1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * AppArmor security module 4 * 5 * This file contains AppArmor label definitions 6 * 7 * Copyright 2017 Canonical Ltd. 8 */ 9 10 #ifndef __AA_LABEL_H 11 #define __AA_LABEL_H 12 13 #include <linux/atomic.h> 14 #include <linux/audit.h> 15 #include <linux/rbtree.h> 16 #include <linux/rcupdate.h> 17 18 #include "apparmor.h" 19 #include "lib.h" 20 21 struct aa_ns; 22 struct aa_ruleset; 23 24 #define LOCAL_VEC_ENTRIES 8 25 #define DEFINE_VEC(T, V) \ 26 struct aa_ ## T *(_ ## V ## _localtmp)[LOCAL_VEC_ENTRIES]; \ 27 struct aa_ ## T **(V) 28 29 #define vec_setup(T, V, N, GFP) \ 30 ({ \ 31 if ((N) <= LOCAL_VEC_ENTRIES) { \ 32 typeof(N) i; \ 33 (V) = (_ ## V ## _localtmp); \ 34 for (i = 0; i < (N); i++) \ 35 (V)[i] = NULL; \ 36 } else \ 37 (V) = kzalloc(sizeof(struct aa_ ## T *) * (N), (GFP)); \ 38 (V) ? 0 : -ENOMEM; \ 39 }) 40 41 #define vec_cleanup(T, V, N) \ 42 do { \ 43 int i; \ 44 for (i = 0; i < (N); i++) { \ 45 if (!IS_ERR_OR_NULL((V)[i])) \ 46 aa_put_ ## T((V)[i]); \ 47 } \ 48 if ((V) != _ ## V ## _localtmp) \ 49 kfree(V); \ 50 } while (0) 51 52 #define vec_last(VEC, SIZE) ((VEC)[(SIZE) - 1]) 53 #define vec_ns(VEC, SIZE) (vec_last((VEC), (SIZE))->ns) 54 #define vec_labelset(VEC, SIZE) (&vec_ns((VEC), (SIZE))->labels) 55 #define cleanup_domain_vec(V, L) cleanup_label_vec((V), (L)->size) 56 57 struct aa_profile; 58 #define VEC_FLAG_TERMINATE 1 59 int aa_vec_unique(struct aa_profile **vec, int n, int flags); 60 struct aa_label *aa_vec_find_or_create_label(struct aa_profile **vec, int len, 61 gfp_t gfp); 62 #define aa_sort_and_merge_vec(N, V) \ 63 aa_sort_and_merge_profiles((N), (struct aa_profile **)(V)) 64 65 66 /* struct aa_labelset - set of labels for a namespace 67 * 68 * Labels are reference counted; aa_labelset does not contribute to label 69 * reference counts. Once a label's last refcount is put it is removed from 70 * the set. 71 */ 72 struct aa_labelset { 73 rwlock_t lock; 74 75 struct rb_root root; 76 }; 77 78 #define __labelset_for_each(LS, N) \ 79 for ((N) = rb_first(&(LS)->root); (N); (N) = rb_next(N)) 80 81 enum label_flags { 82 FLAG_HAT = 1, /* profile is a hat */ 83 FLAG_UNCONFINED = 2, /* label unconfined only if all */ 84 FLAG_NULL = 4, /* profile is null learning profile */ 85 FLAG_IX_ON_NAME_ERROR = 8, /* fallback to ix on name lookup fail */ 86 FLAG_IMMUTIBLE = 0x10, /* don't allow changes/replacement */ 87 FLAG_USER_DEFINED = 0x20, /* user based profile - lower privs */ 88 FLAG_NO_LIST_REF = 0x40, /* list doesn't keep profile ref */ 89 FLAG_NS_COUNT = 0x80, /* carries NS ref count */ 90 FLAG_IN_TREE = 0x100, /* label is in tree */ 91 FLAG_PROFILE = 0x200, /* label is a profile */ 92 FLAG_EXPLICIT = 0x400, /* explicit static label */ 93 FLAG_STALE = 0x800, /* replaced/removed */ 94 FLAG_RENAMED = 0x1000, /* label has renaming in it */ 95 FLAG_REVOKED = 0x2000, /* label has revocation in it */ 96 FLAG_DEBUG1 = 0x4000, 97 FLAG_DEBUG2 = 0x8000, 98 99 /* These flags must correspond with PATH_flags */ 100 /* TODO: add new path flags */ 101 }; 102 103 struct aa_label; 104 struct aa_proxy { 105 struct kref count; 106 struct aa_label __rcu *label; 107 }; 108 109 struct label_it { 110 int i, j; 111 }; 112 113 /* struct aa_label_base - base info of label 114 * @count: ref count of active users 115 * @node: rbtree position 116 * @rcu: rcu callback struct 117 * @proxy: is set to the label that replaced this label 118 * @hname: text representation of the label (MAYBE_NULL) 119 * @flags: stale and other flags - values may change under label set lock 120 * @secid: secid that references this label 121 * @size: number of entries in @ent[] 122 * @mediates: bitmask for label_mediates 123 * profile: label vec when embedded in a profile FLAG_PROFILE is set 124 * rules: variable length rules in a profile FLAG_PROFILE is set 125 * vec: vector of profiles comprising the compound label 126 */ 127 struct aa_label { 128 struct kref count; 129 struct rb_node node; 130 struct rcu_head rcu; 131 struct aa_proxy *proxy; 132 __counted char *hname; 133 long flags; 134 u32 secid; 135 int size; 136 u64 mediates; 137 union { 138 struct { 139 /* only used is the label is a profile, size of 140 * rules[] is determined by the profile 141 * profile[1] is poison or null as guard 142 */ 143 struct aa_profile *profile[2]; 144 DECLARE_FLEX_ARRAY(struct aa_ruleset *, rules); 145 }; 146 DECLARE_FLEX_ARRAY(struct aa_profile *, vec); 147 }; 148 }; 149 150 #define last_error(E, FN) \ 151 do { \ 152 int __subE = (FN); \ 153 if (__subE) \ 154 (E) = __subE; \ 155 } while (0) 156 157 #define label_isprofile(X) ((X)->flags & FLAG_PROFILE) 158 #define label_unconfined(X) ((X)->flags & FLAG_UNCONFINED) 159 #define unconfined(X) label_unconfined(X) 160 #define label_is_stale(X) ((X)->flags & FLAG_STALE) 161 #define __label_make_stale(X) ((X)->flags |= FLAG_STALE) 162 #define labels_ns(X) (vec_ns(&((X)->vec[0]), (X)->size)) 163 #define labels_set(X) (&labels_ns(X)->labels) 164 #define labels_view(X) labels_ns(X) 165 #define labels_profile(X) ((X)->vec[(X)->size - 1]) 166 167 168 int aa_label_next_confined(struct aa_label *l, int i); 169 170 /* for each profile in a label */ 171 #define label_for_each(I, L, P) \ 172 for ((I).i = 0; ((P) = (L)->vec[(I).i]); ++((I).i)) 173 174 /* assumes break/goto ended label_for_each */ 175 #define label_for_each_cont(I, L, P) \ 176 for (++((I).i); ((P) = (L)->vec[(I).i]); ++((I).i)) 177 178 179 180 /* for each profile that is enforcing confinement in a label */ 181 #define label_for_each_confined(I, L, P) \ 182 for ((I).i = aa_label_next_confined((L), 0); \ 183 ((P) = (L)->vec[(I).i]); \ 184 (I).i = aa_label_next_confined((L), (I).i + 1)) 185 186 #define label_for_each_in_merge(I, A, B, P) \ 187 for ((I).i = (I).j = 0; \ 188 ((P) = aa_label_next_in_merge(&(I), (A), (B))); \ 189 ) 190 191 #define label_for_each_not_in_set(I, SET, SUB, P) \ 192 for ((I).i = (I).j = 0; \ 193 ((P) = __aa_label_next_not_in_set(&(I), (SET), (SUB))); \ 194 ) 195 196 #define next_in_ns(i, NS, L) \ 197 ({ \ 198 typeof(i) ___i = (i); \ 199 while ((L)->vec[___i] && (L)->vec[___i]->ns != (NS)) \ 200 (___i)++; \ 201 (___i); \ 202 }) 203 204 #define label_for_each_in_ns(I, NS, L, P) \ 205 for ((I).i = next_in_ns(0, (NS), (L)); \ 206 ((P) = (L)->vec[(I).i]); \ 207 (I).i = next_in_ns((I).i + 1, (NS), (L))) 208 209 #define fn_for_each_in_ns(L, P, FN) \ 210 ({ \ 211 struct label_it __i; \ 212 struct aa_ns *__ns = labels_ns(L); \ 213 int __E = 0; \ 214 label_for_each_in_ns(__i, __ns, (L), (P)) { \ 215 last_error(__E, (FN)); \ 216 } \ 217 __E; \ 218 }) 219 220 221 #define fn_for_each_XXX(L, P, FN, ...) \ 222 ({ \ 223 struct label_it i; \ 224 int __E = 0; \ 225 label_for_each ## __VA_ARGS__(i, (L), (P)) { \ 226 last_error(__E, (FN)); \ 227 } \ 228 __E; \ 229 }) 230 231 #define fn_for_each(L, P, FN) fn_for_each_XXX(L, P, FN) 232 #define fn_for_each_confined(L, P, FN) fn_for_each_XXX(L, P, FN, _confined) 233 234 #define fn_for_each2_XXX(L1, L2, P, FN, ...) \ 235 ({ \ 236 struct label_it i; \ 237 int __E = 0; \ 238 label_for_each ## __VA_ARGS__(i, (L1), (L2), (P)) { \ 239 last_error(__E, (FN)); \ 240 } \ 241 __E; \ 242 }) 243 244 #define fn_for_each_in_merge(L1, L2, P, FN) \ 245 fn_for_each2_XXX((L1), (L2), P, FN, _in_merge) 246 #define fn_for_each_not_in_set(L1, L2, P, FN) \ 247 fn_for_each2_XXX((L1), (L2), P, FN, _not_in_set) 248 249 static inline bool label_mediates(struct aa_label *L, unsigned char C) 250 { 251 return (L)->mediates & (((u64) 1) << (C)); 252 } 253 254 static inline bool label_mediates_safe(struct aa_label *L, unsigned char C) 255 { 256 if (C > AA_CLASS_LAST) 257 return false; 258 return label_mediates(L, C); 259 } 260 261 void aa_labelset_destroy(struct aa_labelset *ls); 262 void aa_labelset_init(struct aa_labelset *ls); 263 void __aa_labelset_update_subtree(struct aa_ns *ns); 264 265 void aa_label_destroy(struct aa_label *label); 266 void aa_label_free(struct aa_label *label); 267 void aa_label_kref(struct kref *kref); 268 bool aa_label_init(struct aa_label *label, int size, gfp_t gfp); 269 struct aa_label *aa_label_alloc(int size, struct aa_proxy *proxy, gfp_t gfp); 270 271 bool aa_label_is_subset(struct aa_label *set, struct aa_label *sub); 272 bool aa_label_is_unconfined_subset(struct aa_label *set, struct aa_label *sub); 273 struct aa_profile *__aa_label_next_not_in_set(struct label_it *I, 274 struct aa_label *set, 275 struct aa_label *sub); 276 bool aa_label_remove(struct aa_label *label); 277 struct aa_label *aa_label_insert(struct aa_labelset *ls, struct aa_label *l); 278 bool aa_label_replace(struct aa_label *old, struct aa_label *new); 279 bool aa_label_make_newest(struct aa_labelset *ls, struct aa_label *old, 280 struct aa_label *new); 281 282 struct aa_profile *aa_label_next_in_merge(struct label_it *I, 283 struct aa_label *a, 284 struct aa_label *b); 285 struct aa_label *aa_label_find_merge(struct aa_label *a, struct aa_label *b); 286 struct aa_label *aa_label_merge(struct aa_label *a, struct aa_label *b, 287 gfp_t gfp); 288 289 290 bool aa_update_label_name(struct aa_ns *ns, struct aa_label *label, gfp_t gfp); 291 292 #define FLAGS_NONE 0 293 #define FLAG_SHOW_MODE 1 294 #define FLAG_VIEW_SUBNS 2 295 #define FLAG_HIDDEN_UNCONFINED 4 296 #define FLAG_ABS_ROOT 8 297 int aa_label_snxprint(char *str, size_t size, struct aa_ns *view, 298 struct aa_label *label, int flags); 299 int aa_label_asxprint(char **strp, struct aa_ns *ns, struct aa_label *label, 300 int flags, gfp_t gfp); 301 int aa_label_acntsxprint(char __counted **strp, struct aa_ns *ns, 302 struct aa_label *label, int flags, gfp_t gfp); 303 void aa_label_xaudit(struct audit_buffer *ab, struct aa_ns *ns, 304 struct aa_label *label, int flags, gfp_t gfp); 305 void aa_label_seq_xprint(struct seq_file *f, struct aa_ns *ns, 306 struct aa_label *label, int flags, gfp_t gfp); 307 void aa_label_xprintk(struct aa_ns *ns, struct aa_label *label, int flags, 308 gfp_t gfp); 309 void aa_label_printk(struct aa_label *label, gfp_t gfp); 310 311 struct aa_label *aa_label_strn_parse(struct aa_label *base, const char *str, 312 size_t n, gfp_t gfp, bool create, 313 bool force_stack); 314 struct aa_label *aa_label_parse(struct aa_label *base, const char *str, 315 gfp_t gfp, bool create, bool force_stack); 316 317 static inline const char *aa_label_strn_split(const char *str, int n) 318 { 319 const char *pos; 320 aa_state_t state; 321 322 state = aa_dfa_matchn_until(stacksplitdfa, DFA_START, str, n, &pos); 323 if (!ACCEPT_TABLE(stacksplitdfa)[state]) 324 return NULL; 325 326 return pos - 3; 327 } 328 329 static inline const char *aa_label_str_split(const char *str) 330 { 331 const char *pos; 332 aa_state_t state; 333 334 state = aa_dfa_match_until(stacksplitdfa, DFA_START, str, &pos); 335 if (!ACCEPT_TABLE(stacksplitdfa)[state]) 336 return NULL; 337 338 return pos - 3; 339 } 340 341 342 343 struct aa_perms; 344 struct aa_ruleset; 345 int aa_label_match(struct aa_profile *profile, struct aa_ruleset *rules, 346 struct aa_label *label, aa_state_t state, bool subns, 347 u32 request, struct aa_perms *perms); 348 349 350 /** 351 * __aa_get_label - get a reference count to uncounted label reference 352 * @l: reference to get a count on 353 * 354 * Returns: pointer to reference OR NULL if race is lost and reference is 355 * being repeated. 356 * Requires: lock held, and the return code MUST be checked 357 */ 358 static inline struct aa_label *__aa_get_label(struct aa_label *l) 359 { 360 if (l && kref_get_unless_zero(&l->count)) 361 return l; 362 363 return NULL; 364 } 365 366 static inline struct aa_label *aa_get_label(struct aa_label *l) 367 { 368 if (l) 369 kref_get(&(l->count)); 370 371 return l; 372 } 373 374 375 /** 376 * aa_get_label_rcu - increment refcount on a label that can be replaced 377 * @l: pointer to label that can be replaced (NOT NULL) 378 * 379 * Returns: pointer to a refcounted label. 380 * else NULL if no label 381 */ 382 static inline struct aa_label *aa_get_label_rcu(struct aa_label __rcu **l) 383 { 384 struct aa_label *c; 385 386 rcu_read_lock(); 387 do { 388 c = rcu_dereference(*l); 389 } while (c && !kref_get_unless_zero(&c->count)); 390 rcu_read_unlock(); 391 392 return c; 393 } 394 395 /** 396 * aa_get_newest_label - find the newest version of @l 397 * @l: the label to check for newer versions of 398 * 399 * Returns: refcounted newest version of @l taking into account 400 * replacement, renames and removals 401 * return @l. 402 */ 403 static inline struct aa_label *aa_get_newest_label(struct aa_label *l) 404 { 405 if (!l) 406 return NULL; 407 408 if (label_is_stale(l)) { 409 struct aa_label *tmp; 410 411 AA_BUG(!l->proxy); 412 AA_BUG(!l->proxy->label); 413 /* BUG: only way this can happen is @l ref count and its 414 * replacement count have gone to 0 and are on their way 415 * to destruction. ie. we have a refcounting error 416 */ 417 tmp = aa_get_label_rcu(&l->proxy->label); 418 AA_BUG(!tmp); 419 420 return tmp; 421 } 422 423 return aa_get_label(l); 424 } 425 426 static inline void aa_put_label(struct aa_label *l) 427 { 428 if (l) 429 kref_put(&l->count, aa_label_kref); 430 } 431 432 /* wrapper fn to indicate semantics of the check */ 433 static inline bool __aa_subj_label_is_cached(struct aa_label *subj_label, 434 struct aa_label *obj_label) 435 { 436 return aa_label_is_subset(obj_label, subj_label); 437 } 438 439 440 struct aa_proxy *aa_alloc_proxy(struct aa_label *l, gfp_t gfp); 441 void aa_proxy_kref(struct kref *kref); 442 443 static inline struct aa_proxy *aa_get_proxy(struct aa_proxy *proxy) 444 { 445 if (proxy) 446 kref_get(&(proxy->count)); 447 448 return proxy; 449 } 450 451 static inline void aa_put_proxy(struct aa_proxy *proxy) 452 { 453 if (proxy) 454 kref_put(&proxy->count, aa_proxy_kref); 455 } 456 457 void __aa_proxy_redirect(struct aa_label *orig, struct aa_label *new); 458 459 #endif /* __AA_LABEL_H */ 460