1 /* 2 * AppArmor security module 3 * 4 * This file contains AppArmor /sys/kernel/security/apparmor interface functions 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License as 11 * published by the Free Software Foundation, version 2 of the 12 * License. 13 */ 14 15 #include <linux/ctype.h> 16 #include <linux/security.h> 17 #include <linux/vmalloc.h> 18 #include <linux/module.h> 19 #include <linux/seq_file.h> 20 #include <linux/uaccess.h> 21 #include <linux/mount.h> 22 #include <linux/namei.h> 23 #include <linux/capability.h> 24 #include <linux/rcupdate.h> 25 #include <linux/fs.h> 26 #include <uapi/linux/major.h> 27 #include <uapi/linux/magic.h> 28 29 #include "include/apparmor.h" 30 #include "include/apparmorfs.h" 31 #include "include/audit.h" 32 #include "include/context.h" 33 #include "include/crypto.h" 34 #include "include/policy.h" 35 #include "include/policy_ns.h" 36 #include "include/resource.h" 37 #include "include/policy_unpack.h" 38 39 /** 40 * aa_mangle_name - mangle a profile name to std profile layout form 41 * @name: profile name to mangle (NOT NULL) 42 * @target: buffer to store mangled name, same length as @name (MAYBE NULL) 43 * 44 * Returns: length of mangled name 45 */ 46 static int mangle_name(const char *name, char *target) 47 { 48 char *t = target; 49 50 while (*name == '/' || *name == '.') 51 name++; 52 53 if (target) { 54 for (; *name; name++) { 55 if (*name == '/') 56 *(t)++ = '.'; 57 else if (isspace(*name)) 58 *(t)++ = '_'; 59 else if (isalnum(*name) || strchr("._-", *name)) 60 *(t)++ = *name; 61 } 62 63 *t = 0; 64 } else { 65 int len = 0; 66 for (; *name; name++) { 67 if (isalnum(*name) || isspace(*name) || 68 strchr("/._-", *name)) 69 len++; 70 } 71 72 return len; 73 } 74 75 return t - target; 76 } 77 78 79 /* 80 * aafs - core fns and data for the policy tree 81 */ 82 83 #define AAFS_NAME "apparmorfs" 84 static struct vfsmount *aafs_mnt; 85 static int aafs_count; 86 87 88 static int aafs_show_path(struct seq_file *seq, struct dentry *dentry) 89 { 90 struct inode *inode = d_inode(dentry); 91 92 seq_printf(seq, "%s:[%lu]", AAFS_NAME, inode->i_ino); 93 return 0; 94 } 95 96 static void aafs_evict_inode(struct inode *inode) 97 { 98 truncate_inode_pages_final(&inode->i_data); 99 clear_inode(inode); 100 if (S_ISLNK(inode->i_mode)) 101 kfree(inode->i_link); 102 } 103 104 static const struct super_operations aafs_super_ops = { 105 .statfs = simple_statfs, 106 .evict_inode = aafs_evict_inode, 107 .show_path = aafs_show_path, 108 }; 109 110 static int fill_super(struct super_block *sb, void *data, int silent) 111 { 112 static struct tree_descr files[] = { {""} }; 113 int error; 114 115 error = simple_fill_super(sb, AAFS_MAGIC, files); 116 if (error) 117 return error; 118 sb->s_op = &aafs_super_ops; 119 120 return 0; 121 } 122 123 static struct dentry *aafs_mount(struct file_system_type *fs_type, 124 int flags, const char *dev_name, void *data) 125 { 126 return mount_single(fs_type, flags, data, fill_super); 127 } 128 129 static struct file_system_type aafs_ops = { 130 .owner = THIS_MODULE, 131 .name = AAFS_NAME, 132 .mount = aafs_mount, 133 .kill_sb = kill_anon_super, 134 }; 135 136 /** 137 * __aafs_setup_d_inode - basic inode setup for apparmorfs 138 * @dir: parent directory for the dentry 139 * @dentry: dentry we are seting the inode up for 140 * @mode: permissions the file should have 141 * @data: data to store on inode.i_private, available in open() 142 * @link: if symlink, symlink target string 143 * @fops: struct file_operations that should be used 144 * @iops: struct of inode_operations that should be used 145 */ 146 static int __aafs_setup_d_inode(struct inode *dir, struct dentry *dentry, 147 umode_t mode, void *data, char *link, 148 const struct file_operations *fops, 149 const struct inode_operations *iops) 150 { 151 struct inode *inode = new_inode(dir->i_sb); 152 153 AA_BUG(!dir); 154 AA_BUG(!dentry); 155 156 if (!inode) 157 return -ENOMEM; 158 159 inode->i_ino = get_next_ino(); 160 inode->i_mode = mode; 161 inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode); 162 inode->i_private = data; 163 if (S_ISDIR(mode)) { 164 inode->i_op = iops ? iops : &simple_dir_inode_operations; 165 inode->i_fop = &simple_dir_operations; 166 inc_nlink(inode); 167 inc_nlink(dir); 168 } else if (S_ISLNK(mode)) { 169 inode->i_op = iops ? iops : &simple_symlink_inode_operations; 170 inode->i_link = link; 171 } else { 172 inode->i_fop = fops; 173 } 174 d_instantiate(dentry, inode); 175 dget(dentry); 176 177 return 0; 178 } 179 180 /** 181 * aafs_create - create a dentry in the apparmorfs filesystem 182 * 183 * @name: name of dentry to create 184 * @mode: permissions the file should have 185 * @parent: parent directory for this dentry 186 * @data: data to store on inode.i_private, available in open() 187 * @link: if symlink, symlink target string 188 * @fops: struct file_operations that should be used for 189 * @iops: struct of inode_operations that should be used 190 * 191 * This is the basic "create a xxx" function for apparmorfs. 192 * 193 * Returns a pointer to a dentry if it succeeds, that must be free with 194 * aafs_remove(). Will return ERR_PTR on failure. 195 */ 196 static struct dentry *aafs_create(const char *name, umode_t mode, 197 struct dentry *parent, void *data, void *link, 198 const struct file_operations *fops, 199 const struct inode_operations *iops) 200 { 201 struct dentry *dentry; 202 struct inode *dir; 203 int error; 204 205 AA_BUG(!name); 206 AA_BUG(!parent); 207 208 if (!(mode & S_IFMT)) 209 mode = (mode & S_IALLUGO) | S_IFREG; 210 211 error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count); 212 if (error) 213 return ERR_PTR(error); 214 215 dir = d_inode(parent); 216 217 inode_lock(dir); 218 dentry = lookup_one_len(name, parent, strlen(name)); 219 if (IS_ERR(dentry)) 220 goto fail_lock; 221 222 if (d_really_is_positive(dentry)) { 223 error = -EEXIST; 224 goto fail_dentry; 225 } 226 227 error = __aafs_setup_d_inode(dir, dentry, mode, data, link, fops, iops); 228 if (error) 229 goto fail_dentry; 230 inode_unlock(dir); 231 232 return dentry; 233 234 fail_dentry: 235 dput(dentry); 236 237 fail_lock: 238 inode_unlock(dir); 239 simple_release_fs(&aafs_mnt, &aafs_count); 240 241 return ERR_PTR(error); 242 } 243 244 /** 245 * aafs_create_file - create a file in the apparmorfs filesystem 246 * 247 * @name: name of dentry to create 248 * @mode: permissions the file should have 249 * @parent: parent directory for this dentry 250 * @data: data to store on inode.i_private, available in open() 251 * @fops: struct file_operations that should be used for 252 * 253 * see aafs_create 254 */ 255 static struct dentry *aafs_create_file(const char *name, umode_t mode, 256 struct dentry *parent, void *data, 257 const struct file_operations *fops) 258 { 259 return aafs_create(name, mode, parent, data, NULL, fops, NULL); 260 } 261 262 /** 263 * aafs_create_dir - create a directory in the apparmorfs filesystem 264 * 265 * @name: name of dentry to create 266 * @parent: parent directory for this dentry 267 * 268 * see aafs_create 269 */ 270 static struct dentry *aafs_create_dir(const char *name, struct dentry *parent) 271 { 272 return aafs_create(name, S_IFDIR | 0755, parent, NULL, NULL, NULL, 273 NULL); 274 } 275 276 /** 277 * aafs_create_symlink - create a symlink in the apparmorfs filesystem 278 * @name: name of dentry to create 279 * @parent: parent directory for this dentry 280 * @target: if symlink, symlink target string 281 * @iops: struct of inode_operations that should be used 282 * 283 * If @target parameter is %NULL, then the @iops parameter needs to be 284 * setup to handle .readlink and .get_link inode_operations. 285 */ 286 static struct dentry *aafs_create_symlink(const char *name, 287 struct dentry *parent, 288 const char *target, 289 const struct inode_operations *iops) 290 { 291 struct dentry *dent; 292 char *link = NULL; 293 294 if (target) { 295 link = kstrdup(target, GFP_KERNEL); 296 if (!link) 297 return ERR_PTR(-ENOMEM); 298 } 299 dent = aafs_create(name, S_IFLNK | 0444, parent, NULL, link, NULL, 300 iops); 301 if (IS_ERR(dent)) 302 kfree(link); 303 304 return dent; 305 } 306 307 /** 308 * aafs_remove - removes a file or directory from the apparmorfs filesystem 309 * 310 * @dentry: dentry of the file/directory/symlink to removed. 311 */ 312 static void aafs_remove(struct dentry *dentry) 313 { 314 struct inode *dir; 315 316 if (!dentry || IS_ERR(dentry)) 317 return; 318 319 dir = d_inode(dentry->d_parent); 320 inode_lock(dir); 321 if (simple_positive(dentry)) { 322 if (d_is_dir(dentry)) 323 simple_rmdir(dir, dentry); 324 else 325 simple_unlink(dir, dentry); 326 dput(dentry); 327 } 328 inode_unlock(dir); 329 simple_release_fs(&aafs_mnt, &aafs_count); 330 } 331 332 333 /* 334 * aa_fs - policy load/replace/remove 335 */ 336 337 /** 338 * aa_simple_write_to_buffer - common routine for getting policy from user 339 * @userbuf: user buffer to copy data from (NOT NULL) 340 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size) 341 * @copy_size: size of data to copy from user buffer 342 * @pos: position write is at in the file (NOT NULL) 343 * 344 * Returns: kernel buffer containing copy of user buffer data or an 345 * ERR_PTR on failure. 346 */ 347 static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf, 348 size_t alloc_size, 349 size_t copy_size, 350 loff_t *pos) 351 { 352 struct aa_loaddata *data; 353 354 AA_BUG(copy_size > alloc_size); 355 356 if (*pos != 0) 357 /* only writes from pos 0, that is complete writes */ 358 return ERR_PTR(-ESPIPE); 359 360 /* freed by caller to simple_write_to_buffer */ 361 data = aa_loaddata_alloc(alloc_size); 362 if (IS_ERR(data)) 363 return data; 364 365 data->size = copy_size; 366 if (copy_from_user(data->data, userbuf, copy_size)) { 367 kvfree(data); 368 return ERR_PTR(-EFAULT); 369 } 370 371 return data; 372 } 373 374 static ssize_t policy_update(int binop, const char __user *buf, size_t size, 375 loff_t *pos, struct aa_ns *ns) 376 { 377 ssize_t error; 378 struct aa_loaddata *data; 379 struct aa_profile *profile = aa_current_profile(); 380 const char *op = binop == PROF_ADD ? OP_PROF_LOAD : OP_PROF_REPL; 381 /* high level check about policy management - fine grained in 382 * below after unpack 383 */ 384 error = aa_may_manage_policy(profile, ns, op); 385 if (error) 386 return error; 387 388 data = aa_simple_write_to_buffer(buf, size, size, pos); 389 error = PTR_ERR(data); 390 if (!IS_ERR(data)) { 391 error = aa_replace_profiles(ns ? ns : profile->ns, profile, 392 binop, data); 393 aa_put_loaddata(data); 394 } 395 396 return error; 397 } 398 399 /* .load file hook fn to load policy */ 400 static ssize_t profile_load(struct file *f, const char __user *buf, size_t size, 401 loff_t *pos) 402 { 403 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); 404 int error = policy_update(PROF_ADD, buf, size, pos, ns); 405 406 aa_put_ns(ns); 407 408 return error; 409 } 410 411 static const struct file_operations aa_fs_profile_load = { 412 .write = profile_load, 413 .llseek = default_llseek, 414 }; 415 416 /* .replace file hook fn to load and/or replace policy */ 417 static ssize_t profile_replace(struct file *f, const char __user *buf, 418 size_t size, loff_t *pos) 419 { 420 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); 421 int error = policy_update(PROF_REPLACE, buf, size, pos, ns); 422 423 aa_put_ns(ns); 424 425 return error; 426 } 427 428 static const struct file_operations aa_fs_profile_replace = { 429 .write = profile_replace, 430 .llseek = default_llseek, 431 }; 432 433 /* .remove file hook fn to remove loaded policy */ 434 static ssize_t profile_remove(struct file *f, const char __user *buf, 435 size_t size, loff_t *pos) 436 { 437 struct aa_loaddata *data; 438 struct aa_profile *profile; 439 ssize_t error; 440 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); 441 442 profile = aa_current_profile(); 443 /* high level check about policy management - fine grained in 444 * below after unpack 445 */ 446 error = aa_may_manage_policy(profile, ns, OP_PROF_RM); 447 if (error) 448 goto out; 449 450 /* 451 * aa_remove_profile needs a null terminated string so 1 extra 452 * byte is allocated and the copied data is null terminated. 453 */ 454 data = aa_simple_write_to_buffer(buf, size + 1, size, pos); 455 456 error = PTR_ERR(data); 457 if (!IS_ERR(data)) { 458 data->data[size] = 0; 459 error = aa_remove_profiles(ns ? ns : profile->ns, profile, 460 data->data, size); 461 aa_put_loaddata(data); 462 } 463 out: 464 aa_put_ns(ns); 465 return error; 466 } 467 468 static const struct file_operations aa_fs_profile_remove = { 469 .write = profile_remove, 470 .llseek = default_llseek, 471 }; 472 473 void __aa_bump_ns_revision(struct aa_ns *ns) 474 { 475 ns->revision++; 476 } 477 478 /** 479 * query_data - queries a policy and writes its data to buf 480 * @buf: the resulting data is stored here (NOT NULL) 481 * @buf_len: size of buf 482 * @query: query string used to retrieve data 483 * @query_len: size of query including second NUL byte 484 * 485 * The buffers pointed to by buf and query may overlap. The query buffer is 486 * parsed before buf is written to. 487 * 488 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of 489 * the security confinement context and <KEY> is the name of the data to 490 * retrieve. <LABEL> and <KEY> must not be NUL-terminated. 491 * 492 * Don't expect the contents of buf to be preserved on failure. 493 * 494 * Returns: number of characters written to buf or -errno on failure 495 */ 496 static ssize_t query_data(char *buf, size_t buf_len, 497 char *query, size_t query_len) 498 { 499 char *out; 500 const char *key; 501 struct aa_profile *profile; 502 struct aa_data *data; 503 u32 bytes, blocks; 504 __le32 outle32; 505 506 if (!query_len) 507 return -EINVAL; /* need a query */ 508 509 key = query + strnlen(query, query_len) + 1; 510 if (key + 1 >= query + query_len) 511 return -EINVAL; /* not enough space for a non-empty key */ 512 if (key + strnlen(key, query + query_len - key) >= query + query_len) 513 return -EINVAL; /* must end with NUL */ 514 515 if (buf_len < sizeof(bytes) + sizeof(blocks)) 516 return -EINVAL; /* not enough space */ 517 518 profile = aa_current_profile(); 519 520 /* We are going to leave space for two numbers. The first is the total 521 * number of bytes we are writing after the first number. This is so 522 * users can read the full output without reallocation. 523 * 524 * The second number is the number of data blocks we're writing. An 525 * application might be confined by multiple policies having data in 526 * the same key. 527 */ 528 memset(buf, 0, sizeof(bytes) + sizeof(blocks)); 529 out = buf + sizeof(bytes) + sizeof(blocks); 530 531 blocks = 0; 532 if (profile->data) { 533 data = rhashtable_lookup_fast(profile->data, &key, 534 profile->data->p); 535 536 if (data) { 537 if (out + sizeof(outle32) + data->size > buf + buf_len) 538 return -EINVAL; /* not enough space */ 539 outle32 = __cpu_to_le32(data->size); 540 memcpy(out, &outle32, sizeof(outle32)); 541 out += sizeof(outle32); 542 memcpy(out, data->data, data->size); 543 out += data->size; 544 blocks++; 545 } 546 } 547 548 outle32 = __cpu_to_le32(out - buf - sizeof(bytes)); 549 memcpy(buf, &outle32, sizeof(outle32)); 550 outle32 = __cpu_to_le32(blocks); 551 memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32)); 552 553 return out - buf; 554 } 555 556 #define QUERY_CMD_DATA "data\0" 557 #define QUERY_CMD_DATA_LEN 5 558 559 /** 560 * aa_write_access - generic permissions and data query 561 * @file: pointer to open apparmorfs/access file 562 * @ubuf: user buffer containing the complete query string (NOT NULL) 563 * @count: size of ubuf 564 * @ppos: position in the file (MUST BE ZERO) 565 * 566 * Allows for one permissions or data query per open(), write(), and read() 567 * sequence. The only queries currently supported are label-based queries for 568 * permissions or data. 569 * 570 * For permissions queries, ubuf must begin with "label\0", followed by the 571 * profile query specific format described in the query_label() function 572 * documentation. 573 * 574 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where 575 * <LABEL> is the name of the security confinement context and <KEY> is the 576 * name of the data to retrieve. 577 * 578 * Returns: number of bytes written or -errno on failure 579 */ 580 static ssize_t aa_write_access(struct file *file, const char __user *ubuf, 581 size_t count, loff_t *ppos) 582 { 583 char *buf; 584 ssize_t len; 585 586 if (*ppos) 587 return -ESPIPE; 588 589 buf = simple_transaction_get(file, ubuf, count); 590 if (IS_ERR(buf)) 591 return PTR_ERR(buf); 592 593 if (count > QUERY_CMD_DATA_LEN && 594 !memcmp(buf, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) { 595 len = query_data(buf, SIMPLE_TRANSACTION_LIMIT, 596 buf + QUERY_CMD_DATA_LEN, 597 count - QUERY_CMD_DATA_LEN); 598 } else 599 len = -EINVAL; 600 601 if (len < 0) 602 return len; 603 604 simple_transaction_set(file, len); 605 606 return count; 607 } 608 609 static const struct file_operations aa_fs_access = { 610 .write = aa_write_access, 611 .read = simple_transaction_read, 612 .release = simple_transaction_release, 613 .llseek = generic_file_llseek, 614 }; 615 616 static int aa_fs_seq_show(struct seq_file *seq, void *v) 617 { 618 struct aa_fs_entry *fs_file = seq->private; 619 620 if (!fs_file) 621 return 0; 622 623 switch (fs_file->v_type) { 624 case AA_FS_TYPE_BOOLEAN: 625 seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no"); 626 break; 627 case AA_FS_TYPE_STRING: 628 seq_printf(seq, "%s\n", fs_file->v.string); 629 break; 630 case AA_FS_TYPE_U64: 631 seq_printf(seq, "%#08lx\n", fs_file->v.u64); 632 break; 633 default: 634 /* Ignore unpritable entry types. */ 635 break; 636 } 637 638 return 0; 639 } 640 641 static int aa_fs_seq_open(struct inode *inode, struct file *file) 642 { 643 return single_open(file, aa_fs_seq_show, inode->i_private); 644 } 645 646 const struct file_operations aa_fs_seq_file_ops = { 647 .owner = THIS_MODULE, 648 .open = aa_fs_seq_open, 649 .read = seq_read, 650 .llseek = seq_lseek, 651 .release = single_release, 652 }; 653 654 /* 655 * profile based file operations 656 * policy/profiles/XXXX/profiles/ * 657 */ 658 659 #define SEQ_PROFILE_FOPS(NAME) \ 660 static int seq_profile_ ##NAME ##_open(struct inode *inode, struct file *file)\ 661 { \ 662 return seq_profile_open(inode, file, seq_profile_ ##NAME ##_show); \ 663 } \ 664 \ 665 static const struct file_operations seq_profile_ ##NAME ##_fops = { \ 666 .owner = THIS_MODULE, \ 667 .open = seq_profile_ ##NAME ##_open, \ 668 .read = seq_read, \ 669 .llseek = seq_lseek, \ 670 .release = seq_profile_release, \ 671 } \ 672 673 static int seq_profile_open(struct inode *inode, struct file *file, 674 int (*show)(struct seq_file *, void *)) 675 { 676 struct aa_proxy *proxy = aa_get_proxy(inode->i_private); 677 int error = single_open(file, show, proxy); 678 679 if (error) { 680 file->private_data = NULL; 681 aa_put_proxy(proxy); 682 } 683 684 return error; 685 } 686 687 static int seq_profile_release(struct inode *inode, struct file *file) 688 { 689 struct seq_file *seq = (struct seq_file *) file->private_data; 690 if (seq) 691 aa_put_proxy(seq->private); 692 return single_release(inode, file); 693 } 694 695 static int seq_profile_name_show(struct seq_file *seq, void *v) 696 { 697 struct aa_proxy *proxy = seq->private; 698 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile); 699 seq_printf(seq, "%s\n", profile->base.name); 700 aa_put_profile(profile); 701 702 return 0; 703 } 704 705 static int seq_profile_mode_show(struct seq_file *seq, void *v) 706 { 707 struct aa_proxy *proxy = seq->private; 708 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile); 709 seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]); 710 aa_put_profile(profile); 711 712 return 0; 713 } 714 715 static int seq_profile_attach_show(struct seq_file *seq, void *v) 716 { 717 struct aa_proxy *proxy = seq->private; 718 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile); 719 if (profile->attach) 720 seq_printf(seq, "%s\n", profile->attach); 721 else if (profile->xmatch) 722 seq_puts(seq, "<unknown>\n"); 723 else 724 seq_printf(seq, "%s\n", profile->base.name); 725 aa_put_profile(profile); 726 727 return 0; 728 } 729 730 static int seq_profile_hash_show(struct seq_file *seq, void *v) 731 { 732 struct aa_proxy *proxy = seq->private; 733 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile); 734 unsigned int i, size = aa_hash_size(); 735 736 if (profile->hash) { 737 for (i = 0; i < size; i++) 738 seq_printf(seq, "%.2x", profile->hash[i]); 739 seq_putc(seq, '\n'); 740 } 741 aa_put_profile(profile); 742 743 return 0; 744 } 745 746 SEQ_PROFILE_FOPS(name); 747 SEQ_PROFILE_FOPS(mode); 748 SEQ_PROFILE_FOPS(attach); 749 SEQ_PROFILE_FOPS(hash); 750 751 /* 752 * namespace based files 753 * several root files and 754 * policy/ * 755 */ 756 757 #define SEQ_NS_FOPS(NAME) \ 758 static int seq_ns_ ##NAME ##_open(struct inode *inode, struct file *file) \ 759 { \ 760 return single_open(file, seq_ns_ ##NAME ##_show, inode->i_private); \ 761 } \ 762 \ 763 static const struct file_operations seq_ns_ ##NAME ##_fops = { \ 764 .owner = THIS_MODULE, \ 765 .open = seq_ns_ ##NAME ##_open, \ 766 .read = seq_read, \ 767 .llseek = seq_lseek, \ 768 .release = single_release, \ 769 } \ 770 771 static int seq_ns_level_show(struct seq_file *seq, void *v) 772 { 773 struct aa_ns *ns = aa_current_profile()->ns; 774 775 seq_printf(seq, "%d\n", ns->level); 776 777 return 0; 778 } 779 780 static int seq_ns_name_show(struct seq_file *seq, void *v) 781 { 782 struct aa_ns *ns = aa_current_profile()->ns; 783 784 seq_printf(seq, "%s\n", ns->base.name); 785 786 return 0; 787 } 788 789 SEQ_NS_FOPS(level); 790 SEQ_NS_FOPS(name); 791 792 793 /* policy/raw_data/ * file ops */ 794 795 #define SEQ_RAWDATA_FOPS(NAME) \ 796 static int seq_rawdata_ ##NAME ##_open(struct inode *inode, struct file *file)\ 797 { \ 798 return seq_rawdata_open(inode, file, seq_rawdata_ ##NAME ##_show); \ 799 } \ 800 \ 801 static const struct file_operations seq_rawdata_ ##NAME ##_fops = { \ 802 .owner = THIS_MODULE, \ 803 .open = seq_rawdata_ ##NAME ##_open, \ 804 .read = seq_read, \ 805 .llseek = seq_lseek, \ 806 .release = seq_rawdata_release, \ 807 } \ 808 809 static int seq_rawdata_open(struct inode *inode, struct file *file, 810 int (*show)(struct seq_file *, void *)) 811 { 812 struct aa_loaddata *data = __aa_get_loaddata(inode->i_private); 813 int error; 814 815 if (!data) 816 /* lost race this ent is being reaped */ 817 return -ENOENT; 818 819 error = single_open(file, show, data); 820 if (error) { 821 AA_BUG(file->private_data && 822 ((struct seq_file *)file->private_data)->private); 823 aa_put_loaddata(data); 824 } 825 826 return error; 827 } 828 829 static int seq_rawdata_release(struct inode *inode, struct file *file) 830 { 831 struct seq_file *seq = (struct seq_file *) file->private_data; 832 833 if (seq) 834 aa_put_loaddata(seq->private); 835 836 return single_release(inode, file); 837 } 838 839 static int seq_rawdata_abi_show(struct seq_file *seq, void *v) 840 { 841 struct aa_loaddata *data = seq->private; 842 843 seq_printf(seq, "v%d\n", data->abi); 844 845 return 0; 846 } 847 848 static int seq_rawdata_revision_show(struct seq_file *seq, void *v) 849 { 850 struct aa_loaddata *data = seq->private; 851 852 seq_printf(seq, "%ld\n", data->revision); 853 854 return 0; 855 } 856 857 static int seq_rawdata_hash_show(struct seq_file *seq, void *v) 858 { 859 struct aa_loaddata *data = seq->private; 860 unsigned int i, size = aa_hash_size(); 861 862 if (data->hash) { 863 for (i = 0; i < size; i++) 864 seq_printf(seq, "%.2x", data->hash[i]); 865 seq_putc(seq, '\n'); 866 } 867 868 return 0; 869 } 870 871 SEQ_RAWDATA_FOPS(abi); 872 SEQ_RAWDATA_FOPS(revision); 873 SEQ_RAWDATA_FOPS(hash); 874 875 static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size, 876 loff_t *ppos) 877 { 878 struct aa_loaddata *rawdata = file->private_data; 879 880 return simple_read_from_buffer(buf, size, ppos, rawdata->data, 881 rawdata->size); 882 } 883 884 static int rawdata_release(struct inode *inode, struct file *file) 885 { 886 aa_put_loaddata(file->private_data); 887 888 return 0; 889 } 890 891 static int rawdata_open(struct inode *inode, struct file *file) 892 { 893 if (!policy_view_capable(NULL)) 894 return -EACCES; 895 file->private_data = __aa_get_loaddata(inode->i_private); 896 if (!file->private_data) 897 /* lost race: this entry is being reaped */ 898 return -ENOENT; 899 900 return 0; 901 } 902 903 static const struct file_operations rawdata_fops = { 904 .open = rawdata_open, 905 .read = rawdata_read, 906 .llseek = generic_file_llseek, 907 .release = rawdata_release, 908 }; 909 910 static void remove_rawdata_dents(struct aa_loaddata *rawdata) 911 { 912 int i; 913 914 for (i = 0; i < AAFS_LOADDATA_NDENTS; i++) { 915 if (!IS_ERR_OR_NULL(rawdata->dents[i])) { 916 /* no refcounts on i_private */ 917 securityfs_remove(rawdata->dents[i]); 918 rawdata->dents[i] = NULL; 919 } 920 } 921 } 922 923 void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata) 924 { 925 AA_BUG(rawdata->ns && !mutex_is_locked(&rawdata->ns->lock)); 926 927 if (rawdata->ns) { 928 remove_rawdata_dents(rawdata); 929 list_del_init(&rawdata->list); 930 aa_put_ns(rawdata->ns); 931 rawdata->ns = NULL; 932 } 933 } 934 935 int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata) 936 { 937 struct dentry *dent, *dir; 938 939 AA_BUG(!ns); 940 AA_BUG(!rawdata); 941 AA_BUG(!mutex_is_locked(&ns->lock)); 942 AA_BUG(!ns_subdata_dir(ns)); 943 944 /* 945 * just use ns revision dir was originally created at. This is 946 * under ns->lock and if load is successful revision will be 947 * bumped and is guaranteed to be unique 948 */ 949 rawdata->name = kasprintf(GFP_KERNEL, "%ld", ns->revision); 950 if (!rawdata->name) 951 return -ENOMEM; 952 953 dir = securityfs_create_dir(rawdata->name, ns_subdata_dir(ns)); 954 if (IS_ERR(dir)) 955 /* ->name freed when rawdata freed */ 956 return PTR_ERR(dir); 957 rawdata->dents[AAFS_LOADDATA_DIR] = dir; 958 959 dent = securityfs_create_file("abi", S_IFREG | 0444, dir, rawdata, 960 &seq_rawdata_abi_fops); 961 if (IS_ERR(dent)) 962 goto fail; 963 rawdata->dents[AAFS_LOADDATA_ABI] = dent; 964 965 dent = securityfs_create_file("revision", S_IFREG | 0444, dir, rawdata, 966 &seq_rawdata_revision_fops); 967 if (IS_ERR(dent)) 968 goto fail; 969 rawdata->dents[AAFS_LOADDATA_REVISION] = dent; 970 971 if (aa_g_hash_policy) { 972 dent = securityfs_create_file("sha1", S_IFREG | 0444, dir, 973 rawdata, &seq_rawdata_hash_fops); 974 if (IS_ERR(dent)) 975 goto fail; 976 rawdata->dents[AAFS_LOADDATA_HASH] = dent; 977 } 978 979 dent = securityfs_create_file("raw_data", S_IFREG | 0444, 980 dir, rawdata, &rawdata_fops); 981 if (IS_ERR(dent)) 982 goto fail; 983 rawdata->dents[AAFS_LOADDATA_DATA] = dent; 984 d_inode(dent)->i_size = rawdata->size; 985 986 rawdata->ns = aa_get_ns(ns); 987 list_add(&rawdata->list, &ns->rawdata_list); 988 /* no refcount on inode rawdata */ 989 990 return 0; 991 992 fail: 993 remove_rawdata_dents(rawdata); 994 995 return PTR_ERR(dent); 996 } 997 998 /** fns to setup dynamic per profile/namespace files **/ 999 void __aa_fs_profile_rmdir(struct aa_profile *profile) 1000 { 1001 struct aa_profile *child; 1002 int i; 1003 1004 if (!profile) 1005 return; 1006 1007 list_for_each_entry(child, &profile->base.profiles, base.list) 1008 __aa_fs_profile_rmdir(child); 1009 1010 for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) { 1011 struct aa_proxy *proxy; 1012 if (!profile->dents[i]) 1013 continue; 1014 1015 proxy = d_inode(profile->dents[i])->i_private; 1016 securityfs_remove(profile->dents[i]); 1017 aa_put_proxy(proxy); 1018 profile->dents[i] = NULL; 1019 } 1020 } 1021 1022 void __aa_fs_profile_migrate_dents(struct aa_profile *old, 1023 struct aa_profile *new) 1024 { 1025 int i; 1026 1027 for (i = 0; i < AAFS_PROF_SIZEOF; i++) { 1028 new->dents[i] = old->dents[i]; 1029 if (new->dents[i]) 1030 new->dents[i]->d_inode->i_mtime = current_time(new->dents[i]->d_inode); 1031 old->dents[i] = NULL; 1032 } 1033 } 1034 1035 static struct dentry *create_profile_file(struct dentry *dir, const char *name, 1036 struct aa_profile *profile, 1037 const struct file_operations *fops) 1038 { 1039 struct aa_proxy *proxy = aa_get_proxy(profile->proxy); 1040 struct dentry *dent; 1041 1042 dent = securityfs_create_file(name, S_IFREG | 0444, dir, proxy, fops); 1043 if (IS_ERR(dent)) 1044 aa_put_proxy(proxy); 1045 1046 return dent; 1047 } 1048 1049 static int profile_depth(struct aa_profile *profile) 1050 { 1051 int depth = 0; 1052 1053 rcu_read_lock(); 1054 for (depth = 0; profile; profile = rcu_access_pointer(profile->parent)) 1055 depth++; 1056 rcu_read_unlock(); 1057 1058 return depth; 1059 } 1060 1061 static int gen_symlink_name(char *buffer, size_t bsize, int depth, 1062 const char *dirname, const char *fname) 1063 { 1064 int error; 1065 1066 for (; depth > 0; depth--) { 1067 if (bsize < 7) 1068 return -ENAMETOOLONG; 1069 strcpy(buffer, "../../"); 1070 buffer += 6; 1071 bsize -= 6; 1072 } 1073 1074 error = snprintf(buffer, bsize, "raw_data/%s/%s", dirname, fname); 1075 if (error >= bsize || error < 0) 1076 return -ENAMETOOLONG; 1077 1078 return 0; 1079 } 1080 1081 /* 1082 * Requires: @profile->ns->lock held 1083 */ 1084 int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) 1085 { 1086 struct aa_profile *child; 1087 struct dentry *dent = NULL, *dir; 1088 int error; 1089 1090 if (!parent) { 1091 struct aa_profile *p; 1092 p = aa_deref_parent(profile); 1093 dent = prof_dir(p); 1094 /* adding to parent that previously didn't have children */ 1095 dent = securityfs_create_dir("profiles", dent); 1096 if (IS_ERR(dent)) 1097 goto fail; 1098 prof_child_dir(p) = parent = dent; 1099 } 1100 1101 if (!profile->dirname) { 1102 int len, id_len; 1103 len = mangle_name(profile->base.name, NULL); 1104 id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id); 1105 1106 profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL); 1107 if (!profile->dirname) { 1108 error = -ENOMEM; 1109 goto fail2; 1110 } 1111 1112 mangle_name(profile->base.name, profile->dirname); 1113 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++); 1114 } 1115 1116 dent = securityfs_create_dir(profile->dirname, parent); 1117 if (IS_ERR(dent)) 1118 goto fail; 1119 prof_dir(profile) = dir = dent; 1120 1121 dent = create_profile_file(dir, "name", profile, 1122 &seq_profile_name_fops); 1123 if (IS_ERR(dent)) 1124 goto fail; 1125 profile->dents[AAFS_PROF_NAME] = dent; 1126 1127 dent = create_profile_file(dir, "mode", profile, 1128 &seq_profile_mode_fops); 1129 if (IS_ERR(dent)) 1130 goto fail; 1131 profile->dents[AAFS_PROF_MODE] = dent; 1132 1133 dent = create_profile_file(dir, "attach", profile, 1134 &seq_profile_attach_fops); 1135 if (IS_ERR(dent)) 1136 goto fail; 1137 profile->dents[AAFS_PROF_ATTACH] = dent; 1138 1139 if (profile->hash) { 1140 dent = create_profile_file(dir, "sha1", profile, 1141 &seq_profile_hash_fops); 1142 if (IS_ERR(dent)) 1143 goto fail; 1144 profile->dents[AAFS_PROF_HASH] = dent; 1145 } 1146 1147 if (profile->rawdata) { 1148 char target[64]; 1149 int depth = profile_depth(profile); 1150 1151 error = gen_symlink_name(target, sizeof(target), depth, 1152 profile->rawdata->name, "sha1"); 1153 if (error < 0) 1154 goto fail2; 1155 dent = securityfs_create_symlink("raw_sha1", dir, target, NULL); 1156 if (IS_ERR(dent)) 1157 goto fail; 1158 profile->dents[AAFS_PROF_RAW_HASH] = dent; 1159 1160 error = gen_symlink_name(target, sizeof(target), depth, 1161 profile->rawdata->name, "abi"); 1162 if (error < 0) 1163 goto fail2; 1164 dent = securityfs_create_symlink("raw_abi", dir, target, NULL); 1165 if (IS_ERR(dent)) 1166 goto fail; 1167 profile->dents[AAFS_PROF_RAW_ABI] = dent; 1168 1169 error = gen_symlink_name(target, sizeof(target), depth, 1170 profile->rawdata->name, "raw_data"); 1171 if (error < 0) 1172 goto fail2; 1173 dent = securityfs_create_symlink("raw_data", dir, target, NULL); 1174 if (IS_ERR(dent)) 1175 goto fail; 1176 profile->dents[AAFS_PROF_RAW_DATA] = dent; 1177 } 1178 1179 list_for_each_entry(child, &profile->base.profiles, base.list) { 1180 error = __aa_fs_profile_mkdir(child, prof_child_dir(profile)); 1181 if (error) 1182 goto fail2; 1183 } 1184 1185 return 0; 1186 1187 fail: 1188 error = PTR_ERR(dent); 1189 1190 fail2: 1191 __aa_fs_profile_rmdir(profile); 1192 1193 return error; 1194 } 1195 1196 static void __aa_fs_list_remove_rawdata(struct aa_ns *ns) 1197 { 1198 struct aa_loaddata *ent, *tmp; 1199 1200 AA_BUG(!mutex_is_locked(&ns->lock)); 1201 1202 list_for_each_entry_safe(ent, tmp, &ns->rawdata_list, list) 1203 __aa_fs_remove_rawdata(ent); 1204 } 1205 1206 void __aa_fs_ns_rmdir(struct aa_ns *ns) 1207 { 1208 struct aa_ns *sub; 1209 struct aa_profile *child; 1210 int i; 1211 1212 if (!ns) 1213 return; 1214 1215 list_for_each_entry(child, &ns->base.profiles, base.list) 1216 __aa_fs_profile_rmdir(child); 1217 1218 list_for_each_entry(sub, &ns->sub_ns, base.list) { 1219 mutex_lock(&sub->lock); 1220 __aa_fs_ns_rmdir(sub); 1221 mutex_unlock(&sub->lock); 1222 } 1223 1224 __aa_fs_list_remove_rawdata(ns); 1225 1226 if (ns_subns_dir(ns)) { 1227 sub = d_inode(ns_subns_dir(ns))->i_private; 1228 aa_put_ns(sub); 1229 } 1230 if (ns_subload(ns)) { 1231 sub = d_inode(ns_subload(ns))->i_private; 1232 aa_put_ns(sub); 1233 } 1234 if (ns_subreplace(ns)) { 1235 sub = d_inode(ns_subreplace(ns))->i_private; 1236 aa_put_ns(sub); 1237 } 1238 if (ns_subremove(ns)) { 1239 sub = d_inode(ns_subremove(ns))->i_private; 1240 aa_put_ns(sub); 1241 } 1242 1243 for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) { 1244 securityfs_remove(ns->dents[i]); 1245 ns->dents[i] = NULL; 1246 } 1247 } 1248 1249 /* assumes cleanup in caller */ 1250 static int __aa_fs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir) 1251 { 1252 struct dentry *dent; 1253 1254 AA_BUG(!ns); 1255 AA_BUG(!dir); 1256 1257 dent = securityfs_create_dir("profiles", dir); 1258 if (IS_ERR(dent)) 1259 return PTR_ERR(dent); 1260 ns_subprofs_dir(ns) = dent; 1261 1262 dent = securityfs_create_dir("raw_data", dir); 1263 if (IS_ERR(dent)) 1264 return PTR_ERR(dent); 1265 ns_subdata_dir(ns) = dent; 1266 1267 dent = securityfs_create_file(".load", 0640, dir, ns, 1268 &aa_fs_profile_load); 1269 if (IS_ERR(dent)) 1270 return PTR_ERR(dent); 1271 aa_get_ns(ns); 1272 ns_subload(ns) = dent; 1273 1274 dent = securityfs_create_file(".replace", 0640, dir, ns, 1275 &aa_fs_profile_replace); 1276 if (IS_ERR(dent)) 1277 return PTR_ERR(dent); 1278 aa_get_ns(ns); 1279 ns_subreplace(ns) = dent; 1280 1281 dent = securityfs_create_file(".remove", 0640, dir, ns, 1282 &aa_fs_profile_remove); 1283 if (IS_ERR(dent)) 1284 return PTR_ERR(dent); 1285 aa_get_ns(ns); 1286 ns_subremove(ns) = dent; 1287 1288 dent = securityfs_create_dir("namespaces", dir); 1289 if (IS_ERR(dent)) 1290 return PTR_ERR(dent); 1291 aa_get_ns(ns); 1292 ns_subns_dir(ns) = dent; 1293 1294 return 0; 1295 } 1296 1297 int __aa_fs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name) 1298 { 1299 struct aa_ns *sub; 1300 struct aa_profile *child; 1301 struct dentry *dent, *dir; 1302 int error; 1303 1304 AA_BUG(!ns); 1305 AA_BUG(!parent); 1306 AA_BUG(!mutex_is_locked(&ns->lock)); 1307 1308 if (!name) 1309 name = ns->base.name; 1310 1311 /* create ns dir if it doesn't already exist */ 1312 dent = securityfs_create_dir(name, parent); 1313 if (IS_ERR(dent)) 1314 goto fail; 1315 1316 ns_dir(ns) = dir = dent; 1317 error = __aa_fs_ns_mkdir_entries(ns, dir); 1318 if (error) 1319 goto fail2; 1320 1321 /* profiles */ 1322 list_for_each_entry(child, &ns->base.profiles, base.list) { 1323 error = __aa_fs_profile_mkdir(child, ns_subprofs_dir(ns)); 1324 if (error) 1325 goto fail2; 1326 } 1327 1328 /* subnamespaces */ 1329 list_for_each_entry(sub, &ns->sub_ns, base.list) { 1330 mutex_lock(&sub->lock); 1331 error = __aa_fs_ns_mkdir(sub, ns_subns_dir(ns), NULL); 1332 mutex_unlock(&sub->lock); 1333 if (error) 1334 goto fail2; 1335 } 1336 1337 return 0; 1338 1339 fail: 1340 error = PTR_ERR(dent); 1341 1342 fail2: 1343 __aa_fs_ns_rmdir(ns); 1344 1345 return error; 1346 } 1347 1348 1349 #define list_entry_is_head(pos, head, member) (&pos->member == (head)) 1350 1351 /** 1352 * __next_ns - find the next namespace to list 1353 * @root: root namespace to stop search at (NOT NULL) 1354 * @ns: current ns position (NOT NULL) 1355 * 1356 * Find the next namespace from @ns under @root and handle all locking needed 1357 * while switching current namespace. 1358 * 1359 * Returns: next namespace or NULL if at last namespace under @root 1360 * Requires: ns->parent->lock to be held 1361 * NOTE: will not unlock root->lock 1362 */ 1363 static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns) 1364 { 1365 struct aa_ns *parent, *next; 1366 1367 /* is next namespace a child */ 1368 if (!list_empty(&ns->sub_ns)) { 1369 next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list); 1370 mutex_lock(&next->lock); 1371 return next; 1372 } 1373 1374 /* check if the next ns is a sibling, parent, gp, .. */ 1375 parent = ns->parent; 1376 while (ns != root) { 1377 mutex_unlock(&ns->lock); 1378 next = list_next_entry(ns, base.list); 1379 if (!list_entry_is_head(next, &parent->sub_ns, base.list)) { 1380 mutex_lock(&next->lock); 1381 return next; 1382 } 1383 ns = parent; 1384 parent = parent->parent; 1385 } 1386 1387 return NULL; 1388 } 1389 1390 /** 1391 * __first_profile - find the first profile in a namespace 1392 * @root: namespace that is root of profiles being displayed (NOT NULL) 1393 * @ns: namespace to start in (NOT NULL) 1394 * 1395 * Returns: unrefcounted profile or NULL if no profile 1396 * Requires: profile->ns.lock to be held 1397 */ 1398 static struct aa_profile *__first_profile(struct aa_ns *root, 1399 struct aa_ns *ns) 1400 { 1401 for (; ns; ns = __next_ns(root, ns)) { 1402 if (!list_empty(&ns->base.profiles)) 1403 return list_first_entry(&ns->base.profiles, 1404 struct aa_profile, base.list); 1405 } 1406 return NULL; 1407 } 1408 1409 /** 1410 * __next_profile - step to the next profile in a profile tree 1411 * @profile: current profile in tree (NOT NULL) 1412 * 1413 * Perform a depth first traversal on the profile tree in a namespace 1414 * 1415 * Returns: next profile or NULL if done 1416 * Requires: profile->ns.lock to be held 1417 */ 1418 static struct aa_profile *__next_profile(struct aa_profile *p) 1419 { 1420 struct aa_profile *parent; 1421 struct aa_ns *ns = p->ns; 1422 1423 /* is next profile a child */ 1424 if (!list_empty(&p->base.profiles)) 1425 return list_first_entry(&p->base.profiles, typeof(*p), 1426 base.list); 1427 1428 /* is next profile a sibling, parent sibling, gp, sibling, .. */ 1429 parent = rcu_dereference_protected(p->parent, 1430 mutex_is_locked(&p->ns->lock)); 1431 while (parent) { 1432 p = list_next_entry(p, base.list); 1433 if (!list_entry_is_head(p, &parent->base.profiles, base.list)) 1434 return p; 1435 p = parent; 1436 parent = rcu_dereference_protected(parent->parent, 1437 mutex_is_locked(&parent->ns->lock)); 1438 } 1439 1440 /* is next another profile in the namespace */ 1441 p = list_next_entry(p, base.list); 1442 if (!list_entry_is_head(p, &ns->base.profiles, base.list)) 1443 return p; 1444 1445 return NULL; 1446 } 1447 1448 /** 1449 * next_profile - step to the next profile in where ever it may be 1450 * @root: root namespace (NOT NULL) 1451 * @profile: current profile (NOT NULL) 1452 * 1453 * Returns: next profile or NULL if there isn't one 1454 */ 1455 static struct aa_profile *next_profile(struct aa_ns *root, 1456 struct aa_profile *profile) 1457 { 1458 struct aa_profile *next = __next_profile(profile); 1459 if (next) 1460 return next; 1461 1462 /* finished all profiles in namespace move to next namespace */ 1463 return __first_profile(root, __next_ns(root, profile->ns)); 1464 } 1465 1466 /** 1467 * p_start - start a depth first traversal of profile tree 1468 * @f: seq_file to fill 1469 * @pos: current position 1470 * 1471 * Returns: first profile under current namespace or NULL if none found 1472 * 1473 * acquires first ns->lock 1474 */ 1475 static void *p_start(struct seq_file *f, loff_t *pos) 1476 { 1477 struct aa_profile *profile = NULL; 1478 struct aa_ns *root = aa_current_profile()->ns; 1479 loff_t l = *pos; 1480 f->private = aa_get_ns(root); 1481 1482 1483 /* find the first profile */ 1484 mutex_lock(&root->lock); 1485 profile = __first_profile(root, root); 1486 1487 /* skip to position */ 1488 for (; profile && l > 0; l--) 1489 profile = next_profile(root, profile); 1490 1491 return profile; 1492 } 1493 1494 /** 1495 * p_next - read the next profile entry 1496 * @f: seq_file to fill 1497 * @p: profile previously returned 1498 * @pos: current position 1499 * 1500 * Returns: next profile after @p or NULL if none 1501 * 1502 * may acquire/release locks in namespace tree as necessary 1503 */ 1504 static void *p_next(struct seq_file *f, void *p, loff_t *pos) 1505 { 1506 struct aa_profile *profile = p; 1507 struct aa_ns *ns = f->private; 1508 (*pos)++; 1509 1510 return next_profile(ns, profile); 1511 } 1512 1513 /** 1514 * p_stop - stop depth first traversal 1515 * @f: seq_file we are filling 1516 * @p: the last profile writen 1517 * 1518 * Release all locking done by p_start/p_next on namespace tree 1519 */ 1520 static void p_stop(struct seq_file *f, void *p) 1521 { 1522 struct aa_profile *profile = p; 1523 struct aa_ns *root = f->private, *ns; 1524 1525 if (profile) { 1526 for (ns = profile->ns; ns && ns != root; ns = ns->parent) 1527 mutex_unlock(&ns->lock); 1528 } 1529 mutex_unlock(&root->lock); 1530 aa_put_ns(root); 1531 } 1532 1533 /** 1534 * seq_show_profile - show a profile entry 1535 * @f: seq_file to file 1536 * @p: current position (profile) (NOT NULL) 1537 * 1538 * Returns: error on failure 1539 */ 1540 static int seq_show_profile(struct seq_file *f, void *p) 1541 { 1542 struct aa_profile *profile = (struct aa_profile *)p; 1543 struct aa_ns *root = f->private; 1544 1545 if (profile->ns != root) 1546 seq_printf(f, ":%s://", aa_ns_name(root, profile->ns, true)); 1547 seq_printf(f, "%s (%s)\n", profile->base.hname, 1548 aa_profile_mode_names[profile->mode]); 1549 1550 return 0; 1551 } 1552 1553 static const struct seq_operations aa_fs_profiles_op = { 1554 .start = p_start, 1555 .next = p_next, 1556 .stop = p_stop, 1557 .show = seq_show_profile, 1558 }; 1559 1560 static int profiles_open(struct inode *inode, struct file *file) 1561 { 1562 if (!policy_view_capable(NULL)) 1563 return -EACCES; 1564 1565 return seq_open(file, &aa_fs_profiles_op); 1566 } 1567 1568 static int profiles_release(struct inode *inode, struct file *file) 1569 { 1570 return seq_release(inode, file); 1571 } 1572 1573 static const struct file_operations aa_fs_profiles_fops = { 1574 .open = profiles_open, 1575 .read = seq_read, 1576 .llseek = seq_lseek, 1577 .release = profiles_release, 1578 }; 1579 1580 1581 /** Base file system setup **/ 1582 static struct aa_fs_entry aa_fs_entry_file[] = { 1583 AA_FS_FILE_STRING("mask", "create read write exec append mmap_exec " \ 1584 "link lock"), 1585 { } 1586 }; 1587 1588 static struct aa_fs_entry aa_fs_entry_domain[] = { 1589 AA_FS_FILE_BOOLEAN("change_hat", 1), 1590 AA_FS_FILE_BOOLEAN("change_hatv", 1), 1591 AA_FS_FILE_BOOLEAN("change_onexec", 1), 1592 AA_FS_FILE_BOOLEAN("change_profile", 1), 1593 AA_FS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1), 1594 AA_FS_FILE_STRING("version", "1.2"), 1595 { } 1596 }; 1597 1598 static struct aa_fs_entry aa_fs_entry_versions[] = { 1599 AA_FS_FILE_BOOLEAN("v5", 1), 1600 { } 1601 }; 1602 1603 static struct aa_fs_entry aa_fs_entry_policy[] = { 1604 AA_FS_DIR("versions", aa_fs_entry_versions), 1605 AA_FS_FILE_BOOLEAN("set_load", 1), 1606 { } 1607 }; 1608 1609 static struct aa_fs_entry aa_fs_entry_features[] = { 1610 AA_FS_DIR("policy", aa_fs_entry_policy), 1611 AA_FS_DIR("domain", aa_fs_entry_domain), 1612 AA_FS_DIR("file", aa_fs_entry_file), 1613 AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK), 1614 AA_FS_DIR("rlimit", aa_fs_entry_rlimit), 1615 AA_FS_DIR("caps", aa_fs_entry_caps), 1616 { } 1617 }; 1618 1619 static struct aa_fs_entry aa_fs_entry_apparmor[] = { 1620 AA_FS_FILE_FOPS(".access", 0640, &aa_fs_access), 1621 AA_FS_FILE_FOPS(".ns_level", 0666, &seq_ns_level_fops), 1622 AA_FS_FILE_FOPS(".ns_name", 0640, &seq_ns_name_fops), 1623 AA_FS_FILE_FOPS("profiles", 0440, &aa_fs_profiles_fops), 1624 AA_FS_DIR("features", aa_fs_entry_features), 1625 { } 1626 }; 1627 1628 static struct aa_fs_entry aa_fs_entry = 1629 AA_FS_DIR("apparmor", aa_fs_entry_apparmor); 1630 1631 /** 1632 * entry_create_file - create a file entry in the apparmor securityfs 1633 * @fs_file: aa_fs_entry to build an entry for (NOT NULL) 1634 * @parent: the parent dentry in the securityfs 1635 * 1636 * Use entry_remove_file to remove entries created with this fn. 1637 */ 1638 static int __init entry_create_file(struct aa_fs_entry *fs_file, 1639 struct dentry *parent) 1640 { 1641 int error = 0; 1642 1643 fs_file->dentry = securityfs_create_file(fs_file->name, 1644 S_IFREG | fs_file->mode, 1645 parent, fs_file, 1646 fs_file->file_ops); 1647 if (IS_ERR(fs_file->dentry)) { 1648 error = PTR_ERR(fs_file->dentry); 1649 fs_file->dentry = NULL; 1650 } 1651 return error; 1652 } 1653 1654 static void __init entry_remove_dir(struct aa_fs_entry *fs_dir); 1655 /** 1656 * entry_create_dir - recursively create a directory entry in the securityfs 1657 * @fs_dir: aa_fs_entry (and all child entries) to build (NOT NULL) 1658 * @parent: the parent dentry in the securityfs 1659 * 1660 * Use entry_remove_dir to remove entries created with this fn. 1661 */ 1662 static int __init entry_create_dir(struct aa_fs_entry *fs_dir, 1663 struct dentry *parent) 1664 { 1665 struct aa_fs_entry *fs_file; 1666 struct dentry *dir; 1667 int error; 1668 1669 dir = securityfs_create_dir(fs_dir->name, parent); 1670 if (IS_ERR(dir)) 1671 return PTR_ERR(dir); 1672 fs_dir->dentry = dir; 1673 1674 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) { 1675 if (fs_file->v_type == AA_FS_TYPE_DIR) 1676 error = entry_create_dir(fs_file, fs_dir->dentry); 1677 else 1678 error = entry_create_file(fs_file, fs_dir->dentry); 1679 if (error) 1680 goto failed; 1681 } 1682 1683 return 0; 1684 1685 failed: 1686 entry_remove_dir(fs_dir); 1687 1688 return error; 1689 } 1690 1691 /** 1692 * aafs_remove_file - drop a single file entry in the apparmor securityfs 1693 * @fs_file: aa_fs_entry to detach from the securityfs (NOT NULL) 1694 */ 1695 static void __init aafs_remove_file(struct aa_fs_entry *fs_file) 1696 { 1697 if (!fs_file->dentry) 1698 return; 1699 1700 securityfs_remove(fs_file->dentry); 1701 fs_file->dentry = NULL; 1702 } 1703 1704 /** 1705 * entry_remove_dir - recursively drop a directory entry from the securityfs 1706 * @fs_dir: aa_fs_entry (and all child entries) to detach (NOT NULL) 1707 */ 1708 static void __init entry_remove_dir(struct aa_fs_entry *fs_dir) 1709 { 1710 struct aa_fs_entry *fs_file; 1711 1712 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) { 1713 if (fs_file->v_type == AA_FS_TYPE_DIR) 1714 entry_remove_dir(fs_file); 1715 else 1716 aafs_remove_file(fs_file); 1717 } 1718 1719 aafs_remove_file(fs_dir); 1720 } 1721 1722 /** 1723 * aa_destroy_aafs - cleanup and free aafs 1724 * 1725 * releases dentries allocated by aa_create_aafs 1726 */ 1727 void __init aa_destroy_aafs(void) 1728 { 1729 entry_remove_dir(&aa_fs_entry); 1730 } 1731 1732 1733 #define NULL_FILE_NAME ".null" 1734 struct path aa_null; 1735 1736 static int aa_mk_null_file(struct dentry *parent) 1737 { 1738 struct vfsmount *mount = NULL; 1739 struct dentry *dentry; 1740 struct inode *inode; 1741 int count = 0; 1742 int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count); 1743 1744 if (error) 1745 return error; 1746 1747 inode_lock(d_inode(parent)); 1748 dentry = lookup_one_len(NULL_FILE_NAME, parent, strlen(NULL_FILE_NAME)); 1749 if (IS_ERR(dentry)) { 1750 error = PTR_ERR(dentry); 1751 goto out; 1752 } 1753 inode = new_inode(parent->d_inode->i_sb); 1754 if (!inode) { 1755 error = -ENOMEM; 1756 goto out1; 1757 } 1758 1759 inode->i_ino = get_next_ino(); 1760 inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO; 1761 inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode); 1762 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, 1763 MKDEV(MEM_MAJOR, 3)); 1764 d_instantiate(dentry, inode); 1765 aa_null.dentry = dget(dentry); 1766 aa_null.mnt = mntget(mount); 1767 1768 error = 0; 1769 1770 out1: 1771 dput(dentry); 1772 out: 1773 inode_unlock(d_inode(parent)); 1774 simple_release_fs(&mount, &count); 1775 return error; 1776 } 1777 1778 1779 1780 static const char *policy_get_link(struct dentry *dentry, 1781 struct inode *inode, 1782 struct delayed_call *done) 1783 { 1784 struct aa_ns *ns; 1785 struct path path; 1786 1787 if (!dentry) 1788 return ERR_PTR(-ECHILD); 1789 ns = aa_get_current_ns(); 1790 path.mnt = mntget(aafs_mnt); 1791 path.dentry = dget(ns_dir(ns)); 1792 nd_jump_link(&path); 1793 aa_put_ns(ns); 1794 1795 return NULL; 1796 } 1797 1798 static int ns_get_name(char *buf, size_t size, struct aa_ns *ns, 1799 struct inode *inode) 1800 { 1801 int res = snprintf(buf, size, "%s:[%lu]", AAFS_NAME, inode->i_ino); 1802 1803 if (res < 0 || res >= size) 1804 res = -ENOENT; 1805 1806 return res; 1807 } 1808 1809 static int policy_readlink(struct dentry *dentry, char __user *buffer, 1810 int buflen) 1811 { 1812 struct aa_ns *ns; 1813 char name[32]; 1814 int res; 1815 1816 ns = aa_get_current_ns(); 1817 res = ns_get_name(name, sizeof(name), ns, d_inode(dentry)); 1818 if (res >= 0) 1819 res = readlink_copy(buffer, buflen, name); 1820 aa_put_ns(ns); 1821 1822 return res; 1823 } 1824 1825 static const struct inode_operations policy_link_iops = { 1826 .readlink = policy_readlink, 1827 .get_link = policy_get_link, 1828 }; 1829 1830 1831 /** 1832 * aa_create_aafs - create the apparmor security filesystem 1833 * 1834 * dentries created here are released by aa_destroy_aafs 1835 * 1836 * Returns: error on failure 1837 */ 1838 static int __init aa_create_aafs(void) 1839 { 1840 struct dentry *dent; 1841 int error; 1842 1843 if (!apparmor_initialized) 1844 return 0; 1845 1846 if (aa_fs_entry.dentry) { 1847 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__); 1848 return -EEXIST; 1849 } 1850 1851 /* setup apparmorfs used to virtualize policy/ */ 1852 aafs_mnt = kern_mount(&aafs_ops); 1853 if (IS_ERR(aafs_mnt)) 1854 panic("can't set apparmorfs up\n"); 1855 aafs_mnt->mnt_sb->s_flags &= ~MS_NOUSER; 1856 1857 /* Populate fs tree. */ 1858 error = entry_create_dir(&aa_fs_entry, NULL); 1859 if (error) 1860 goto error; 1861 1862 dent = securityfs_create_file(".load", 0666, aa_fs_entry.dentry, 1863 NULL, &aa_fs_profile_load); 1864 if (IS_ERR(dent)) { 1865 error = PTR_ERR(dent); 1866 goto error; 1867 } 1868 ns_subload(root_ns) = dent; 1869 1870 dent = securityfs_create_file(".replace", 0666, aa_fs_entry.dentry, 1871 NULL, &aa_fs_profile_replace); 1872 if (IS_ERR(dent)) { 1873 error = PTR_ERR(dent); 1874 goto error; 1875 } 1876 ns_subreplace(root_ns) = dent; 1877 1878 dent = securityfs_create_file(".remove", 0666, aa_fs_entry.dentry, 1879 NULL, &aa_fs_profile_remove); 1880 if (IS_ERR(dent)) { 1881 error = PTR_ERR(dent); 1882 goto error; 1883 } 1884 ns_subremove(root_ns) = dent; 1885 1886 mutex_lock(&root_ns->lock); 1887 error = __aa_fs_ns_mkdir(root_ns, aa_fs_entry.dentry, "policy"); 1888 mutex_unlock(&root_ns->lock); 1889 1890 if (error) 1891 goto error; 1892 1893 error = aa_mk_null_file(aa_fs_entry.dentry); 1894 if (error) 1895 goto error; 1896 1897 /* TODO: add default profile to apparmorfs */ 1898 1899 /* Report that AppArmor fs is enabled */ 1900 aa_info_message("AppArmor Filesystem Enabled"); 1901 return 0; 1902 1903 error: 1904 aa_destroy_aafs(); 1905 AA_ERROR("Error creating AppArmor securityfs\n"); 1906 return error; 1907 } 1908 1909 fs_initcall(aa_create_aafs); 1910