Linux 4.13.16
[linux/fpc-iii.git] / security / apparmor / procattr.c
blobd81617379d63d94d69d82a6949e11c7b74ef7180
1 /*
2 * AppArmor security module
4 * This file contains AppArmor /proc/<pid>/attr/ interface functions
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
15 #include "include/apparmor.h"
16 #include "include/context.h"
17 #include "include/policy.h"
18 #include "include/policy_ns.h"
19 #include "include/domain.h"
20 #include "include/procattr.h"
23 /**
24 * aa_getprocattr - Return the profile information for @profile
25 * @profile: the profile to print profile info about (NOT NULL)
26 * @string: Returns - string containing the profile info (NOT NULL)
28 * Returns: length of @string on success else error on failure
30 * Requires: profile != NULL
32 * Creates a string containing the namespace_name://profile_name for
33 * @profile.
35 * Returns: size of string placed in @string else error code on failure
37 int aa_getprocattr(struct aa_label *label, char **string)
39 struct aa_ns *ns = labels_ns(label);
40 struct aa_ns *current_ns = aa_get_current_ns();
41 int len;
43 if (!aa_ns_visible(current_ns, ns, true)) {
44 aa_put_ns(current_ns);
45 return -EACCES;
48 len = aa_label_snxprint(NULL, 0, current_ns, label,
49 FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
50 FLAG_HIDDEN_UNCONFINED);
51 AA_BUG(len < 0);
53 *string = kmalloc(len + 2, GFP_KERNEL);
54 if (!*string) {
55 aa_put_ns(current_ns);
56 return -ENOMEM;
59 len = aa_label_snxprint(*string, len + 2, current_ns, label,
60 FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
61 FLAG_HIDDEN_UNCONFINED);
62 if (len < 0) {
63 aa_put_ns(current_ns);
64 return len;
67 (*string)[len] = '\n';
68 (*string)[len + 1] = 0;
70 aa_put_ns(current_ns);
71 return len + 1;
74 /**
75 * split_token_from_name - separate a string of form <token>^<name>
76 * @op: operation being checked
77 * @args: string to parse (NOT NULL)
78 * @token: stores returned parsed token value (NOT NULL)
80 * Returns: start position of name after token else NULL on failure
82 static char *split_token_from_name(const char *op, char *args, u64 *token)
84 char *name;
86 *token = simple_strtoull(args, &name, 16);
87 if ((name == args) || *name != '^') {
88 AA_ERROR("%s: Invalid input '%s'", op, args);
89 return ERR_PTR(-EINVAL);
92 name++; /* skip ^ */
93 if (!*name)
94 name = NULL;
95 return name;
98 /**
99 * aa_setprocattr_chagnehat - handle procattr interface to change_hat
100 * @args: args received from writing to /proc/<pid>/attr/current (NOT NULL)
101 * @size: size of the args
102 * @flags: set of flags governing behavior
104 * Returns: %0 or error code if change_hat fails
106 int aa_setprocattr_changehat(char *args, size_t size, int flags)
108 char *hat;
109 u64 token;
110 const char *hats[16]; /* current hard limit on # of names */
111 int count = 0;
113 hat = split_token_from_name(OP_CHANGE_HAT, args, &token);
114 if (IS_ERR(hat))
115 return PTR_ERR(hat);
117 if (!hat && !token) {
118 AA_ERROR("change_hat: Invalid input, NULL hat and NULL magic");
119 return -EINVAL;
122 if (hat) {
123 /* set up hat name vector, args guaranteed null terminated
124 * at args[size] by setprocattr.
126 * If there are multiple hat names in the buffer each is
127 * separated by a \0. Ie. userspace writes them pre tokenized
129 char *end = args + size;
130 for (count = 0; (hat < end) && count < 16; ++count) {
131 char *next = hat + strlen(hat) + 1;
132 hats[count] = hat;
133 AA_DEBUG("%s: (pid %d) Magic 0x%llx count %d hat '%s'\n"
134 , __func__, current->pid, token, count, hat);
135 hat = next;
137 } else
138 AA_DEBUG("%s: (pid %d) Magic 0x%llx count %d Hat '%s'\n",
139 __func__, current->pid, token, count, "<NULL>");
141 return aa_change_hat(hats, count, token, flags);