]>
git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - security/apparmor/lib.c
2 * AppArmor security module
4 * This file contains basic common functions used in AppArmor
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2013 Canonical Ltd.
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
15 #include <linux/ctype.h>
17 #include <linux/slab.h>
18 #include <linux/string.h>
19 #include <linux/vmalloc.h>
21 #include "include/apparmor.h"
22 #include "include/audit.h"
23 #include "include/label.h"
24 #include "include/lib.h"
25 #include "include/perms.h"
26 #include "include/policy.h"
28 struct aa_perms nullperms
;
29 struct aa_perms allperms
= { .allow
= ALL_PERMS_MASK
,
30 .quiet
= ALL_PERMS_MASK
,
31 .hide
= ALL_PERMS_MASK
};
34 * aa_split_fqname - split a fqname into a profile and namespace name
35 * @fqname: a full qualified name in namespace profile format (NOT NULL)
36 * @ns_name: pointer to portion of the string containing the ns name (NOT NULL)
38 * Returns: profile name or NULL if one is not specified
40 * Split a namespace name from a profile name (see policy.c for naming
41 * description). If a portion of the name is missing it returns NULL for
44 * NOTE: may modify the @fqname string. The pointers returned point
45 * into the @fqname string.
47 char *aa_split_fqname(char *fqname
, char **ns_name
)
49 char *name
= strim(fqname
);
53 char *split
= strchr(&name
[1], ':');
54 *ns_name
= skip_spaces(&name
[1]);
56 /* overwrite ':' with \0 */
58 if (strncmp(split
, "//", 2) == 0)
60 name
= skip_spaces(split
);
62 /* a ns name without a following profile is allowed */
65 if (name
&& *name
== 0)
72 * skipn_spaces - Removes leading whitespace from @str.
73 * @str: The string to be stripped.
75 * Returns a pointer to the first non-whitespace character in @str.
76 * if all whitespace will return NULL
79 static const char *skipn_spaces(const char *str
, size_t n
)
81 for (;n
&& isspace(*str
); --n
)
88 const char *aa_splitn_fqname(const char *fqname
, size_t n
, const char **ns_name
,
91 const char *end
= fqname
+ n
;
92 const char *name
= skipn_spaces(fqname
, n
);
98 char *split
= strnchr(&name
[1], end
- &name
[1], ':');
99 *ns_name
= skipn_spaces(&name
[1], end
- &name
[1]);
103 *ns_len
= split
- *ns_name
;
107 if (end
- split
> 1 && strncmp(split
, "//", 2) == 0)
109 name
= skipn_spaces(split
, end
- split
);
111 /* a ns name without a following profile is allowed */
113 *ns_len
= end
- *ns_name
;
116 if (name
&& *name
== 0)
123 * aa_info_message - log a none profile related status message
124 * @str: message to log
126 void aa_info_message(const char *str
)
129 DEFINE_AUDIT_DATA(sa
, LSM_AUDIT_DATA_NONE
, NULL
);
130 aad(&sa
)->info
= str
;
131 aa_audit_msg(AUDIT_APPARMOR_STATUS
, &sa
, NULL
);
133 printk(KERN_INFO
"AppArmor: %s\n", str
);
137 * __aa_kvmalloc - do allocation preferring kmalloc but falling back to vmalloc
138 * @size: how many bytes of memory are required
139 * @flags: the type of memory to allocate (see kmalloc).
141 * Return: allocated buffer or NULL if failed
143 * It is possible that policy being loaded from the user is larger than
144 * what can be allocated by kmalloc, in those cases fall back to vmalloc.
146 void *__aa_kvmalloc(size_t size
, gfp_t flags
)
153 /* do not attempt kmalloc if we need more than 16 pages at once */
154 if (size
<= (16*PAGE_SIZE
))
155 buffer
= kmalloc(size
, flags
| GFP_NOIO
| __GFP_NOWARN
);
157 if (flags
& __GFP_ZERO
)
158 buffer
= vzalloc(size
);
160 buffer
= vmalloc(size
);
166 __counted
char *aa_str_alloc(int size
, gfp_t gfp
)
168 struct counted_str
*str
;
169 str
= kmalloc(sizeof(struct counted_str
) + size
, gfp
);
173 kref_init(&str
->count
);
177 void aa_str_kref(struct kref
*kref
)
179 kfree(container_of(kref
, struct counted_str
, count
));
183 const char aa_file_perm_chrs
[] = "xwracd km l ";
184 const char *aa_file_perm_names
[] = {
227 * aa_perm_mask_to_str - convert a perm mask to its short string
228 * @str: character buffer to store string in (at least 10 characters)
229 * @mask: permission mask to convert
231 void aa_perm_mask_to_str(char *str
, const char *chrs
, u32 mask
)
233 unsigned int i
, perm
= 1;
234 for (i
= 0; i
< 32; perm
<<= 1, i
++) {
241 void aa_audit_perm_names(struct audit_buffer
*ab
, const char **names
, u32 mask
)
243 const char *fmt
= "%s";
244 unsigned int i
, perm
= 1;
246 for (i
= 0; i
< 32; perm
<<= 1, i
++) {
248 audit_log_format(ab
, fmt
, names
[i
]);
257 void aa_audit_perm_mask(struct audit_buffer
*ab
, u32 mask
, const char *chrs
,
258 u32 chrsmask
, const char **names
, u32 namesmask
)
262 audit_log_format(ab
, "\"");
263 if ((mask
& chrsmask
) && chrs
) {
264 aa_perm_mask_to_str(str
, chrs
, mask
& chrsmask
);
266 audit_log_format(ab
, "%s", str
);
267 if (mask
& namesmask
)
268 audit_log_format(ab
, " ");
270 if ((mask
& namesmask
) && names
)
271 aa_audit_perm_names(ab
, names
, mask
& namesmask
);
272 audit_log_format(ab
, "\"");
276 * aa_audit_perms_cb - generic callback fn for auditing perms
277 * @ab: audit buffer (NOT NULL)
278 * @va: audit struct to audit values of (NOT NULL)
280 static void aa_audit_perms_cb(struct audit_buffer
*ab
, void *va
)
282 struct common_audit_data
*sa
= va
;
284 if (aad(sa
)->request
) {
285 audit_log_format(ab
, " requested_mask=");
286 aa_audit_perm_mask(ab
, aad(sa
)->request
, aa_file_perm_chrs
,
287 PERMS_CHRS_MASK
, aa_file_perm_names
,
290 if (aad(sa
)->denied
) {
291 audit_log_format(ab
, "denied_mask=");
292 aa_audit_perm_mask(ab
, aad(sa
)->denied
, aa_file_perm_chrs
,
293 PERMS_CHRS_MASK
, aa_file_perm_names
,
296 audit_log_format(ab
, " peer=");
297 aa_label_xaudit(ab
, labels_ns(aad(sa
)->label
), aad(sa
)->peer
,
298 FLAGS_NONE
, GFP_ATOMIC
);
302 * aa_apply_modes_to_perms - apply namespace and profile flags to perms
303 * @profile: that perms where computed from
304 * @perms: perms to apply mode modifiers to
306 * TODO: split into profile and ns based flags for when accumulating perms
308 void aa_apply_modes_to_perms(struct aa_profile
*profile
, struct aa_perms
*perms
)
310 switch (AUDIT_MODE(profile
)) {
312 perms
->audit
= ALL_PERMS_MASK
;
320 case AUDIT_QUIET_DENIED
:
321 perms
->quiet
= ALL_PERMS_MASK
;
325 if (KILL_MODE(profile
))
326 perms
->kill
= ALL_PERMS_MASK
;
327 else if (COMPLAIN_MODE(profile
))
328 perms
->complain
= ALL_PERMS_MASK
;
330 else if (PROMPT_MODE(profile))
331 perms->prompt = ALL_PERMS_MASK;
335 static u32
map_other(u32 x
)
337 return ((x
& 0x3) << 8) | /* SETATTR/GETATTR */
338 ((x
& 0x1c) << 18) | /* ACCEPT/BIND/LISTEN */
339 ((x
& 0x60) << 19); /* SETOPT/GETOPT */
342 void aa_compute_perms(struct aa_dfa
*dfa
, unsigned int state
,
343 struct aa_perms
*perms
)
346 perms
->kill
= perms
->stop
= 0;
347 perms
->complain
= perms
->cond
= 0;
350 perms
->allow
= dfa_user_allow(dfa
, state
);
351 perms
->audit
= dfa_user_audit(dfa
, state
);
352 perms
->quiet
= dfa_user_quiet(dfa
, state
);
354 /* for v5 perm mapping in the policydb, the other set is used
355 * to extend the general perm set
357 perms
->allow
|= map_other(dfa_other_allow(dfa
, state
));
358 perms
->audit
|= map_other(dfa_other_audit(dfa
, state
));
359 perms
->quiet
|= map_other(dfa_other_quiet(dfa
, state
));
360 // perms->xindex = dfa_user_xindex(dfa, state);
364 * aa_perms_accum_raw - accumulate perms with out masking off overlapping perms
365 * @accum - perms struct to accumulate into
366 * @addend - perms struct to add to @accum
368 void aa_perms_accum_raw(struct aa_perms
*accum
, struct aa_perms
*addend
)
370 accum
->deny
|= addend
->deny
;
371 accum
->allow
&= addend
->allow
& ~addend
->deny
;
372 accum
->audit
|= addend
->audit
& addend
->allow
;
373 accum
->quiet
&= addend
->quiet
& ~addend
->allow
;
374 accum
->kill
|= addend
->kill
& ~addend
->allow
;
375 accum
->stop
|= addend
->stop
& ~addend
->allow
;
376 accum
->complain
|= addend
->complain
& ~addend
->allow
& ~addend
->deny
;
377 accum
->cond
|= addend
->cond
& ~addend
->allow
& ~addend
->deny
;
378 accum
->hide
&= addend
->hide
& ~addend
->allow
;
379 accum
->prompt
|= addend
->prompt
& ~addend
->allow
& ~addend
->deny
;
383 * aa_perms_accum - accumulate perms, masking off overlapping perms
384 * @accum - perms struct to accumulate into
385 * @addend - perms struct to add to @accum
387 void aa_perms_accum(struct aa_perms
*accum
, struct aa_perms
*addend
)
389 accum
->deny
|= addend
->deny
;
390 accum
->allow
&= addend
->allow
& ~accum
->deny
;
391 accum
->audit
|= addend
->audit
& accum
->allow
;
392 accum
->quiet
&= addend
->quiet
& ~accum
->allow
;
393 accum
->kill
|= addend
->kill
& ~accum
->allow
;
394 accum
->stop
|= addend
->stop
& ~accum
->allow
;
395 accum
->complain
|= addend
->complain
& ~accum
->allow
& ~accum
->deny
;
396 accum
->cond
|= addend
->cond
& ~accum
->allow
& ~accum
->deny
;
397 accum
->hide
&= addend
->hide
& ~accum
->allow
;
398 accum
->prompt
|= addend
->prompt
& ~accum
->allow
& ~accum
->deny
;
401 void aa_profile_match_label(struct aa_profile
*profile
, struct aa_label
*label
,
402 int type
, u32 request
, struct aa_perms
*perms
)
404 /* TODO: doesn't yet handle extended types */
406 state
= aa_dfa_next(profile
->policy
.dfa
,
407 profile
->policy
.start
[AA_CLASS_LABEL
],
409 aa_label_match(profile
, label
, state
, false, request
, perms
);
413 /* currently unused */
414 int aa_profile_label_perm(struct aa_profile
*profile
, struct aa_profile
*target
,
415 u32 request
, int type
, u32
*deny
,
416 struct common_audit_data
*sa
)
418 struct aa_perms perms
;
419 aad(sa
)->label
= &profile
->label
;
420 aad(sa
)->peer
= &target
->label
;
421 aad(sa
)->request
= request
;
423 aa_profile_match_label(profile
, &target
->label
, type
, request
, &perms
);
424 aa_apply_modes_to_perms(profile
, &perms
);
425 *deny
|= request
& perms
.deny
;
426 return aa_check_perms(profile
, &perms
, request
, sa
, aa_audit_perms_cb
);
430 * aa_check_perms - do audit mode selection based on perms set
431 * @profile: profile being checked
432 * @perms: perms computed for the request
433 * @request: requested perms
434 * @deny: Returns: explicit deny set
435 * @sa: initialized audit structure (MAY BE NULL if not auditing)
436 * @cb: callback fn for tpye specific fields (MAY BE NULL)
438 * Returns: 0 if permission else error code
440 * Note: profile audit modes need to be set before calling by setting the
441 * perm masks appropriately.
443 * If not auditing then complain mode is not enabled and the
444 * error code will indicate whether there was an explicit deny
445 * with a positive value.
447 int aa_check_perms(struct aa_profile
*profile
, struct aa_perms
*perms
,
448 u32 request
, struct common_audit_data
*sa
,
449 void (*cb
) (struct audit_buffer
*, void *))
453 u32 denied
= request
& (~perms
->allow
| perms
->deny
);
454 if (likely(!denied
)) {
455 /* mask off perms that are not being force audited */
456 request
&= perms
->audit
;
460 type
= AUDIT_APPARMOR_AUDIT
;
465 if (denied
& perms
->kill
)
466 type
= AUDIT_APPARMOR_KILL
;
467 else if (denied
== (denied
& perms
->complain
))
468 type
= AUDIT_APPARMOR_ALLOWED
;
470 type
= AUDIT_APPARMOR_DENIED
;
472 if (denied
& perms
->stop
)
474 if (denied
== (denied
& perms
->hide
))
477 denied
&= ~perms
->quiet
;
483 aad(sa
)->label
= &profile
->label
;
484 aad(sa
)->request
= request
;
485 aad(sa
)->denied
= denied
;
486 aad(sa
)->error
= error
;
487 aa_audit_msg(type
, sa
, cb
);
490 if (type
== AUDIT_APPARMOR_ALLOWED
)
496 const char *aa_imode_name(umode_t mode
)
498 switch(mode
& S_IFMT
) {
518 * aa_policy_init - initialize a policy structure
519 * @policy: policy to initialize (NOT NULL)
520 * @prefix: prefix name if any is required. (MAYBE NULL)
521 * @name: name of the policy, init will make a copy of it (NOT NULL)
522 * @gfp: allocation mode
524 * Note: this fn creates a copy of strings passed in
526 * Returns: true if policy init successful
528 bool aa_policy_init(struct aa_policy
*policy
, const char *prefix
,
529 const char *name
, gfp_t gfp
)
533 /* freed by policy_free */
535 hname
= aa_str_alloc(strlen(prefix
) + strlen(name
) + 3, gfp
);
537 sprintf(hname
, "%s//%s", prefix
, name
);
539 hname
= aa_str_alloc(strlen(name
) + 1, gfp
);
545 policy
->hname
= hname
;
546 /* base.name is a substring of fqname */
547 policy
->name
= (char *) basename(policy
->hname
);
548 INIT_LIST_HEAD(&policy
->list
);
549 INIT_LIST_HEAD(&policy
->profiles
);
555 * aa_policy_destroy - free the elements referenced by @policy
556 * @policy: policy that is to have its elements freed (NOT NULL)
558 void aa_policy_destroy(struct aa_policy
*policy
)
560 AA_BUG(on_list_rcu(&policy
->profiles
));
561 AA_BUG(on_list_rcu(&policy
->list
));
563 /* don't free name as its a subset of hname */
564 aa_put_str(policy
->hname
);