file(dir
, "sha1", profile
,
1083 &aa_fs_seq_hash_fops
);
1086 profile
->dents
[AAFS_PROF_HASH
] = dent
;
1089 if (profile
->rawdata
) {
1090 dent
= create_profile_file(dir
, "raw_hash", profile
,
1091 &aa_fs_seq_raw_hash_fops
);
1094 profile
->dents
[AAFS_PROF_RAW_HASH
] = dent
;
1096 dent
= create_profile_file(dir
, "raw_abi", profile
,
1097 &aa_fs_seq_raw_abi_fops
);
1100 profile
->dents
[AAFS_PROF_RAW_ABI
] = dent
;
1102 dent
= securityfs_create_file("raw_data", S_IFREG
| 0444, dir
,
1103 profile
->label
.proxy
,
1104 &aa_fs_rawdata_fops
);
1107 profile
->dents
[AAFS_PROF_RAW_DATA
] = dent
;
1108 d_inode(dent
)->i_size
= profile
->rawdata
->size
;
1109 aa_get_proxy(profile
->label
.proxy
);
1112 list_for_each_entry(child
, &profile
->base
.profiles
, base
.list
) {
1113 error
= __aa_fs_profile_mkdir(child
, prof_child_dir(profile
));
1121 error
= PTR_ERR(dent
);
1124 __aa_fs_profile_rmdir(profile
);
1129 static int ns_mkdir_op(struct inode
*dir
, struct dentry
*dentry
, umode_t mode
)
1131 struct aa_ns
*ns
, *parent
;
1132 /* TODO: improve permission check */
1133 struct aa_label
*label
= aa_begin_current_label(DO_UPDATE
);
1134 int error
= aa_may_manage_policy(label
, NULL
, AA_MAY_LOAD_POLICY
);
1135 aa_end_current_label(label
);
1139 parent
= aa_get_ns(dir
->i_private
);
1140 AA_BUG(d_inode(ns_subns_dir(parent
)) != dir
);
1142 /* we have to unlock and then relock to get locking order right
1146 securityfs_pin_fs();
1147 inode_lock_nested(dir
, I_MUTEX_PARENT
);
1149 error
= __securityfs_setup_d_inode(dir
, dentry
, mode
| S_IFDIR
, NULL
,
1154 ns
= aa_create_ns(parent
, ACCESS_ONCE(dentry
->d_name
.name
), dentry
);
1156 error
= PTR_ERR(ns
);
1160 aa_put_ns(ns
); /* list ref remains */
1166 static int ns_rmdir_op(struct inode
*dir
, struct dentry
*dentry
)
1168 struct aa_ns
*ns
, *parent
;
1169 /* TODO: improve permission check */
1170 struct aa_label
*label
= aa_begin_current_label(DO_UPDATE
);
1171 int error
= aa_may_manage_policy(label
, NULL
, AA_MAY_LOAD_POLICY
);
1172 aa_end_current_label(label
);
1176 parent
= aa_get_ns(dir
->i_private
);
1177 /* rmdir calls the generic securityfs functions to remove files
1178 * from the apparmor dir. It is up to the apparmor ns locking
1182 inode_unlock(dentry
->d_inode
);
1184 mutex_lock(&parent
->lock
);
1185 ns
= aa_get_ns(__aa_findn_ns(&parent
->sub_ns
, dentry
->d_name
.name
,
1186 dentry
->d_name
.len
));
1191 AA_BUG(ns_dir(ns
) != dentry
);
1197 mutex_unlock(&parent
->lock
);
1198 inode_lock_nested(dir
, I_MUTEX_PARENT
);
1199 inode_lock(dentry
->d_inode
);
1205 static const struct inode_operations ns_dir_inode_operations
= {
1206 .lookup
= simple_lookup
,
1207 .mkdir
= ns_mkdir_op
,
1208 .rmdir
= ns_rmdir_op
,
1213 * Requires: @ns->lock held
1215 void __aa_fs_ns_rmdir(struct aa_ns
*ns
)
1218 struct aa_profile
*child
;
1223 AA_BUG(!mutex_is_locked(&ns
->lock
));
1225 list_for_each_entry(child
, &ns
->base
.profiles
, base
.list
)
1226 __aa_fs_profile_rmdir(child
);
1228 list_for_each_entry(sub
, &ns
->sub_ns
, base
.list
) {
1229 mutex_lock(&sub
->lock
);
1230 __aa_fs_ns_rmdir(sub
);
1231 mutex_unlock(&sub
->lock
);
1234 if (ns_subns_dir(ns
)) {
1235 sub
= d_inode(ns_subns_dir(ns
))->i_private
;
1238 if (ns_subload(ns
)) {
1239 sub
= d_inode(ns_subload(ns
))->i_private
;
1242 if (ns_subreplace(ns
)) {
1243 sub
= d_inode(ns_subreplace(ns
))->i_private
;
1246 if (ns_subremove(ns
)) {
1247 sub
= d_inode(ns_subremove(ns
))->i_private
;
1250 if (ns_subrevision(ns
)) {
1251 sub
= d_inode(ns_subrevision(ns
))->i_private
;
1255 for (i
= AAFS_NS_SIZEOF
- 1; i
>= 0; --i
) {
1256 securityfs_remove(ns
->dents
[i
]);
1257 ns
->dents
[i
] = NULL
;
1261 /* assumes cleanup in caller */
1262 static int __aa_fs_ns_mkdir_entries(struct aa_ns
*ns
, struct dentry
*dir
)
1264 struct dentry
*dent
;
1269 dent
= securityfs_create_dir("profiles", dir
);
1271 return PTR_ERR(dent
);
1272 ns_subprofs_dir(ns
) = dent
;
1274 dent
= securityfs_create_dir("raw_data", dir
);
1276 return PTR_ERR(dent
);
1277 ns_subdata_dir(ns
) = dent
;
1279 dent
= securityfs_create_file("revision", 0444, dir
, ns
,
1282 return PTR_ERR(dent
);
1283 ns_subrevision(ns
) = dent
;
1285 dent
= securityfs_create_file(".load", 0666, dir
, ns
,
1286 &aa_fs_profile_load
);
1288 return PTR_ERR(dent
);
1290 ns_subload(ns
) = dent
;
1292 dent
= securityfs_create_file(".replace", 0666, dir
, ns
,
1293 &aa_fs_profile_replace
);
1295 return PTR_ERR(dent
);
1297 ns_subreplace(ns
) = dent
;
1299 dent
= securityfs_create_file(".remove", 0666, dir
, ns
,
1300 &aa_fs_profile_remove
);
1302 return PTR_ERR(dent
);
1304 ns_subremove(ns
) = dent
;
1306 /* use create_dentry so we can supply private data */
1307 dent
= securityfs_create_dentry("namespaces",
1308 S_IFDIR
| S_IRWXU
| S_IRUGO
| S_IXUGO
,
1310 &ns_dir_inode_operations
);
1312 return PTR_ERR(dent
);
1314 ns_subns_dir(ns
) = dent
;
1321 * Requires: @ns->lock held
1323 int __aa_fs_ns_mkdir(struct aa_ns
*ns
, struct dentry
*parent
, const char *name
,
1324 struct dentry
*dent
)
1327 struct aa_profile
*child
;
1333 AA_BUG(!mutex_is_locked(&ns
->lock
));
1336 name
= ns
->base
.name
;
1339 /* create ns dir if it doesn't already exist */
1340 dent
= securityfs_create_dir(name
, parent
);
1345 ns_dir(ns
) = dir
= dent
;
1346 error
= __aa_fs_ns_mkdir_entries(ns
, dir
);
1351 list_for_each_entry(child
, &ns
->base
.profiles
, base
.list
) {
1352 error
= __aa_fs_profile_mkdir(child
, ns_subprofs_dir(ns
));
1358 list_for_each_entry(sub
, &ns
->sub_ns
, base
.list
) {
1359 mutex_lock(&sub
->lock
);
1360 error
= __aa_fs_ns_mkdir(sub
, ns_subns_dir(ns
), NULL
, NULL
);
1361 mutex_unlock(&sub
->lock
);
1369 error
= PTR_ERR(dent
);
1372 __aa_fs_ns_rmdir(ns
);
1378 #define list_entry_is_head(pos, head, member) (&pos->member == (head))
1381 * __next_ns - find the next namespace to list
1382 * @root: root namespace to stop search at (NOT NULL)
1383 * @ns: current ns position (NOT NULL)
1385 * Find the next namespace from @ns under @root and handle all locking needed
1386 * while switching current namespace.
1388 * Returns: next namespace or NULL if at last namespace under @root
1389 * Requires: ns->parent->lock to be held
1390 * NOTE: will not unlock root->lock
1392 static struct aa_ns
*__next_ns(struct aa_ns
*root
, struct aa_ns
*ns
)
1394 struct aa_ns
*parent
, *next
;
1398 AA_BUG(ns
!= root
&& !mutex_is_locked(&ns
->parent
->lock
));
1400 /* is next namespace a child */
1401 if (!list_empty(&ns
->sub_ns
)) {
1402 next
= list_first_entry(&ns
->sub_ns
, typeof(*ns
), base
.list
);
1403 mutex_lock(&next
->lock
);
1407 /* check if the next ns is a sibling, parent, gp, .. */
1408 parent
= ns
->parent
;
1409 while (ns
!= root
) {
1410 mutex_unlock(&ns
->lock
);
1411 next
= list_next_entry(ns
, base
.list
);
1412 if (!list_entry_is_head(next
, &parent
->sub_ns
, base
.list
)) {
1413 mutex_lock(&next
->lock
);
1417 parent
= parent
->parent
;
1424 * __first_profile - find the first profile in a namespace
1425 * @root: namespace that is root of profiles being displayed (NOT NULL)
1426 * @ns: namespace to start in (MAY BE NULL)
1428 * Returns: unrefcounted profile or NULL if no profile
1429 * Requires: ns.lock to be held
1431 static struct aa_profile
*__first_profile(struct aa_ns
*root
, struct aa_ns
*ns
)
1434 AA_BUG(ns
&& !mutex_is_locked(&ns
->lock
));
1436 for (; ns
; ns
= __next_ns(root
, ns
)) {
1437 if (!list_empty(&ns
->base
.profiles
))
1438 return list_first_entry(&ns
->base
.profiles
,
1439 struct aa_profile
, base
.list
);
1445 * __next_profile - step to the next profile in a profile tree
1446 * @profile: current profile in tree (NOT NULL)
1448 * Perform a depth first traversal on the profile tree in a namespace
1450 * Returns: next profile or NULL if done
1451 * Requires: profile->ns.lock to be held
1453 static struct aa_profile
*__next_profile(struct aa_profile
*p
)
1455 struct aa_profile
*parent
;
1456 struct aa_ns
*ns
= p
->ns
;
1458 AA_BUG(!mutex_is_locked(&profiles_ns(p
)->lock
));
1460 /* is next profile a child */
1461 if (!list_empty(&p
->base
.profiles
))
1462 return list_first_entry(&p
->base
.profiles
, typeof(*p
),
1465 /* is next profile a sibling, parent sibling, gp, sibling, .. */
1466 parent
= rcu_dereference_protected(p
->parent
,
1467 mutex_is_locked(&p
->ns
->lock
));
1469 p
= list_next_entry(p
, base
.list
);
1470 if (!list_entry_is_head(p
, &parent
->base
.profiles
, base
.list
))
1473 parent
= rcu_dereference_protected(parent
->parent
,
1474 mutex_is_locked(&parent
->ns
->lock
));
1477 /* is next another profile in the namespace */
1478 p
= list_next_entry(p
, base
.list
);
1479 if (!list_entry_is_head(p
, &ns
->base
.profiles
, base
.list
))
1486 * next_profile - step to the next profile in where ever it may be
1487 * @root: root namespace (NOT NULL)
1488 * @profile: current profile (NOT NULL)
1490 * Returns: next profile or NULL if there isn't one
1492 static struct aa_profile
*next_profile(struct aa_ns
*root
,
1493 struct aa_profile
*profile
)
1495 struct aa_profile
*next
= __next_profile(profile
);
1499 /* finished all profiles in namespace move to next namespace */
1500 return __first_profile(root
, __next_ns(root
, profile
->ns
));
1504 * p_start - start a depth first traversal of profile tree
1505 * @f: seq_file to fill
1506 * @pos: current position
1508 * Returns: first profile under current namespace or NULL if none found
1510 * acquires first ns->lock
1512 static void *p_start(struct seq_file
*f
, loff_t
*pos
)
1514 struct aa_profile
*profile
= NULL
;
1515 struct aa_ns
*root
= aa_get_current_ns();
1519 /* find the first profile */
1520 mutex_lock(&root
->lock
);
1521 profile
= __first_profile(root
, root
);
1523 /* skip to position */
1524 for (; profile
&& l
> 0; l
--)
1525 profile
= next_profile(root
, profile
);
1531 * p_next - read the next profile entry
1532 * @f: seq_file to fill
1533 * @p: profile previously returned
1534 * @pos: current position
1536 * Returns: next profile after @p or NULL if none
1538 * may acquire/release locks in namespace tree as necessary
1540 static void *p_next(struct seq_file
*f
, void *p
, loff_t
*pos
)
1542 struct aa_profile
*profile
= p
;
1543 struct aa_ns
*ns
= f
->private;
1546 return next_profile(ns
, profile
);
1550 * p_stop - stop depth first traversal
1551 * @f: seq_file we are filling
1552 * @p: the last profile writen
1554 * Release all locking done by p_start/p_next on namespace tree
1556 static void p_stop(struct seq_file
*f
, void *p
)
1558 struct aa_profile
*profile
= p
;
1559 struct aa_ns
*root
= f
->private, *ns
;
1562 for (ns
= profile
->ns
; ns
&& ns
!= root
; ns
= ns
->parent
)
1563 mutex_unlock(&ns
->lock
);
1565 mutex_unlock(&root
->lock
);
1570 * seq_show_profile - show a profile entry
1571 * @f: seq_file to file
1572 * @p: current position (profile) (NOT NULL)
1574 * Returns: error on failure
1576 static int seq_show_profile(struct seq_file
*f
, void *p
)
1578 struct aa_profile
*profile
= (struct aa_profile
*)p
;
1579 struct aa_ns
*root
= f
->private;
1581 aa_label_seq_xprint(f
, root
, &profile
->label
,
1582 FLAG_SHOW_MODE
| FLAG_VIEW_SUBNS
, GFP_KERNEL
);
1583 seq_printf(f
, "\n");
1588 static const struct seq_operations aa_fs_profiles_op
= {
1592 .show
= seq_show_profile
,
1595 static int profiles_open(struct inode
*inode
, struct file
*file
)
1597 if (!policy_view_capable(NULL
))
1600 return seq_open(file
, &aa_fs_profiles_op
);
1603 static int profiles_release(struct inode
*inode
, struct file
*file
)
1605 return seq_release(inode
, file
);
1608 static const struct file_operations aa_fs_profiles_fops
= {
1609 .open
= profiles_open
,
1611 .llseek
= seq_lseek
,
1612 .release
= profiles_release
,
1616 /** Base file system setup **/
1617 static struct aa_fs_entry aa_fs_entry_file
[] = {
1618 AA_FS_FILE_STRING("mask", "create read write exec append mmap_exec " \
1623 static struct aa_fs_entry aa_fs_entry_ptrace
[] = {
1624 AA_FS_FILE_STRING("mask", "read trace"),
1628 static struct aa_fs_entry aa_fs_entry_signal
[] = {
1629 AA_FS_FILE_STRING("mask", AA_FS_SIG_MASK
),
1633 static struct aa_fs_entry aa_fs_entry_domain
[] = {
1634 AA_FS_FILE_BOOLEAN("change_hat", 1),
1635 AA_FS_FILE_BOOLEAN("change_hatv", 1),
1636 AA_FS_FILE_BOOLEAN("change_onexec", 1),
1637 AA_FS_FILE_BOOLEAN("change_profile", 1),
1638 AA_FS_FILE_BOOLEAN("stack", 1),
1639 AA_FS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1),
1640 AA_FS_FILE_STRING("version", "1.2"),
1644 static struct aa_fs_entry aa_fs_entry_versions
[] = {
1645 AA_FS_FILE_BOOLEAN("v5", 1),
1646 AA_FS_FILE_BOOLEAN("v6", 1),
1647 AA_FS_FILE_BOOLEAN("v7", 1),
1651 static struct aa_fs_entry aa_fs_entry_policy
[] = {
1652 AA_FS_DIR("versions", aa_fs_entry_versions
),
1653 AA_FS_FILE_BOOLEAN("set_load", 1),
1657 static struct aa_fs_entry aa_fs_entry_mount
[] = {
1658 AA_FS_FILE_STRING("mask", "mount umount"),
1662 static struct aa_fs_entry aa_fs_entry_ns
[] = {
1663 AA_FS_FILE_BOOLEAN("profile", 1),
1664 AA_FS_FILE_BOOLEAN("pivot_root", 1),
1668 static struct aa_fs_entry aa_fs_entry_dbus
[] = {
1669 AA_FS_FILE_STRING("mask", "acquire send receive"),
1673 static struct aa_fs_entry aa_fs_entry_query_label
[] = {
1674 AA_FS_FILE_STRING("perms", "allow deny audit quiet"),
1675 AA_FS_FILE_BOOLEAN("data", 1),
1679 static struct aa_fs_entry aa_fs_entry_query
[] = {
1680 AA_FS_DIR("label", aa_fs_entry_query_label
),
1683 static struct aa_fs_entry aa_fs_entry_features
[] = {
1684 AA_FS_DIR("policy", aa_fs_entry_policy
),
1685 AA_FS_DIR("domain", aa_fs_entry_domain
),
1686 AA_FS_DIR("file", aa_fs_entry_file
),
1687 AA_FS_DIR("network", aa_fs_entry_network
),
1688 AA_FS_DIR("mount", aa_fs_entry_mount
),
1689 AA_FS_DIR("namespaces", aa_fs_entry_ns
),
1690 AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK
),
1691 AA_FS_DIR("rlimit", aa_fs_entry_rlimit
),
1692 AA_FS_DIR("caps", aa_fs_entry_caps
),
1693 AA_FS_DIR("ptrace", aa_fs_entry_ptrace
),
1694 AA_FS_DIR("signal", aa_fs_entry_signal
),
1695 AA_FS_DIR("dbus", aa_fs_entry_dbus
),
1696 AA_FS_DIR("query", aa_fs_entry_query
),
1700 static struct aa_fs_entry aa_fs_entry_apparmor
[] = {
1701 AA_FS_FILE_FOPS(".access", 0666, &aa_fs_access
),
1702 AA_FS_FILE_FOPS(".stacked", 0666, &aa_fs_stacked
),
1703 AA_FS_FILE_FOPS(".ns_stacked", 0666, &aa_fs_ns_stacked
),
1704 AA_FS_FILE_FOPS(".ns_level", 0666, &aa_fs_ns_level
),
1705 AA_FS_FILE_FOPS(".ns_name", 0666, &aa_fs_ns_name
),
1706 AA_FS_FILE_FOPS("profiles", 0444, &aa_fs_profiles_fops
),
1707 AA_FS_DIR("features", aa_fs_entry_features
),
1711 static struct aa_fs_entry aa_fs_entry
=
1712 AA_FS_DIR("apparmor", aa_fs_entry_apparmor
);
1715 * aafs_create_file - create a file entry in the apparmor securityfs
1716 * @fs_file: aa_fs_entry to build an entry for (NOT NULL)
1717 * @parent: the parent dentry in the securityfs
1719 * Use aafs_remove_file to remove entries created with this fn.
1721 static int __init
aafs_create_file(struct aa_fs_entry
*fs_file
,
1722 struct dentry
*parent
)
1726 fs_file
->dentry
= securityfs_create_file(fs_file
->name
,
1727 S_IFREG
| fs_file
->mode
,
1730 if (IS_ERR(fs_file
->dentry
)) {
1731 error
= PTR_ERR(fs_file
->dentry
);
1732 fs_file
->dentry
= NULL
;
1737 static void __init
aafs_remove_dir(struct aa_fs_entry
*fs_dir
);
1739 * aafs_create_dir - recursively create a directory entry in the securityfs
1740 * @fs_dir: aa_fs_entry (and all child entries) to build (NOT NULL)
1741 * @parent: the parent dentry in the securityfs
1743 * Use aafs_remove_dir to remove entries created with this fn.
1745 static int __init
aafs_create_dir(struct aa_fs_entry
*fs_dir
,
1746 struct dentry
*parent
)
1748 struct aa_fs_entry
*fs_file
;
1752 dir
= securityfs_create_dir(fs_dir
->name
, parent
);
1754 return PTR_ERR(dir
);
1755 fs_dir
->dentry
= dir
;
1757 for (fs_file
= fs_dir
->v
.files
; fs_file
&& fs_file
->name
; ++fs_file
) {
1758 if (fs_file
->v_type
== AA_FS_TYPE_DIR
)
1759 error
= aafs_create_dir(fs_file
, fs_dir
->dentry
);
1761 error
= aafs_create_file(fs_file
, fs_dir
->dentry
);
1769 aafs_remove_dir(fs_dir
);
1775 * aafs_remove_file - drop a single file entry in the apparmor securityfs
1776 * @fs_file: aa_fs_entry to detach from the securityfs (NOT NULL)
1778 static void __init
aafs_remove_file(struct aa_fs_entry
*fs_file
)
1780 if (!fs_file
->dentry
)
1783 securityfs_remove(fs_file
->dentry
);
1784 fs_file
->dentry
= NULL
;
1788 * aafs_remove_dir - recursively drop a directory entry from the securityfs
1789 * @fs_dir: aa_fs_entry (and all child entries) to detach (NOT NULL)
1791 static void __init
aafs_remove_dir(struct aa_fs_entry
*fs_dir
)
1793 struct aa_fs_entry
*fs_file
;
1795 for (fs_file
= fs_dir
->v
.files
; fs_file
&& fs_file
->name
; ++fs_file
) {
1796 if (fs_file
->v_type
== AA_FS_TYPE_DIR
)
1797 aafs_remove_dir(fs_file
);
1799 aafs_remove_file(fs_file
);
1802 aafs_remove_file(fs_dir
);
1806 * aa_destroy_aafs - cleanup and free aafs
1808 * releases dentries allocated by aa_create_aafs
1810 void __init
aa_destroy_aafs(void)
1812 aafs_remove_dir(&aa_fs_entry
);
1816 #define NULL_FILE_NAME ".null"
1817 struct path aa_null
;
1819 static int aa_mk_null_file(struct dentry
*parent
)
1821 struct vfsmount
*mount
= NULL
;
1822 struct dentry
*dentry
;
1823 struct inode
*inode
;
1825 int error
= simple_pin_fs(parent
->d_sb
->s_type
, &mount
, &count
);
1829 inode_lock(d_inode(parent
));
1830 dentry
= lookup_one_len(NULL_FILE_NAME
, parent
, strlen(NULL_FILE_NAME
));
1831 if (IS_ERR(dentry
)) {
1832 error
= PTR_ERR(dentry
);
1835 inode
= new_inode(parent
->d_inode
->i_sb
);
1841 inode
->i_ino
= get_next_ino();
1842 inode
->i_mode
= S_IFCHR
| S_IRUGO
| S_IWUGO
;
1843 inode
->i_atime
= inode
->i_mtime
= inode
->i_ctime
= CURRENT_TIME
;
1844 init_special_inode(inode
, S_IFCHR
| S_IRUGO
| S_IWUGO
,
1845 MKDEV(MEM_MAJOR
, 3));
1846 d_instantiate(dentry
, inode
);
1847 aa_null
.dentry
= dget(dentry
);
1848 aa_null
.mnt
= mntget(mount
);
1855 inode_unlock(d_inode(parent
));
1856 simple_release_fs(&mount
, &count
);
1861 * aa_create_aafs - create the apparmor security filesystem
1863 * dentries created here are released by aa_destroy_aafs
1865 * Returns: error on failure
1867 static int __init
aa_create_aafs(void)
1869 struct dentry
*dent
;
1872 if (!apparmor_initialized
)
1875 if (aa_fs_entry
.dentry
) {
1876 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__
);
1880 /* Populate fs tree. */
1881 error
= aafs_create_dir(&aa_fs_entry
, NULL
);
1885 dent
= securityfs_create_file(".load", 0666, aa_fs_entry
.dentry
,
1886 NULL
, &aa_fs_profile_load
);
1888 error
= PTR_ERR(dent
);
1891 ns_subload(root_ns
) = dent
;
1893 dent
= securityfs_create_file(".replace", 0666, aa_fs_entry
.dentry
,
1894 NULL
, &aa_fs_profile_replace
);
1896 error
= PTR_ERR(dent
);
1899 ns_subreplace(root_ns
) = dent
;
1901 dent
= securityfs_create_file(".remove", 0666, aa_fs_entry
.dentry
,
1902 NULL
, &aa_fs_profile_remove
);
1904 error
= PTR_ERR(dent
);
1907 ns_subremove(root_ns
) = dent
;
1909 dent
= securityfs_create_file("revision", 0444, aa_fs_entry
.dentry
,
1910 NULL
, &ns_revision_fops
);
1912 error
= PTR_ERR(dent
);
1915 ns_subrevision(root_ns
) = dent
;
1917 mutex_lock(&root_ns
->lock
);
1918 error
= __aa_fs_ns_mkdir(root_ns
, aa_fs_entry
.dentry
, "policy", NULL
);
1919 mutex_unlock(&root_ns
->lock
);
1924 error
= aa_mk_null_file(aa_fs_entry
.dentry
);
1928 if (!aa_g_unconfined_init
) {
1929 /* TODO: add default profile to apparmorfs */
1932 /* Report that AppArmor fs is enabled */
1933 aa_info_message("AppArmor Filesystem Enabled");
1938 AA_ERROR("Error creating AppArmor securityfs\n");
1942 fs_initcall(aa_create_aafs
);