search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
iommu/dma: Fix condition check in iommu_dma_unmap_sg
[linux/fpc-iii.git] / security / apparmor / policy_unpack.c
blobf6c2bcb2ab1456be2037ca0c4d2f25175fc2c0b3
1 /*
2 * AppArmor security module
3 *
4 * This file contains AppArmor functions for unpacking policy loaded from
5 * userspace.
6 *
7 * Copyright (C) 1998-2008 Novell/SUSE
8 * Copyright 2009-2010 Canonical Ltd.
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as
12 * published by the Free Software Foundation, version 2 of the
13 * License.
14 *
15 * AppArmor uses a serialized binary format for loading policy. To find
16 * policy format documentation see Documentation/admin-guide/LSM/apparmor.rst
17 * All policy is validated before it is used.
18 */
19
20 #include <asm/unaligned.h>
21 #include <linux/ctype.h>
22 #include <linux/errno.h>
23
24 #include "include/apparmor.h"
25 #include "include/audit.h"
26 #include "include/cred.h"
27 #include "include/crypto.h"
28 #include "include/match.h"
29 #include "include/path.h"
30 #include "include/policy.h"
31 #include "include/policy_unpack.h"
32
33 #define K_ABI_MASK 0x3ff
34 #define FORCE_COMPLAIN_FLAG 0x800
35 #define VERSION_LT(X, Y) (((X) & K_ABI_MASK) < ((Y) & K_ABI_MASK))
36 #define VERSION_GT(X, Y) (((X) & K_ABI_MASK) > ((Y) & K_ABI_MASK))
37
38 #define v5 5 /* base version */
39 #define v6 6 /* per entry policydb mediation check */
40 #define v7 7
41 #define v8 8 /* full network masking */
42
43 /*
44 * The AppArmor interface treats data as a type byte followed by the
45 * actual data. The interface has the notion of a a named entry
46 * which has a name (AA_NAME typecode followed by name string) followed by
47 * the entries typecode and data. Named types allow for optional
48 * elements and extensions to be added and tested for without breaking
49 * backwards compatibility.
50 */
51
52 enum aa_code {
53 AA_U8,
54 AA_U16,
55 AA_U32,
56 AA_U64,
57 AA_NAME, /* same as string except it is items name */
58 AA_STRING,
59 AA_BLOB,
60 AA_STRUCT,
61 AA_STRUCTEND,
62 AA_LIST,
63 AA_LISTEND,
64 AA_ARRAY,
65 AA_ARRAYEND,
66 };
67
68 /*
69 * aa_ext is the read of the buffer containing the serialized profile. The
70 * data is copied into a kernel buffer in apparmorfs and then handed off to
71 * the unpack routines.
72 */
73 struct aa_ext {
74 void *start;
75 void *end;
76 void *pos; /* pointer to current position in the buffer */
77 u32 version;
78 };
79
80 /* audit callback for unpack fields */
81 static void audit_cb(struct audit_buffer *ab, void *va)
82 {
83 struct common_audit_data *sa = va;
84
85 if (aad(sa)->iface.ns) {
86 audit_log_format(ab, " ns=");
87 audit_log_untrustedstring(ab, aad(sa)->iface.ns);
88 }
89 if (aad(sa)->name) {
90 audit_log_format(ab, " name=");
91 audit_log_untrustedstring(ab, aad(sa)->name);
92 }
93 if (aad(sa)->iface.pos)
94 audit_log_format(ab, " offset=%ld", aad(sa)->iface.pos);
95 }
96
97 /**
98 * audit_iface - do audit message for policy unpacking/load/replace/remove
99 * @new: profile if it has been allocated (MAYBE NULL)
100 * @ns_name: name of the ns the profile is to be loaded to (MAY BE NULL)
101 * @name: name of the profile being manipulated (MAYBE NULL)
102 * @info: any extra info about the failure (MAYBE NULL)
103 * @e: buffer position info
104 * @error: error code
105 *
106 * Returns: %0 or error
107 */
108 static int audit_iface(struct aa_profile *new, const char *ns_name,
109 const char *name, const char *info, struct aa_ext *e,
110 int error)
111 {
112 struct aa_profile *profile = labels_profile(aa_current_raw_label());
113 DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, NULL);
114 if (e)
115 aad(&sa)->iface.pos = e->pos - e->start;
116 aad(&sa)->iface.ns = ns_name;
117 if (new)
118 aad(&sa)->name = new->base.hname;
119 else
120 aad(&sa)->name = name;
121 aad(&sa)->info = info;
122 aad(&sa)->error = error;
123
124 return aa_audit(AUDIT_APPARMOR_STATUS, profile, &sa, audit_cb);
125 }
126
127 void __aa_loaddata_update(struct aa_loaddata *data, long revision)
128 {
129 AA_BUG(!data);
130 AA_BUG(!data->ns);
131 AA_BUG(!data->dents[AAFS_LOADDATA_REVISION]);
132 AA_BUG(!mutex_is_locked(&data->ns->lock));
133 AA_BUG(data->revision > revision);
134
135 data->revision = revision;
136 d_inode(data->dents[AAFS_LOADDATA_DIR])->i_mtime =
137 current_time(d_inode(data->dents[AAFS_LOADDATA_DIR]));
138 d_inode(data->dents[AAFS_LOADDATA_REVISION])->i_mtime =
139 current_time(d_inode(data->dents[AAFS_LOADDATA_REVISION]));
140 }
141
142 bool aa_rawdata_eq(struct aa_loaddata *l, struct aa_loaddata *r)
143 {
144 if (l->size != r->size)
145 return false;
146 if (aa_g_hash_policy && memcmp(l->hash, r->hash, aa_hash_size()) != 0)
147 return false;
148 return memcmp(l->data, r->data, r->size) == 0;
149 }
150
151 /*
152 * need to take the ns mutex lock which is NOT safe most places that
153 * put_loaddata is called, so we have to delay freeing it
154 */
155 static void do_loaddata_free(struct work_struct *work)
156 {
157 struct aa_loaddata *d = container_of(work, struct aa_loaddata, work);
158 struct aa_ns *ns = aa_get_ns(d->ns);
159
160 if (ns) {
161 mutex_lock_nested(&ns->lock, ns->level);
162 __aa_fs_remove_rawdata(d);
163 mutex_unlock(&ns->lock);
164 aa_put_ns(ns);
165 }
166
167 kzfree(d->hash);
168 kzfree(d->name);
169 kvfree(d->data);
170 kzfree(d);
171 }
172
173 void aa_loaddata_kref(struct kref *kref)
174 {
175 struct aa_loaddata *d = container_of(kref, struct aa_loaddata, count);
176
177 if (d) {
178 INIT_WORK(&d->work, do_loaddata_free);
179 schedule_work(&d->work);
180 }
181 }
182
183 struct aa_loaddata *aa_loaddata_alloc(size_t size)
184 {
185 struct aa_loaddata *d;
186
187 d = kzalloc(sizeof(*d), GFP_KERNEL);
188 if (d == NULL)
189 return ERR_PTR(-ENOMEM);
190 d->data = kvzalloc(size, GFP_KERNEL);
191 if (!d->data) {
192 kfree(d);
193 return ERR_PTR(-ENOMEM);
194 }
195 kref_init(&d->count);
196 INIT_LIST_HEAD(&d->list);
197
198 return d;
199 }
200
201 /* test if read will be in packed data bounds */
202 static bool inbounds(struct aa_ext *e, size_t size)
203 {
204 return (size <= e->end - e->pos);
205 }
206
207 static void *kvmemdup(const void *src, size_t len)
208 {
209 void *p = kvmalloc(len, GFP_KERNEL);
210
211 if (p)
212 memcpy(p, src, len);
213 return p;
214 }
215
216 /**
217 * aa_u16_chunck - test and do bounds checking for a u16 size based chunk
218 * @e: serialized data read head (NOT NULL)
219 * @chunk: start address for chunk of data (NOT NULL)
220 *
221 * Returns: the size of chunk found with the read head at the end of the chunk.
222 */
223 static size_t unpack_u16_chunk(struct aa_ext *e, char **chunk)
224 {
225 size_t size = 0;
226
227 if (!inbounds(e, sizeof(u16)))
228 return 0;
229 size = le16_to_cpu(get_unaligned((__le16 *) e->pos));
230 e->pos += sizeof(__le16);
231 if (!inbounds(e, size))
232 return 0;
233 *chunk = e->pos;
234 e->pos += size;
235 return size;
236 }
237
238 /* unpack control byte */
239 static bool unpack_X(struct aa_ext *e, enum aa_code code)
240 {
241 if (!inbounds(e, 1))
242 return 0;
243 if (*(u8 *) e->pos != code)
244 return 0;
245 e->pos++;
246 return 1;
247 }
248
249 /**
250 * unpack_nameX - check is the next element is of type X with a name of @name
251 * @e: serialized data extent information (NOT NULL)
252 * @code: type code
253 * @name: name to match to the serialized element. (MAYBE NULL)
254 *
255 * check that the next serialized data element is of type X and has a tag
256 * name @name. If @name is specified then there must be a matching
257 * name element in the stream. If @name is NULL any name element will be
258 * skipped and only the typecode will be tested.
259 *
260 * Returns 1 on success (both type code and name tests match) and the read
261 * head is advanced past the headers
262 *
263 * Returns: 0 if either match fails, the read head does not move
264 */
265 static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name)
266 {
267 /*
268 * May need to reset pos if name or type doesn't match
269 */
270 void *pos = e->pos;
271 /*
272 * Check for presence of a tagname, and if present name size
273 * AA_NAME tag value is a u16.
274 */
275 if (unpack_X(e, AA_NAME)) {
276 char *tag = NULL;
277 size_t size = unpack_u16_chunk(e, &tag);
278 /* if a name is specified it must match. otherwise skip tag */
279 if (name && (!size || strcmp(name, tag)))
280 goto fail;
281 } else if (name) {
282 /* if a name is specified and there is no name tag fail */
283 goto fail;
284 }
285
286 /* now check if type code matches */
287 if (unpack_X(e, code))
288 return 1;
289
290 fail:
291 e->pos = pos;
292 return 0;
293 }
294
295 static bool unpack_u8(struct aa_ext *e, u8 *data, const char *name)
296 {
297 if (unpack_nameX(e, AA_U8, name)) {
298 if (!inbounds(e, sizeof(u8)))
299 return 0;
300 if (data)
301 *data = get_unaligned((u8 *)e->pos);
302 e->pos += sizeof(u8);
303 return 1;
304 }
305 return 0;
306 }
307
308 static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name)
309 {
310 if (unpack_nameX(e, AA_U32, name)) {
311 if (!inbounds(e, sizeof(u32)))
312 return 0;
313 if (data)
314 *data = le32_to_cpu(get_unaligned((__le32 *) e->pos));
315 e->pos += sizeof(u32);
316 return 1;
317 }
318 return 0;
319 }
320
321 static bool unpack_u64(struct aa_ext *e, u64 *data, const char *name)
322 {
323 if (unpack_nameX(e, AA_U64, name)) {
324 if (!inbounds(e, sizeof(u64)))
325 return 0;
326 if (data)
327 *data = le64_to_cpu(get_unaligned((__le64 *) e->pos));
328 e->pos += sizeof(u64);
329 return 1;
330 }
331 return 0;
332 }
333
334 static size_t unpack_array(struct aa_ext *e, const char *name)
335 {
336 if (unpack_nameX(e, AA_ARRAY, name)) {
337 int size;
338 if (!inbounds(e, sizeof(u16)))
339 return 0;
340 size = (int)le16_to_cpu(get_unaligned((__le16 *) e->pos));
341 e->pos += sizeof(u16);
342 return size;
343 }
344 return 0;
345 }
346
347 static size_t unpack_blob(struct aa_ext *e, char **blob, const char *name)
348 {
349 if (unpack_nameX(e, AA_BLOB, name)) {
350 u32 size;
351 if (!inbounds(e, sizeof(u32)))
352 return 0;
353 size = le32_to_cpu(get_unaligned((__le32 *) e->pos));
354 e->pos += sizeof(u32);
355 if (inbounds(e, (size_t) size)) {
356 *blob = e->pos;
357 e->pos += size;
358 return size;
359 }
360 }
361 return 0;
362 }
363
364 static int unpack_str(struct aa_ext *e, const char **string, const char *name)
365 {
366 char *src_str;
367 size_t size = 0;
368 void *pos = e->pos;
369 *string = NULL;
370 if (unpack_nameX(e, AA_STRING, name)) {
371 size = unpack_u16_chunk(e, &src_str);
372 if (size) {
373 /* strings are null terminated, length is size - 1 */
374 if (src_str[size - 1] != 0)
375 goto fail;
376 *string = src_str;
377 }
378 }
379 return size;
380
381 fail:
382 e->pos = pos;
383 return 0;
384 }
385
386 static int unpack_strdup(struct aa_ext *e, char **string, const char *name)
387 {
388 const char *tmp;
389 void *pos = e->pos;
390 int res = unpack_str(e, &tmp, name);
391 *string = NULL;
392
393 if (!res)
394 return 0;
395
396 *string = kmemdup(tmp, res, GFP_KERNEL);
397 if (!*string) {
398 e->pos = pos;
399 return 0;
400 }
401
402 return res;
403 }
404
405
406 /**
407 * unpack_dfa - unpack a file rule dfa
408 * @e: serialized data extent information (NOT NULL)
409 *
410 * returns dfa or ERR_PTR or NULL if no dfa
411 */
412 static struct aa_dfa *unpack_dfa(struct aa_ext *e)
413 {
414 char *blob = NULL;
415 size_t size;
416 struct aa_dfa *dfa = NULL;
417
418 size = unpack_blob(e, &blob, "aadfa");
419 if (size) {
420 /*
421 * The dfa is aligned with in the blob to 8 bytes
422 * from the beginning of the stream.
423 * alignment adjust needed by dfa unpack
424 */
425 size_t sz = blob - (char *) e->start -
426 ((e->pos - e->start) & 7);
427 size_t pad = ALIGN(sz, 8) - sz;
428 int flags = TO_ACCEPT1_FLAG(YYTD_DATA32) |
429 TO_ACCEPT2_FLAG(YYTD_DATA32) | DFA_FLAG_VERIFY_STATES;
430 dfa = aa_dfa_unpack(blob + pad, size - pad, flags);
431
432 if (IS_ERR(dfa))
433 return dfa;
434
435 }
436
437 return dfa;
438 }
439
440 /**
441 * unpack_trans_table - unpack a profile transition table
442 * @e: serialized data extent information (NOT NULL)
443 * @profile: profile to add the accept table to (NOT NULL)
444 *
445 * Returns: 1 if table successfully unpacked
446 */
447 static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
448 {
449 void *saved_pos = e->pos;
450
451 /* exec table is optional */
452 if (unpack_nameX(e, AA_STRUCT, "xtable")) {
453 int i, size;
454
455 size = unpack_array(e, NULL);
456 /* currently 4 exec bits and entries 0-3 are reserved iupcx */
457 if (size > 16 - 4)
458 goto fail;
459 profile->file.trans.table = kcalloc(size, sizeof(char *),
460 GFP_KERNEL);
461 if (!profile->file.trans.table)
462 goto fail;
463
464 profile->file.trans.size = size;
465 for (i = 0; i < size; i++) {
466 char *str;
467 int c, j, pos, size2 = unpack_strdup(e, &str, NULL);
468 /* unpack_strdup verifies that the last character is
469 * null termination byte.
470 */
471 if (!size2)
472 goto fail;
473 profile->file.trans.table[i] = str;
474 /* verify that name doesn't start with space */
475 if (isspace(*str))
476 goto fail;
477
478 /* count internal # of internal \0 */
479 for (c = j = 0; j < size2 - 1; j++) {
480 if (!str[j]) {
481 pos = j;
482 c++;
483 }
484 }
485 if (*str == ':') {
486 /* first character after : must be valid */
487 if (!str[1])
488 goto fail;
489 /* beginning with : requires an embedded \0,
490 * verify that exactly 1 internal \0 exists
491 * trailing \0 already verified by unpack_strdup
492 *
493 * convert \0 back to : for label_parse
494 */
495 if (c == 1)
496 str[pos] = ':';
497 else if (c > 1)
498 goto fail;
499 } else if (c)
500 /* fail - all other cases with embedded \0 */
501 goto fail;
502 }
503 if (!unpack_nameX(e, AA_ARRAYEND, NULL))
504 goto fail;
505 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
506 goto fail;
507 }
508 return 1;
509
510 fail:
511 aa_free_domain_entries(&profile->file.trans);
512 e->pos = saved_pos;
513 return 0;
514 }
515
516 static bool unpack_xattrs(struct aa_ext *e, struct aa_profile *profile)
517 {
518 void *pos = e->pos;
519
520 if (unpack_nameX(e, AA_STRUCT, "xattrs")) {
521 int i, size;
522
523 size = unpack_array(e, NULL);
524 profile->xattr_count = size;
525 profile->xattrs = kcalloc(size, sizeof(char *), GFP_KERNEL);
526 if (!profile->xattrs)
527 goto fail;
528 for (i = 0; i < size; i++) {
529 if (!unpack_strdup(e, &profile->xattrs[i], NULL))
530 goto fail;
531 }
532 if (!unpack_nameX(e, AA_ARRAYEND, NULL))
533 goto fail;
534 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
535 goto fail;
536 }
537
538 return 1;
539
540 fail:
541 e->pos = pos;
542 return 0;
543 }
544
545 static bool unpack_secmark(struct aa_ext *e, struct aa_profile *profile)
546 {
547 void *pos = e->pos;
548 int i, size;
549
550 if (unpack_nameX(e, AA_STRUCT, "secmark")) {
551 size = unpack_array(e, NULL);
552
553 profile->secmark = kcalloc(size, sizeof(struct aa_secmark),
554 GFP_KERNEL);
555 if (!profile->secmark)
556 goto fail;
557
558 profile->secmark_count = size;
559
560 for (i = 0; i < size; i++) {
561 if (!unpack_u8(e, &profile->secmark[i].audit, NULL))
562 goto fail;
563 if (!unpack_u8(e, &profile->secmark[i].deny, NULL))
564 goto fail;
565 if (!unpack_strdup(e, &profile->secmark[i].label, NULL))
566 goto fail;
567 }
568 if (!unpack_nameX(e, AA_ARRAYEND, NULL))
569 goto fail;
570 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
571 goto fail;
572 }
573
574 return 1;
575
576 fail:
577 if (profile->secmark) {
578 for (i = 0; i < size; i++)
579 kfree(profile->secmark[i].label);
580 kfree(profile->secmark);
581 profile->secmark_count = 0;
582 profile->secmark = NULL;
583 }
584
585 e->pos = pos;
586 return 0;
587 }
588
589 static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile)
590 {
591 void *pos = e->pos;
592
593 /* rlimits are optional */
594 if (unpack_nameX(e, AA_STRUCT, "rlimits")) {
595 int i, size;
596 u32 tmp = 0;
597 if (!unpack_u32(e, &tmp, NULL))
598 goto fail;
599 profile->rlimits.mask = tmp;
600
601 size = unpack_array(e, NULL);
602 if (size > RLIM_NLIMITS)
603 goto fail;
604 for (i = 0; i < size; i++) {
605 u64 tmp2 = 0;
606 int a = aa_map_resource(i);
607 if (!unpack_u64(e, &tmp2, NULL))
608 goto fail;
609 profile->rlimits.limits[a].rlim_max = tmp2;
610 }
611 if (!unpack_nameX(e, AA_ARRAYEND, NULL))
612 goto fail;
613 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
614 goto fail;
615 }
616 return 1;
617
618 fail:
619 e->pos = pos;
620 return 0;
621 }
622
623 static u32 strhash(const void *data, u32 len, u32 seed)
624 {
625 const char * const *key = data;
626
627 return jhash(*key, strlen(*key), seed);
628 }
629
630 static int datacmp(struct rhashtable_compare_arg *arg, const void *obj)
631 {
632 const struct aa_data *data = obj;
633 const char * const *key = arg->key;
634
635 return strcmp(data->key, *key);
636 }
637
638 /**
639 * unpack_profile - unpack a serialized profile
640 * @e: serialized data extent information (NOT NULL)
641 *
642 * NOTE: unpack profile sets audit struct if there is a failure
643 */
644 static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
645 {
646 struct aa_profile *profile = NULL;
647 const char *tmpname, *tmpns = NULL, *name = NULL;
648 const char *info = "failed to unpack profile";
649 size_t ns_len;
650 struct rhashtable_params params = { 0 };
651 char *key = NULL;
652 struct aa_data *data;
653 int i, error = -EPROTO;
654 kernel_cap_t tmpcap;
655 u32 tmp;
656
657 *ns_name = NULL;
658
659 /* check that we have the right struct being passed */
660 if (!unpack_nameX(e, AA_STRUCT, "profile"))
661 goto fail;
662 if (!unpack_str(e, &name, NULL))
663 goto fail;
664 if (*name == '\0')
665 goto fail;
666
667 tmpname = aa_splitn_fqname(name, strlen(name), &tmpns, &ns_len);
668 if (tmpns) {
669 *ns_name = kstrndup(tmpns, ns_len, GFP_KERNEL);
670 if (!*ns_name) {
671 info = "out of memory";
672 goto fail;
673 }
674 name = tmpname;
675 }
676
677 profile = aa_alloc_profile(name, NULL, GFP_KERNEL);
678 if (!profile)
679 return ERR_PTR(-ENOMEM);
680
681 /* profile renaming is optional */
682 (void) unpack_str(e, &profile->rename, "rename");
683
684 /* attachment string is optional */
685 (void) unpack_str(e, &profile->attach, "attach");
686
687 /* xmatch is optional and may be NULL */
688 profile->xmatch = unpack_dfa(e);
689 if (IS_ERR(profile->xmatch)) {
690 error = PTR_ERR(profile->xmatch);
691 profile->xmatch = NULL;
692 info = "bad xmatch";
693 goto fail;
694 }
695 /* xmatch_len is not optional if xmatch is set */
696 if (profile->xmatch) {
697 if (!unpack_u32(e, &tmp, NULL)) {
698 info = "missing xmatch len";
699 goto fail;
700 }
701 profile->xmatch_len = tmp;
702 }
703
704 /* disconnected attachment string is optional */
705 (void) unpack_str(e, &profile->disconnected, "disconnected");
706
707 /* per profile debug flags (complain, audit) */
708 if (!unpack_nameX(e, AA_STRUCT, "flags")) {
709 info = "profile missing flags";
710 goto fail;
711 }
712 info = "failed to unpack profile flags";
713 if (!unpack_u32(e, &tmp, NULL))
714 goto fail;
715 if (tmp & PACKED_FLAG_HAT)
716 profile->label.flags |= FLAG_HAT;
717 if (!unpack_u32(e, &tmp, NULL))
718 goto fail;
719 if (tmp == PACKED_MODE_COMPLAIN || (e->version & FORCE_COMPLAIN_FLAG))
720 profile->mode = APPARMOR_COMPLAIN;
721 else if (tmp == PACKED_MODE_KILL)
722 profile->mode = APPARMOR_KILL;
723 else if (tmp == PACKED_MODE_UNCONFINED)
724 profile->mode = APPARMOR_UNCONFINED;
725 if (!unpack_u32(e, &tmp, NULL))
726 goto fail;
727 if (tmp)
728 profile->audit = AUDIT_ALL;
729
730 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
731 goto fail;
732
733 /* path_flags is optional */
734 if (unpack_u32(e, &profile->path_flags, "path_flags"))
735 profile->path_flags |= profile->label.flags &
736 PATH_MEDIATE_DELETED;
737 else
738 /* set a default value if path_flags field is not present */
739 profile->path_flags = PATH_MEDIATE_DELETED;
740
741 info = "failed to unpack profile capabilities";
742 if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL))
743 goto fail;
744 if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL))
745 goto fail;
746 if (!unpack_u32(e, &(profile->caps.quiet.cap[0]), NULL))
747 goto fail;
748 if (!unpack_u32(e, &tmpcap.cap[0], NULL))
749 goto fail;
750
751 info = "failed to unpack upper profile capabilities";
752 if (unpack_nameX(e, AA_STRUCT, "caps64")) {
753 /* optional upper half of 64 bit caps */
754 if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL))
755 goto fail;
756 if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL))
757 goto fail;
758 if (!unpack_u32(e, &(profile->caps.quiet.cap[1]), NULL))
759 goto fail;
760 if (!unpack_u32(e, &(tmpcap.cap[1]), NULL))
761 goto fail;
762 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
763 goto fail;
764 }
765
766 info = "failed to unpack extended profile capabilities";
767 if (unpack_nameX(e, AA_STRUCT, "capsx")) {
768 /* optional extended caps mediation mask */
769 if (!unpack_u32(e, &(profile->caps.extended.cap[0]), NULL))
770 goto fail;
771 if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL))
772 goto fail;
773 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
774 goto fail;
775 }
776
777 if (!unpack_xattrs(e, profile)) {
778 info = "failed to unpack profile xattrs";
779 goto fail;
780 }
781
782 if (!unpack_rlimits(e, profile)) {
783 info = "failed to unpack profile rlimits";
784 goto fail;
785 }
786
787 if (!unpack_secmark(e, profile)) {
788 info = "failed to unpack profile secmark rules";
789 goto fail;
790 }
791
792 if (unpack_nameX(e, AA_STRUCT, "policydb")) {
793 /* generic policy dfa - optional and may be NULL */
794 info = "failed to unpack policydb";
795 profile->policy.dfa = unpack_dfa(e);
796 if (IS_ERR(profile->policy.dfa)) {
797 error = PTR_ERR(profile->policy.dfa);
798 profile->policy.dfa = NULL;
799 goto fail;
800 } else if (!profile->policy.dfa) {
801 error = -EPROTO;
802 goto fail;
803 }
804 if (!unpack_u32(e, &profile->policy.start[0], "start"))
805 /* default start state */
806 profile->policy.start[0] = DFA_START;
807 /* setup class index */
808 for (i = AA_CLASS_FILE; i <= AA_CLASS_LAST; i++) {
809 profile->policy.start[i] =
810 aa_dfa_next(profile->policy.dfa,
811 profile->policy.start[0],
812 i);
813 }
814 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
815 goto fail;
816 } else
817 profile->policy.dfa = aa_get_dfa(nulldfa);
818
819 /* get file rules */
820 profile->file.dfa = unpack_dfa(e);
821 if (IS_ERR(profile->file.dfa)) {
822 error = PTR_ERR(profile->file.dfa);
823 profile->file.dfa = NULL;
824 info = "failed to unpack profile file rules";
825 goto fail;
826 } else if (profile->file.dfa) {
827 if (!unpack_u32(e, &profile->file.start, "dfa_start"))
828 /* default start state */
829 profile->file.start = DFA_START;
830 } else if (profile->policy.dfa &&
831 profile->policy.start[AA_CLASS_FILE]) {
832 profile->file.dfa = aa_get_dfa(profile->policy.dfa);
833 profile->file.start = profile->policy.start[AA_CLASS_FILE];
834 } else
835 profile->file.dfa = aa_get_dfa(nulldfa);
836
837 if (!unpack_trans_table(e, profile)) {
838 info = "failed to unpack profile transition table";
839 goto fail;
840 }
841
842 if (unpack_nameX(e, AA_STRUCT, "data")) {
843 info = "out of memory";
844 profile->data = kzalloc(sizeof(*profile->data), GFP_KERNEL);
845 if (!profile->data)
846 goto fail;
847
848 params.nelem_hint = 3;
849 params.key_len = sizeof(void *);
850 params.key_offset = offsetof(struct aa_data, key);
851 params.head_offset = offsetof(struct aa_data, head);
852 params.hashfn = strhash;
853 params.obj_cmpfn = datacmp;
854
855 if (rhashtable_init(profile->data, &params)) {
856 info = "failed to init key, value hash table";
857 goto fail;
858 }
859
860 while (unpack_strdup(e, &key, NULL)) {
861 data = kzalloc(sizeof(*data), GFP_KERNEL);
862 if (!data) {
863 kzfree(key);
864 goto fail;
865 }
866
867 data->key = key;
868 data->size = unpack_blob(e, &data->data, NULL);
869 data->data = kvmemdup(data->data, data->size);
870 if (data->size && !data->data) {
871 kzfree(data->key);
872 kzfree(data);
873 goto fail;
874 }
875
876 rhashtable_insert_fast(profile->data, &data->head,
877 profile->data->p);
878 }
879
880 if (!unpack_nameX(e, AA_STRUCTEND, NULL)) {
881 info = "failed to unpack end of key, value data table";
882 goto fail;
883 }
884 }
885
886 if (!unpack_nameX(e, AA_STRUCTEND, NULL)) {
887 info = "failed to unpack end of profile";
888 goto fail;
889 }
890
891 return profile;
892
893 fail:
894 if (profile)
895 name = NULL;
896 else if (!name)
897 name = "unknown";
898 audit_iface(profile, NULL, name, info, e, error);
899 aa_free_profile(profile);
900
901 return ERR_PTR(error);
902 }
903
904 /**
905 * verify_head - unpack serialized stream header
906 * @e: serialized data read head (NOT NULL)
907 * @required: whether the header is required or optional
908 * @ns: Returns - namespace if one is specified else NULL (NOT NULL)
909 *
910 * Returns: error or 0 if header is good
911 */
912 static int verify_header(struct aa_ext *e, int required, const char **ns)
913 {
914 int error = -EPROTONOSUPPORT;
915 const char *name = NULL;
916 *ns = NULL;
917
918 /* get the interface version */
919 if (!unpack_u32(e, &e->version, "version")) {
920 if (required) {
921 audit_iface(NULL, NULL, NULL, "invalid profile format",
922 e, error);
923 return error;
924 }
925 }
926
927 /* Check that the interface version is currently supported.
928 * if not specified use previous version
929 * Mask off everything that is not kernel abi version
930 */
931 if (VERSION_LT(e->version, v5) || VERSION_GT(e->version, v7)) {
932 audit_iface(NULL, NULL, NULL, "unsupported interface version",
933 e, error);
934 return error;
935 }
936
937 /* read the namespace if present */
938 if (unpack_str(e, &name, "namespace")) {
939 if (*name == '\0') {
940 audit_iface(NULL, NULL, NULL, "invalid namespace name",
941 e, error);
942 return error;
943 }
944 if (*ns && strcmp(*ns, name))
945 audit_iface(NULL, NULL, NULL, "invalid ns change", e,
946 error);
947 else if (!*ns)
948 *ns = name;
949 }
950
951 return 0;
952 }
953
954 static bool verify_xindex(int xindex, int table_size)
955 {
956 int index, xtype;
957 xtype = xindex & AA_X_TYPE_MASK;
958 index = xindex & AA_X_INDEX_MASK;
959 if (xtype == AA_X_TABLE && index >= table_size)
960 return 0;
961 return 1;
962 }
963
964 /* verify dfa xindexes are in range of transition tables */
965 static bool verify_dfa_xindex(struct aa_dfa *dfa, int table_size)
966 {
967 int i;
968 for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) {
969 if (!verify_xindex(dfa_user_xindex(dfa, i), table_size))
970 return 0;
971 if (!verify_xindex(dfa_other_xindex(dfa, i), table_size))
972 return 0;
973 }
974 return 1;
975 }
976
977 /**
978 * verify_profile - Do post unpack analysis to verify profile consistency
979 * @profile: profile to verify (NOT NULL)
980 *
981 * Returns: 0 if passes verification else error
982 */
983 static int verify_profile(struct aa_profile *profile)
984 {
985 if (profile->file.dfa &&
986 !verify_dfa_xindex(profile->file.dfa,
987 profile->file.trans.size)) {
988 audit_iface(profile, NULL, NULL, "Invalid named transition",
989 NULL, -EPROTO);
990 return -EPROTO;
991 }
992
993 return 0;
994 }
995
996 void aa_load_ent_free(struct aa_load_ent *ent)
997 {
998 if (ent) {
999 aa_put_profile(ent->rename);
1000 aa_put_profile(ent->old);
1001 aa_put_profile(ent->new);
1002 kfree(ent->ns_name);
1003 kzfree(ent);
1004 }
1005 }
1006
1007 struct aa_load_ent *aa_load_ent_alloc(void)
1008 {
1009 struct aa_load_ent *ent = kzalloc(sizeof(*ent), GFP_KERNEL);
1010 if (ent)
1011 INIT_LIST_HEAD(&ent->list);
1012 return ent;
1013 }
1014
1015 /**
1016 * aa_unpack - unpack packed binary profile(s) data loaded from user space
1017 * @udata: user data copied to kmem (NOT NULL)
1018 * @lh: list to place unpacked profiles in a aa_repl_ws
1019 * @ns: Returns namespace profile is in if specified else NULL (NOT NULL)
1020 *
1021 * Unpack user data and return refcounted allocated profile(s) stored in
1022 * @lh in order of discovery, with the list chain stored in base.list
1023 * or error
1024 *
1025 * Returns: profile(s) on @lh else error pointer if fails to unpack
1026 */
1027 int aa_unpack(struct aa_loaddata *udata, struct list_head *lh,
1028 const char **ns)
1029 {
1030 struct aa_load_ent *tmp, *ent;
1031 struct aa_profile *profile = NULL;
1032 int error;
1033 struct aa_ext e = {
1034 .start = udata->data,
1035 .end = udata->data + udata->size,
1036 .pos = udata->data,
1037 };
1038
1039 *ns = NULL;
1040 while (e.pos < e.end) {
1041 char *ns_name = NULL;
1042 void *start;
1043 error = verify_header(&e, e.pos == e.start, ns);
1044 if (error)
1045 goto fail;
1046
1047 start = e.pos;
1048 profile = unpack_profile(&e, &ns_name);
1049 if (IS_ERR(profile)) {
1050 error = PTR_ERR(profile);
1051 goto fail;
1052 }
1053
1054 error = verify_profile(profile);
1055 if (error)
1056 goto fail_profile;
1057
1058 if (aa_g_hash_policy)
1059 error = aa_calc_profile_hash(profile, e.version, start,
1060 e.pos - start);
1061 if (error)
1062 goto fail_profile;
1063
1064 ent = aa_load_ent_alloc();
1065 if (!ent) {
1066 error = -ENOMEM;
1067 goto fail_profile;
1068 }
1069
1070 ent->new = profile;
1071 ent->ns_name = ns_name;
1072 list_add_tail(&ent->list, lh);
1073 }
1074 udata->abi = e.version & K_ABI_MASK;
1075 if (aa_g_hash_policy) {
1076 udata->hash = aa_calc_hash(udata->data, udata->size);
1077 if (IS_ERR(udata->hash)) {
1078 error = PTR_ERR(udata->hash);
1079 udata->hash = NULL;
1080 goto fail;
1081 }
1082 }
1083 return 0;
1084
1085 fail_profile:
1086 aa_put_profile(profile);
1087
1088 fail:
1089 list_for_each_entry_safe(ent, tmp, lh, list) {
1090 list_del_init(&ent->list);
1091 aa_load_ent_free(ent);
1092 }
1093
1094 return error;
1095 }
Linux with added FPC-III support