search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
x86/mm/pat: Don't report PAT on CPUs that don't support it
[linux/fpc-iii.git] / security / apparmor / apparmorfs.c
blob41073f70eb41db135b8b68defa7523c161624991
1 /*
2 * AppArmor security module
3 *
4 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 */
14
15 #include <linux/ctype.h>
16 #include <linux/security.h>
17 #include <linux/vmalloc.h>
18 #include <linux/module.h>
19 #include <linux/seq_file.h>
20 #include <linux/uaccess.h>
21 #include <linux/mount.h>
22 #include <linux/namei.h>
23 #include <linux/capability.h>
24 #include <linux/rcupdate.h>
25 #include <uapi/linux/major.h>
26 #include <linux/fs.h>
27
28 #include "include/apparmor.h"
29 #include "include/apparmorfs.h"
30 #include "include/audit.h"
31 #include "include/context.h"
32 #include "include/crypto.h"
33 #include "include/policy.h"
34 #include "include/policy_ns.h"
35 #include "include/resource.h"
36 #include "include/policy_unpack.h"
37
38 /**
39 * aa_mangle_name - mangle a profile name to std profile layout form
40 * @name: profile name to mangle (NOT NULL)
41 * @target: buffer to store mangled name, same length as @name (MAYBE NULL)
42 *
43 * Returns: length of mangled name
44 */
45 static int mangle_name(const char *name, char *target)
46 {
47 char *t = target;
48
49 while (*name == '/' || *name == '.')
50 name++;
51
52 if (target) {
53 for (; *name; name++) {
54 if (*name == '/')
55 *(t)++ = '.';
56 else if (isspace(*name))
57 *(t)++ = '_';
58 else if (isalnum(*name) || strchr("._-", *name))
59 *(t)++ = *name;
60 }
61
62 *t = 0;
63 } else {
64 int len = 0;
65 for (; *name; name++) {
66 if (isalnum(*name) || isspace(*name) ||
67 strchr("/._-", *name))
68 len++;
69 }
70
71 return len;
72 }
73
74 return t - target;
75 }
76
77 /**
78 * aa_simple_write_to_buffer - common routine for getting policy from user
79 * @userbuf: user buffer to copy data from (NOT NULL)
80 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
81 * @copy_size: size of data to copy from user buffer
82 * @pos: position write is at in the file (NOT NULL)
83 *
84 * Returns: kernel buffer containing copy of user buffer data or an
85 * ERR_PTR on failure.
86 */
87 static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf,
88 size_t alloc_size,
89 size_t copy_size,
90 loff_t *pos)
91 {
92 struct aa_loaddata *data;
93
94 AA_BUG(copy_size > alloc_size);
95
96 if (*pos != 0)
97 /* only writes from pos 0, that is complete writes */
98 return ERR_PTR(-ESPIPE);
99
100 /* freed by caller to simple_write_to_buffer */
101 data = kvmalloc(sizeof(*data) + alloc_size);
102 if (data == NULL)
103 return ERR_PTR(-ENOMEM);
104 kref_init(&data->count);
105 data->size = copy_size;
106 data->hash = NULL;
107 data->abi = 0;
108
109 if (copy_from_user(data->data, userbuf, copy_size)) {
110 kvfree(data);
111 return ERR_PTR(-EFAULT);
112 }
113
114 return data;
115 }
116
117 static ssize_t policy_update(int binop, const char __user *buf, size_t size,
118 loff_t *pos, struct aa_ns *ns)
119 {
120 ssize_t error;
121 struct aa_loaddata *data;
122 struct aa_profile *profile = aa_current_profile();
123 const char *op = binop == PROF_ADD ? OP_PROF_LOAD : OP_PROF_REPL;
124 /* high level check about policy management - fine grained in
125 * below after unpack
126 */
127 error = aa_may_manage_policy(profile, ns, op);
128 if (error)
129 return error;
130
131 data = aa_simple_write_to_buffer(buf, size, size, pos);
132 error = PTR_ERR(data);
133 if (!IS_ERR(data)) {
134 error = aa_replace_profiles(ns ? ns : profile->ns, profile,
135 binop, data);
136 aa_put_loaddata(data);
137 }
138
139 return error;
140 }
141
142 /* .load file hook fn to load policy */
143 static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
144 loff_t *pos)
145 {
146 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
147 int error = policy_update(PROF_ADD, buf, size, pos, ns);
148
149 aa_put_ns(ns);
150
151 return error;
152 }
153
154 static const struct file_operations aa_fs_profile_load = {
155 .write = profile_load,
156 .llseek = default_llseek,
157 };
158
159 /* .replace file hook fn to load and/or replace policy */
160 static ssize_t profile_replace(struct file *f, const char __user *buf,
161 size_t size, loff_t *pos)
162 {
163 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
164 int error = policy_update(PROF_REPLACE, buf, size, pos, ns);
165
166 aa_put_ns(ns);
167
168 return error;
169 }
170
171 static const struct file_operations aa_fs_profile_replace = {
172 .write = profile_replace,
173 .llseek = default_llseek,
174 };
175
176 /* .remove file hook fn to remove loaded policy */
177 static ssize_t profile_remove(struct file *f, const char __user *buf,
178 size_t size, loff_t *pos)
179 {
180 struct aa_loaddata *data;
181 struct aa_profile *profile;
182 ssize_t error;
183 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
184
185 profile = aa_current_profile();
186 /* high level check about policy management - fine grained in
187 * below after unpack
188 */
189 error = aa_may_manage_policy(profile, ns, OP_PROF_RM);
190 if (error)
191 goto out;
192
193 /*
194 * aa_remove_profile needs a null terminated string so 1 extra
195 * byte is allocated and the copied data is null terminated.
196 */
197 data = aa_simple_write_to_buffer(buf, size + 1, size, pos);
198
199 error = PTR_ERR(data);
200 if (!IS_ERR(data)) {
201 data->data[size] = 0;
202 error = aa_remove_profiles(ns ? ns : profile->ns, profile,
203 data->data, size);
204 aa_put_loaddata(data);
205 }
206 out:
207 aa_put_ns(ns);
208 return error;
209 }
210
211 static const struct file_operations aa_fs_profile_remove = {
212 .write = profile_remove,
213 .llseek = default_llseek,
214 };
215
216 /**
217 * query_data - queries a policy and writes its data to buf
218 * @buf: the resulting data is stored here (NOT NULL)
219 * @buf_len: size of buf
220 * @query: query string used to retrieve data
221 * @query_len: size of query including second NUL byte
222 *
223 * The buffers pointed to by buf and query may overlap. The query buffer is
224 * parsed before buf is written to.
225 *
226 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of
227 * the security confinement context and <KEY> is the name of the data to
228 * retrieve. <LABEL> and <KEY> must not be NUL-terminated.
229 *
230 * Don't expect the contents of buf to be preserved on failure.
231 *
232 * Returns: number of characters written to buf or -errno on failure
233 */
234 static ssize_t query_data(char *buf, size_t buf_len,
235 char *query, size_t query_len)
236 {
237 char *out;
238 const char *key;
239 struct aa_profile *profile;
240 struct aa_data *data;
241 u32 bytes, blocks;
242 __le32 outle32;
243
244 if (!query_len)
245 return -EINVAL; /* need a query */
246
247 key = query + strnlen(query, query_len) + 1;
248 if (key + 1 >= query + query_len)
249 return -EINVAL; /* not enough space for a non-empty key */
250 if (key + strnlen(key, query + query_len - key) >= query + query_len)
251 return -EINVAL; /* must end with NUL */
252
253 if (buf_len < sizeof(bytes) + sizeof(blocks))
254 return -EINVAL; /* not enough space */
255
256 profile = aa_current_profile();
257
258 /* We are going to leave space for two numbers. The first is the total
259 * number of bytes we are writing after the first number. This is so
260 * users can read the full output without reallocation.
261 *
262 * The second number is the number of data blocks we're writing. An
263 * application might be confined by multiple policies having data in
264 * the same key.
265 */
266 memset(buf, 0, sizeof(bytes) + sizeof(blocks));
267 out = buf + sizeof(bytes) + sizeof(blocks);
268
269 blocks = 0;
270 if (profile->data) {
271 data = rhashtable_lookup_fast(profile->data, &key,
272 profile->data->p);
273
274 if (data) {
275 if (out + sizeof(outle32) + data->size > buf + buf_len)
276 return -EINVAL; /* not enough space */
277 outle32 = __cpu_to_le32(data->size);
278 memcpy(out, &outle32, sizeof(outle32));
279 out += sizeof(outle32);
280 memcpy(out, data->data, data->size);
281 out += data->size;
282 blocks++;
283 }
284 }
285
286 outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
287 memcpy(buf, &outle32, sizeof(outle32));
288 outle32 = __cpu_to_le32(blocks);
289 memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
290
291 return out - buf;
292 }
293
294 #define QUERY_CMD_DATA "data\0"
295 #define QUERY_CMD_DATA_LEN 5
296
297 /**
298 * aa_write_access - generic permissions and data query
299 * @file: pointer to open apparmorfs/access file
300 * @ubuf: user buffer containing the complete query string (NOT NULL)
301 * @count: size of ubuf
302 * @ppos: position in the file (MUST BE ZERO)
303 *
304 * Allows for one permissions or data query per open(), write(), and read()
305 * sequence. The only queries currently supported are label-based queries for
306 * permissions or data.
307 *
308 * For permissions queries, ubuf must begin with "label\0", followed by the
309 * profile query specific format described in the query_label() function
310 * documentation.
311 *
312 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where
313 * <LABEL> is the name of the security confinement context and <KEY> is the
314 * name of the data to retrieve.
315 *
316 * Returns: number of bytes written or -errno on failure
317 */
318 static ssize_t aa_write_access(struct file *file, const char __user *ubuf,
319 size_t count, loff_t *ppos)
320 {
321 char *buf;
322 ssize_t len;
323
324 if (*ppos)
325 return -ESPIPE;
326
327 buf = simple_transaction_get(file, ubuf, count);
328 if (IS_ERR(buf))
329 return PTR_ERR(buf);
330
331 if (count > QUERY_CMD_DATA_LEN &&
332 !memcmp(buf, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) {
333 len = query_data(buf, SIMPLE_TRANSACTION_LIMIT,
334 buf + QUERY_CMD_DATA_LEN,
335 count - QUERY_CMD_DATA_LEN);
336 } else
337 len = -EINVAL;
338
339 if (len < 0)
340 return len;
341
342 simple_transaction_set(file, len);
343
344 return count;
345 }
346
347 static const struct file_operations aa_fs_access = {
348 .write = aa_write_access,
349 .read = simple_transaction_read,
350 .release = simple_transaction_release,
351 .llseek = generic_file_llseek,
352 };
353
354 static int aa_fs_seq_show(struct seq_file *seq, void *v)
355 {
356 struct aa_fs_entry *fs_file = seq->private;
357
358 if (!fs_file)
359 return 0;
360
361 switch (fs_file->v_type) {
362 case AA_FS_TYPE_BOOLEAN:
363 seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
364 break;
365 case AA_FS_TYPE_STRING:
366 seq_printf(seq, "%s\n", fs_file->v.string);
367 break;
368 case AA_FS_TYPE_U64:
369 seq_printf(seq, "%#08lx\n", fs_file->v.u64);
370 break;
371 default:
372 /* Ignore unpritable entry types. */
373 break;
374 }
375
376 return 0;
377 }
378
379 static int aa_fs_seq_open(struct inode *inode, struct file *file)
380 {
381 return single_open(file, aa_fs_seq_show, inode->i_private);
382 }
383
384 const struct file_operations aa_fs_seq_file_ops = {
385 .owner = THIS_MODULE,
386 .open = aa_fs_seq_open,
387 .read = seq_read,
388 .llseek = seq_lseek,
389 .release = single_release,
390 };
391
392 static int aa_fs_seq_profile_open(struct inode *inode, struct file *file,
393 int (*show)(struct seq_file *, void *))
394 {
395 struct aa_proxy *proxy = aa_get_proxy(inode->i_private);
396 int error = single_open(file, show, proxy);
397
398 if (error) {
399 file->private_data = NULL;
400 aa_put_proxy(proxy);
401 }
402
403 return error;
404 }
405
406 static int aa_fs_seq_profile_release(struct inode *inode, struct file *file)
407 {
408 struct seq_file *seq = (struct seq_file *) file->private_data;
409 if (seq)
410 aa_put_proxy(seq->private);
411 return single_release(inode, file);
412 }
413
414 static int aa_fs_seq_profname_show(struct seq_file *seq, void *v)
415 {
416 struct aa_proxy *proxy = seq->private;
417 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
418 seq_printf(seq, "%s\n", profile->base.name);
419 aa_put_profile(profile);
420
421 return 0;
422 }
423
424 static int aa_fs_seq_profname_open(struct inode *inode, struct file *file)
425 {
426 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_profname_show);
427 }
428
429 static const struct file_operations aa_fs_profname_fops = {
430 .owner = THIS_MODULE,
431 .open = aa_fs_seq_profname_open,
432 .read = seq_read,
433 .llseek = seq_lseek,
434 .release = aa_fs_seq_profile_release,
435 };
436
437 static int aa_fs_seq_profmode_show(struct seq_file *seq, void *v)
438 {
439 struct aa_proxy *proxy = seq->private;
440 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
441 seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]);
442 aa_put_profile(profile);
443
444 return 0;
445 }
446
447 static int aa_fs_seq_profmode_open(struct inode *inode, struct file *file)
448 {
449 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_profmode_show);
450 }
451
452 static const struct file_operations aa_fs_profmode_fops = {
453 .owner = THIS_MODULE,
454 .open = aa_fs_seq_profmode_open,
455 .read = seq_read,
456 .llseek = seq_lseek,
457 .release = aa_fs_seq_profile_release,
458 };
459
460 static int aa_fs_seq_profattach_show(struct seq_file *seq, void *v)
461 {
462 struct aa_proxy *proxy = seq->private;
463 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
464 if (profile->attach)
465 seq_printf(seq, "%s\n", profile->attach);
466 else if (profile->xmatch)
467 seq_puts(seq, "<unknown>\n");
468 else
469 seq_printf(seq, "%s\n", profile->base.name);
470 aa_put_profile(profile);
471
472 return 0;
473 }
474
475 static int aa_fs_seq_profattach_open(struct inode *inode, struct file *file)
476 {
477 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_profattach_show);
478 }
479
480 static const struct file_operations aa_fs_profattach_fops = {
481 .owner = THIS_MODULE,
482 .open = aa_fs_seq_profattach_open,
483 .read = seq_read,
484 .llseek = seq_lseek,
485 .release = aa_fs_seq_profile_release,
486 };
487
488 static int aa_fs_seq_hash_show(struct seq_file *seq, void *v)
489 {
490 struct aa_proxy *proxy = seq->private;
491 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
492 unsigned int i, size = aa_hash_size();
493
494 if (profile->hash) {
495 for (i = 0; i < size; i++)
496 seq_printf(seq, "%.2x", profile->hash[i]);
497 seq_puts(seq, "\n");
498 }
499 aa_put_profile(profile);
500
501 return 0;
502 }
503
504 static int aa_fs_seq_hash_open(struct inode *inode, struct file *file)
505 {
506 return single_open(file, aa_fs_seq_hash_show, inode->i_private);
507 }
508
509 static const struct file_operations aa_fs_seq_hash_fops = {
510 .owner = THIS_MODULE,
511 .open = aa_fs_seq_hash_open,
512 .read = seq_read,
513 .llseek = seq_lseek,
514 .release = single_release,
515 };
516
517
518 static int aa_fs_seq_show_ns_level(struct seq_file *seq, void *v)
519 {
520 struct aa_ns *ns = aa_current_profile()->ns;
521
522 seq_printf(seq, "%d\n", ns->level);
523
524 return 0;
525 }
526
527 static int aa_fs_seq_open_ns_level(struct inode *inode, struct file *file)
528 {
529 return single_open(file, aa_fs_seq_show_ns_level, inode->i_private);
530 }
531
532 static const struct file_operations aa_fs_ns_level = {
533 .owner = THIS_MODULE,
534 .open = aa_fs_seq_open_ns_level,
535 .read = seq_read,
536 .llseek = seq_lseek,
537 .release = single_release,
538 };
539
540 static int aa_fs_seq_show_ns_name(struct seq_file *seq, void *v)
541 {
542 struct aa_ns *ns = aa_current_profile()->ns;
543
544 seq_printf(seq, "%s\n", ns->base.name);
545
546 return 0;
547 }
548
549 static int aa_fs_seq_open_ns_name(struct inode *inode, struct file *file)
550 {
551 return single_open(file, aa_fs_seq_show_ns_name, inode->i_private);
552 }
553
554 static const struct file_operations aa_fs_ns_name = {
555 .owner = THIS_MODULE,
556 .open = aa_fs_seq_open_ns_name,
557 .read = seq_read,
558 .llseek = seq_lseek,
559 .release = single_release,
560 };
561
562 static int rawdata_release(struct inode *inode, struct file *file)
563 {
564 /* TODO: switch to loaddata when profile switched to symlink */
565 aa_put_loaddata(file->private_data);
566
567 return 0;
568 }
569
570 static int aa_fs_seq_raw_abi_show(struct seq_file *seq, void *v)
571 {
572 struct aa_proxy *proxy = seq->private;
573 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
574
575 if (profile->rawdata->abi) {
576 seq_printf(seq, "v%d", profile->rawdata->abi);
577 seq_puts(seq, "\n");
578 }
579 aa_put_profile(profile);
580
581 return 0;
582 }
583
584 static int aa_fs_seq_raw_abi_open(struct inode *inode, struct file *file)
585 {
586 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_raw_abi_show);
587 }
588
589 static const struct file_operations aa_fs_seq_raw_abi_fops = {
590 .owner = THIS_MODULE,
591 .open = aa_fs_seq_raw_abi_open,
592 .read = seq_read,
593 .llseek = seq_lseek,
594 .release = aa_fs_seq_profile_release,
595 };
596
597 static int aa_fs_seq_raw_hash_show(struct seq_file *seq, void *v)
598 {
599 struct aa_proxy *proxy = seq->private;
600 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
601 unsigned int i, size = aa_hash_size();
602
603 if (profile->rawdata->hash) {
604 for (i = 0; i < size; i++)
605 seq_printf(seq, "%.2x", profile->rawdata->hash[i]);
606 seq_puts(seq, "\n");
607 }
608 aa_put_profile(profile);
609
610 return 0;
611 }
612
613 static int aa_fs_seq_raw_hash_open(struct inode *inode, struct file *file)
614 {
615 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_raw_hash_show);
616 }
617
618 static const struct file_operations aa_fs_seq_raw_hash_fops = {
619 .owner = THIS_MODULE,
620 .open = aa_fs_seq_raw_hash_open,
621 .read = seq_read,
622 .llseek = seq_lseek,
623 .release = aa_fs_seq_profile_release,
624 };
625
626 static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size,
627 loff_t *ppos)
628 {
629 struct aa_loaddata *rawdata = file->private_data;
630
631 return simple_read_from_buffer(buf, size, ppos, rawdata->data,
632 rawdata->size);
633 }
634
635 static int rawdata_open(struct inode *inode, struct file *file)
636 {
637 struct aa_proxy *proxy = inode->i_private;
638 struct aa_profile *profile;
639
640 if (!policy_view_capable(NULL))
641 return -EACCES;
642 profile = aa_get_profile_rcu(&proxy->profile);
643 file->private_data = aa_get_loaddata(profile->rawdata);
644 aa_put_profile(profile);
645
646 return 0;
647 }
648
649 static const struct file_operations aa_fs_rawdata_fops = {
650 .open = rawdata_open,
651 .read = rawdata_read,
652 .llseek = generic_file_llseek,
653 .release = rawdata_release,
654 };
655
656 /** fns to setup dynamic per profile/namespace files **/
657 void __aa_fs_profile_rmdir(struct aa_profile *profile)
658 {
659 struct aa_profile *child;
660 int i;
661
662 if (!profile)
663 return;
664
665 list_for_each_entry(child, &profile->base.profiles, base.list)
666 __aa_fs_profile_rmdir(child);
667
668 for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) {
669 struct aa_proxy *proxy;
670 if (!profile->dents[i])
671 continue;
672
673 proxy = d_inode(profile->dents[i])->i_private;
674 securityfs_remove(profile->dents[i]);
675 aa_put_proxy(proxy);
676 profile->dents[i] = NULL;
677 }
678 }
679
680 void __aa_fs_profile_migrate_dents(struct aa_profile *old,
681 struct aa_profile *new)
682 {
683 int i;
684
685 for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
686 new->dents[i] = old->dents[i];
687 if (new->dents[i])
688 new->dents[i]->d_inode->i_mtime = current_time(new->dents[i]->d_inode);
689 old->dents[i] = NULL;
690 }
691 }
692
693 static struct dentry *create_profile_file(struct dentry *dir, const char *name,
694 struct aa_profile *profile,
695 const struct file_operations *fops)
696 {
697 struct aa_proxy *proxy = aa_get_proxy(profile->proxy);
698 struct dentry *dent;
699
700 dent = securityfs_create_file(name, S_IFREG | 0444, dir, proxy, fops);
701 if (IS_ERR(dent))
702 aa_put_proxy(proxy);
703
704 return dent;
705 }
706
707 /* requires lock be held */
708 int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
709 {
710 struct aa_profile *child;
711 struct dentry *dent = NULL, *dir;
712 int error;
713
714 if (!parent) {
715 struct aa_profile *p;
716 p = aa_deref_parent(profile);
717 dent = prof_dir(p);
718 /* adding to parent that previously didn't have children */
719 dent = securityfs_create_dir("profiles", dent);
720 if (IS_ERR(dent))
721 goto fail;
722 prof_child_dir(p) = parent = dent;
723 }
724
725 if (!profile->dirname) {
726 int len, id_len;
727 len = mangle_name(profile->base.name, NULL);
728 id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
729
730 profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
731 if (!profile->dirname)
732 goto fail;
733
734 mangle_name(profile->base.name, profile->dirname);
735 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
736 }
737
738 dent = securityfs_create_dir(profile->dirname, parent);
739 if (IS_ERR(dent))
740 goto fail;
741 prof_dir(profile) = dir = dent;
742
743 dent = create_profile_file(dir, "name", profile, &aa_fs_profname_fops);
744 if (IS_ERR(dent))
745 goto fail;
746 profile->dents[AAFS_PROF_NAME] = dent;
747
748 dent = create_profile_file(dir, "mode", profile, &aa_fs_profmode_fops);
749 if (IS_ERR(dent))
750 goto fail;
751 profile->dents[AAFS_PROF_MODE] = dent;
752
753 dent = create_profile_file(dir, "attach", profile,
754 &aa_fs_profattach_fops);
755 if (IS_ERR(dent))
756 goto fail;
757 profile->dents[AAFS_PROF_ATTACH] = dent;
758
759 if (profile->hash) {
760 dent = create_profile_file(dir, "sha1", profile,
761 &aa_fs_seq_hash_fops);
762 if (IS_ERR(dent))
763 goto fail;
764 profile->dents[AAFS_PROF_HASH] = dent;
765 }
766
767 if (profile->rawdata) {
768 dent = create_profile_file(dir, "raw_sha1", profile,
769 &aa_fs_seq_raw_hash_fops);
770 if (IS_ERR(dent))
771 goto fail;
772 profile->dents[AAFS_PROF_RAW_HASH] = dent;
773
774 dent = create_profile_file(dir, "raw_abi", profile,
775 &aa_fs_seq_raw_abi_fops);
776 if (IS_ERR(dent))
777 goto fail;
778 profile->dents[AAFS_PROF_RAW_ABI] = dent;
779
780 dent = securityfs_create_file("raw_data", S_IFREG | 0444, dir,
781 profile->proxy,
782 &aa_fs_rawdata_fops);
783 if (IS_ERR(dent))
784 goto fail;
785 profile->dents[AAFS_PROF_RAW_DATA] = dent;
786 d_inode(dent)->i_size = profile->rawdata->size;
787 aa_get_proxy(profile->proxy);
788 }
789
790 list_for_each_entry(child, &profile->base.profiles, base.list) {
791 error = __aa_fs_profile_mkdir(child, prof_child_dir(profile));
792 if (error)
793 goto fail2;
794 }
795
796 return 0;
797
798 fail:
799 error = PTR_ERR(dent);
800
801 fail2:
802 __aa_fs_profile_rmdir(profile);
803
804 return error;
805 }
806
807 void __aa_fs_ns_rmdir(struct aa_ns *ns)
808 {
809 struct aa_ns *sub;
810 struct aa_profile *child;
811 int i;
812
813 if (!ns)
814 return;
815
816 list_for_each_entry(child, &ns->base.profiles, base.list)
817 __aa_fs_profile_rmdir(child);
818
819 list_for_each_entry(sub, &ns->sub_ns, base.list) {
820 mutex_lock(&sub->lock);
821 __aa_fs_ns_rmdir(sub);
822 mutex_unlock(&sub->lock);
823 }
824
825 if (ns_subns_dir(ns)) {
826 sub = d_inode(ns_subns_dir(ns))->i_private;
827 aa_put_ns(sub);
828 }
829 if (ns_subload(ns)) {
830 sub = d_inode(ns_subload(ns))->i_private;
831 aa_put_ns(sub);
832 }
833 if (ns_subreplace(ns)) {
834 sub = d_inode(ns_subreplace(ns))->i_private;
835 aa_put_ns(sub);
836 }
837 if (ns_subremove(ns)) {
838 sub = d_inode(ns_subremove(ns))->i_private;
839 aa_put_ns(sub);
840 }
841
842 for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) {
843 securityfs_remove(ns->dents[i]);
844 ns->dents[i] = NULL;
845 }
846 }
847
848 /* assumes cleanup in caller */
849 static int __aa_fs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir)
850 {
851 struct dentry *dent;
852
853 AA_BUG(!ns);
854 AA_BUG(!dir);
855
856 dent = securityfs_create_dir("profiles", dir);
857 if (IS_ERR(dent))
858 return PTR_ERR(dent);
859 ns_subprofs_dir(ns) = dent;
860
861 dent = securityfs_create_dir("raw_data", dir);
862 if (IS_ERR(dent))
863 return PTR_ERR(dent);
864 ns_subdata_dir(ns) = dent;
865
866 dent = securityfs_create_file(".load", 0640, dir, ns,
867 &aa_fs_profile_load);
868 if (IS_ERR(dent))
869 return PTR_ERR(dent);
870 aa_get_ns(ns);
871 ns_subload(ns) = dent;
872
873 dent = securityfs_create_file(".replace", 0640, dir, ns,
874 &aa_fs_profile_replace);
875 if (IS_ERR(dent))
876 return PTR_ERR(dent);
877 aa_get_ns(ns);
878 ns_subreplace(ns) = dent;
879
880 dent = securityfs_create_file(".remove", 0640, dir, ns,
881 &aa_fs_profile_remove);
882 if (IS_ERR(dent))
883 return PTR_ERR(dent);
884 aa_get_ns(ns);
885 ns_subremove(ns) = dent;
886
887 dent = securityfs_create_dir("namespaces", dir);
888 if (IS_ERR(dent))
889 return PTR_ERR(dent);
890 aa_get_ns(ns);
891 ns_subns_dir(ns) = dent;
892
893 return 0;
894 }
895
896 int __aa_fs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name)
897 {
898 struct aa_ns *sub;
899 struct aa_profile *child;
900 struct dentry *dent, *dir;
901 int error;
902
903 AA_BUG(!ns);
904 AA_BUG(!parent);
905 AA_BUG(!mutex_is_locked(&ns->lock));
906
907 if (!name)
908 name = ns->base.name;
909
910 /* create ns dir if it doesn't already exist */
911 dent = securityfs_create_dir(name, parent);
912 if (IS_ERR(dent))
913 goto fail;
914
915 ns_dir(ns) = dir = dent;
916 error = __aa_fs_ns_mkdir_entries(ns, dir);
917 if (error)
918 goto fail2;
919
920 /* profiles */
921 list_for_each_entry(child, &ns->base.profiles, base.list) {
922 error = __aa_fs_profile_mkdir(child, ns_subprofs_dir(ns));
923 if (error)
924 goto fail2;
925 }
926
927 /* subnamespaces */
928 list_for_each_entry(sub, &ns->sub_ns, base.list) {
929 mutex_lock(&sub->lock);
930 error = __aa_fs_ns_mkdir(sub, ns_subns_dir(ns), NULL);
931 mutex_unlock(&sub->lock);
932 if (error)
933 goto fail2;
934 }
935
936 return 0;
937
938 fail:
939 error = PTR_ERR(dent);
940
941 fail2:
942 __aa_fs_ns_rmdir(ns);
943
944 return error;
945 }
946
947
948 #define list_entry_is_head(pos, head, member) (&pos->member == (head))
949
950 /**
951 * __next_ns - find the next namespace to list
952 * @root: root namespace to stop search at (NOT NULL)
953 * @ns: current ns position (NOT NULL)
954 *
955 * Find the next namespace from @ns under @root and handle all locking needed
956 * while switching current namespace.
957 *
958 * Returns: next namespace or NULL if at last namespace under @root
959 * Requires: ns->parent->lock to be held
960 * NOTE: will not unlock root->lock
961 */
962 static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns)
963 {
964 struct aa_ns *parent, *next;
965
966 /* is next namespace a child */
967 if (!list_empty(&ns->sub_ns)) {
968 next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
969 mutex_lock(&next->lock);
970 return next;
971 }
972
973 /* check if the next ns is a sibling, parent, gp, .. */
974 parent = ns->parent;
975 while (ns != root) {
976 mutex_unlock(&ns->lock);
977 next = list_next_entry(ns, base.list);
978 if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
979 mutex_lock(&next->lock);
980 return next;
981 }
982 ns = parent;
983 parent = parent->parent;
984 }
985
986 return NULL;
987 }
988
989 /**
990 * __first_profile - find the first profile in a namespace
991 * @root: namespace that is root of profiles being displayed (NOT NULL)
992 * @ns: namespace to start in (NOT NULL)
993 *
994 * Returns: unrefcounted profile or NULL if no profile
995 * Requires: profile->ns.lock to be held
996 */
997 static struct aa_profile *__first_profile(struct aa_ns *root,
998 struct aa_ns *ns)
999 {
1000 for (; ns; ns = __next_ns(root, ns)) {
1001 if (!list_empty(&ns->base.profiles))
1002 return list_first_entry(&ns->base.profiles,
1003 struct aa_profile, base.list);
1004 }
1005 return NULL;
1006 }
1007
1008 /**
1009 * __next_profile - step to the next profile in a profile tree
1010 * @profile: current profile in tree (NOT NULL)
1011 *
1012 * Perform a depth first traversal on the profile tree in a namespace
1013 *
1014 * Returns: next profile or NULL if done
1015 * Requires: profile->ns.lock to be held
1016 */
1017 static struct aa_profile *__next_profile(struct aa_profile *p)
1018 {
1019 struct aa_profile *parent;
1020 struct aa_ns *ns = p->ns;
1021
1022 /* is next profile a child */
1023 if (!list_empty(&p->base.profiles))
1024 return list_first_entry(&p->base.profiles, typeof(*p),
1025 base.list);
1026
1027 /* is next profile a sibling, parent sibling, gp, sibling, .. */
1028 parent = rcu_dereference_protected(p->parent,
1029 mutex_is_locked(&p->ns->lock));
1030 while (parent) {
1031 p = list_next_entry(p, base.list);
1032 if (!list_entry_is_head(p, &parent->base.profiles, base.list))
1033 return p;
1034 p = parent;
1035 parent = rcu_dereference_protected(parent->parent,
1036 mutex_is_locked(&parent->ns->lock));
1037 }
1038
1039 /* is next another profile in the namespace */
1040 p = list_next_entry(p, base.list);
1041 if (!list_entry_is_head(p, &ns->base.profiles, base.list))
1042 return p;
1043
1044 return NULL;
1045 }
1046
1047 /**
1048 * next_profile - step to the next profile in where ever it may be
1049 * @root: root namespace (NOT NULL)
1050 * @profile: current profile (NOT NULL)
1051 *
1052 * Returns: next profile or NULL if there isn't one
1053 */
1054 static struct aa_profile *next_profile(struct aa_ns *root,
1055 struct aa_profile *profile)
1056 {
1057 struct aa_profile *next = __next_profile(profile);
1058 if (next)
1059 return next;
1060
1061 /* finished all profiles in namespace move to next namespace */
1062 return __first_profile(root, __next_ns(root, profile->ns));
1063 }
1064
1065 /**
1066 * p_start - start a depth first traversal of profile tree
1067 * @f: seq_file to fill
1068 * @pos: current position
1069 *
1070 * Returns: first profile under current namespace or NULL if none found
1071 *
1072 * acquires first ns->lock
1073 */
1074 static void *p_start(struct seq_file *f, loff_t *pos)
1075 {
1076 struct aa_profile *profile = NULL;
1077 struct aa_ns *root = aa_current_profile()->ns;
1078 loff_t l = *pos;
1079 f->private = aa_get_ns(root);
1080
1081
1082 /* find the first profile */
1083 mutex_lock(&root->lock);
1084 profile = __first_profile(root, root);
1085
1086 /* skip to position */
1087 for (; profile && l > 0; l--)
1088 profile = next_profile(root, profile);
1089
1090 return profile;
1091 }
1092
1093 /**
1094 * p_next - read the next profile entry
1095 * @f: seq_file to fill
1096 * @p: profile previously returned
1097 * @pos: current position
1098 *
1099 * Returns: next profile after @p or NULL if none
1100 *
1101 * may acquire/release locks in namespace tree as necessary
1102 */
1103 static void *p_next(struct seq_file *f, void *p, loff_t *pos)
1104 {
1105 struct aa_profile *profile = p;
1106 struct aa_ns *ns = f->private;
1107 (*pos)++;
1108
1109 return next_profile(ns, profile);
1110 }
1111
1112 /**
1113 * p_stop - stop depth first traversal
1114 * @f: seq_file we are filling
1115 * @p: the last profile writen
1116 *
1117 * Release all locking done by p_start/p_next on namespace tree
1118 */
1119 static void p_stop(struct seq_file *f, void *p)
1120 {
1121 struct aa_profile *profile = p;
1122 struct aa_ns *root = f->private, *ns;
1123
1124 if (profile) {
1125 for (ns = profile->ns; ns && ns != root; ns = ns->parent)
1126 mutex_unlock(&ns->lock);
1127 }
1128 mutex_unlock(&root->lock);
1129 aa_put_ns(root);
1130 }
1131
1132 /**
1133 * seq_show_profile - show a profile entry
1134 * @f: seq_file to file
1135 * @p: current position (profile) (NOT NULL)
1136 *
1137 * Returns: error on failure
1138 */
1139 static int seq_show_profile(struct seq_file *f, void *p)
1140 {
1141 struct aa_profile *profile = (struct aa_profile *)p;
1142 struct aa_ns *root = f->private;
1143
1144 if (profile->ns != root)
1145 seq_printf(f, ":%s://", aa_ns_name(root, profile->ns, true));
1146 seq_printf(f, "%s (%s)\n", profile->base.hname,
1147 aa_profile_mode_names[profile->mode]);
1148
1149 return 0;
1150 }
1151
1152 static const struct seq_operations aa_fs_profiles_op = {
1153 .start = p_start,
1154 .next = p_next,
1155 .stop = p_stop,
1156 .show = seq_show_profile,
1157 };
1158
1159 static int profiles_open(struct inode *inode, struct file *file)
1160 {
1161 if (!policy_view_capable(NULL))
1162 return -EACCES;
1163
1164 return seq_open(file, &aa_fs_profiles_op);
1165 }
1166
1167 static int profiles_release(struct inode *inode, struct file *file)
1168 {
1169 return seq_release(inode, file);
1170 }
1171
1172 static const struct file_operations aa_fs_profiles_fops = {
1173 .open = profiles_open,
1174 .read = seq_read,
1175 .llseek = seq_lseek,
1176 .release = profiles_release,
1177 };
1178
1179
1180 /** Base file system setup **/
1181 static struct aa_fs_entry aa_fs_entry_file[] = {
1182 AA_FS_FILE_STRING("mask", "create read write exec append mmap_exec " \
1183 "link lock"),
1184 { }
1185 };
1186
1187 static struct aa_fs_entry aa_fs_entry_domain[] = {
1188 AA_FS_FILE_BOOLEAN("change_hat", 1),
1189 AA_FS_FILE_BOOLEAN("change_hatv", 1),
1190 AA_FS_FILE_BOOLEAN("change_onexec", 1),
1191 AA_FS_FILE_BOOLEAN("change_profile", 1),
1192 AA_FS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1),
1193 AA_FS_FILE_STRING("version", "1.2"),
1194 { }
1195 };
1196
1197 static struct aa_fs_entry aa_fs_entry_versions[] = {
1198 AA_FS_FILE_BOOLEAN("v5", 1),
1199 { }
1200 };
1201
1202 static struct aa_fs_entry aa_fs_entry_policy[] = {
1203 AA_FS_DIR("versions", aa_fs_entry_versions),
1204 AA_FS_FILE_BOOLEAN("set_load", 1),
1205 { }
1206 };
1207
1208 static struct aa_fs_entry aa_fs_entry_features[] = {
1209 AA_FS_DIR("policy", aa_fs_entry_policy),
1210 AA_FS_DIR("domain", aa_fs_entry_domain),
1211 AA_FS_DIR("file", aa_fs_entry_file),
1212 AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
1213 AA_FS_DIR("rlimit", aa_fs_entry_rlimit),
1214 AA_FS_DIR("caps", aa_fs_entry_caps),
1215 { }
1216 };
1217
1218 static struct aa_fs_entry aa_fs_entry_apparmor[] = {
1219 AA_FS_FILE_FOPS(".access", 0640, &aa_fs_access),
1220 AA_FS_FILE_FOPS(".ns_level", 0666, &aa_fs_ns_level),
1221 AA_FS_FILE_FOPS(".ns_name", 0640, &aa_fs_ns_name),
1222 AA_FS_FILE_FOPS("profiles", 0440, &aa_fs_profiles_fops),
1223 AA_FS_DIR("features", aa_fs_entry_features),
1224 { }
1225 };
1226
1227 static struct aa_fs_entry aa_fs_entry =
1228 AA_FS_DIR("apparmor", aa_fs_entry_apparmor);
1229
1230 /**
1231 * aafs_create_file - create a file entry in the apparmor securityfs
1232 * @fs_file: aa_fs_entry to build an entry for (NOT NULL)
1233 * @parent: the parent dentry in the securityfs
1234 *
1235 * Use aafs_remove_file to remove entries created with this fn.
1236 */
1237 static int __init aafs_create_file(struct aa_fs_entry *fs_file,
1238 struct dentry *parent)
1239 {
1240 int error = 0;
1241
1242 fs_file->dentry = securityfs_create_file(fs_file->name,
1243 S_IFREG | fs_file->mode,
1244 parent, fs_file,
1245 fs_file->file_ops);
1246 if (IS_ERR(fs_file->dentry)) {
1247 error = PTR_ERR(fs_file->dentry);
1248 fs_file->dentry = NULL;
1249 }
1250 return error;
1251 }
1252
1253 static void __init aafs_remove_dir(struct aa_fs_entry *fs_dir);
1254 /**
1255 * aafs_create_dir - recursively create a directory entry in the securityfs
1256 * @fs_dir: aa_fs_entry (and all child entries) to build (NOT NULL)
1257 * @parent: the parent dentry in the securityfs
1258 *
1259 * Use aafs_remove_dir to remove entries created with this fn.
1260 */
1261 static int __init aafs_create_dir(struct aa_fs_entry *fs_dir,
1262 struct dentry *parent)
1263 {
1264 struct aa_fs_entry *fs_file;
1265 struct dentry *dir;
1266 int error;
1267
1268 dir = securityfs_create_dir(fs_dir->name, parent);
1269 if (IS_ERR(dir))
1270 return PTR_ERR(dir);
1271 fs_dir->dentry = dir;
1272
1273 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
1274 if (fs_file->v_type == AA_FS_TYPE_DIR)
1275 error = aafs_create_dir(fs_file, fs_dir->dentry);
1276 else
1277 error = aafs_create_file(fs_file, fs_dir->dentry);
1278 if (error)
1279 goto failed;
1280 }
1281
1282 return 0;
1283
1284 failed:
1285 aafs_remove_dir(fs_dir);
1286
1287 return error;
1288 }
1289
1290 /**
1291 * aafs_remove_file - drop a single file entry in the apparmor securityfs
1292 * @fs_file: aa_fs_entry to detach from the securityfs (NOT NULL)
1293 */
1294 static void __init aafs_remove_file(struct aa_fs_entry *fs_file)
1295 {
1296 if (!fs_file->dentry)
1297 return;
1298
1299 securityfs_remove(fs_file->dentry);
1300 fs_file->dentry = NULL;
1301 }
1302
1303 /**
1304 * aafs_remove_dir - recursively drop a directory entry from the securityfs
1305 * @fs_dir: aa_fs_entry (and all child entries) to detach (NOT NULL)
1306 */
1307 static void __init aafs_remove_dir(struct aa_fs_entry *fs_dir)
1308 {
1309 struct aa_fs_entry *fs_file;
1310
1311 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
1312 if (fs_file->v_type == AA_FS_TYPE_DIR)
1313 aafs_remove_dir(fs_file);
1314 else
1315 aafs_remove_file(fs_file);
1316 }
1317
1318 aafs_remove_file(fs_dir);
1319 }
1320
1321 /**
1322 * aa_destroy_aafs - cleanup and free aafs
1323 *
1324 * releases dentries allocated by aa_create_aafs
1325 */
1326 void __init aa_destroy_aafs(void)
1327 {
1328 aafs_remove_dir(&aa_fs_entry);
1329 }
1330
1331
1332 #define NULL_FILE_NAME ".null"
1333 struct path aa_null;
1334
1335 static int aa_mk_null_file(struct dentry *parent)
1336 {
1337 struct vfsmount *mount = NULL;
1338 struct dentry *dentry;
1339 struct inode *inode;
1340 int count = 0;
1341 int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count);
1342
1343 if (error)
1344 return error;
1345
1346 inode_lock(d_inode(parent));
1347 dentry = lookup_one_len(NULL_FILE_NAME, parent, strlen(NULL_FILE_NAME));
1348 if (IS_ERR(dentry)) {
1349 error = PTR_ERR(dentry);
1350 goto out;
1351 }
1352 inode = new_inode(parent->d_inode->i_sb);
1353 if (!inode) {
1354 error = -ENOMEM;
1355 goto out1;
1356 }
1357
1358 inode->i_ino = get_next_ino();
1359 inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
1360 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
1361 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO,
1362 MKDEV(MEM_MAJOR, 3));
1363 d_instantiate(dentry, inode);
1364 aa_null.dentry = dget(dentry);
1365 aa_null.mnt = mntget(mount);
1366
1367 error = 0;
1368
1369 out1:
1370 dput(dentry);
1371 out:
1372 inode_unlock(d_inode(parent));
1373 simple_release_fs(&mount, &count);
1374 return error;
1375 }
1376
1377 /**
1378 * aa_create_aafs - create the apparmor security filesystem
1379 *
1380 * dentries created here are released by aa_destroy_aafs
1381 *
1382 * Returns: error on failure
1383 */
1384 static int __init aa_create_aafs(void)
1385 {
1386 struct dentry *dent;
1387 int error;
1388
1389 if (!apparmor_initialized)
1390 return 0;
1391
1392 if (aa_fs_entry.dentry) {
1393 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
1394 return -EEXIST;
1395 }
1396
1397 /* Populate fs tree. */
1398 error = aafs_create_dir(&aa_fs_entry, NULL);
1399 if (error)
1400 goto error;
1401
1402 dent = securityfs_create_file(".load", 0666, aa_fs_entry.dentry,
1403 NULL, &aa_fs_profile_load);
1404 if (IS_ERR(dent)) {
1405 error = PTR_ERR(dent);
1406 goto error;
1407 }
1408 ns_subload(root_ns) = dent;
1409
1410 dent = securityfs_create_file(".replace", 0666, aa_fs_entry.dentry,
1411 NULL, &aa_fs_profile_replace);
1412 if (IS_ERR(dent)) {
1413 error = PTR_ERR(dent);
1414 goto error;
1415 }
1416 ns_subreplace(root_ns) = dent;
1417
1418 dent = securityfs_create_file(".remove", 0666, aa_fs_entry.dentry,
1419 NULL, &aa_fs_profile_remove);
1420 if (IS_ERR(dent)) {
1421 error = PTR_ERR(dent);
1422 goto error;
1423 }
1424 ns_subremove(root_ns) = dent;
1425
1426 mutex_lock(&root_ns->lock);
1427 error = __aa_fs_ns_mkdir(root_ns, aa_fs_entry.dentry, "policy");
1428 mutex_unlock(&root_ns->lock);
1429
1430 if (error)
1431 goto error;
1432
1433 error = aa_mk_null_file(aa_fs_entry.dentry);
1434 if (error)
1435 goto error;
1436
1437 /* TODO: add default profile to apparmorfs */
1438
1439 /* Report that AppArmor fs is enabled */
1440 aa_info_message("AppArmor Filesystem Enabled");
1441 return 0;
1442
1443 error:
1444 aa_destroy_aafs();
1445 AA_ERROR("Error creating AppArmor securityfs\n");
1446 return error;
1447 }
1448
1449 fs_initcall(aa_create_aafs);
Linux with added FPC-III support