1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * AppArmor security module 4 * 5 * This file contains AppArmor function for pathnames 6 * 7 * Copyright (C) 1998-2008 Novell/SUSE 8 * Copyright 2009-2010 Canonical Ltd. 9 */ 10 11 #include <linux/magic.h> 12 #include <linux/mount.h> 13 #include <linux/namei.h> 14 #include <linux/nsproxy.h> 15 #include <linux/path.h> 16 #include <linux/sched.h> 17 #include <linux/slab.h> 18 #include <linux/fs_struct.h> 19 20 #include "include/apparmor.h" 21 #include "include/path.h" 22 #include "include/policy.h" 23 24 /* modified from dcache.c */ 25 static int prepend(char **buffer, int buflen, const char *str, int namelen) 26 { 27 buflen -= namelen; 28 if (buflen < 0) 29 return -ENAMETOOLONG; 30 *buffer -= namelen; 31 memcpy(*buffer, str, namelen); 32 return 0; 33 } 34 35 #define CHROOT_NSCONNECT (PATH_CHROOT_REL | PATH_CHROOT_NSCONNECT) 36 37 /* If the path is not connected to the expected root, 38 * check if it is a sysctl and handle specially else remove any 39 * leading / that __d_path may have returned. 40 * Unless 41 * specifically directed to connect the path, 42 * OR 43 * if in a chroot and doing chroot relative paths and the path 44 * resolves to the namespace root (would be connected outside 45 * of chroot) and specifically directed to connect paths to 46 * namespace root. 47 */ 48 static int disconnect(const struct path *path, char *buf, char **name, 49 int flags, const char *disconnected) 50 { 51 int error = 0; 52 53 if (!(flags & PATH_CONNECT_PATH) && 54 !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) && 55 our_mnt(path->mnt))) { 56 /* disconnected path, don't return pathname starting 57 * with '/' 58 */ 59 error = -EACCES; 60 if (**name == '/') 61 *name = *name + 1; 62 } else { 63 if (**name != '/') 64 /* CONNECT_PATH with missing root */ 65 error = prepend(name, *name - buf, "/", 1); 66 if (!error && disconnected) 67 error = prepend(name, *name - buf, disconnected, 68 strlen(disconnected)); 69 } 70 71 return error; 72 } 73 74 /** 75 * d_namespace_path - lookup a name associated with a given path 76 * @path: path to lookup (NOT NULL) 77 * @buf: buffer to store path to (NOT NULL) 78 * @name: Returns - pointer for start of path name with in @buf (NOT NULL) 79 * @flags: flags controlling path lookup 80 * @disconnected: string to prefix to disconnected paths 81 * 82 * Handle path name lookup. 83 * 84 * Returns: %0 else error code if path lookup fails 85 * When no error the path name is returned in @name which points to 86 * to a position in @buf 87 */ 88 static int d_namespace_path(const struct path *path, char *buf, char **name, 89 int flags, const char *disconnected) 90 { 91 char *res; 92 int error = 0; 93 int connected = 1; 94 int isdir = (flags & PATH_IS_DIR) ? 1 : 0; 95 int buflen = aa_g_path_max - isdir; 96 97 if (path->mnt->mnt_flags & MNT_INTERNAL) { 98 /* it's not mounted anywhere */ 99 res = dentry_path(path->dentry, buf, buflen); 100 *name = res; 101 if (IS_ERR(res)) { 102 *name = buf; 103 return PTR_ERR(res); 104 } 105 if (path->dentry->d_sb->s_magic == PROC_SUPER_MAGIC && 106 strncmp(*name, "/sys/", 5) == 0) { 107 /* TODO: convert over to using a per namespace 108 * control instead of hard coded /proc 109 */ 110 error = prepend(name, *name - buf, "/proc", 5); 111 goto out; 112 } else 113 error = disconnect(path, buf, name, flags, 114 disconnected); 115 goto out; 116 } 117 118 /* resolve paths relative to chroot?*/ 119 if (flags & PATH_CHROOT_REL) { 120 struct path root; 121 get_fs_root(current->fs, &root); 122 res = __d_path(path, &root, buf, buflen); 123 path_put(&root); 124 } else { 125 res = d_absolute_path(path, buf, buflen); 126 if (!our_mnt(path->mnt)) 127 connected = 0; 128 } 129 130 /* handle error conditions - and still allow a partial path to 131 * be returned. 132 */ 133 if (!res || IS_ERR(res)) { 134 if (PTR_ERR(res) == -ENAMETOOLONG) { 135 error = -ENAMETOOLONG; 136 *name = buf; 137 goto out; 138 } 139 connected = 0; 140 res = dentry_path_raw(path->dentry, buf, buflen); 141 if (IS_ERR(res)) { 142 error = PTR_ERR(res); 143 *name = buf; 144 goto out; 145 }; 146 } else if (!our_mnt(path->mnt)) 147 connected = 0; 148 149 *name = res; 150 151 if (!connected) 152 error = disconnect(path, buf, name, flags, disconnected); 153 154 /* Handle two cases: 155 * 1. A deleted dentry && profile is not allowing mediation of deleted 156 * 2. On some filesystems, newly allocated dentries appear to the 157 * security_path hooks as a deleted dentry except without an inode 158 * allocated. 159 */ 160 if (d_unlinked(path->dentry) && d_is_positive(path->dentry) && 161 !(flags & (PATH_MEDIATE_DELETED | PATH_DELEGATE_DELETED))) { 162 error = -ENOENT; 163 goto out; 164 } 165 166 out: 167 /* 168 * Append "/" to the pathname. The root directory is a special 169 * case; it already ends in slash. 170 */ 171 if (!error && isdir && ((*name)[1] != '\0' || (*name)[0] != '/')) 172 strcpy(&buf[aa_g_path_max - 2], "/"); 173 174 return error; 175 } 176 177 /** 178 * aa_path_name - get the pathname to a buffer ensure dir / is appended 179 * @path: path the file (NOT NULL) 180 * @flags: flags controlling path name generation 181 * @buffer: buffer to put name in (NOT NULL) 182 * @name: Returns - the generated path name if !error (NOT NULL) 183 * @info: Returns - information on why the path lookup failed (MAYBE NULL) 184 * @disconnected: string to prepend to disconnected paths 185 * 186 * @name is a pointer to the beginning of the pathname (which usually differs 187 * from the beginning of the buffer), or NULL. If there is an error @name 188 * may contain a partial or invalid name that can be used for audit purposes, 189 * but it can not be used for mediation. 190 * 191 * We need PATH_IS_DIR to indicate whether the file is a directory or not 192 * because the file may not yet exist, and so we cannot check the inode's 193 * file type. 194 * 195 * Returns: %0 else error code if could retrieve name 196 */ 197 int aa_path_name(const struct path *path, int flags, char *buffer, 198 const char **name, const char **info, const char *disconnected) 199 { 200 char *str = NULL; 201 int error = d_namespace_path(path, buffer, &str, flags, disconnected); 202 203 if (info && error) { 204 if (error == -ENOENT) 205 *info = "Failed name lookup - deleted entry"; 206 else if (error == -EACCES) 207 *info = "Failed name lookup - disconnected path"; 208 else if (error == -ENAMETOOLONG) 209 *info = "Failed name lookup - name too long"; 210 else 211 *info = "Failed name lookup"; 212 } 213 214 *name = str; 215 216 return error; 217 } 218