xref: /linux/security/apparmor/lib.c (revision 4413e16d9d21673bb5048a2e542f1aaa00015c2e)
1 /*
2  * AppArmor security module
3  *
4  * This file contains basic common functions used in AppArmor
5  *
6  * Copyright (C) 1998-2008 Novell/SUSE
7  * Copyright 2009-2010 Canonical Ltd.
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License as
11  * published by the Free Software Foundation, version 2 of the
12  * License.
13  */
14 
15 #include <linux/mm.h>
16 #include <linux/slab.h>
17 #include <linux/string.h>
18 #include <linux/vmalloc.h>
19 
20 #include "include/audit.h"
21 #include "include/apparmor.h"
22 
23 
24 /**
25  * aa_split_fqname - split a fqname into a profile and namespace name
26  * @fqname: a full qualified name in namespace profile format (NOT NULL)
27  * @ns_name: pointer to portion of the string containing the ns name (NOT NULL)
28  *
29  * Returns: profile name or NULL if one is not specified
30  *
31  * Split a namespace name from a profile name (see policy.c for naming
32  * description).  If a portion of the name is missing it returns NULL for
33  * that portion.
34  *
35  * NOTE: may modify the @fqname string.  The pointers returned point
36  *       into the @fqname string.
37  */
38 char *aa_split_fqname(char *fqname, char **ns_name)
39 {
40 	char *name = strim(fqname);
41 
42 	*ns_name = NULL;
43 	if (name[0] == ':') {
44 		char *split = strchr(&name[1], ':');
45 		*ns_name = skip_spaces(&name[1]);
46 		if (split) {
47 			/* overwrite ':' with \0 */
48 			*split = 0;
49 			name = skip_spaces(split + 1);
50 		} else
51 			/* a ns name without a following profile is allowed */
52 			name = NULL;
53 	}
54 	if (name && *name == 0)
55 		name = NULL;
56 
57 	return name;
58 }
59 
60 /**
61  * aa_info_message - log a none profile related status message
62  * @str: message to log
63  */
64 void aa_info_message(const char *str)
65 {
66 	if (audit_enabled) {
67 		struct common_audit_data sa;
68 		struct apparmor_audit_data aad = {0,};
69 		sa.type = LSM_AUDIT_DATA_NONE;
70 		sa.aad = &aad;
71 		aad.info = str;
72 		aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL);
73 	}
74 	printk(KERN_INFO "AppArmor: %s\n", str);
75 }
76 
77 /**
78  * kvmalloc - do allocation preferring kmalloc but falling back to vmalloc
79  * @size: size of allocation
80  *
81  * Return: allocated buffer or NULL if failed
82  *
83  * It is possible that policy being loaded from the user is larger than
84  * what can be allocated by kmalloc, in those cases fall back to vmalloc.
85  */
86 void *kvmalloc(size_t size)
87 {
88 	void *buffer = NULL;
89 
90 	if (size == 0)
91 		return NULL;
92 
93 	/* do not attempt kmalloc if we need more than 16 pages at once */
94 	if (size <= (16*PAGE_SIZE))
95 		buffer = kmalloc(size, GFP_NOIO | __GFP_NOWARN);
96 	if (!buffer) {
97 		/* see kvfree for why size must be at least work_struct size
98 		 * when allocated via vmalloc
99 		 */
100 		if (size < sizeof(struct work_struct))
101 			size = sizeof(struct work_struct);
102 		buffer = vmalloc(size);
103 	}
104 	return buffer;
105 }
106 
107 /**
108  * do_vfree - workqueue routine for freeing vmalloced memory
109  * @work: data to be freed
110  *
111  * The work_struct is overlaid to the data being freed, as at the point
112  * the work is scheduled the data is no longer valid, be its freeing
113  * needs to be delayed until safe.
114  */
115 static void do_vfree(struct work_struct *work)
116 {
117 	vfree(work);
118 }
119 
120 /**
121  * kvfree - free an allocation do by kvmalloc
122  * @buffer: buffer to free (MAYBE_NULL)
123  *
124  * Free a buffer allocated by kvmalloc
125  */
126 void kvfree(void *buffer)
127 {
128 	if (is_vmalloc_addr(buffer)) {
129 		/* Data is no longer valid so just use the allocated space
130 		 * as the work_struct
131 		 */
132 		struct work_struct *work = (struct work_struct *) buffer;
133 		INIT_WORK(work, do_vfree);
134 		schedule_work(work);
135 	} else
136 		kfree(buffer);
137 }
138