search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
printf: Remove unused 'bprintf'
[drm/drm-misc.git] / security / apparmor / apparmorfs.c
blob01b923d97a4461ed7e01b09d330132eedc476ec8
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * AppArmor security module
4 *
5 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
6 *
7 * Copyright (C) 1998-2008 Novell/SUSE
8 * Copyright 2009-2010 Canonical Ltd.
9 */
10
11 #include <linux/ctype.h>
12 #include <linux/security.h>
13 #include <linux/vmalloc.h>
14 #include <linux/init.h>
15 #include <linux/seq_file.h>
16 #include <linux/uaccess.h>
17 #include <linux/mount.h>
18 #include <linux/namei.h>
19 #include <linux/capability.h>
20 #include <linux/rcupdate.h>
21 #include <linux/fs.h>
22 #include <linux/fs_context.h>
23 #include <linux/poll.h>
24 #include <linux/zstd.h>
25 #include <uapi/linux/major.h>
26 #include <uapi/linux/magic.h>
27
28 #include "include/apparmor.h"
29 #include "include/apparmorfs.h"
30 #include "include/audit.h"
31 #include "include/cred.h"
32 #include "include/crypto.h"
33 #include "include/ipc.h"
34 #include "include/label.h"
35 #include "include/policy.h"
36 #include "include/policy_ns.h"
37 #include "include/resource.h"
38 #include "include/policy_unpack.h"
39 #include "include/task.h"
40
41 /*
42 * The apparmor filesystem interface used for policy load and introspection
43 * The interface is split into two main components based on their function
44 * a securityfs component:
45 * used for static files that are always available, and which allows
46 * userspace to specificy the location of the security filesystem.
47 *
48 * fns and data are prefixed with
49 * aa_sfs_
50 *
51 * an apparmorfs component:
52 * used loaded policy content and introspection. It is not part of a
53 * regular mounted filesystem and is available only through the magic
54 * policy symlink in the root of the securityfs apparmor/ directory.
55 * Tasks queries will be magically redirected to the correct portion
56 * of the policy tree based on their confinement.
57 *
58 * fns and data are prefixed with
59 * aafs_
60 *
61 * The aa_fs_ prefix is used to indicate the fn is used by both the
62 * securityfs and apparmorfs filesystems.
63 */
64
65
66 /*
67 * support fns
68 */
69
70 struct rawdata_f_data {
71 struct aa_loaddata *loaddata;
72 };
73
74 #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
75 #define RAWDATA_F_DATA_BUF(p) (char *)(p + 1)
76
77 static void rawdata_f_data_free(struct rawdata_f_data *private)
78 {
79 if (!private)
80 return;
81
82 aa_put_loaddata(private->loaddata);
83 kvfree(private);
84 }
85
86 static struct rawdata_f_data *rawdata_f_data_alloc(size_t size)
87 {
88 struct rawdata_f_data *ret;
89
90 if (size > SIZE_MAX - sizeof(*ret))
91 return ERR_PTR(-EINVAL);
92
93 ret = kvzalloc(sizeof(*ret) + size, GFP_KERNEL);
94 if (!ret)
95 return ERR_PTR(-ENOMEM);
96
97 return ret;
98 }
99 #endif
100
101 /**
102 * mangle_name - mangle a profile name to std profile layout form
103 * @name: profile name to mangle (NOT NULL)
104 * @target: buffer to store mangled name, same length as @name (MAYBE NULL)
105 *
106 * Returns: length of mangled name
107 */
108 static int mangle_name(const char *name, char *target)
109 {
110 char *t = target;
111
112 while (*name == '/' || *name == '.')
113 name++;
114
115 if (target) {
116 for (; *name; name++) {
117 if (*name == '/')
118 *(t)++ = '.';
119 else if (isspace(*name))
120 *(t)++ = '_';
121 else if (isalnum(*name) || strchr("._-", *name))
122 *(t)++ = *name;
123 }
124
125 *t = 0;
126 } else {
127 int len = 0;
128 for (; *name; name++) {
129 if (isalnum(*name) || isspace(*name) ||
130 strchr("/._-", *name))
131 len++;
132 }
133
134 return len;
135 }
136
137 return t - target;
138 }
139
140
141 /*
142 * aafs - core fns and data for the policy tree
143 */
144
145 #define AAFS_NAME "apparmorfs"
146 static struct vfsmount *aafs_mnt;
147 static int aafs_count;
148
149
150 static int aafs_show_path(struct seq_file *seq, struct dentry *dentry)
151 {
152 seq_printf(seq, "%s:[%lu]", AAFS_NAME, d_inode(dentry)->i_ino);
153 return 0;
154 }
155
156 static void aafs_free_inode(struct inode *inode)
157 {
158 if (S_ISLNK(inode->i_mode))
159 kfree(inode->i_link);
160 free_inode_nonrcu(inode);
161 }
162
163 static const struct super_operations aafs_super_ops = {
164 .statfs = simple_statfs,
165 .free_inode = aafs_free_inode,
166 .show_path = aafs_show_path,
167 };
168
169 static int apparmorfs_fill_super(struct super_block *sb, struct fs_context *fc)
170 {
171 static struct tree_descr files[] = { {""} };
172 int error;
173
174 error = simple_fill_super(sb, AAFS_MAGIC, files);
175 if (error)
176 return error;
177 sb->s_op = &aafs_super_ops;
178
179 return 0;
180 }
181
182 static int apparmorfs_get_tree(struct fs_context *fc)
183 {
184 return get_tree_single(fc, apparmorfs_fill_super);
185 }
186
187 static const struct fs_context_operations apparmorfs_context_ops = {
188 .get_tree = apparmorfs_get_tree,
189 };
190
191 static int apparmorfs_init_fs_context(struct fs_context *fc)
192 {
193 fc->ops = &apparmorfs_context_ops;
194 return 0;
195 }
196
197 static struct file_system_type aafs_ops = {
198 .owner = THIS_MODULE,
199 .name = AAFS_NAME,
200 .init_fs_context = apparmorfs_init_fs_context,
201 .kill_sb = kill_anon_super,
202 };
203
204 /**
205 * __aafs_setup_d_inode - basic inode setup for apparmorfs
206 * @dir: parent directory for the dentry
207 * @dentry: dentry we are seting the inode up for
208 * @mode: permissions the file should have
209 * @data: data to store on inode.i_private, available in open()
210 * @link: if symlink, symlink target string
211 * @fops: struct file_operations that should be used
212 * @iops: struct of inode_operations that should be used
213 */
214 static int __aafs_setup_d_inode(struct inode *dir, struct dentry *dentry,
215 umode_t mode, void *data, char *link,
216 const struct file_operations *fops,
217 const struct inode_operations *iops)
218 {
219 struct inode *inode = new_inode(dir->i_sb);
220
221 AA_BUG(!dir);
222 AA_BUG(!dentry);
223
224 if (!inode)
225 return -ENOMEM;
226
227 inode->i_ino = get_next_ino();
228 inode->i_mode = mode;
229 simple_inode_init_ts(inode);
230 inode->i_private = data;
231 if (S_ISDIR(mode)) {
232 inode->i_op = iops ? iops : &simple_dir_inode_operations;
233 inode->i_fop = &simple_dir_operations;
234 inc_nlink(inode);
235 inc_nlink(dir);
236 } else if (S_ISLNK(mode)) {
237 inode->i_op = iops ? iops : &simple_symlink_inode_operations;
238 inode->i_link = link;
239 } else {
240 inode->i_fop = fops;
241 }
242 d_instantiate(dentry, inode);
243 dget(dentry);
244
245 return 0;
246 }
247
248 /**
249 * aafs_create - create a dentry in the apparmorfs filesystem
250 *
251 * @name: name of dentry to create
252 * @mode: permissions the file should have
253 * @parent: parent directory for this dentry
254 * @data: data to store on inode.i_private, available in open()
255 * @link: if symlink, symlink target string
256 * @fops: struct file_operations that should be used for
257 * @iops: struct of inode_operations that should be used
258 *
259 * This is the basic "create a xxx" function for apparmorfs.
260 *
261 * Returns a pointer to a dentry if it succeeds, that must be free with
262 * aafs_remove(). Will return ERR_PTR on failure.
263 */
264 static struct dentry *aafs_create(const char *name, umode_t mode,
265 struct dentry *parent, void *data, void *link,
266 const struct file_operations *fops,
267 const struct inode_operations *iops)
268 {
269 struct dentry *dentry;
270 struct inode *dir;
271 int error;
272
273 AA_BUG(!name);
274 AA_BUG(!parent);
275
276 if (!(mode & S_IFMT))
277 mode = (mode & S_IALLUGO) | S_IFREG;
278
279 error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
280 if (error)
281 return ERR_PTR(error);
282
283 dir = d_inode(parent);
284
285 inode_lock(dir);
286 dentry = lookup_one_len(name, parent, strlen(name));
287 if (IS_ERR(dentry)) {
288 error = PTR_ERR(dentry);
289 goto fail_lock;
290 }
291
292 if (d_really_is_positive(dentry)) {
293 error = -EEXIST;
294 goto fail_dentry;
295 }
296
297 error = __aafs_setup_d_inode(dir, dentry, mode, data, link, fops, iops);
298 if (error)
299 goto fail_dentry;
300 inode_unlock(dir);
301
302 return dentry;
303
304 fail_dentry:
305 dput(dentry);
306
307 fail_lock:
308 inode_unlock(dir);
309 simple_release_fs(&aafs_mnt, &aafs_count);
310
311 return ERR_PTR(error);
312 }
313
314 /**
315 * aafs_create_file - create a file in the apparmorfs filesystem
316 *
317 * @name: name of dentry to create
318 * @mode: permissions the file should have
319 * @parent: parent directory for this dentry
320 * @data: data to store on inode.i_private, available in open()
321 * @fops: struct file_operations that should be used for
322 *
323 * see aafs_create
324 */
325 static struct dentry *aafs_create_file(const char *name, umode_t mode,
326 struct dentry *parent, void *data,
327 const struct file_operations *fops)
328 {
329 return aafs_create(name, mode, parent, data, NULL, fops, NULL);
330 }
331
332 /**
333 * aafs_create_dir - create a directory in the apparmorfs filesystem
334 *
335 * @name: name of dentry to create
336 * @parent: parent directory for this dentry
337 *
338 * see aafs_create
339 */
340 static struct dentry *aafs_create_dir(const char *name, struct dentry *parent)
341 {
342 return aafs_create(name, S_IFDIR | 0755, parent, NULL, NULL, NULL,
343 NULL);
344 }
345
346 /**
347 * aafs_remove - removes a file or directory from the apparmorfs filesystem
348 *
349 * @dentry: dentry of the file/directory/symlink to removed.
350 */
351 static void aafs_remove(struct dentry *dentry)
352 {
353 struct inode *dir;
354
355 if (!dentry || IS_ERR(dentry))
356 return;
357
358 dir = d_inode(dentry->d_parent);
359 inode_lock(dir);
360 if (simple_positive(dentry)) {
361 if (d_is_dir(dentry))
362 simple_rmdir(dir, dentry);
363 else
364 simple_unlink(dir, dentry);
365 d_delete(dentry);
366 dput(dentry);
367 }
368 inode_unlock(dir);
369 simple_release_fs(&aafs_mnt, &aafs_count);
370 }
371
372
373 /*
374 * aa_fs - policy load/replace/remove
375 */
376
377 /**
378 * aa_simple_write_to_buffer - common routine for getting policy from user
379 * @userbuf: user buffer to copy data from (NOT NULL)
380 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
381 * @copy_size: size of data to copy from user buffer
382 * @pos: position write is at in the file (NOT NULL)
383 *
384 * Returns: kernel buffer containing copy of user buffer data or an
385 * ERR_PTR on failure.
386 */
387 static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf,
388 size_t alloc_size,
389 size_t copy_size,
390 loff_t *pos)
391 {
392 struct aa_loaddata *data;
393
394 AA_BUG(copy_size > alloc_size);
395
396 if (*pos != 0)
397 /* only writes from pos 0, that is complete writes */
398 return ERR_PTR(-ESPIPE);
399
400 /* freed by caller to simple_write_to_buffer */
401 data = aa_loaddata_alloc(alloc_size);
402 if (IS_ERR(data))
403 return data;
404
405 data->size = copy_size;
406 if (copy_from_user(data->data, userbuf, copy_size)) {
407 aa_put_loaddata(data);
408 return ERR_PTR(-EFAULT);
409 }
410
411 return data;
412 }
413
414 static ssize_t policy_update(u32 mask, const char __user *buf, size_t size,
415 loff_t *pos, struct aa_ns *ns)
416 {
417 struct aa_loaddata *data;
418 struct aa_label *label;
419 ssize_t error;
420
421 label = begin_current_label_crit_section();
422
423 /* high level check about policy management - fine grained in
424 * below after unpack
425 */
426 error = aa_may_manage_policy(current_cred(), label, ns, mask);
427 if (error)
428 goto end_section;
429
430 data = aa_simple_write_to_buffer(buf, size, size, pos);
431 error = PTR_ERR(data);
432 if (!IS_ERR(data)) {
433 error = aa_replace_profiles(ns, label, mask, data);
434 aa_put_loaddata(data);
435 }
436 end_section:
437 end_current_label_crit_section(label);
438
439 return error;
440 }
441
442 /* .load file hook fn to load policy */
443 static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
444 loff_t *pos)
445 {
446 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
447 int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns);
448
449 aa_put_ns(ns);
450
451 return error;
452 }
453
454 static const struct file_operations aa_fs_profile_load = {
455 .write = profile_load,
456 .llseek = default_llseek,
457 };
458
459 /* .replace file hook fn to load and/or replace policy */
460 static ssize_t profile_replace(struct file *f, const char __user *buf,
461 size_t size, loff_t *pos)
462 {
463 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
464 int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY,
465 buf, size, pos, ns);
466 aa_put_ns(ns);
467
468 return error;
469 }
470
471 static const struct file_operations aa_fs_profile_replace = {
472 .write = profile_replace,
473 .llseek = default_llseek,
474 };
475
476 /* .remove file hook fn to remove loaded policy */
477 static ssize_t profile_remove(struct file *f, const char __user *buf,
478 size_t size, loff_t *pos)
479 {
480 struct aa_loaddata *data;
481 struct aa_label *label;
482 ssize_t error;
483 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
484
485 label = begin_current_label_crit_section();
486 /* high level check about policy management - fine grained in
487 * below after unpack
488 */
489 error = aa_may_manage_policy(current_cred(), label, ns,
490 AA_MAY_REMOVE_POLICY);
491 if (error)
492 goto out;
493
494 /*
495 * aa_remove_profile needs a null terminated string so 1 extra
496 * byte is allocated and the copied data is null terminated.
497 */
498 data = aa_simple_write_to_buffer(buf, size + 1, size, pos);
499
500 error = PTR_ERR(data);
501 if (!IS_ERR(data)) {
502 data->data[size] = 0;
503 error = aa_remove_profiles(ns, label, data->data, size);
504 aa_put_loaddata(data);
505 }
506 out:
507 end_current_label_crit_section(label);
508 aa_put_ns(ns);
509 return error;
510 }
511
512 static const struct file_operations aa_fs_profile_remove = {
513 .write = profile_remove,
514 .llseek = default_llseek,
515 };
516
517 struct aa_revision {
518 struct aa_ns *ns;
519 long last_read;
520 };
521
522 /* revision file hook fn for policy loads */
523 static int ns_revision_release(struct inode *inode, struct file *file)
524 {
525 struct aa_revision *rev = file->private_data;
526
527 if (rev) {
528 aa_put_ns(rev->ns);
529 kfree(rev);
530 }
531
532 return 0;
533 }
534
535 static ssize_t ns_revision_read(struct file *file, char __user *buf,
536 size_t size, loff_t *ppos)
537 {
538 struct aa_revision *rev = file->private_data;
539 char buffer[32];
540 long last_read;
541 int avail;
542
543 mutex_lock_nested(&rev->ns->lock, rev->ns->level);
544 last_read = rev->last_read;
545 if (last_read == rev->ns->revision) {
546 mutex_unlock(&rev->ns->lock);
547 if (file->f_flags & O_NONBLOCK)
548 return -EAGAIN;
549 if (wait_event_interruptible(rev->ns->wait,
550 last_read !=
551 READ_ONCE(rev->ns->revision)))
552 return -ERESTARTSYS;
553 mutex_lock_nested(&rev->ns->lock, rev->ns->level);
554 }
555
556 avail = sprintf(buffer, "%ld\n", rev->ns->revision);
557 if (*ppos + size > avail) {
558 rev->last_read = rev->ns->revision;
559 *ppos = 0;
560 }
561 mutex_unlock(&rev->ns->lock);
562
563 return simple_read_from_buffer(buf, size, ppos, buffer, avail);
564 }
565
566 static int ns_revision_open(struct inode *inode, struct file *file)
567 {
568 struct aa_revision *rev = kzalloc(sizeof(*rev), GFP_KERNEL);
569
570 if (!rev)
571 return -ENOMEM;
572
573 rev->ns = aa_get_ns(inode->i_private);
574 if (!rev->ns)
575 rev->ns = aa_get_current_ns();
576 file->private_data = rev;
577
578 return 0;
579 }
580
581 static __poll_t ns_revision_poll(struct file *file, poll_table *pt)
582 {
583 struct aa_revision *rev = file->private_data;
584 __poll_t mask = 0;
585
586 if (rev) {
587 mutex_lock_nested(&rev->ns->lock, rev->ns->level);
588 poll_wait(file, &rev->ns->wait, pt);
589 if (rev->last_read < rev->ns->revision)
590 mask |= EPOLLIN | EPOLLRDNORM;
591 mutex_unlock(&rev->ns->lock);
592 }
593
594 return mask;
595 }
596
597 void __aa_bump_ns_revision(struct aa_ns *ns)
598 {
599 WRITE_ONCE(ns->revision, READ_ONCE(ns->revision) + 1);
600 wake_up_interruptible(&ns->wait);
601 }
602
603 static const struct file_operations aa_fs_ns_revision_fops = {
604 .owner = THIS_MODULE,
605 .open = ns_revision_open,
606 .poll = ns_revision_poll,
607 .read = ns_revision_read,
608 .llseek = generic_file_llseek,
609 .release = ns_revision_release,
610 };
611
612 static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms,
613 const char *match_str, size_t match_len)
614 {
615 struct aa_ruleset *rules = list_first_entry(&profile->rules,
616 typeof(*rules), list);
617 struct aa_perms tmp = { };
618 aa_state_t state = DFA_NOMATCH;
619
620 if (profile_unconfined(profile))
621 return;
622 if (rules->file->dfa && *match_str == AA_CLASS_FILE) {
623 state = aa_dfa_match_len(rules->file->dfa,
624 rules->file->start[AA_CLASS_FILE],
625 match_str + 1, match_len - 1);
626 if (state) {
627 struct path_cond cond = { };
628
629 tmp = *(aa_lookup_fperms(rules->file, state, &cond));
630 }
631 } else if (rules->policy->dfa) {
632 if (!RULE_MEDIATES(rules, *match_str))
633 return; /* no change to current perms */
634 state = aa_dfa_match_len(rules->policy->dfa,
635 rules->policy->start[0],
636 match_str, match_len);
637 if (state)
638 tmp = *aa_lookup_perms(rules->policy, state);
639 }
640 aa_apply_modes_to_perms(profile, &tmp);
641 aa_perms_accum_raw(perms, &tmp);
642 }
643
644
645 /**
646 * query_data - queries a policy and writes its data to buf
647 * @buf: the resulting data is stored here (NOT NULL)
648 * @buf_len: size of buf
649 * @query: query string used to retrieve data
650 * @query_len: size of query including second NUL byte
651 *
652 * The buffers pointed to by buf and query may overlap. The query buffer is
653 * parsed before buf is written to.
654 *
655 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of
656 * the security confinement context and <KEY> is the name of the data to
657 * retrieve. <LABEL> and <KEY> must not be NUL-terminated.
658 *
659 * Don't expect the contents of buf to be preserved on failure.
660 *
661 * Returns: number of characters written to buf or -errno on failure
662 */
663 static ssize_t query_data(char *buf, size_t buf_len,
664 char *query, size_t query_len)
665 {
666 char *out;
667 const char *key;
668 struct label_it i;
669 struct aa_label *label, *curr;
670 struct aa_profile *profile;
671 struct aa_data *data;
672 u32 bytes, blocks;
673 __le32 outle32;
674
675 if (!query_len)
676 return -EINVAL; /* need a query */
677
678 key = query + strnlen(query, query_len) + 1;
679 if (key + 1 >= query + query_len)
680 return -EINVAL; /* not enough space for a non-empty key */
681 if (key + strnlen(key, query + query_len - key) >= query + query_len)
682 return -EINVAL; /* must end with NUL */
683
684 if (buf_len < sizeof(bytes) + sizeof(blocks))
685 return -EINVAL; /* not enough space */
686
687 curr = begin_current_label_crit_section();
688 label = aa_label_parse(curr, query, GFP_KERNEL, false, false);
689 end_current_label_crit_section(curr);
690 if (IS_ERR(label))
691 return PTR_ERR(label);
692
693 /* We are going to leave space for two numbers. The first is the total
694 * number of bytes we are writing after the first number. This is so
695 * users can read the full output without reallocation.
696 *
697 * The second number is the number of data blocks we're writing. An
698 * application might be confined by multiple policies having data in
699 * the same key.
700 */
701 memset(buf, 0, sizeof(bytes) + sizeof(blocks));
702 out = buf + sizeof(bytes) + sizeof(blocks);
703
704 blocks = 0;
705 label_for_each_confined(i, label, profile) {
706 if (!profile->data)
707 continue;
708
709 data = rhashtable_lookup_fast(profile->data, &key,
710 profile->data->p);
711
712 if (data) {
713 if (out + sizeof(outle32) + data->size > buf +
714 buf_len) {
715 aa_put_label(label);
716 return -EINVAL; /* not enough space */
717 }
718 outle32 = __cpu_to_le32(data->size);
719 memcpy(out, &outle32, sizeof(outle32));
720 out += sizeof(outle32);
721 memcpy(out, data->data, data->size);
722 out += data->size;
723 blocks++;
724 }
725 }
726 aa_put_label(label);
727
728 outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
729 memcpy(buf, &outle32, sizeof(outle32));
730 outle32 = __cpu_to_le32(blocks);
731 memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
732
733 return out - buf;
734 }
735
736 /**
737 * query_label - queries a label and writes permissions to buf
738 * @buf: the resulting permissions string is stored here (NOT NULL)
739 * @buf_len: size of buf
740 * @query: binary query string to match against the dfa
741 * @query_len: size of query
742 * @view_only: only compute for querier's view
743 *
744 * The buffers pointed to by buf and query may overlap. The query buffer is
745 * parsed before buf is written to.
746 *
747 * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is
748 * the name of the label, in the current namespace, that is to be queried and
749 * DFA_STRING is a binary string to match against the label(s)'s DFA.
750 *
751 * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters
752 * but must *not* be NUL terminated.
753 *
754 * Returns: number of characters written to buf or -errno on failure
755 */
756 static ssize_t query_label(char *buf, size_t buf_len,
757 char *query, size_t query_len, bool view_only)
758 {
759 struct aa_profile *profile;
760 struct aa_label *label, *curr;
761 char *label_name, *match_str;
762 size_t label_name_len, match_len;
763 struct aa_perms perms;
764 struct label_it i;
765
766 if (!query_len)
767 return -EINVAL;
768
769 label_name = query;
770 label_name_len = strnlen(query, query_len);
771 if (!label_name_len || label_name_len == query_len)
772 return -EINVAL;
773
774 /**
775 * The extra byte is to account for the null byte between the
776 * profile name and dfa string. profile_name_len is greater
777 * than zero and less than query_len, so a byte can be safely
778 * added or subtracted.
779 */
780 match_str = label_name + label_name_len + 1;
781 match_len = query_len - label_name_len - 1;
782
783 curr = begin_current_label_crit_section();
784 label = aa_label_parse(curr, label_name, GFP_KERNEL, false, false);
785 end_current_label_crit_section(curr);
786 if (IS_ERR(label))
787 return PTR_ERR(label);
788
789 perms = allperms;
790 if (view_only) {
791 label_for_each_in_ns(i, labels_ns(label), label, profile) {
792 profile_query_cb(profile, &perms, match_str, match_len);
793 }
794 } else {
795 label_for_each(i, label, profile) {
796 profile_query_cb(profile, &perms, match_str, match_len);
797 }
798 }
799 aa_put_label(label);
800
801 return scnprintf(buf, buf_len,
802 "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n",
803 perms.allow, perms.deny, perms.audit, perms.quiet);
804 }
805
806 /*
807 * Transaction based IO.
808 * The file expects a write which triggers the transaction, and then
809 * possibly a read(s) which collects the result - which is stored in a
810 * file-local buffer. Once a new write is performed, a new set of results
811 * are stored in the file-local buffer.
812 */
813 struct multi_transaction {
814 struct kref count;
815 ssize_t size;
816 char data[];
817 };
818
819 #define MULTI_TRANSACTION_LIMIT (PAGE_SIZE - sizeof(struct multi_transaction))
820
821 static void multi_transaction_kref(struct kref *kref)
822 {
823 struct multi_transaction *t;
824
825 t = container_of(kref, struct multi_transaction, count);
826 free_page((unsigned long) t);
827 }
828
829 static struct multi_transaction *
830 get_multi_transaction(struct multi_transaction *t)
831 {
832 if (t)
833 kref_get(&(t->count));
834
835 return t;
836 }
837
838 static void put_multi_transaction(struct multi_transaction *t)
839 {
840 if (t)
841 kref_put(&(t->count), multi_transaction_kref);
842 }
843
844 /* does not increment @new's count */
845 static void multi_transaction_set(struct file *file,
846 struct multi_transaction *new, size_t n)
847 {
848 struct multi_transaction *old;
849
850 AA_BUG(n > MULTI_TRANSACTION_LIMIT);
851
852 new->size = n;
853 spin_lock(&file->f_lock);
854 old = (struct multi_transaction *) file->private_data;
855 file->private_data = new;
856 spin_unlock(&file->f_lock);
857 put_multi_transaction(old);
858 }
859
860 static struct multi_transaction *multi_transaction_new(struct file *file,
861 const char __user *buf,
862 size_t size)
863 {
864 struct multi_transaction *t;
865
866 if (size > MULTI_TRANSACTION_LIMIT - 1)
867 return ERR_PTR(-EFBIG);
868
869 t = (struct multi_transaction *)get_zeroed_page(GFP_KERNEL);
870 if (!t)
871 return ERR_PTR(-ENOMEM);
872 kref_init(&t->count);
873 if (copy_from_user(t->data, buf, size)) {
874 put_multi_transaction(t);
875 return ERR_PTR(-EFAULT);
876 }
877
878 return t;
879 }
880
881 static ssize_t multi_transaction_read(struct file *file, char __user *buf,
882 size_t size, loff_t *pos)
883 {
884 struct multi_transaction *t;
885 ssize_t ret;
886
887 spin_lock(&file->f_lock);
888 t = get_multi_transaction(file->private_data);
889 spin_unlock(&file->f_lock);
890
891 if (!t)
892 return 0;
893
894 ret = simple_read_from_buffer(buf, size, pos, t->data, t->size);
895 put_multi_transaction(t);
896
897 return ret;
898 }
899
900 static int multi_transaction_release(struct inode *inode, struct file *file)
901 {
902 put_multi_transaction(file->private_data);
903
904 return 0;
905 }
906
907 #define QUERY_CMD_LABEL "label\0"
908 #define QUERY_CMD_LABEL_LEN 6
909 #define QUERY_CMD_PROFILE "profile\0"
910 #define QUERY_CMD_PROFILE_LEN 8
911 #define QUERY_CMD_LABELALL "labelall\0"
912 #define QUERY_CMD_LABELALL_LEN 9
913 #define QUERY_CMD_DATA "data\0"
914 #define QUERY_CMD_DATA_LEN 5
915
916 /**
917 * aa_write_access - generic permissions and data query
918 * @file: pointer to open apparmorfs/access file
919 * @ubuf: user buffer containing the complete query string (NOT NULL)
920 * @count: size of ubuf
921 * @ppos: position in the file (MUST BE ZERO)
922 *
923 * Allows for one permissions or data query per open(), write(), and read()
924 * sequence. The only queries currently supported are label-based queries for
925 * permissions or data.
926 *
927 * For permissions queries, ubuf must begin with "label\0", followed by the
928 * profile query specific format described in the query_label() function
929 * documentation.
930 *
931 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where
932 * <LABEL> is the name of the security confinement context and <KEY> is the
933 * name of the data to retrieve.
934 *
935 * Returns: number of bytes written or -errno on failure
936 */
937 static ssize_t aa_write_access(struct file *file, const char __user *ubuf,
938 size_t count, loff_t *ppos)
939 {
940 struct multi_transaction *t;
941 ssize_t len;
942
943 if (*ppos)
944 return -ESPIPE;
945
946 t = multi_transaction_new(file, ubuf, count);
947 if (IS_ERR(t))
948 return PTR_ERR(t);
949
950 if (count > QUERY_CMD_PROFILE_LEN &&
951 !memcmp(t->data, QUERY_CMD_PROFILE, QUERY_CMD_PROFILE_LEN)) {
952 len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
953 t->data + QUERY_CMD_PROFILE_LEN,
954 count - QUERY_CMD_PROFILE_LEN, true);
955 } else if (count > QUERY_CMD_LABEL_LEN &&
956 !memcmp(t->data, QUERY_CMD_LABEL, QUERY_CMD_LABEL_LEN)) {
957 len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
958 t->data + QUERY_CMD_LABEL_LEN,
959 count - QUERY_CMD_LABEL_LEN, true);
960 } else if (count > QUERY_CMD_LABELALL_LEN &&
961 !memcmp(t->data, QUERY_CMD_LABELALL,
962 QUERY_CMD_LABELALL_LEN)) {
963 len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
964 t->data + QUERY_CMD_LABELALL_LEN,
965 count - QUERY_CMD_LABELALL_LEN, false);
966 } else if (count > QUERY_CMD_DATA_LEN &&
967 !memcmp(t->data, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) {
968 len = query_data(t->data, MULTI_TRANSACTION_LIMIT,
969 t->data + QUERY_CMD_DATA_LEN,
970 count - QUERY_CMD_DATA_LEN);
971 } else
972 len = -EINVAL;
973
974 if (len < 0) {
975 put_multi_transaction(t);
976 return len;
977 }
978
979 multi_transaction_set(file, t, len);
980
981 return count;
982 }
983
984 static const struct file_operations aa_sfs_access = {
985 .write = aa_write_access,
986 .read = multi_transaction_read,
987 .release = multi_transaction_release,
988 .llseek = generic_file_llseek,
989 };
990
991 static int aa_sfs_seq_show(struct seq_file *seq, void *v)
992 {
993 struct aa_sfs_entry *fs_file = seq->private;
994
995 if (!fs_file)
996 return 0;
997
998 switch (fs_file->v_type) {
999 case AA_SFS_TYPE_BOOLEAN:
1000 seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
1001 break;
1002 case AA_SFS_TYPE_STRING:
1003 seq_printf(seq, "%s\n", fs_file->v.string);
1004 break;
1005 case AA_SFS_TYPE_U64:
1006 seq_printf(seq, "%#08lx\n", fs_file->v.u64);
1007 break;
1008 default:
1009 /* Ignore unpritable entry types. */
1010 break;
1011 }
1012
1013 return 0;
1014 }
1015
1016 static int aa_sfs_seq_open(struct inode *inode, struct file *file)
1017 {
1018 return single_open(file, aa_sfs_seq_show, inode->i_private);
1019 }
1020
1021 const struct file_operations aa_sfs_seq_file_ops = {
1022 .owner = THIS_MODULE,
1023 .open = aa_sfs_seq_open,
1024 .read = seq_read,
1025 .llseek = seq_lseek,
1026 .release = single_release,
1027 };
1028
1029 /*
1030 * profile based file operations
1031 * policy/profiles/XXXX/profiles/ *
1032 */
1033
1034 #define SEQ_PROFILE_FOPS(NAME) \
1035 static int seq_profile_ ##NAME ##_open(struct inode *inode, struct file *file)\
1036 { \
1037 return seq_profile_open(inode, file, seq_profile_ ##NAME ##_show); \
1038 } \
1039 \
1040 static const struct file_operations seq_profile_ ##NAME ##_fops = { \
1041 .owner = THIS_MODULE, \
1042 .open = seq_profile_ ##NAME ##_open, \
1043 .read = seq_read, \
1044 .llseek = seq_lseek, \
1045 .release = seq_profile_release, \
1046 } \
1047
1048 static int seq_profile_open(struct inode *inode, struct file *file,
1049 int (*show)(struct seq_file *, void *))
1050 {
1051 struct aa_proxy *proxy = aa_get_proxy(inode->i_private);
1052 int error = single_open(file, show, proxy);
1053
1054 if (error) {
1055 file->private_data = NULL;
1056 aa_put_proxy(proxy);
1057 }
1058
1059 return error;
1060 }
1061
1062 static int seq_profile_release(struct inode *inode, struct file *file)
1063 {
1064 struct seq_file *seq = (struct seq_file *) file->private_data;
1065 if (seq)
1066 aa_put_proxy(seq->private);
1067 return single_release(inode, file);
1068 }
1069
1070 static int seq_profile_name_show(struct seq_file *seq, void *v)
1071 {
1072 struct aa_proxy *proxy = seq->private;
1073 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1074 struct aa_profile *profile = labels_profile(label);
1075 seq_printf(seq, "%s\n", profile->base.name);
1076 aa_put_label(label);
1077
1078 return 0;
1079 }
1080
1081 static int seq_profile_mode_show(struct seq_file *seq, void *v)
1082 {
1083 struct aa_proxy *proxy = seq->private;
1084 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1085 struct aa_profile *profile = labels_profile(label);
1086 seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]);
1087 aa_put_label(label);
1088
1089 return 0;
1090 }
1091
1092 static int seq_profile_attach_show(struct seq_file *seq, void *v)
1093 {
1094 struct aa_proxy *proxy = seq->private;
1095 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1096 struct aa_profile *profile = labels_profile(label);
1097 if (profile->attach.xmatch_str)
1098 seq_printf(seq, "%s\n", profile->attach.xmatch_str);
1099 else if (profile->attach.xmatch->dfa)
1100 seq_puts(seq, "<unknown>\n");
1101 else
1102 seq_printf(seq, "%s\n", profile->base.name);
1103 aa_put_label(label);
1104
1105 return 0;
1106 }
1107
1108 static int seq_profile_hash_show(struct seq_file *seq, void *v)
1109 {
1110 struct aa_proxy *proxy = seq->private;
1111 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1112 struct aa_profile *profile = labels_profile(label);
1113 unsigned int i, size = aa_hash_size();
1114
1115 if (profile->hash) {
1116 for (i = 0; i < size; i++)
1117 seq_printf(seq, "%.2x", profile->hash[i]);
1118 seq_putc(seq, '\n');
1119 }
1120 aa_put_label(label);
1121
1122 return 0;
1123 }
1124
1125 SEQ_PROFILE_FOPS(name);
1126 SEQ_PROFILE_FOPS(mode);
1127 SEQ_PROFILE_FOPS(attach);
1128 SEQ_PROFILE_FOPS(hash);
1129
1130 /*
1131 * namespace based files
1132 * several root files and
1133 * policy/ *
1134 */
1135
1136 #define SEQ_NS_FOPS(NAME) \
1137 static int seq_ns_ ##NAME ##_open(struct inode *inode, struct file *file) \
1138 { \
1139 return single_open(file, seq_ns_ ##NAME ##_show, inode->i_private); \
1140 } \
1141 \
1142 static const struct file_operations seq_ns_ ##NAME ##_fops = { \
1143 .owner = THIS_MODULE, \
1144 .open = seq_ns_ ##NAME ##_open, \
1145 .read = seq_read, \
1146 .llseek = seq_lseek, \
1147 .release = single_release, \
1148 } \
1149
1150 static int seq_ns_stacked_show(struct seq_file *seq, void *v)
1151 {
1152 struct aa_label *label;
1153
1154 label = begin_current_label_crit_section();
1155 seq_printf(seq, "%s\n", label->size > 1 ? "yes" : "no");
1156 end_current_label_crit_section(label);
1157
1158 return 0;
1159 }
1160
1161 static int seq_ns_nsstacked_show(struct seq_file *seq, void *v)
1162 {
1163 struct aa_label *label;
1164 struct aa_profile *profile;
1165 struct label_it it;
1166 int count = 1;
1167
1168 label = begin_current_label_crit_section();
1169
1170 if (label->size > 1) {
1171 label_for_each(it, label, profile)
1172 if (profile->ns != labels_ns(label)) {
1173 count++;
1174 break;
1175 }
1176 }
1177
1178 seq_printf(seq, "%s\n", count > 1 ? "yes" : "no");
1179 end_current_label_crit_section(label);
1180
1181 return 0;
1182 }
1183
1184 static int seq_ns_level_show(struct seq_file *seq, void *v)
1185 {
1186 struct aa_label *label;
1187
1188 label = begin_current_label_crit_section();
1189 seq_printf(seq, "%d\n", labels_ns(label)->level);
1190 end_current_label_crit_section(label);
1191
1192 return 0;
1193 }
1194
1195 static int seq_ns_name_show(struct seq_file *seq, void *v)
1196 {
1197 struct aa_label *label = begin_current_label_crit_section();
1198 seq_printf(seq, "%s\n", labels_ns(label)->base.name);
1199 end_current_label_crit_section(label);
1200
1201 return 0;
1202 }
1203
1204 static int seq_ns_compress_min_show(struct seq_file *seq, void *v)
1205 {
1206 seq_printf(seq, "%d\n", AA_MIN_CLEVEL);
1207 return 0;
1208 }
1209
1210 static int seq_ns_compress_max_show(struct seq_file *seq, void *v)
1211 {
1212 seq_printf(seq, "%d\n", AA_MAX_CLEVEL);
1213 return 0;
1214 }
1215
1216 SEQ_NS_FOPS(stacked);
1217 SEQ_NS_FOPS(nsstacked);
1218 SEQ_NS_FOPS(level);
1219 SEQ_NS_FOPS(name);
1220 SEQ_NS_FOPS(compress_min);
1221 SEQ_NS_FOPS(compress_max);
1222
1223
1224 /* policy/raw_data/ * file ops */
1225 #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
1226 #define SEQ_RAWDATA_FOPS(NAME) \
1227 static int seq_rawdata_ ##NAME ##_open(struct inode *inode, struct file *file)\
1228 { \
1229 return seq_rawdata_open(inode, file, seq_rawdata_ ##NAME ##_show); \
1230 } \
1231 \
1232 static const struct file_operations seq_rawdata_ ##NAME ##_fops = { \
1233 .owner = THIS_MODULE, \
1234 .open = seq_rawdata_ ##NAME ##_open, \
1235 .read = seq_read, \
1236 .llseek = seq_lseek, \
1237 .release = seq_rawdata_release, \
1238 } \
1239
1240 static int seq_rawdata_open(struct inode *inode, struct file *file,
1241 int (*show)(struct seq_file *, void *))
1242 {
1243 struct aa_loaddata *data = __aa_get_loaddata(inode->i_private);
1244 int error;
1245
1246 if (!data)
1247 /* lost race this ent is being reaped */
1248 return -ENOENT;
1249
1250 error = single_open(file, show, data);
1251 if (error) {
1252 AA_BUG(file->private_data &&
1253 ((struct seq_file *)file->private_data)->private);
1254 aa_put_loaddata(data);
1255 }
1256
1257 return error;
1258 }
1259
1260 static int seq_rawdata_release(struct inode *inode, struct file *file)
1261 {
1262 struct seq_file *seq = (struct seq_file *) file->private_data;
1263
1264 if (seq)
1265 aa_put_loaddata(seq->private);
1266
1267 return single_release(inode, file);
1268 }
1269
1270 static int seq_rawdata_abi_show(struct seq_file *seq, void *v)
1271 {
1272 struct aa_loaddata *data = seq->private;
1273
1274 seq_printf(seq, "v%d\n", data->abi);
1275
1276 return 0;
1277 }
1278
1279 static int seq_rawdata_revision_show(struct seq_file *seq, void *v)
1280 {
1281 struct aa_loaddata *data = seq->private;
1282
1283 seq_printf(seq, "%ld\n", data->revision);
1284
1285 return 0;
1286 }
1287
1288 static int seq_rawdata_hash_show(struct seq_file *seq, void *v)
1289 {
1290 struct aa_loaddata *data = seq->private;
1291 unsigned int i, size = aa_hash_size();
1292
1293 if (data->hash) {
1294 for (i = 0; i < size; i++)
1295 seq_printf(seq, "%.2x", data->hash[i]);
1296 seq_putc(seq, '\n');
1297 }
1298
1299 return 0;
1300 }
1301
1302 static int seq_rawdata_compressed_size_show(struct seq_file *seq, void *v)
1303 {
1304 struct aa_loaddata *data = seq->private;
1305
1306 seq_printf(seq, "%zu\n", data->compressed_size);
1307
1308 return 0;
1309 }
1310
1311 SEQ_RAWDATA_FOPS(abi);
1312 SEQ_RAWDATA_FOPS(revision);
1313 SEQ_RAWDATA_FOPS(hash);
1314 SEQ_RAWDATA_FOPS(compressed_size);
1315
1316 static int decompress_zstd(char *src, size_t slen, char *dst, size_t dlen)
1317 {
1318 if (slen < dlen) {
1319 const size_t wksp_len = zstd_dctx_workspace_bound();
1320 zstd_dctx *ctx;
1321 void *wksp;
1322 size_t out_len;
1323 int ret = 0;
1324
1325 wksp = kvzalloc(wksp_len, GFP_KERNEL);
1326 if (!wksp) {
1327 ret = -ENOMEM;
1328 goto cleanup;
1329 }
1330 ctx = zstd_init_dctx(wksp, wksp_len);
1331 if (ctx == NULL) {
1332 ret = -ENOMEM;
1333 goto cleanup;
1334 }
1335 out_len = zstd_decompress_dctx(ctx, dst, dlen, src, slen);
1336 if (zstd_is_error(out_len)) {
1337 ret = -EINVAL;
1338 goto cleanup;
1339 }
1340 cleanup:
1341 kvfree(wksp);
1342 return ret;
1343 }
1344
1345 if (dlen < slen)
1346 return -EINVAL;
1347 memcpy(dst, src, slen);
1348 return 0;
1349 }
1350
1351 static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size,
1352 loff_t *ppos)
1353 {
1354 struct rawdata_f_data *private = file->private_data;
1355
1356 return simple_read_from_buffer(buf, size, ppos,
1357 RAWDATA_F_DATA_BUF(private),
1358 private->loaddata->size);
1359 }
1360
1361 static int rawdata_release(struct inode *inode, struct file *file)
1362 {
1363 rawdata_f_data_free(file->private_data);
1364
1365 return 0;
1366 }
1367
1368 static int rawdata_open(struct inode *inode, struct file *file)
1369 {
1370 int error;
1371 struct aa_loaddata *loaddata;
1372 struct rawdata_f_data *private;
1373
1374 if (!aa_current_policy_view_capable(NULL))
1375 return -EACCES;
1376
1377 loaddata = __aa_get_loaddata(inode->i_private);
1378 if (!loaddata)
1379 /* lost race: this entry is being reaped */
1380 return -ENOENT;
1381
1382 private = rawdata_f_data_alloc(loaddata->size);
1383 if (IS_ERR(private)) {
1384 error = PTR_ERR(private);
1385 goto fail_private_alloc;
1386 }
1387
1388 private->loaddata = loaddata;
1389
1390 error = decompress_zstd(loaddata->data, loaddata->compressed_size,
1391 RAWDATA_F_DATA_BUF(private),
1392 loaddata->size);
1393 if (error)
1394 goto fail_decompress;
1395
1396 file->private_data = private;
1397 return 0;
1398
1399 fail_decompress:
1400 rawdata_f_data_free(private);
1401 return error;
1402
1403 fail_private_alloc:
1404 aa_put_loaddata(loaddata);
1405 return error;
1406 }
1407
1408 static const struct file_operations rawdata_fops = {
1409 .open = rawdata_open,
1410 .read = rawdata_read,
1411 .llseek = generic_file_llseek,
1412 .release = rawdata_release,
1413 };
1414
1415 static void remove_rawdata_dents(struct aa_loaddata *rawdata)
1416 {
1417 int i;
1418
1419 for (i = 0; i < AAFS_LOADDATA_NDENTS; i++) {
1420 if (!IS_ERR_OR_NULL(rawdata->dents[i])) {
1421 /* no refcounts on i_private */
1422 aafs_remove(rawdata->dents[i]);
1423 rawdata->dents[i] = NULL;
1424 }
1425 }
1426 }
1427
1428 void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata)
1429 {
1430 AA_BUG(rawdata->ns && !mutex_is_locked(&rawdata->ns->lock));
1431
1432 if (rawdata->ns) {
1433 remove_rawdata_dents(rawdata);
1434 list_del_init(&rawdata->list);
1435 aa_put_ns(rawdata->ns);
1436 rawdata->ns = NULL;
1437 }
1438 }
1439
1440 int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata)
1441 {
1442 struct dentry *dent, *dir;
1443
1444 AA_BUG(!ns);
1445 AA_BUG(!rawdata);
1446 AA_BUG(!mutex_is_locked(&ns->lock));
1447 AA_BUG(!ns_subdata_dir(ns));
1448
1449 /*
1450 * just use ns revision dir was originally created at. This is
1451 * under ns->lock and if load is successful revision will be
1452 * bumped and is guaranteed to be unique
1453 */
1454 rawdata->name = kasprintf(GFP_KERNEL, "%ld", ns->revision);
1455 if (!rawdata->name)
1456 return -ENOMEM;
1457
1458 dir = aafs_create_dir(rawdata->name, ns_subdata_dir(ns));
1459 if (IS_ERR(dir))
1460 /* ->name freed when rawdata freed */
1461 return PTR_ERR(dir);
1462 rawdata->dents[AAFS_LOADDATA_DIR] = dir;
1463
1464 dent = aafs_create_file("abi", S_IFREG | 0444, dir, rawdata,
1465 &seq_rawdata_abi_fops);
1466 if (IS_ERR(dent))
1467 goto fail;
1468 rawdata->dents[AAFS_LOADDATA_ABI] = dent;
1469
1470 dent = aafs_create_file("revision", S_IFREG | 0444, dir, rawdata,
1471 &seq_rawdata_revision_fops);
1472 if (IS_ERR(dent))
1473 goto fail;
1474 rawdata->dents[AAFS_LOADDATA_REVISION] = dent;
1475
1476 if (aa_g_hash_policy) {
1477 dent = aafs_create_file("sha256", S_IFREG | 0444, dir,
1478 rawdata, &seq_rawdata_hash_fops);
1479 if (IS_ERR(dent))
1480 goto fail;
1481 rawdata->dents[AAFS_LOADDATA_HASH] = dent;
1482 }
1483
1484 dent = aafs_create_file("compressed_size", S_IFREG | 0444, dir,
1485 rawdata,
1486 &seq_rawdata_compressed_size_fops);
1487 if (IS_ERR(dent))
1488 goto fail;
1489 rawdata->dents[AAFS_LOADDATA_COMPRESSED_SIZE] = dent;
1490
1491 dent = aafs_create_file("raw_data", S_IFREG | 0444,
1492 dir, rawdata, &rawdata_fops);
1493 if (IS_ERR(dent))
1494 goto fail;
1495 rawdata->dents[AAFS_LOADDATA_DATA] = dent;
1496 d_inode(dent)->i_size = rawdata->size;
1497
1498 rawdata->ns = aa_get_ns(ns);
1499 list_add(&rawdata->list, &ns->rawdata_list);
1500 /* no refcount on inode rawdata */
1501
1502 return 0;
1503
1504 fail:
1505 remove_rawdata_dents(rawdata);
1506
1507 return PTR_ERR(dent);
1508 }
1509 #endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
1510
1511
1512 /** fns to setup dynamic per profile/namespace files **/
1513
1514 /*
1515 *
1516 * Requires: @profile->ns->lock held
1517 */
1518 void __aafs_profile_rmdir(struct aa_profile *profile)
1519 {
1520 struct aa_profile *child;
1521 int i;
1522
1523 if (!profile)
1524 return;
1525
1526 list_for_each_entry(child, &profile->base.profiles, base.list)
1527 __aafs_profile_rmdir(child);
1528
1529 for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) {
1530 struct aa_proxy *proxy;
1531 if (!profile->dents[i])
1532 continue;
1533
1534 proxy = d_inode(profile->dents[i])->i_private;
1535 aafs_remove(profile->dents[i]);
1536 aa_put_proxy(proxy);
1537 profile->dents[i] = NULL;
1538 }
1539 }
1540
1541 /*
1542 *
1543 * Requires: @old->ns->lock held
1544 */
1545 void __aafs_profile_migrate_dents(struct aa_profile *old,
1546 struct aa_profile *new)
1547 {
1548 int i;
1549
1550 AA_BUG(!old);
1551 AA_BUG(!new);
1552 AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock));
1553
1554 for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
1555 new->dents[i] = old->dents[i];
1556 if (new->dents[i]) {
1557 struct inode *inode = d_inode(new->dents[i]);
1558
1559 inode_set_mtime_to_ts(inode,
1560 inode_set_ctime_current(inode));
1561 }
1562 old->dents[i] = NULL;
1563 }
1564 }
1565
1566 static struct dentry *create_profile_file(struct dentry *dir, const char *name,
1567 struct aa_profile *profile,
1568 const struct file_operations *fops)
1569 {
1570 struct aa_proxy *proxy = aa_get_proxy(profile->label.proxy);
1571 struct dentry *dent;
1572
1573 dent = aafs_create_file(name, S_IFREG | 0444, dir, proxy, fops);
1574 if (IS_ERR(dent))
1575 aa_put_proxy(proxy);
1576
1577 return dent;
1578 }
1579
1580 #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
1581 static int profile_depth(struct aa_profile *profile)
1582 {
1583 int depth = 0;
1584
1585 rcu_read_lock();
1586 for (depth = 0; profile; profile = rcu_access_pointer(profile->parent))
1587 depth++;
1588 rcu_read_unlock();
1589
1590 return depth;
1591 }
1592
1593 static char *gen_symlink_name(int depth, const char *dirname, const char *fname)
1594 {
1595 char *buffer, *s;
1596 int error;
1597 int size = depth * 6 + strlen(dirname) + strlen(fname) + 11;
1598
1599 s = buffer = kmalloc(size, GFP_KERNEL);
1600 if (!buffer)
1601 return ERR_PTR(-ENOMEM);
1602
1603 for (; depth > 0; depth--) {
1604 strcpy(s, "../../");
1605 s += 6;
1606 size -= 6;
1607 }
1608
1609 error = snprintf(s, size, "raw_data/%s/%s", dirname, fname);
1610 if (error >= size || error < 0) {
1611 kfree(buffer);
1612 return ERR_PTR(-ENAMETOOLONG);
1613 }
1614
1615 return buffer;
1616 }
1617
1618 static const char *rawdata_get_link_base(struct dentry *dentry,
1619 struct inode *inode,
1620 struct delayed_call *done,
1621 const char *name)
1622 {
1623 struct aa_proxy *proxy = inode->i_private;
1624 struct aa_label *label;
1625 struct aa_profile *profile;
1626 char *target;
1627 int depth;
1628
1629 if (!dentry)
1630 return ERR_PTR(-ECHILD);
1631
1632 label = aa_get_label_rcu(&proxy->label);
1633 profile = labels_profile(label);
1634 depth = profile_depth(profile);
1635 target = gen_symlink_name(depth, profile->rawdata->name, name);
1636 aa_put_label(label);
1637
1638 if (IS_ERR(target))
1639 return target;
1640
1641 set_delayed_call(done, kfree_link, target);
1642
1643 return target;
1644 }
1645
1646 static const char *rawdata_get_link_sha256(struct dentry *dentry,
1647 struct inode *inode,
1648 struct delayed_call *done)
1649 {
1650 return rawdata_get_link_base(dentry, inode, done, "sha256");
1651 }
1652
1653 static const char *rawdata_get_link_abi(struct dentry *dentry,
1654 struct inode *inode,
1655 struct delayed_call *done)
1656 {
1657 return rawdata_get_link_base(dentry, inode, done, "abi");
1658 }
1659
1660 static const char *rawdata_get_link_data(struct dentry *dentry,
1661 struct inode *inode,
1662 struct delayed_call *done)
1663 {
1664 return rawdata_get_link_base(dentry, inode, done, "raw_data");
1665 }
1666
1667 static const struct inode_operations rawdata_link_sha256_iops = {
1668 .get_link = rawdata_get_link_sha256,
1669 };
1670
1671 static const struct inode_operations rawdata_link_abi_iops = {
1672 .get_link = rawdata_get_link_abi,
1673 };
1674 static const struct inode_operations rawdata_link_data_iops = {
1675 .get_link = rawdata_get_link_data,
1676 };
1677 #endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
1678
1679 /*
1680 * Requires: @profile->ns->lock held
1681 */
1682 int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
1683 {
1684 struct aa_profile *child;
1685 struct dentry *dent = NULL, *dir;
1686 int error;
1687
1688 AA_BUG(!profile);
1689 AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock));
1690
1691 if (!parent) {
1692 struct aa_profile *p;
1693 p = aa_deref_parent(profile);
1694 dent = prof_dir(p);
1695 if (!dent) {
1696 error = -ENOENT;
1697 goto fail2;
1698 }
1699 /* adding to parent that previously didn't have children */
1700 dent = aafs_create_dir("profiles", dent);
1701 if (IS_ERR(dent))
1702 goto fail;
1703 prof_child_dir(p) = parent = dent;
1704 }
1705
1706 if (!profile->dirname) {
1707 int len, id_len;
1708 len = mangle_name(profile->base.name, NULL);
1709 id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
1710
1711 profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
1712 if (!profile->dirname) {
1713 error = -ENOMEM;
1714 goto fail2;
1715 }
1716
1717 mangle_name(profile->base.name, profile->dirname);
1718 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
1719 }
1720
1721 dent = aafs_create_dir(profile->dirname, parent);
1722 if (IS_ERR(dent))
1723 goto fail;
1724 prof_dir(profile) = dir = dent;
1725
1726 dent = create_profile_file(dir, "name", profile,
1727 &seq_profile_name_fops);
1728 if (IS_ERR(dent))
1729 goto fail;
1730 profile->dents[AAFS_PROF_NAME] = dent;
1731
1732 dent = create_profile_file(dir, "mode", profile,
1733 &seq_profile_mode_fops);
1734 if (IS_ERR(dent))
1735 goto fail;
1736 profile->dents[AAFS_PROF_MODE] = dent;
1737
1738 dent = create_profile_file(dir, "attach", profile,
1739 &seq_profile_attach_fops);
1740 if (IS_ERR(dent))
1741 goto fail;
1742 profile->dents[AAFS_PROF_ATTACH] = dent;
1743
1744 if (profile->hash) {
1745 dent = create_profile_file(dir, "sha256", profile,
1746 &seq_profile_hash_fops);
1747 if (IS_ERR(dent))
1748 goto fail;
1749 profile->dents[AAFS_PROF_HASH] = dent;
1750 }
1751
1752 #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
1753 if (profile->rawdata) {
1754 if (aa_g_hash_policy) {
1755 dent = aafs_create("raw_sha256", S_IFLNK | 0444, dir,
1756 profile->label.proxy, NULL, NULL,
1757 &rawdata_link_sha256_iops);
1758 if (IS_ERR(dent))
1759 goto fail;
1760 aa_get_proxy(profile->label.proxy);
1761 profile->dents[AAFS_PROF_RAW_HASH] = dent;
1762 }
1763 dent = aafs_create("raw_abi", S_IFLNK | 0444, dir,
1764 profile->label.proxy, NULL, NULL,
1765 &rawdata_link_abi_iops);
1766 if (IS_ERR(dent))
1767 goto fail;
1768 aa_get_proxy(profile->label.proxy);
1769 profile->dents[AAFS_PROF_RAW_ABI] = dent;
1770
1771 dent = aafs_create("raw_data", S_IFLNK | 0444, dir,
1772 profile->label.proxy, NULL, NULL,
1773 &rawdata_link_data_iops);
1774 if (IS_ERR(dent))
1775 goto fail;
1776 aa_get_proxy(profile->label.proxy);
1777 profile->dents[AAFS_PROF_RAW_DATA] = dent;
1778 }
1779 #endif /*CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
1780
1781 list_for_each_entry(child, &profile->base.profiles, base.list) {
1782 error = __aafs_profile_mkdir(child, prof_child_dir(profile));
1783 if (error)
1784 goto fail2;
1785 }
1786
1787 return 0;
1788
1789 fail:
1790 error = PTR_ERR(dent);
1791
1792 fail2:
1793 __aafs_profile_rmdir(profile);
1794
1795 return error;
1796 }
1797
1798 static int ns_mkdir_op(struct mnt_idmap *idmap, struct inode *dir,
1799 struct dentry *dentry, umode_t mode)
1800 {
1801 struct aa_ns *ns, *parent;
1802 /* TODO: improve permission check */
1803 struct aa_label *label;
1804 int error;
1805
1806 label = begin_current_label_crit_section();
1807 error = aa_may_manage_policy(current_cred(), label, NULL,
1808 AA_MAY_LOAD_POLICY);
1809 end_current_label_crit_section(label);
1810 if (error)
1811 return error;
1812
1813 parent = aa_get_ns(dir->i_private);
1814 AA_BUG(d_inode(ns_subns_dir(parent)) != dir);
1815
1816 /* we have to unlock and then relock to get locking order right
1817 * for pin_fs
1818 */
1819 inode_unlock(dir);
1820 error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
1821 mutex_lock_nested(&parent->lock, parent->level);
1822 inode_lock_nested(dir, I_MUTEX_PARENT);
1823 if (error)
1824 goto out;
1825
1826 error = __aafs_setup_d_inode(dir, dentry, mode | S_IFDIR, NULL,
1827 NULL, NULL, NULL);
1828 if (error)
1829 goto out_pin;
1830
1831 ns = __aa_find_or_create_ns(parent, READ_ONCE(dentry->d_name.name),
1832 dentry);
1833 if (IS_ERR(ns)) {
1834 error = PTR_ERR(ns);
1835 ns = NULL;
1836 }
1837
1838 aa_put_ns(ns); /* list ref remains */
1839 out_pin:
1840 if (error)
1841 simple_release_fs(&aafs_mnt, &aafs_count);
1842 out:
1843 mutex_unlock(&parent->lock);
1844 aa_put_ns(parent);
1845
1846 return error;
1847 }
1848
1849 static int ns_rmdir_op(struct inode *dir, struct dentry *dentry)
1850 {
1851 struct aa_ns *ns, *parent;
1852 /* TODO: improve permission check */
1853 struct aa_label *label;
1854 int error;
1855
1856 label = begin_current_label_crit_section();
1857 error = aa_may_manage_policy(current_cred(), label, NULL,
1858 AA_MAY_LOAD_POLICY);
1859 end_current_label_crit_section(label);
1860 if (error)
1861 return error;
1862
1863 parent = aa_get_ns(dir->i_private);
1864 /* rmdir calls the generic securityfs functions to remove files
1865 * from the apparmor dir. It is up to the apparmor ns locking
1866 * to avoid races.
1867 */
1868 inode_unlock(dir);
1869 inode_unlock(dentry->d_inode);
1870
1871 mutex_lock_nested(&parent->lock, parent->level);
1872 ns = aa_get_ns(__aa_findn_ns(&parent->sub_ns, dentry->d_name.name,
1873 dentry->d_name.len));
1874 if (!ns) {
1875 error = -ENOENT;
1876 goto out;
1877 }
1878 AA_BUG(ns_dir(ns) != dentry);
1879
1880 __aa_remove_ns(ns);
1881 aa_put_ns(ns);
1882
1883 out:
1884 mutex_unlock(&parent->lock);
1885 inode_lock_nested(dir, I_MUTEX_PARENT);
1886 inode_lock(dentry->d_inode);
1887 aa_put_ns(parent);
1888
1889 return error;
1890 }
1891
1892 static const struct inode_operations ns_dir_inode_operations = {
1893 .lookup = simple_lookup,
1894 .mkdir = ns_mkdir_op,
1895 .rmdir = ns_rmdir_op,
1896 };
1897
1898 static void __aa_fs_list_remove_rawdata(struct aa_ns *ns)
1899 {
1900 struct aa_loaddata *ent, *tmp;
1901
1902 AA_BUG(!mutex_is_locked(&ns->lock));
1903
1904 list_for_each_entry_safe(ent, tmp, &ns->rawdata_list, list)
1905 __aa_fs_remove_rawdata(ent);
1906 }
1907
1908 /*
1909 *
1910 * Requires: @ns->lock held
1911 */
1912 void __aafs_ns_rmdir(struct aa_ns *ns)
1913 {
1914 struct aa_ns *sub;
1915 struct aa_profile *child;
1916 int i;
1917
1918 if (!ns)
1919 return;
1920 AA_BUG(!mutex_is_locked(&ns->lock));
1921
1922 list_for_each_entry(child, &ns->base.profiles, base.list)
1923 __aafs_profile_rmdir(child);
1924
1925 list_for_each_entry(sub, &ns->sub_ns, base.list) {
1926 mutex_lock_nested(&sub->lock, sub->level);
1927 __aafs_ns_rmdir(sub);
1928 mutex_unlock(&sub->lock);
1929 }
1930
1931 __aa_fs_list_remove_rawdata(ns);
1932
1933 if (ns_subns_dir(ns)) {
1934 sub = d_inode(ns_subns_dir(ns))->i_private;
1935 aa_put_ns(sub);
1936 }
1937 if (ns_subload(ns)) {
1938 sub = d_inode(ns_subload(ns))->i_private;
1939 aa_put_ns(sub);
1940 }
1941 if (ns_subreplace(ns)) {
1942 sub = d_inode(ns_subreplace(ns))->i_private;
1943 aa_put_ns(sub);
1944 }
1945 if (ns_subremove(ns)) {
1946 sub = d_inode(ns_subremove(ns))->i_private;
1947 aa_put_ns(sub);
1948 }
1949 if (ns_subrevision(ns)) {
1950 sub = d_inode(ns_subrevision(ns))->i_private;
1951 aa_put_ns(sub);
1952 }
1953
1954 for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) {
1955 aafs_remove(ns->dents[i]);
1956 ns->dents[i] = NULL;
1957 }
1958 }
1959
1960 /* assumes cleanup in caller */
1961 static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir)
1962 {
1963 struct dentry *dent;
1964
1965 AA_BUG(!ns);
1966 AA_BUG(!dir);
1967
1968 dent = aafs_create_dir("profiles", dir);
1969 if (IS_ERR(dent))
1970 return PTR_ERR(dent);
1971 ns_subprofs_dir(ns) = dent;
1972
1973 dent = aafs_create_dir("raw_data", dir);
1974 if (IS_ERR(dent))
1975 return PTR_ERR(dent);
1976 ns_subdata_dir(ns) = dent;
1977
1978 dent = aafs_create_file("revision", 0444, dir, ns,
1979 &aa_fs_ns_revision_fops);
1980 if (IS_ERR(dent))
1981 return PTR_ERR(dent);
1982 aa_get_ns(ns);
1983 ns_subrevision(ns) = dent;
1984
1985 dent = aafs_create_file(".load", 0640, dir, ns,
1986 &aa_fs_profile_load);
1987 if (IS_ERR(dent))
1988 return PTR_ERR(dent);
1989 aa_get_ns(ns);
1990 ns_subload(ns) = dent;
1991
1992 dent = aafs_create_file(".replace", 0640, dir, ns,
1993 &aa_fs_profile_replace);
1994 if (IS_ERR(dent))
1995 return PTR_ERR(dent);
1996 aa_get_ns(ns);
1997 ns_subreplace(ns) = dent;
1998
1999 dent = aafs_create_file(".remove", 0640, dir, ns,
2000 &aa_fs_profile_remove);
2001 if (IS_ERR(dent))
2002 return PTR_ERR(dent);
2003 aa_get_ns(ns);
2004 ns_subremove(ns) = dent;
2005
2006 /* use create_dentry so we can supply private data */
2007 dent = aafs_create("namespaces", S_IFDIR | 0755, dir, ns, NULL, NULL,
2008 &ns_dir_inode_operations);
2009 if (IS_ERR(dent))
2010 return PTR_ERR(dent);
2011 aa_get_ns(ns);
2012 ns_subns_dir(ns) = dent;
2013
2014 return 0;
2015 }
2016
2017 /*
2018 * Requires: @ns->lock held
2019 */
2020 int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
2021 struct dentry *dent)
2022 {
2023 struct aa_ns *sub;
2024 struct aa_profile *child;
2025 struct dentry *dir;
2026 int error;
2027
2028 AA_BUG(!ns);
2029 AA_BUG(!parent);
2030 AA_BUG(!mutex_is_locked(&ns->lock));
2031
2032 if (!name)
2033 name = ns->base.name;
2034
2035 if (!dent) {
2036 /* create ns dir if it doesn't already exist */
2037 dent = aafs_create_dir(name, parent);
2038 if (IS_ERR(dent))
2039 goto fail;
2040 } else
2041 dget(dent);
2042 ns_dir(ns) = dir = dent;
2043 error = __aafs_ns_mkdir_entries(ns, dir);
2044 if (error)
2045 goto fail2;
2046
2047 /* profiles */
2048 list_for_each_entry(child, &ns->base.profiles, base.list) {
2049 error = __aafs_profile_mkdir(child, ns_subprofs_dir(ns));
2050 if (error)
2051 goto fail2;
2052 }
2053
2054 /* subnamespaces */
2055 list_for_each_entry(sub, &ns->sub_ns, base.list) {
2056 mutex_lock_nested(&sub->lock, sub->level);
2057 error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL);
2058 mutex_unlock(&sub->lock);
2059 if (error)
2060 goto fail2;
2061 }
2062
2063 return 0;
2064
2065 fail:
2066 error = PTR_ERR(dent);
2067
2068 fail2:
2069 __aafs_ns_rmdir(ns);
2070
2071 return error;
2072 }
2073
2074 /**
2075 * __next_ns - find the next namespace to list
2076 * @root: root namespace to stop search at (NOT NULL)
2077 * @ns: current ns position (NOT NULL)
2078 *
2079 * Find the next namespace from @ns under @root and handle all locking needed
2080 * while switching current namespace.
2081 *
2082 * Returns: next namespace or NULL if at last namespace under @root
2083 * Requires: ns->parent->lock to be held
2084 * NOTE: will not unlock root->lock
2085 */
2086 static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns)
2087 {
2088 struct aa_ns *parent, *next;
2089
2090 AA_BUG(!root);
2091 AA_BUG(!ns);
2092 AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock));
2093
2094 /* is next namespace a child */
2095 if (!list_empty(&ns->sub_ns)) {
2096 next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
2097 mutex_lock_nested(&next->lock, next->level);
2098 return next;
2099 }
2100
2101 /* check if the next ns is a sibling, parent, gp, .. */
2102 parent = ns->parent;
2103 while (ns != root) {
2104 mutex_unlock(&ns->lock);
2105 next = list_next_entry(ns, base.list);
2106 if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
2107 mutex_lock_nested(&next->lock, next->level);
2108 return next;
2109 }
2110 ns = parent;
2111 parent = parent->parent;
2112 }
2113
2114 return NULL;
2115 }
2116
2117 /**
2118 * __first_profile - find the first profile in a namespace
2119 * @root: namespace that is root of profiles being displayed (NOT NULL)
2120 * @ns: namespace to start in (NOT NULL)
2121 *
2122 * Returns: unrefcounted profile or NULL if no profile
2123 * Requires: profile->ns.lock to be held
2124 */
2125 static struct aa_profile *__first_profile(struct aa_ns *root,
2126 struct aa_ns *ns)
2127 {
2128 AA_BUG(!root);
2129 AA_BUG(ns && !mutex_is_locked(&ns->lock));
2130
2131 for (; ns; ns = __next_ns(root, ns)) {
2132 if (!list_empty(&ns->base.profiles))
2133 return list_first_entry(&ns->base.profiles,
2134 struct aa_profile, base.list);
2135 }
2136 return NULL;
2137 }
2138
2139 /**
2140 * __next_profile - step to the next profile in a profile tree
2141 * @p: current profile in tree (NOT NULL)
2142 *
2143 * Perform a depth first traversal on the profile tree in a namespace
2144 *
2145 * Returns: next profile or NULL if done
2146 * Requires: profile->ns.lock to be held
2147 */
2148 static struct aa_profile *__next_profile(struct aa_profile *p)
2149 {
2150 struct aa_profile *parent;
2151 struct aa_ns *ns = p->ns;
2152
2153 AA_BUG(!mutex_is_locked(&profiles_ns(p)->lock));
2154
2155 /* is next profile a child */
2156 if (!list_empty(&p->base.profiles))
2157 return list_first_entry(&p->base.profiles, typeof(*p),
2158 base.list);
2159
2160 /* is next profile a sibling, parent sibling, gp, sibling, .. */
2161 parent = rcu_dereference_protected(p->parent,
2162 mutex_is_locked(&p->ns->lock));
2163 while (parent) {
2164 p = list_next_entry(p, base.list);
2165 if (!list_entry_is_head(p, &parent->base.profiles, base.list))
2166 return p;
2167 p = parent;
2168 parent = rcu_dereference_protected(parent->parent,
2169 mutex_is_locked(&parent->ns->lock));
2170 }
2171
2172 /* is next another profile in the namespace */
2173 p = list_next_entry(p, base.list);
2174 if (!list_entry_is_head(p, &ns->base.profiles, base.list))
2175 return p;
2176
2177 return NULL;
2178 }
2179
2180 /**
2181 * next_profile - step to the next profile in where ever it may be
2182 * @root: root namespace (NOT NULL)
2183 * @profile: current profile (NOT NULL)
2184 *
2185 * Returns: next profile or NULL if there isn't one
2186 */
2187 static struct aa_profile *next_profile(struct aa_ns *root,
2188 struct aa_profile *profile)
2189 {
2190 struct aa_profile *next = __next_profile(profile);
2191 if (next)
2192 return next;
2193
2194 /* finished all profiles in namespace move to next namespace */
2195 return __first_profile(root, __next_ns(root, profile->ns));
2196 }
2197
2198 /**
2199 * p_start - start a depth first traversal of profile tree
2200 * @f: seq_file to fill
2201 * @pos: current position
2202 *
2203 * Returns: first profile under current namespace or NULL if none found
2204 *
2205 * acquires first ns->lock
2206 */
2207 static void *p_start(struct seq_file *f, loff_t *pos)
2208 {
2209 struct aa_profile *profile = NULL;
2210 struct aa_ns *root = aa_get_current_ns();
2211 loff_t l = *pos;
2212 f->private = root;
2213
2214 /* find the first profile */
2215 mutex_lock_nested(&root->lock, root->level);
2216 profile = __first_profile(root, root);
2217
2218 /* skip to position */
2219 for (; profile && l > 0; l--)
2220 profile = next_profile(root, profile);
2221
2222 return profile;
2223 }
2224
2225 /**
2226 * p_next - read the next profile entry
2227 * @f: seq_file to fill
2228 * @p: profile previously returned
2229 * @pos: current position
2230 *
2231 * Returns: next profile after @p or NULL if none
2232 *
2233 * may acquire/release locks in namespace tree as necessary
2234 */
2235 static void *p_next(struct seq_file *f, void *p, loff_t *pos)
2236 {
2237 struct aa_profile *profile = p;
2238 struct aa_ns *ns = f->private;
2239 (*pos)++;
2240
2241 return next_profile(ns, profile);
2242 }
2243
2244 /**
2245 * p_stop - stop depth first traversal
2246 * @f: seq_file we are filling
2247 * @p: the last profile writen
2248 *
2249 * Release all locking done by p_start/p_next on namespace tree
2250 */
2251 static void p_stop(struct seq_file *f, void *p)
2252 {
2253 struct aa_profile *profile = p;
2254 struct aa_ns *root = f->private, *ns;
2255
2256 if (profile) {
2257 for (ns = profile->ns; ns && ns != root; ns = ns->parent)
2258 mutex_unlock(&ns->lock);
2259 }
2260 mutex_unlock(&root->lock);
2261 aa_put_ns(root);
2262 }
2263
2264 /**
2265 * seq_show_profile - show a profile entry
2266 * @f: seq_file to file
2267 * @p: current position (profile) (NOT NULL)
2268 *
2269 * Returns: error on failure
2270 */
2271 static int seq_show_profile(struct seq_file *f, void *p)
2272 {
2273 struct aa_profile *profile = (struct aa_profile *)p;
2274 struct aa_ns *root = f->private;
2275
2276 aa_label_seq_xprint(f, root, &profile->label,
2277 FLAG_SHOW_MODE | FLAG_VIEW_SUBNS, GFP_KERNEL);
2278 seq_putc(f, '\n');
2279
2280 return 0;
2281 }
2282
2283 static const struct seq_operations aa_sfs_profiles_op = {
2284 .start = p_start,
2285 .next = p_next,
2286 .stop = p_stop,
2287 .show = seq_show_profile,
2288 };
2289
2290 static int profiles_open(struct inode *inode, struct file *file)
2291 {
2292 if (!aa_current_policy_view_capable(NULL))
2293 return -EACCES;
2294
2295 return seq_open(file, &aa_sfs_profiles_op);
2296 }
2297
2298 static int profiles_release(struct inode *inode, struct file *file)
2299 {
2300 return seq_release(inode, file);
2301 }
2302
2303 static const struct file_operations aa_sfs_profiles_fops = {
2304 .open = profiles_open,
2305 .read = seq_read,
2306 .llseek = seq_lseek,
2307 .release = profiles_release,
2308 };
2309
2310
2311 /** Base file system setup **/
2312 static struct aa_sfs_entry aa_sfs_entry_file[] = {
2313 AA_SFS_FILE_STRING("mask",
2314 "create read write exec append mmap_exec link lock"),
2315 { }
2316 };
2317
2318 static struct aa_sfs_entry aa_sfs_entry_ptrace[] = {
2319 AA_SFS_FILE_STRING("mask", "read trace"),
2320 { }
2321 };
2322
2323 static struct aa_sfs_entry aa_sfs_entry_signal[] = {
2324 AA_SFS_FILE_STRING("mask", AA_SFS_SIG_MASK),
2325 { }
2326 };
2327
2328 static struct aa_sfs_entry aa_sfs_entry_attach[] = {
2329 AA_SFS_FILE_BOOLEAN("xattr", 1),
2330 { }
2331 };
2332 static struct aa_sfs_entry aa_sfs_entry_domain[] = {
2333 AA_SFS_FILE_BOOLEAN("change_hat", 1),
2334 AA_SFS_FILE_BOOLEAN("change_hatv", 1),
2335 AA_SFS_FILE_BOOLEAN("change_onexec", 1),
2336 AA_SFS_FILE_BOOLEAN("change_profile", 1),
2337 AA_SFS_FILE_BOOLEAN("stack", 1),
2338 AA_SFS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1),
2339 AA_SFS_FILE_BOOLEAN("post_nnp_subset", 1),
2340 AA_SFS_FILE_BOOLEAN("computed_longest_left", 1),
2341 AA_SFS_DIR("attach_conditions", aa_sfs_entry_attach),
2342 AA_SFS_FILE_BOOLEAN("disconnected.path", 1),
2343 AA_SFS_FILE_STRING("version", "1.2"),
2344 { }
2345 };
2346
2347 static struct aa_sfs_entry aa_sfs_entry_unconfined[] = {
2348 AA_SFS_FILE_BOOLEAN("change_profile", 1),
2349 { }
2350 };
2351
2352 static struct aa_sfs_entry aa_sfs_entry_versions[] = {
2353 AA_SFS_FILE_BOOLEAN("v5", 1),
2354 AA_SFS_FILE_BOOLEAN("v6", 1),
2355 AA_SFS_FILE_BOOLEAN("v7", 1),
2356 AA_SFS_FILE_BOOLEAN("v8", 1),
2357 AA_SFS_FILE_BOOLEAN("v9", 1),
2358 { }
2359 };
2360
2361 #define PERMS32STR "allow deny subtree cond kill complain prompt audit quiet hide xindex tag label"
2362 static struct aa_sfs_entry aa_sfs_entry_policy[] = {
2363 AA_SFS_DIR("versions", aa_sfs_entry_versions),
2364 AA_SFS_FILE_BOOLEAN("set_load", 1),
2365 /* number of out of band transitions supported */
2366 AA_SFS_FILE_U64("outofband", MAX_OOB_SUPPORTED),
2367 AA_SFS_FILE_U64("permstable32_version", 1),
2368 AA_SFS_FILE_STRING("permstable32", PERMS32STR),
2369 AA_SFS_DIR("unconfined_restrictions", aa_sfs_entry_unconfined),
2370 { }
2371 };
2372
2373 static struct aa_sfs_entry aa_sfs_entry_mount[] = {
2374 AA_SFS_FILE_STRING("mask", "mount umount pivot_root"),
2375 AA_SFS_FILE_STRING("move_mount", "detached"),
2376 { }
2377 };
2378
2379 static struct aa_sfs_entry aa_sfs_entry_ns[] = {
2380 AA_SFS_FILE_BOOLEAN("profile", 1),
2381 AA_SFS_FILE_BOOLEAN("pivot_root", 0),
2382 AA_SFS_FILE_STRING("mask", "userns_create"),
2383 { }
2384 };
2385
2386 static struct aa_sfs_entry aa_sfs_entry_query_label[] = {
2387 AA_SFS_FILE_STRING("perms", "allow deny audit quiet"),
2388 AA_SFS_FILE_BOOLEAN("data", 1),
2389 AA_SFS_FILE_BOOLEAN("multi_transaction", 1),
2390 { }
2391 };
2392
2393 static struct aa_sfs_entry aa_sfs_entry_query[] = {
2394 AA_SFS_DIR("label", aa_sfs_entry_query_label),
2395 { }
2396 };
2397
2398 static struct aa_sfs_entry aa_sfs_entry_io_uring[] = {
2399 AA_SFS_FILE_STRING("mask", "sqpoll override_creds"),
2400 { }
2401 };
2402
2403 static struct aa_sfs_entry aa_sfs_entry_features[] = {
2404 AA_SFS_DIR("policy", aa_sfs_entry_policy),
2405 AA_SFS_DIR("domain", aa_sfs_entry_domain),
2406 AA_SFS_DIR("file", aa_sfs_entry_file),
2407 AA_SFS_DIR("network_v8", aa_sfs_entry_network),
2408 AA_SFS_DIR("mount", aa_sfs_entry_mount),
2409 AA_SFS_DIR("namespaces", aa_sfs_entry_ns),
2410 AA_SFS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
2411 AA_SFS_DIR("rlimit", aa_sfs_entry_rlimit),
2412 AA_SFS_DIR("caps", aa_sfs_entry_caps),
2413 AA_SFS_DIR("ptrace", aa_sfs_entry_ptrace),
2414 AA_SFS_DIR("signal", aa_sfs_entry_signal),
2415 AA_SFS_DIR("query", aa_sfs_entry_query),
2416 AA_SFS_DIR("io_uring", aa_sfs_entry_io_uring),
2417 { }
2418 };
2419
2420 static struct aa_sfs_entry aa_sfs_entry_apparmor[] = {
2421 AA_SFS_FILE_FOPS(".access", 0666, &aa_sfs_access),
2422 AA_SFS_FILE_FOPS(".stacked", 0444, &seq_ns_stacked_fops),
2423 AA_SFS_FILE_FOPS(".ns_stacked", 0444, &seq_ns_nsstacked_fops),
2424 AA_SFS_FILE_FOPS(".ns_level", 0444, &seq_ns_level_fops),
2425 AA_SFS_FILE_FOPS(".ns_name", 0444, &seq_ns_name_fops),
2426 AA_SFS_FILE_FOPS("profiles", 0444, &aa_sfs_profiles_fops),
2427 AA_SFS_FILE_FOPS("raw_data_compression_level_min", 0444, &seq_ns_compress_min_fops),
2428 AA_SFS_FILE_FOPS("raw_data_compression_level_max", 0444, &seq_ns_compress_max_fops),
2429 AA_SFS_DIR("features", aa_sfs_entry_features),
2430 { }
2431 };
2432
2433 static struct aa_sfs_entry aa_sfs_entry =
2434 AA_SFS_DIR("apparmor", aa_sfs_entry_apparmor);
2435
2436 /**
2437 * entry_create_file - create a file entry in the apparmor securityfs
2438 * @fs_file: aa_sfs_entry to build an entry for (NOT NULL)
2439 * @parent: the parent dentry in the securityfs
2440 *
2441 * Use entry_remove_file to remove entries created with this fn.
2442 */
2443 static int __init entry_create_file(struct aa_sfs_entry *fs_file,
2444 struct dentry *parent)
2445 {
2446 int error = 0;
2447
2448 fs_file->dentry = securityfs_create_file(fs_file->name,
2449 S_IFREG | fs_file->mode,
2450 parent, fs_file,
2451 fs_file->file_ops);
2452 if (IS_ERR(fs_file->dentry)) {
2453 error = PTR_ERR(fs_file->dentry);
2454 fs_file->dentry = NULL;
2455 }
2456 return error;
2457 }
2458
2459 static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir);
2460 /**
2461 * entry_create_dir - recursively create a directory entry in the securityfs
2462 * @fs_dir: aa_sfs_entry (and all child entries) to build (NOT NULL)
2463 * @parent: the parent dentry in the securityfs
2464 *
2465 * Use entry_remove_dir to remove entries created with this fn.
2466 */
2467 static int __init entry_create_dir(struct aa_sfs_entry *fs_dir,
2468 struct dentry *parent)
2469 {
2470 struct aa_sfs_entry *fs_file;
2471 struct dentry *dir;
2472 int error;
2473
2474 dir = securityfs_create_dir(fs_dir->name, parent);
2475 if (IS_ERR(dir))
2476 return PTR_ERR(dir);
2477 fs_dir->dentry = dir;
2478
2479 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
2480 if (fs_file->v_type == AA_SFS_TYPE_DIR)
2481 error = entry_create_dir(fs_file, fs_dir->dentry);
2482 else
2483 error = entry_create_file(fs_file, fs_dir->dentry);
2484 if (error)
2485 goto failed;
2486 }
2487
2488 return 0;
2489
2490 failed:
2491 entry_remove_dir(fs_dir);
2492
2493 return error;
2494 }
2495
2496 /**
2497 * entry_remove_file - drop a single file entry in the apparmor securityfs
2498 * @fs_file: aa_sfs_entry to detach from the securityfs (NOT NULL)
2499 */
2500 static void __init entry_remove_file(struct aa_sfs_entry *fs_file)
2501 {
2502 if (!fs_file->dentry)
2503 return;
2504
2505 securityfs_remove(fs_file->dentry);
2506 fs_file->dentry = NULL;
2507 }
2508
2509 /**
2510 * entry_remove_dir - recursively drop a directory entry from the securityfs
2511 * @fs_dir: aa_sfs_entry (and all child entries) to detach (NOT NULL)
2512 */
2513 static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir)
2514 {
2515 struct aa_sfs_entry *fs_file;
2516
2517 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
2518 if (fs_file->v_type == AA_SFS_TYPE_DIR)
2519 entry_remove_dir(fs_file);
2520 else
2521 entry_remove_file(fs_file);
2522 }
2523
2524 entry_remove_file(fs_dir);
2525 }
2526
2527 /**
2528 * aa_destroy_aafs - cleanup and free aafs
2529 *
2530 * releases dentries allocated by aa_create_aafs
2531 */
2532 void __init aa_destroy_aafs(void)
2533 {
2534 entry_remove_dir(&aa_sfs_entry);
2535 }
2536
2537
2538 #define NULL_FILE_NAME ".null"
2539 struct path aa_null;
2540
2541 static int aa_mk_null_file(struct dentry *parent)
2542 {
2543 struct vfsmount *mount = NULL;
2544 struct dentry *dentry;
2545 struct inode *inode;
2546 int count = 0;
2547 int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count);
2548
2549 if (error)
2550 return error;
2551
2552 inode_lock(d_inode(parent));
2553 dentry = lookup_one_len(NULL_FILE_NAME, parent, strlen(NULL_FILE_NAME));
2554 if (IS_ERR(dentry)) {
2555 error = PTR_ERR(dentry);
2556 goto out;
2557 }
2558 inode = new_inode(parent->d_inode->i_sb);
2559 if (!inode) {
2560 error = -ENOMEM;
2561 goto out1;
2562 }
2563
2564 inode->i_ino = get_next_ino();
2565 inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
2566 simple_inode_init_ts(inode);
2567 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO,
2568 MKDEV(MEM_MAJOR, 3));
2569 d_instantiate(dentry, inode);
2570 aa_null.dentry = dget(dentry);
2571 aa_null.mnt = mntget(mount);
2572
2573 error = 0;
2574
2575 out1:
2576 dput(dentry);
2577 out:
2578 inode_unlock(d_inode(parent));
2579 simple_release_fs(&mount, &count);
2580 return error;
2581 }
2582
2583
2584
2585 static const char *policy_get_link(struct dentry *dentry,
2586 struct inode *inode,
2587 struct delayed_call *done)
2588 {
2589 struct aa_ns *ns;
2590 struct path path;
2591 int error;
2592
2593 if (!dentry)
2594 return ERR_PTR(-ECHILD);
2595
2596 ns = aa_get_current_ns();
2597 path.mnt = mntget(aafs_mnt);
2598 path.dentry = dget(ns_dir(ns));
2599 error = nd_jump_link(&path);
2600 aa_put_ns(ns);
2601
2602 return ERR_PTR(error);
2603 }
2604
2605 static int policy_readlink(struct dentry *dentry, char __user *buffer,
2606 int buflen)
2607 {
2608 char name[32];
2609 int res;
2610
2611 res = snprintf(name, sizeof(name), "%s:[%lu]", AAFS_NAME,
2612 d_inode(dentry)->i_ino);
2613 if (res > 0 && res < sizeof(name))
2614 res = readlink_copy(buffer, buflen, name);
2615 else
2616 res = -ENOENT;
2617
2618 return res;
2619 }
2620
2621 static const struct inode_operations policy_link_iops = {
2622 .readlink = policy_readlink,
2623 .get_link = policy_get_link,
2624 };
2625
2626
2627 /**
2628 * aa_create_aafs - create the apparmor security filesystem
2629 *
2630 * dentries created here are released by aa_destroy_aafs
2631 *
2632 * Returns: error on failure
2633 */
2634 static int __init aa_create_aafs(void)
2635 {
2636 struct dentry *dent;
2637 int error;
2638
2639 if (!apparmor_initialized)
2640 return 0;
2641
2642 if (aa_sfs_entry.dentry) {
2643 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
2644 return -EEXIST;
2645 }
2646
2647 /* setup apparmorfs used to virtualize policy/ */
2648 aafs_mnt = kern_mount(&aafs_ops);
2649 if (IS_ERR(aafs_mnt))
2650 panic("can't set apparmorfs up\n");
2651 aafs_mnt->mnt_sb->s_flags &= ~SB_NOUSER;
2652
2653 /* Populate fs tree. */
2654 error = entry_create_dir(&aa_sfs_entry, NULL);
2655 if (error)
2656 goto error;
2657
2658 dent = securityfs_create_file(".load", 0666, aa_sfs_entry.dentry,
2659 NULL, &aa_fs_profile_load);
2660 if (IS_ERR(dent))
2661 goto dent_error;
2662 ns_subload(root_ns) = dent;
2663
2664 dent = securityfs_create_file(".replace", 0666, aa_sfs_entry.dentry,
2665 NULL, &aa_fs_profile_replace);
2666 if (IS_ERR(dent))
2667 goto dent_error;
2668 ns_subreplace(root_ns) = dent;
2669
2670 dent = securityfs_create_file(".remove", 0666, aa_sfs_entry.dentry,
2671 NULL, &aa_fs_profile_remove);
2672 if (IS_ERR(dent))
2673 goto dent_error;
2674 ns_subremove(root_ns) = dent;
2675
2676 dent = securityfs_create_file("revision", 0444, aa_sfs_entry.dentry,
2677 NULL, &aa_fs_ns_revision_fops);
2678 if (IS_ERR(dent))
2679 goto dent_error;
2680 ns_subrevision(root_ns) = dent;
2681
2682 /* policy tree referenced by magic policy symlink */
2683 mutex_lock_nested(&root_ns->lock, root_ns->level);
2684 error = __aafs_ns_mkdir(root_ns, aafs_mnt->mnt_root, ".policy",
2685 aafs_mnt->mnt_root);
2686 mutex_unlock(&root_ns->lock);
2687 if (error)
2688 goto error;
2689
2690 /* magic symlink similar to nsfs redirects based on task policy */
2691 dent = securityfs_create_symlink("policy", aa_sfs_entry.dentry,
2692 NULL, &policy_link_iops);
2693 if (IS_ERR(dent))
2694 goto dent_error;
2695
2696 error = aa_mk_null_file(aa_sfs_entry.dentry);
2697 if (error)
2698 goto error;
2699
2700 /* TODO: add default profile to apparmorfs */
2701
2702 /* Report that AppArmor fs is enabled */
2703 aa_info_message("AppArmor Filesystem Enabled");
2704 return 0;
2705
2706 dent_error:
2707 error = PTR_ERR(dent);
2708 error:
2709 aa_destroy_aafs();
2710 AA_ERROR("Error creating AppArmor securityfs\n");
2711 return error;
2712 }
2713
2714 fs_initcall(aa_create_aafs);
Kernel DRM miscellaneous fixes and cross-tree changes