xref: /linux/security/apparmor/path.c (revision b6ebbac51bedf9e98e837688bc838f400196da5e) 
1 /*
2  * AppArmor security module
3  *
4  * This file contains AppArmor function for pathnames
5  *
6  * Copyright (C) 1998-2008 Novell/SUSE
7  * Copyright 2009-2010 Canonical Ltd.
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License as
11  * published by the Free Software Foundation, version 2 of the
12  * License.
13  */
14 
15 #include <linux/magic.h>
16 #include <linux/mount.h>
17 #include <linux/namei.h>
18 #include <linux/nsproxy.h>
19 #include <linux/path.h>
20 #include <linux/sched.h>
21 #include <linux/slab.h>
22 #include <linux/fs_struct.h>
23 
24 #include "include/apparmor.h"
25 #include "include/path.h"
26 #include "include/policy.h"
27 
28 /* modified from dcache.c */
29 static int prepend(char **buffer, int buflen, const char *str, int namelen)
30 {
31 	buflen -= namelen;
32 	if (buflen < 0)
33 		return -ENAMETOOLONG;
34 	*buffer -= namelen;
35 	memcpy(*buffer, str, namelen);
36 	return 0;
37 }
38 
39 #define CHROOT_NSCONNECT (PATH_CHROOT_REL | PATH_CHROOT_NSCONNECT)
40 
41 /* If the path is not connected to the expected root,
42  * check if it is a sysctl and handle specially else remove any
43  * leading / that __d_path may have returned.
44  * Unless
45  *     specifically directed to connect the path,
46  * OR
47  *     if in a chroot and doing chroot relative paths and the path
48  *     resolves to the namespace root (would be connected outside
49  *     of chroot) and specifically directed to connect paths to
50  *     namespace root.
51  */
52 static int disconnect(const struct path *path, char *buf, char **name,
53 		      int flags)
54 {
55 	int error = 0;
56 
57 	if (!(flags & PATH_CONNECT_PATH) &&
58 	    !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) &&
59 	      our_mnt(path->mnt))) {
60 		/* disconnected path, don't return pathname starting
61 		 * with '/'
62 		 */
63 		error = -EACCES;
64 		if (**name == '/')
65 			*name = *name + 1;
66 	} else if (**name != '/')
67 		/* CONNECT_PATH with missing root */
68 		error = prepend(name, *name - buf, "/", 1);
69 
70 	return error;
71 }
72 
73 /**
74  * d_namespace_path - lookup a name associated with a given path
75  * @path: path to lookup  (NOT NULL)
76  * @buf:  buffer to store path to  (NOT NULL)
77  * @buflen: length of @buf
78  * @name: Returns - pointer for start of path name with in @buf (NOT NULL)
79  * @flags: flags controlling path lookup
80  *
81  * Handle path name lookup.
82  *
83  * Returns: %0 else error code if path lookup fails
84  *          When no error the path name is returned in @name which points to
85  *          to a position in @buf
86  */
87 static int d_namespace_path(const struct path *path, char *buf, int buflen,
88 			    char **name, int flags)
89 {
90 	char *res;
91 	int error = 0;
92 	int connected = 1;
93 
94 	if (path->mnt->mnt_flags & MNT_INTERNAL) {
95 		/* it's not mounted anywhere */
96 		res = dentry_path(path->dentry, buf, buflen);
97 		*name = res;
98 		if (IS_ERR(res)) {
99 			*name = buf;
100 			return PTR_ERR(res);
101 		}
102 		if (path->dentry->d_sb->s_magic == PROC_SUPER_MAGIC &&
103 		    strncmp(*name, "/sys/", 5) == 0) {
104 			/* TODO: convert over to using a per namespace
105 			 * control instead of hard coded /proc
106 			 */
107 			return prepend(name, *name - buf, "/proc", 5);
108 		} else
109 			return disconnect(path, buf, name, flags);
110 		return 0;
111 	}
112 
113 	/* resolve paths relative to chroot?*/
114 	if (flags & PATH_CHROOT_REL) {
115 		struct path root;
116 		get_fs_root(current->fs, &root);
117 		res = __d_path(path, &root, buf, buflen);
118 		path_put(&root);
119 	} else {
120 		res = d_absolute_path(path, buf, buflen);
121 		if (!our_mnt(path->mnt))
122 			connected = 0;
123 	}
124 
125 	/* handle error conditions - and still allow a partial path to
126 	 * be returned.
127 	 */
128 	if (!res || IS_ERR(res)) {
129 		if (PTR_ERR(res) == -ENAMETOOLONG)
130 			return -ENAMETOOLONG;
131 		connected = 0;
132 		res = dentry_path_raw(path->dentry, buf, buflen);
133 		if (IS_ERR(res)) {
134 			error = PTR_ERR(res);
135 			*name = buf;
136 			goto out;
137 		};
138 	} else if (!our_mnt(path->mnt))
139 		connected = 0;
140 
141 	*name = res;
142 
143 	/* Handle two cases:
144 	 * 1. A deleted dentry && profile is not allowing mediation of deleted
145 	 * 2. On some filesystems, newly allocated dentries appear to the
146 	 *    security_path hooks as a deleted dentry except without an inode
147 	 *    allocated.
148 	 */
149 	if (d_unlinked(path->dentry) && d_is_positive(path->dentry) &&
150 	    !(flags & PATH_MEDIATE_DELETED)) {
151 			error = -ENOENT;
152 			goto out;
153 	}
154 
155 	if (!connected)
156 		error = disconnect(path, buf, name, flags);
157 
158 out:
159 	return error;
160 }
161 
162 /**
163  * get_name_to_buffer - get the pathname to a buffer ensure dir / is appended
164  * @path: path to get name for  (NOT NULL)
165  * @flags: flags controlling path lookup
166  * @buffer: buffer to put name in  (NOT NULL)
167  * @size: size of buffer
168  * @name: Returns - contains position of path name in @buffer (NOT NULL)
169  *
170  * Returns: %0 else error on failure
171  */
172 static int get_name_to_buffer(const struct path *path, int flags, char *buffer,
173 			      int size, char **name, const char **info)
174 {
175 	int adjust = (flags & PATH_IS_DIR) ? 1 : 0;
176 	int error = d_namespace_path(path, buffer, size - adjust, name, flags);
177 
178 	if (!error && (flags & PATH_IS_DIR) && (*name)[1] != '\0')
179 		/*
180 		 * Append "/" to the pathname.  The root directory is a special
181 		 * case; it already ends in slash.
182 		 */
183 		strcpy(&buffer[size - 2], "/");
184 
185 	if (info && error) {
186 		if (error == -ENOENT)
187 			*info = "Failed name lookup - deleted entry";
188 		else if (error == -EACCES)
189 			*info = "Failed name lookup - disconnected path";
190 		else if (error == -ENAMETOOLONG)
191 			*info = "Failed name lookup - name too long";
192 		else
193 			*info = "Failed name lookup";
194 	}
195 
196 	return error;
197 }
198 
199 /**
200  * aa_path_name - compute the pathname of a file
201  * @path: path the file  (NOT NULL)
202  * @flags: flags controlling path name generation
203  * @buffer: buffer that aa_get_name() allocated  (NOT NULL)
204  * @name: Returns - the generated path name if !error (NOT NULL)
205  * @info: Returns - information on why the path lookup failed (MAYBE NULL)
206  *
207  * @name is a pointer to the beginning of the pathname (which usually differs
208  * from the beginning of the buffer), or NULL.  If there is an error @name
209  * may contain a partial or invalid name that can be used for audit purposes,
210  * but it can not be used for mediation.
211  *
212  * We need PATH_IS_DIR to indicate whether the file is a directory or not
213  * because the file may not yet exist, and so we cannot check the inode's
214  * file type.
215  *
216  * Returns: %0 else error code if could retrieve name
217  */
218 int aa_path_name(const struct path *path, int flags, char **buffer,
219 		 const char **name, const char **info)
220 {
221 	char *buf, *str = NULL;
222 	int size = 256;
223 	int error;
224 
225 	*name = NULL;
226 	*buffer = NULL;
227 	for (;;) {
228 		/* freed by caller */
229 		buf = kmalloc(size, GFP_KERNEL);
230 		if (!buf)
231 			return -ENOMEM;
232 
233 		error = get_name_to_buffer(path, flags, buf, size, &str, info);
234 		if (error != -ENAMETOOLONG)
235 			break;
236 
237 		kfree(buf);
238 		size <<= 1;
239 		if (size > aa_g_path_max)
240 			return -ENAMETOOLONG;
241 		*info = NULL;
242 	}
243 	*buffer = buf;
244 	*name = str;
245 
246 	return error;
247 }
248