1 // SPDX-License-Identifier: GPL-2.0-only
3 * AppArmor security module
5 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
7 * Copyright (C) 1998-2008 Novell/SUSE
8 * Copyright 2009-2010 Canonical Ltd.
11 #include <linux/ctype.h>
12 #include <linux/security.h>
13 #include <linux/vmalloc.h>
14 #include <linux/init.h>
15 #include <linux/seq_file.h>
16 #include <linux/uaccess.h>
17 #include <linux/mount.h>
18 #include <linux/namei.h>
19 #include <linux/capability.h>
20 #include <linux/rcupdate.h>
22 #include <linux/poll.h>
23 #include <uapi/linux/major.h>
24 #include <uapi/linux/magic.h>
26 #include "include/apparmor.h"
27 #include "include/apparmorfs.h"
28 #include "include/audit.h"
29 #include "include/cred.h"
30 #include "include/crypto.h"
31 #include "include/ipc.h"
32 #include "include/label.h"
33 #include "include/policy.h"
34 #include "include/policy_ns.h"
35 #include "include/resource.h"
36 #include "include/policy_unpack.h"
39 * The apparmor filesystem interface used for policy load and introspection
40 * The interface is split into two main components based on their function
41 * a securityfs component:
42 * used for static files that are always available, and which allows
43 * userspace to specificy the location of the security filesystem.
45 * fns and data are prefixed with
48 * an apparmorfs component:
49 * used loaded policy content and introspection. It is not part of a
50 * regular mounted filesystem and is available only through the magic
51 * policy symlink in the root of the securityfs apparmor/ directory.
52 * Tasks queries will be magically redirected to the correct portion
53 * of the policy tree based on their confinement.
55 * fns and data are prefixed with
58 * The aa_fs_ prefix is used to indicate the fn is used by both the
59 * securityfs and apparmorfs filesystems.
68 * aa_mangle_name - mangle a profile name to std profile layout form
69 * @name: profile name to mangle (NOT NULL)
70 * @target: buffer to store mangled name, same length as @name (MAYBE NULL)
72 * Returns: length of mangled name
74 static int mangle_name(const char *name, char *target)
78 while (*name == '/' || *name == '.')
82 for (; *name; name++) {
85 else if (isspace(*name))
87 else if (isalnum(*name) || strchr("._-", *name))
94 for (; *name; name++) {
95 if (isalnum(*name) || isspace(*name) ||
96 strchr("/._-", *name))
108 * aafs - core fns and data for the policy tree
111 #define AAFS_NAME "apparmorfs"
112 static struct vfsmount *aafs_mnt;
113 static int aafs_count;
116 static int aafs_show_path(struct seq_file *seq, struct dentry *dentry)
118 seq_printf(seq, "%s:[%lu]", AAFS_NAME, d_inode(dentry)->i_ino);
122 static void aafs_free_inode(struct inode *inode)
124 if (S_ISLNK(inode->i_mode))
125 kfree(inode->i_link);
126 free_inode_nonrcu(inode);
129 static const struct super_operations aafs_super_ops = {
130 .statfs = simple_statfs,
131 .free_inode = aafs_free_inode,
132 .show_path = aafs_show_path,
135 static int fill_super(struct super_block *sb, void *data, int silent)
137 static struct tree_descr files[] = { {""} };
140 error = simple_fill_super(sb, AAFS_MAGIC, files);
143 sb->s_op = &aafs_super_ops;
148 static struct dentry *aafs_mount(struct file_system_type *fs_type,
149 int flags, const char *dev_name, void *data)
151 return mount_single(fs_type, flags, data, fill_super);
154 static struct file_system_type aafs_ops = {
155 .owner = THIS_MODULE,
158 .kill_sb = kill_anon_super,
162 * __aafs_setup_d_inode - basic inode setup for apparmorfs
163 * @dir: parent directory for the dentry
164 * @dentry: dentry we are seting the inode up for
165 * @mode: permissions the file should have
166 * @data: data to store on inode.i_private, available in open()
167 * @link: if symlink, symlink target string
168 * @fops: struct file_operations that should be used
169 * @iops: struct of inode_operations that should be used
171 static int __aafs_setup_d_inode(struct inode *dir, struct dentry *dentry,
172 umode_t mode, void *data, char *link,
173 const struct file_operations *fops,
174 const struct inode_operations *iops)
176 struct inode *inode = new_inode(dir->i_sb);
184 inode->i_ino = get_next_ino();
185 inode->i_mode = mode;
186 inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode);
187 inode->i_private = data;
189 inode->i_op = iops ? iops : &simple_dir_inode_operations;
190 inode->i_fop = &simple_dir_operations;
193 } else if (S_ISLNK(mode)) {
194 inode->i_op = iops ? iops : &simple_symlink_inode_operations;
195 inode->i_link = link;
199 d_instantiate(dentry, inode);
206 * aafs_create - create a dentry in the apparmorfs filesystem
208 * @name: name of dentry to create
209 * @mode: permissions the file should have
210 * @parent: parent directory for this dentry
211 * @data: data to store on inode.i_private, available in open()
212 * @link: if symlink, symlink target string
213 * @fops: struct file_operations that should be used for
214 * @iops: struct of inode_operations that should be used
216 * This is the basic "create a xxx" function for apparmorfs.
218 * Returns a pointer to a dentry if it succeeds, that must be free with
219 * aafs_remove(). Will return ERR_PTR on failure.
221 static struct dentry *aafs_create(const char *name, umode_t mode,
222 struct dentry *parent, void *data, void *link,
223 const struct file_operations *fops,
224 const struct inode_operations *iops)
226 struct dentry *dentry;
233 if (!(mode & S_IFMT))
234 mode = (mode & S_IALLUGO) | S_IFREG;
236 error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
238 return ERR_PTR(error);
240 dir = d_inode(parent);
243 dentry = lookup_one_len(name, parent, strlen(name));
244 if (IS_ERR(dentry)) {
245 error = PTR_ERR(dentry);
249 if (d_really_is_positive(dentry)) {
254 error = __aafs_setup_d_inode(dir, dentry, mode, data, link, fops, iops);
266 simple_release_fs(&aafs_mnt, &aafs_count);
268 return ERR_PTR(error);
272 * aafs_create_file - create a file in the apparmorfs filesystem
274 * @name: name of dentry to create
275 * @mode: permissions the file should have
276 * @parent: parent directory for this dentry
277 * @data: data to store on inode.i_private, available in open()
278 * @fops: struct file_operations that should be used for
282 static struct dentry *aafs_create_file(const char *name, umode_t mode,
283 struct dentry *parent, void *data,
284 const struct file_operations *fops)
286 return aafs_create(name, mode, parent, data, NULL, fops, NULL);
290 * aafs_create_dir - create a directory in the apparmorfs filesystem
292 * @name: name of dentry to create
293 * @parent: parent directory for this dentry
297 static struct dentry *aafs_create_dir(const char *name, struct dentry *parent)
299 return aafs_create(name, S_IFDIR | 0755, parent, NULL, NULL, NULL,
304 * aafs_create_symlink - create a symlink in the apparmorfs filesystem
305 * @name: name of dentry to create
306 * @parent: parent directory for this dentry
307 * @target: if symlink, symlink target string
308 * @private: private data
309 * @iops: struct of inode_operations that should be used
311 * If @target parameter is %NULL, then the @iops parameter needs to be
312 * setup to handle .readlink and .get_link inode_operations.
314 static struct dentry *aafs_create_symlink(const char *name,
315 struct dentry *parent,
318 const struct inode_operations *iops)
325 return ERR_PTR(-ENOMEM);
327 dent = aafs_create(name, S_IFLNK | 0444, parent, private, link, NULL,
336 * aafs_remove - removes a file or directory from the apparmorfs filesystem
338 * @dentry: dentry of the file/directory/symlink to removed.
340 static void aafs_remove(struct dentry *dentry)
344 if (!dentry || IS_ERR(dentry))
347 dir = d_inode(dentry->d_parent);
349 if (simple_positive(dentry)) {
350 if (d_is_dir(dentry))
351 simple_rmdir(dir, dentry);
353 simple_unlink(dir, dentry);
358 simple_release_fs(&aafs_mnt, &aafs_count);
363 * aa_fs - policy load/replace/remove
367 * aa_simple_write_to_buffer - common routine for getting policy from user
368 * @userbuf: user buffer to copy data from (NOT NULL)
369 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
370 * @copy_size: size of data to copy from user buffer
371 * @pos: position write is at in the file (NOT NULL)
373 * Returns: kernel buffer containing copy of user buffer data or an
374 * ERR_PTR on failure.
376 static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf,
381 struct aa_loaddata *data;
383 AA_BUG(copy_size > alloc_size);
386 /* only writes from pos 0, that is complete writes */
387 return ERR_PTR(-ESPIPE);
389 /* freed by caller to simple_write_to_buffer */
390 data = aa_loaddata_alloc(alloc_size);
394 data->size = copy_size;
395 if (copy_from_user(data->data, userbuf, copy_size)) {
397 return ERR_PTR(-EFAULT);
403 static ssize_t policy_update(u32 mask, const char __user *buf, size_t size,
404 loff_t *pos, struct aa_ns *ns)
406 struct aa_loaddata *data;
407 struct aa_label *label;
410 label = begin_current_label_crit_section();
412 /* high level check about policy management - fine grained in
415 error = aa_may_manage_policy(label, ns, mask);
419 data = aa_simple_write_to_buffer(buf, size, size, pos);
420 error = PTR_ERR(data);
422 error = aa_replace_profiles(ns, label, mask, data);
423 aa_put_loaddata(data);
425 end_current_label_crit_section(label);
430 /* .load file hook fn to load policy */
431 static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
434 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
435 int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns);
442 static const struct file_operations aa_fs_profile_load = {
443 .write = profile_load,
444 .llseek = default_llseek,
447 /* .replace file hook fn to load and/or replace policy */
448 static ssize_t profile_replace(struct file *f, const char __user *buf,
449 size_t size, loff_t *pos)
451 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
452 int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY,
459 static const struct file_operations aa_fs_profile_replace = {
460 .write = profile_replace,
461 .llseek = default_llseek,
464 /* .remove file hook fn to remove loaded policy */
465 static ssize_t profile_remove(struct file *f, const char __user *buf,
466 size_t size, loff_t *pos)
468 struct aa_loaddata *data;
469 struct aa_label *label;
471 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
473 label = begin_current_label_crit_section();
474 /* high level check about policy management - fine grained in
477 error = aa_may_manage_policy(label, ns, AA_MAY_REMOVE_POLICY);
482 * aa_remove_profile needs a null terminated string so 1 extra
483 * byte is allocated and the copied data is null terminated.
485 data = aa_simple_write_to_buffer(buf, size + 1, size, pos);
487 error = PTR_ERR(data);
489 data->data[size] = 0;
490 error = aa_remove_profiles(ns, label, data->data, size);
491 aa_put_loaddata(data);
494 end_current_label_crit_section(label);
499 static const struct file_operations aa_fs_profile_remove = {
500 .write = profile_remove,
501 .llseek = default_llseek,
509 /* revision file hook fn for policy loads */
510 static int ns_revision_release(struct inode *inode, struct file *file)
512 struct aa_revision *rev = file->private_data;
522 static ssize_t ns_revision_read(struct file *file, char __user *buf,
523 size_t size, loff_t *ppos)
525 struct aa_revision *rev = file->private_data;
530 mutex_lock_nested(&rev->ns->lock, rev->ns->level);
531 last_read = rev->last_read;
532 if (last_read == rev->ns->revision) {
533 mutex_unlock(&rev->ns->lock);
534 if (file->f_flags & O_NONBLOCK)
536 if (wait_event_interruptible(rev->ns->wait,
538 READ_ONCE(rev->ns->revision)))
540 mutex_lock_nested(&rev->ns->lock, rev->ns->level);
543 avail = sprintf(buffer, "%ld\n", rev->ns->revision);
544 if (*ppos + size > avail) {
545 rev->last_read = rev->ns->revision;
548 mutex_unlock(&rev->ns->lock);
550 return simple_read_from_buffer(buf, size, ppos, buffer, avail);
553 static int ns_revision_open(struct inode *inode, struct file *file)
555 struct aa_revision *rev = kzalloc(sizeof(*rev), GFP_KERNEL);
560 rev->ns = aa_get_ns(inode->i_private);
562 rev->ns = aa_get_current_ns();
563 file->private_data = rev;
568 static __poll_t ns_revision_poll(struct file *file, poll_table *pt)
570 struct aa_revision *rev = file->private_data;
574 mutex_lock_nested(&rev->ns->lock, rev->ns->level);
575 poll_wait(file, &rev->ns->wait, pt);
576 if (rev->last_read < rev->ns->revision)
577 mask |= EPOLLIN | EPOLLRDNORM;
578 mutex_unlock(&rev->ns->lock);
584 void __aa_bump_ns_revision(struct aa_ns *ns)
587 wake_up_interruptible(&ns->wait);
590 static const struct file_operations aa_fs_ns_revision_fops = {
591 .owner = THIS_MODULE,
592 .open = ns_revision_open,
593 .poll = ns_revision_poll,
594 .read = ns_revision_read,
595 .llseek = generic_file_llseek,
596 .release = ns_revision_release,
599 static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms,
600 const char *match_str, size_t match_len)
602 struct aa_perms tmp = { };
604 unsigned int state = 0;
606 if (profile_unconfined(profile))
608 if (profile->file.dfa && *match_str == AA_CLASS_FILE) {
609 dfa = profile->file.dfa;
610 state = aa_dfa_match_len(dfa, profile->file.start,
611 match_str + 1, match_len - 1);
613 struct path_cond cond = { };
615 tmp = aa_compute_fperms(dfa, state, &cond);
617 } else if (profile->policy.dfa) {
618 if (!PROFILE_MEDIATES(profile, *match_str))
619 return; /* no change to current perms */
620 dfa = profile->policy.dfa;
621 state = aa_dfa_match_len(dfa, profile->policy.start[0],
622 match_str, match_len);
624 aa_compute_perms(dfa, state, &tmp);
626 aa_apply_modes_to_perms(profile, &tmp);
627 aa_perms_accum_raw(perms, &tmp);
632 * query_data - queries a policy and writes its data to buf
633 * @buf: the resulting data is stored here (NOT NULL)
634 * @buf_len: size of buf
635 * @query: query string used to retrieve data
636 * @query_len: size of query including second NUL byte
638 * The buffers pointed to by buf and query may overlap. The query buffer is
639 * parsed before buf is written to.
641 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of
642 * the security confinement context and <KEY> is the name of the data to
643 * retrieve. <LABEL> and <KEY> must not be NUL-terminated.
645 * Don't expect the contents of buf to be preserved on failure.
647 * Returns: number of characters written to buf or -errno on failure
649 static ssize_t query_data(char *buf, size_t buf_len,
650 char *query, size_t query_len)
655 struct aa_label *label, *curr;
656 struct aa_profile *profile;
657 struct aa_data *data;
662 return -EINVAL; /* need a query */
664 key = query + strnlen(query, query_len) + 1;
665 if (key + 1 >= query + query_len)
666 return -EINVAL; /* not enough space for a non-empty key */
667 if (key + strnlen(key, query + query_len - key) >= query + query_len)
668 return -EINVAL; /* must end with NUL */
670 if (buf_len < sizeof(bytes) + sizeof(blocks))
671 return -EINVAL; /* not enough space */
673 curr = begin_current_label_crit_section();
674 label = aa_label_parse(curr, query, GFP_KERNEL, false, false);
675 end_current_label_crit_section(curr);
677 return PTR_ERR(label);
679 /* We are going to leave space for two numbers. The first is the total
680 * number of bytes we are writing after the first number. This is so
681 * users can read the full output without reallocation.
683 * The second number is the number of data blocks we're writing. An
684 * application might be confined by multiple policies having data in
687 memset(buf, 0, sizeof(bytes) + sizeof(blocks));
688 out = buf + sizeof(bytes) + sizeof(blocks);
691 label_for_each_confined(i, label, profile) {
695 data = rhashtable_lookup_fast(profile->data, &key,
699 if (out + sizeof(outle32) + data->size > buf +
702 return -EINVAL; /* not enough space */
704 outle32 = __cpu_to_le32(data->size);
705 memcpy(out, &outle32, sizeof(outle32));
706 out += sizeof(outle32);
707 memcpy(out, data->data, data->size);
714 outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
715 memcpy(buf, &outle32, sizeof(outle32));
716 outle32 = __cpu_to_le32(blocks);
717 memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
723 * query_label - queries a label and writes permissions to buf
724 * @buf: the resulting permissions string is stored here (NOT NULL)
725 * @buf_len: size of buf
726 * @query: binary query string to match against the dfa
727 * @query_len: size of query
728 * @view_only: only compute for querier's view
730 * The buffers pointed to by buf and query may overlap. The query buffer is
731 * parsed before buf is written to.
733 * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is
734 * the name of the label, in the current namespace, that is to be queried and
735 * DFA_STRING is a binary string to match against the label(s)'s DFA.
737 * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters
738 * but must *not* be NUL terminated.
740 * Returns: number of characters written to buf or -errno on failure
742 static ssize_t query_label(char *buf, size_t buf_len,
743 char *query, size_t query_len, bool view_only)
745 struct aa_profile *profile;
746 struct aa_label *label, *curr;
747 char *label_name, *match_str;
748 size_t label_name_len, match_len;
749 struct aa_perms perms;
756 label_name_len = strnlen(query, query_len);
757 if (!label_name_len || label_name_len == query_len)
761 * The extra byte is to account for the null byte between the
762 * profile name and dfa string. profile_name_len is greater
763 * than zero and less than query_len, so a byte can be safely
764 * added or subtracted.
766 match_str = label_name + label_name_len + 1;
767 match_len = query_len - label_name_len - 1;
769 curr = begin_current_label_crit_section();
770 label = aa_label_parse(curr, label_name, GFP_KERNEL, false, false);
771 end_current_label_crit_section(curr);
773 return PTR_ERR(label);
777 label_for_each_in_ns(i, labels_ns(label), label, profile) {
778 profile_query_cb(profile, &perms, match_str, match_len);
781 label_for_each(i, label, profile) {
782 profile_query_cb(profile, &perms, match_str, match_len);
787 return scnprintf(buf, buf_len,
788 "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n",
789 perms.allow, perms.deny, perms.audit, perms.quiet);
793 * Transaction based IO.
794 * The file expects a write which triggers the transaction, and then
795 * possibly a read(s) which collects the result - which is stored in a
796 * file-local buffer. Once a new write is performed, a new set of results
797 * are stored in the file-local buffer.
799 struct multi_transaction {
805 #define MULTI_TRANSACTION_LIMIT (PAGE_SIZE - sizeof(struct multi_transaction))
806 /* TODO: replace with per file lock */
807 static DEFINE_SPINLOCK(multi_transaction_lock);
809 static void multi_transaction_kref(struct kref *kref)
811 struct multi_transaction *t;
813 t = container_of(kref, struct multi_transaction, count);
814 free_page((unsigned long) t);
817 static struct multi_transaction *
818 get_multi_transaction(struct multi_transaction *t)
821 kref_get(&(t->count));
826 static void put_multi_transaction(struct multi_transaction *t)
829 kref_put(&(t->count), multi_transaction_kref);
832 /* does not increment @new's count */
833 static void multi_transaction_set(struct file *file,
834 struct multi_transaction *new, size_t n)
836 struct multi_transaction *old;
838 AA_BUG(n > MULTI_TRANSACTION_LIMIT);
841 spin_lock(&multi_transaction_lock);
842 old = (struct multi_transaction *) file->private_data;
843 file->private_data = new;
844 spin_unlock(&multi_transaction_lock);
845 put_multi_transaction(old);
848 static struct multi_transaction *multi_transaction_new(struct file *file,
849 const char __user *buf,
852 struct multi_transaction *t;
854 if (size > MULTI_TRANSACTION_LIMIT - 1)
855 return ERR_PTR(-EFBIG);
857 t = (struct multi_transaction *)get_zeroed_page(GFP_KERNEL);
859 return ERR_PTR(-ENOMEM);
860 kref_init(&t->count);
861 if (copy_from_user(t->data, buf, size))
862 return ERR_PTR(-EFAULT);
867 static ssize_t multi_transaction_read(struct file *file, char __user *buf,
868 size_t size, loff_t *pos)
870 struct multi_transaction *t;
873 spin_lock(&multi_transaction_lock);
874 t = get_multi_transaction(file->private_data);
875 spin_unlock(&multi_transaction_lock);
879 ret = simple_read_from_buffer(buf, size, pos, t->data, t->size);
880 put_multi_transaction(t);
885 static int multi_transaction_release(struct inode *inode, struct file *file)
887 put_multi_transaction(file->private_data);
892 #define QUERY_CMD_LABEL "label\0"
893 #define QUERY_CMD_LABEL_LEN 6
894 #define QUERY_CMD_PROFILE "profile\0"
895 #define QUERY_CMD_PROFILE_LEN 8
896 #define QUERY_CMD_LABELALL "labelall\0"
897 #define QUERY_CMD_LABELALL_LEN 9
898 #define QUERY_CMD_DATA "data\0"
899 #define QUERY_CMD_DATA_LEN 5
902 * aa_write_access - generic permissions and data query
903 * @file: pointer to open apparmorfs/access file
904 * @ubuf: user buffer containing the complete query string (NOT NULL)
905 * @count: size of ubuf
906 * @ppos: position in the file (MUST BE ZERO)
908 * Allows for one permissions or data query per open(), write(), and read()
909 * sequence. The only queries currently supported are label-based queries for
910 * permissions or data.
912 * For permissions queries, ubuf must begin with "label\0", followed by the
913 * profile query specific format described in the query_label() function
916 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where
917 * <LABEL> is the name of the security confinement context and <KEY> is the
918 * name of the data to retrieve.
920 * Returns: number of bytes written or -errno on failure
922 static ssize_t aa_write_access(struct file *file, const char __user *ubuf,
923 size_t count, loff_t *ppos)
925 struct multi_transaction *t;
931 t = multi_transaction_new(file, ubuf, count);
935 if (count > QUERY_CMD_PROFILE_LEN &&
936 !memcmp(t->data, QUERY_CMD_PROFILE, QUERY_CMD_PROFILE_LEN)) {
937 len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
938 t->data + QUERY_CMD_PROFILE_LEN,
939 count - QUERY_CMD_PROFILE_LEN, true);
940 } else if (count > QUERY_CMD_LABEL_LEN &&
941 !memcmp(t->data, QUERY_CMD_LABEL, QUERY_CMD_LABEL_LEN)) {
942 len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
943 t->data + QUERY_CMD_LABEL_LEN,
944 count - QUERY_CMD_LABEL_LEN, true);
945 } else if (count > QUERY_CMD_LABELALL_LEN &&
946 !memcmp(t->data, QUERY_CMD_LABELALL,
947 QUERY_CMD_LABELALL_LEN)) {
948 len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
949 t->data + QUERY_CMD_LABELALL_LEN,
950 count - QUERY_CMD_LABELALL_LEN, false);
951 } else if (count > QUERY_CMD_DATA_LEN &&
952 !memcmp(t->data, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) {
953 len = query_data(t->data, MULTI_TRANSACTION_LIMIT,
954 t->data + QUERY_CMD_DATA_LEN,
955 count - QUERY_CMD_DATA_LEN);
960 put_multi_transaction(t);
964 multi_transaction_set(file, t, len);
969 static const struct file_operations aa_sfs_access = {
970 .write = aa_write_access,
971 .read = multi_transaction_read,
972 .release = multi_transaction_release,
973 .llseek = generic_file_llseek,
976 static int aa_sfs_seq_show(struct seq_file *seq, void *v)
978 struct aa_sfs_entry *fs_file = seq->private;
983 switch (fs_file->v_type) {
984 case AA_SFS_TYPE_BOOLEAN:
985 seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
987 case AA_SFS_TYPE_STRING:
988 seq_printf(seq, "%s\n", fs_file->v.string);
990 case AA_SFS_TYPE_U64:
991 seq_printf(seq, "%#08lx\n", fs_file->v.u64);
994 /* Ignore unpritable entry types. */
1001 static int aa_sfs_seq_open(struct inode *inode, struct file *file)
1003 return single_open(file, aa_sfs_seq_show, inode->i_private);
1006 const struct file_operations aa_sfs_seq_file_ops = {
1007 .owner = THIS_MODULE,
1008 .open = aa_sfs_seq_open,
1010 .llseek = seq_lseek,
1011 .release = single_release,
1015 * profile based file operations
1016 * policy/profiles/XXXX/profiles/ *
1019 #define SEQ_PROFILE_FOPS(NAME) \
1020 static int seq_profile_ ##NAME ##_open(struct inode *inode, struct file *file)\
1022 return seq_profile_open(inode, file, seq_profile_ ##NAME ##_show); \
1025 static const struct file_operations seq_profile_ ##NAME ##_fops = { \
1026 .owner = THIS_MODULE, \
1027 .open = seq_profile_ ##NAME ##_open, \
1029 .llseek = seq_lseek, \
1030 .release = seq_profile_release, \
1033 static int seq_profile_open(struct inode *inode, struct file *file,
1034 int (*show)(struct seq_file *, void *))
1036 struct aa_proxy *proxy = aa_get_proxy(inode->i_private);
1037 int error = single_open(file, show, proxy);
1040 file->private_data = NULL;
1041 aa_put_proxy(proxy);
1047 static int seq_profile_release(struct inode *inode, struct file *file)
1049 struct seq_file *seq = (struct seq_file *) file->private_data;
1051 aa_put_proxy(seq->private);
1052 return single_release(inode, file);
1055 static int seq_profile_name_show(struct seq_file *seq, void *v)
1057 struct aa_proxy *proxy = seq->private;
1058 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1059 struct aa_profile *profile = labels_profile(label);
1060 seq_printf(seq, "%s\n", profile->base.name);
1061 aa_put_label(label);
1066 static int seq_profile_mode_show(struct seq_file *seq, void *v)
1068 struct aa_proxy *proxy = seq->private;
1069 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1070 struct aa_profile *profile = labels_profile(label);
1071 seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]);
1072 aa_put_label(label);
1077 static int seq_profile_attach_show(struct seq_file *seq, void *v)
1079 struct aa_proxy *proxy = seq->private;
1080 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1081 struct aa_profile *profile = labels_profile(label);
1082 if (profile->attach)
1083 seq_printf(seq, "%s\n", profile->attach);
1084 else if (profile->xmatch)
1085 seq_puts(seq, "<unknown>\n");
1087 seq_printf(seq, "%s\n", profile->base.name);
1088 aa_put_label(label);
1093 static int seq_profile_hash_show(struct seq_file *seq, void *v)
1095 struct aa_proxy *proxy = seq->private;
1096 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1097 struct aa_profile *profile = labels_profile(label);
1098 unsigned int i, size = aa_hash_size();
1100 if (profile->hash) {
1101 for (i = 0; i < size; i++)
1102 seq_printf(seq, "%.2x", profile->hash[i]);
1103 seq_putc(seq, '\n');
1105 aa_put_label(label);
1110 SEQ_PROFILE_FOPS(name);
1111 SEQ_PROFILE_FOPS(mode);
1112 SEQ_PROFILE_FOPS(attach);
1113 SEQ_PROFILE_FOPS(hash);
1116 * namespace based files
1117 * several root files and
1121 #define SEQ_NS_FOPS(NAME) \
1122 static int seq_ns_ ##NAME ##_open(struct inode *inode, struct file *file) \
1124 return single_open(file, seq_ns_ ##NAME ##_show, inode->i_private); \
1127 static const struct file_operations seq_ns_ ##NAME ##_fops = { \
1128 .owner = THIS_MODULE, \
1129 .open = seq_ns_ ##NAME ##_open, \
1131 .llseek = seq_lseek, \
1132 .release = single_release, \
1135 static int seq_ns_stacked_show(struct seq_file *seq, void *v)
1137 struct aa_label *label;
1139 label = begin_current_label_crit_section();
1140 seq_printf(seq, "%s\n", label->size > 1 ? "yes" : "no");
1141 end_current_label_crit_section(label);
1146 static int seq_ns_nsstacked_show(struct seq_file *seq, void *v)
1148 struct aa_label *label;
1149 struct aa_profile *profile;
1153 label = begin_current_label_crit_section();
1155 if (label->size > 1) {
1156 label_for_each(it, label, profile)
1157 if (profile->ns != labels_ns(label)) {
1163 seq_printf(seq, "%s\n", count > 1 ? "yes" : "no");
1164 end_current_label_crit_section(label);
1169 static int seq_ns_level_show(struct seq_file *seq, void *v)
1171 struct aa_label *label;
1173 label = begin_current_label_crit_section();
1174 seq_printf(seq, "%d\n", labels_ns(label)->level);
1175 end_current_label_crit_section(label);
1180 static int seq_ns_name_show(struct seq_file *seq, void *v)
1182 struct aa_label *label = begin_current_label_crit_section();
1183 seq_printf(seq, "%s\n", labels_ns(label)->base.name);
1184 end_current_label_crit_section(label);
1189 SEQ_NS_FOPS(stacked);
1190 SEQ_NS_FOPS(nsstacked);
1195 /* policy/raw_data/ * file ops */
1197 #define SEQ_RAWDATA_FOPS(NAME) \
1198 static int seq_rawdata_ ##NAME ##_open(struct inode *inode, struct file *file)\
1200 return seq_rawdata_open(inode, file, seq_rawdata_ ##NAME ##_show); \
1203 static const struct file_operations seq_rawdata_ ##NAME ##_fops = { \
1204 .owner = THIS_MODULE, \
1205 .open = seq_rawdata_ ##NAME ##_open, \
1207 .llseek = seq_lseek, \
1208 .release = seq_rawdata_release, \
1211 static int seq_rawdata_open(struct inode *inode, struct file *file,
1212 int (*show)(struct seq_file *, void *))
1214 struct aa_loaddata *data = __aa_get_loaddata(inode->i_private);
1218 /* lost race this ent is being reaped */
1221 error = single_open(file, show, data);
1223 AA_BUG(file->private_data &&
1224 ((struct seq_file *)file->private_data)->private);
1225 aa_put_loaddata(data);
1231 static int seq_rawdata_release(struct inode *inode, struct file *file)
1233 struct seq_file *seq = (struct seq_file *) file->private_data;
1236 aa_put_loaddata(seq->private);
1238 return single_release(inode, file);
1241 static int seq_rawdata_abi_show(struct seq_file *seq, void *v)
1243 struct aa_loaddata *data = seq->private;
1245 seq_printf(seq, "v%d\n", data->abi);
1250 static int seq_rawdata_revision_show(struct seq_file *seq, void *v)
1252 struct aa_loaddata *data = seq->private;
1254 seq_printf(seq, "%ld\n", data->revision);
1259 static int seq_rawdata_hash_show(struct seq_file *seq, void *v)
1261 struct aa_loaddata *data = seq->private;
1262 unsigned int i, size = aa_hash_size();
1265 for (i = 0; i < size; i++)
1266 seq_printf(seq, "%.2x", data->hash[i]);
1267 seq_putc(seq, '\n');
1273 SEQ_RAWDATA_FOPS(abi);
1274 SEQ_RAWDATA_FOPS(revision);
1275 SEQ_RAWDATA_FOPS(hash);
1277 static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size,
1280 struct aa_loaddata *rawdata = file->private_data;
1282 return simple_read_from_buffer(buf, size, ppos, rawdata->data,
1286 static int rawdata_release(struct inode *inode, struct file *file)
1288 aa_put_loaddata(file->private_data);
1293 static int rawdata_open(struct inode *inode, struct file *file)
1295 if (!policy_view_capable(NULL))
1297 file->private_data = __aa_get_loaddata(inode->i_private);
1298 if (!file->private_data)
1299 /* lost race: this entry is being reaped */
1305 static const struct file_operations rawdata_fops = {
1306 .open = rawdata_open,
1307 .read = rawdata_read,
1308 .llseek = generic_file_llseek,
1309 .release = rawdata_release,
1312 static void remove_rawdata_dents(struct aa_loaddata *rawdata)
1316 for (i = 0; i < AAFS_LOADDATA_NDENTS; i++) {
1317 if (!IS_ERR_OR_NULL(rawdata->dents[i])) {
1318 /* no refcounts on i_private */
1319 aafs_remove(rawdata->dents[i]);
1320 rawdata->dents[i] = NULL;
1325 void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata)
1327 AA_BUG(rawdata->ns && !mutex_is_locked(&rawdata->ns->lock));
1330 remove_rawdata_dents(rawdata);
1331 list_del_init(&rawdata->list);
1332 aa_put_ns(rawdata->ns);
1337 int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata)
1339 struct dentry *dent, *dir;
1343 AA_BUG(!mutex_is_locked(&ns->lock));
1344 AA_BUG(!ns_subdata_dir(ns));
1347 * just use ns revision dir was originally created at. This is
1348 * under ns->lock and if load is successful revision will be
1349 * bumped and is guaranteed to be unique
1351 rawdata->name = kasprintf(GFP_KERNEL, "%ld", ns->revision);
1355 dir = aafs_create_dir(rawdata->name, ns_subdata_dir(ns));
1357 /* ->name freed when rawdata freed */
1358 return PTR_ERR(dir);
1359 rawdata->dents[AAFS_LOADDATA_DIR] = dir;
1361 dent = aafs_create_file("abi", S_IFREG | 0444, dir, rawdata,
1362 &seq_rawdata_abi_fops);
1365 rawdata->dents[AAFS_LOADDATA_ABI] = dent;
1367 dent = aafs_create_file("revision", S_IFREG | 0444, dir, rawdata,
1368 &seq_rawdata_revision_fops);
1371 rawdata->dents[AAFS_LOADDATA_REVISION] = dent;
1373 if (aa_g_hash_policy) {
1374 dent = aafs_create_file("sha1", S_IFREG | 0444, dir,
1375 rawdata, &seq_rawdata_hash_fops);
1378 rawdata->dents[AAFS_LOADDATA_HASH] = dent;
1381 dent = aafs_create_file("raw_data", S_IFREG | 0444,
1382 dir, rawdata, &rawdata_fops);
1385 rawdata->dents[AAFS_LOADDATA_DATA] = dent;
1386 d_inode(dent)->i_size = rawdata->size;
1388 rawdata->ns = aa_get_ns(ns);
1389 list_add(&rawdata->list, &ns->rawdata_list);
1390 /* no refcount on inode rawdata */
1395 remove_rawdata_dents(rawdata);
1397 return PTR_ERR(dent);
1400 /** fns to setup dynamic per profile/namespace files **/
1404 * Requires: @profile->ns->lock held
1406 void __aafs_profile_rmdir(struct aa_profile *profile)
1408 struct aa_profile *child;
1414 list_for_each_entry(child, &profile->base.profiles, base.list)
1415 __aafs_profile_rmdir(child);
1417 for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) {
1418 struct aa_proxy *proxy;
1419 if (!profile->dents[i])
1422 proxy = d_inode(profile->dents[i])->i_private;
1423 aafs_remove(profile->dents[i]);
1424 aa_put_proxy(proxy);
1425 profile->dents[i] = NULL;
1431 * Requires: @old->ns->lock held
1433 void __aafs_profile_migrate_dents(struct aa_profile *old,
1434 struct aa_profile *new)
1440 AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock));
1442 for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
1443 new->dents[i] = old->dents[i];
1445 new->dents[i]->d_inode->i_mtime = current_time(new->dents[i]->d_inode);
1446 old->dents[i] = NULL;
1450 static struct dentry *create_profile_file(struct dentry *dir, const char *name,
1451 struct aa_profile *profile,
1452 const struct file_operations *fops)
1454 struct aa_proxy *proxy = aa_get_proxy(profile->label.proxy);
1455 struct dentry *dent;
1457 dent = aafs_create_file(name, S_IFREG | 0444, dir, proxy, fops);
1459 aa_put_proxy(proxy);
1464 static int profile_depth(struct aa_profile *profile)
1469 for (depth = 0; profile; profile = rcu_access_pointer(profile->parent))
1476 static char *gen_symlink_name(int depth, const char *dirname, const char *fname)
1480 int size = depth * 6 + strlen(dirname) + strlen(fname) + 11;
1482 s = buffer = kmalloc(size, GFP_KERNEL);
1484 return ERR_PTR(-ENOMEM);
1486 for (; depth > 0; depth--) {
1487 strcpy(s, "../../");
1492 error = snprintf(s, size, "raw_data/%s/%s", dirname, fname);
1493 if (error >= size || error < 0) {
1495 return ERR_PTR(-ENAMETOOLONG);
1501 static void rawdata_link_cb(void *arg)
1506 static const char *rawdata_get_link_base(struct dentry *dentry,
1507 struct inode *inode,
1508 struct delayed_call *done,
1511 struct aa_proxy *proxy = inode->i_private;
1512 struct aa_label *label;
1513 struct aa_profile *profile;
1518 return ERR_PTR(-ECHILD);
1520 label = aa_get_label_rcu(&proxy->label);
1521 profile = labels_profile(label);
1522 depth = profile_depth(profile);
1523 target = gen_symlink_name(depth, profile->rawdata->name, name);
1524 aa_put_label(label);
1529 set_delayed_call(done, rawdata_link_cb, target);
1534 static const char *rawdata_get_link_sha1(struct dentry *dentry,
1535 struct inode *inode,
1536 struct delayed_call *done)
1538 return rawdata_get_link_base(dentry, inode, done, "sha1");
1541 static const char *rawdata_get_link_abi(struct dentry *dentry,
1542 struct inode *inode,
1543 struct delayed_call *done)
1545 return rawdata_get_link_base(dentry, inode, done, "abi");
1548 static const char *rawdata_get_link_data(struct dentry *dentry,
1549 struct inode *inode,
1550 struct delayed_call *done)
1552 return rawdata_get_link_base(dentry, inode, done, "raw_data");
1555 static const struct inode_operations rawdata_link_sha1_iops = {
1556 .get_link = rawdata_get_link_sha1,
1559 static const struct inode_operations rawdata_link_abi_iops = {
1560 .get_link = rawdata_get_link_abi,
1562 static const struct inode_operations rawdata_link_data_iops = {
1563 .get_link = rawdata_get_link_data,
1568 * Requires: @profile->ns->lock held
1570 int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
1572 struct aa_profile *child;
1573 struct dentry *dent = NULL, *dir;
1577 AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock));
1580 struct aa_profile *p;
1581 p = aa_deref_parent(profile);
1583 /* adding to parent that previously didn't have children */
1584 dent = aafs_create_dir("profiles", dent);
1587 prof_child_dir(p) = parent = dent;
1590 if (!profile->dirname) {
1592 len = mangle_name(profile->base.name, NULL);
1593 id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
1595 profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
1596 if (!profile->dirname) {
1601 mangle_name(profile->base.name, profile->dirname);
1602 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
1605 dent = aafs_create_dir(profile->dirname, parent);
1608 prof_dir(profile) = dir = dent;
1610 dent = create_profile_file(dir, "name", profile,
1611 &seq_profile_name_fops);
1614 profile->dents[AAFS_PROF_NAME] = dent;
1616 dent = create_profile_file(dir, "mode", profile,
1617 &seq_profile_mode_fops);
1620 profile->dents[AAFS_PROF_MODE] = dent;
1622 dent = create_profile_file(dir, "attach", profile,
1623 &seq_profile_attach_fops);
1626 profile->dents[AAFS_PROF_ATTACH] = dent;
1628 if (profile->hash) {
1629 dent = create_profile_file(dir, "sha1", profile,
1630 &seq_profile_hash_fops);
1633 profile->dents[AAFS_PROF_HASH] = dent;
1636 if (profile->rawdata) {
1637 dent = aafs_create_symlink("raw_sha1", dir, NULL,
1638 profile->label.proxy,
1639 &rawdata_link_sha1_iops);
1642 aa_get_proxy(profile->label.proxy);
1643 profile->dents[AAFS_PROF_RAW_HASH] = dent;
1645 dent = aafs_create_symlink("raw_abi", dir, NULL,
1646 profile->label.proxy,
1647 &rawdata_link_abi_iops);
1650 aa_get_proxy(profile->label.proxy);
1651 profile->dents[AAFS_PROF_RAW_ABI] = dent;
1653 dent = aafs_create_symlink("raw_data", dir, NULL,
1654 profile->label.proxy,
1655 &rawdata_link_data_iops);
1658 aa_get_proxy(profile->label.proxy);
1659 profile->dents[AAFS_PROF_RAW_DATA] = dent;
1662 list_for_each_entry(child, &profile->base.profiles, base.list) {
1663 error = __aafs_profile_mkdir(child, prof_child_dir(profile));
1671 error = PTR_ERR(dent);
1674 __aafs_profile_rmdir(profile);
1679 static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
1681 struct aa_ns *ns, *parent;
1682 /* TODO: improve permission check */
1683 struct aa_label *label;
1686 label = begin_current_label_crit_section();
1687 error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY);
1688 end_current_label_crit_section(label);
1692 parent = aa_get_ns(dir->i_private);
1693 AA_BUG(d_inode(ns_subns_dir(parent)) != dir);
1695 /* we have to unlock and then relock to get locking order right
1699 error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
1700 mutex_lock_nested(&parent->lock, parent->level);
1701 inode_lock_nested(dir, I_MUTEX_PARENT);
1705 error = __aafs_setup_d_inode(dir, dentry, mode | S_IFDIR, NULL,
1710 ns = __aa_find_or_create_ns(parent, READ_ONCE(dentry->d_name.name),
1713 error = PTR_ERR(ns);
1717 aa_put_ns(ns); /* list ref remains */
1720 simple_release_fs(&aafs_mnt, &aafs_count);
1722 mutex_unlock(&parent->lock);
1728 static int ns_rmdir_op(struct inode *dir, struct dentry *dentry)
1730 struct aa_ns *ns, *parent;
1731 /* TODO: improve permission check */
1732 struct aa_label *label;
1735 label = begin_current_label_crit_section();
1736 error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY);
1737 end_current_label_crit_section(label);
1741 parent = aa_get_ns(dir->i_private);
1742 /* rmdir calls the generic securityfs functions to remove files
1743 * from the apparmor dir. It is up to the apparmor ns locking
1747 inode_unlock(dentry->d_inode);
1749 mutex_lock_nested(&parent->lock, parent->level);
1750 ns = aa_get_ns(__aa_findn_ns(&parent->sub_ns, dentry->d_name.name,
1751 dentry->d_name.len));
1756 AA_BUG(ns_dir(ns) != dentry);
1762 mutex_unlock(&parent->lock);
1763 inode_lock_nested(dir, I_MUTEX_PARENT);
1764 inode_lock(dentry->d_inode);
1770 static const struct inode_operations ns_dir_inode_operations = {
1771 .lookup = simple_lookup,
1772 .mkdir = ns_mkdir_op,
1773 .rmdir = ns_rmdir_op,
1776 static void __aa_fs_list_remove_rawdata(struct aa_ns *ns)
1778 struct aa_loaddata *ent, *tmp;
1780 AA_BUG(!mutex_is_locked(&ns->lock));
1782 list_for_each_entry_safe(ent, tmp, &ns->rawdata_list, list)
1783 __aa_fs_remove_rawdata(ent);
1788 * Requires: @ns->lock held
1790 void __aafs_ns_rmdir(struct aa_ns *ns)
1793 struct aa_profile *child;
1798 AA_BUG(!mutex_is_locked(&ns->lock));
1800 list_for_each_entry(child, &ns->base.profiles, base.list)
1801 __aafs_profile_rmdir(child);
1803 list_for_each_entry(sub, &ns->sub_ns, base.list) {
1804 mutex_lock_nested(&sub->lock, sub->level);
1805 __aafs_ns_rmdir(sub);
1806 mutex_unlock(&sub->lock);
1809 __aa_fs_list_remove_rawdata(ns);
1811 if (ns_subns_dir(ns)) {
1812 sub = d_inode(ns_subns_dir(ns))->i_private;
1815 if (ns_subload(ns)) {
1816 sub = d_inode(ns_subload(ns))->i_private;
1819 if (ns_subreplace(ns)) {
1820 sub = d_inode(ns_subreplace(ns))->i_private;
1823 if (ns_subremove(ns)) {
1824 sub = d_inode(ns_subremove(ns))->i_private;
1827 if (ns_subrevision(ns)) {
1828 sub = d_inode(ns_subrevision(ns))->i_private;
1832 for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) {
1833 aafs_remove(ns->dents[i]);
1834 ns->dents[i] = NULL;
1838 /* assumes cleanup in caller */
1839 static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir)
1841 struct dentry *dent;
1846 dent = aafs_create_dir("profiles", dir);
1848 return PTR_ERR(dent);
1849 ns_subprofs_dir(ns) = dent;
1851 dent = aafs_create_dir("raw_data", dir);
1853 return PTR_ERR(dent);
1854 ns_subdata_dir(ns) = dent;
1856 dent = aafs_create_file("revision", 0444, dir, ns,
1857 &aa_fs_ns_revision_fops);
1859 return PTR_ERR(dent);
1861 ns_subrevision(ns) = dent;
1863 dent = aafs_create_file(".load", 0640, dir, ns,
1864 &aa_fs_profile_load);
1866 return PTR_ERR(dent);
1868 ns_subload(ns) = dent;
1870 dent = aafs_create_file(".replace", 0640, dir, ns,
1871 &aa_fs_profile_replace);
1873 return PTR_ERR(dent);
1875 ns_subreplace(ns) = dent;
1877 dent = aafs_create_file(".remove", 0640, dir, ns,
1878 &aa_fs_profile_remove);
1880 return PTR_ERR(dent);
1882 ns_subremove(ns) = dent;
1884 /* use create_dentry so we can supply private data */
1885 dent = aafs_create("namespaces", S_IFDIR | 0755, dir, ns, NULL, NULL,
1886 &ns_dir_inode_operations);
1888 return PTR_ERR(dent);
1890 ns_subns_dir(ns) = dent;
1896 * Requires: @ns->lock held
1898 int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
1899 struct dentry *dent)
1902 struct aa_profile *child;
1908 AA_BUG(!mutex_is_locked(&ns->lock));
1911 name = ns->base.name;
1914 /* create ns dir if it doesn't already exist */
1915 dent = aafs_create_dir(name, parent);
1920 ns_dir(ns) = dir = dent;
1921 error = __aafs_ns_mkdir_entries(ns, dir);
1926 list_for_each_entry(child, &ns->base.profiles, base.list) {
1927 error = __aafs_profile_mkdir(child, ns_subprofs_dir(ns));
1933 list_for_each_entry(sub, &ns->sub_ns, base.list) {
1934 mutex_lock_nested(&sub->lock, sub->level);
1935 error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL);
1936 mutex_unlock(&sub->lock);
1944 error = PTR_ERR(dent);
1947 __aafs_ns_rmdir(ns);
1953 #define list_entry_is_head(pos, head, member) (&pos->member == (head))
1956 * __next_ns - find the next namespace to list
1957 * @root: root namespace to stop search at (NOT NULL)
1958 * @ns: current ns position (NOT NULL)
1960 * Find the next namespace from @ns under @root and handle all locking needed
1961 * while switching current namespace.
1963 * Returns: next namespace or NULL if at last namespace under @root
1964 * Requires: ns->parent->lock to be held
1965 * NOTE: will not unlock root->lock
1967 static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns)
1969 struct aa_ns *parent, *next;
1973 AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock));
1975 /* is next namespace a child */
1976 if (!list_empty(&ns->sub_ns)) {
1977 next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
1978 mutex_lock_nested(&next->lock, next->level);
1982 /* check if the next ns is a sibling, parent, gp, .. */
1983 parent = ns->parent;
1984 while (ns != root) {
1985 mutex_unlock(&ns->lock);
1986 next = list_next_entry(ns, base.list);
1987 if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
1988 mutex_lock_nested(&next->lock, next->level);
1992 parent = parent->parent;
1999 * __first_profile - find the first profile in a namespace
2000 * @root: namespace that is root of profiles being displayed (NOT NULL)
2001 * @ns: namespace to start in (NOT NULL)
2003 * Returns: unrefcounted profile or NULL if no profile
2004 * Requires: profile->ns.lock to be held
2006 static struct aa_profile *__first_profile(struct aa_ns *root,
2010 AA_BUG(ns && !mutex_is_locked(&ns->lock));
2012 for (; ns; ns = __next_ns(root, ns)) {
2013 if (!list_empty(&ns->base.profiles))
2014 return list_first_entry(&ns->base.profiles,
2015 struct aa_profile, base.list);
2021 * __next_profile - step to the next profile in a profile tree
2022 * @profile: current profile in tree (NOT NULL)
2024 * Perform a depth first traversal on the profile tree in a namespace
2026 * Returns: next profile or NULL if done
2027 * Requires: profile->ns.lock to be held
2029 static struct aa_profile *__next_profile(struct aa_profile *p)
2031 struct aa_profile *parent;
2032 struct aa_ns *ns = p->ns;
2034 AA_BUG(!mutex_is_locked(&profiles_ns(p)->lock));
2036 /* is next profile a child */
2037 if (!list_empty(&p->base.profiles))
2038 return list_first_entry(&p->base.profiles, typeof(*p),
2041 /* is next profile a sibling, parent sibling, gp, sibling, .. */
2042 parent = rcu_dereference_protected(p->parent,
2043 mutex_is_locked(&p->ns->lock));
2045 p = list_next_entry(p, base.list);
2046 if (!list_entry_is_head(p, &parent->base.profiles, base.list))
2049 parent = rcu_dereference_protected(parent->parent,
2050 mutex_is_locked(&parent->ns->lock));
2053 /* is next another profile in the namespace */
2054 p = list_next_entry(p, base.list);
2055 if (!list_entry_is_head(p, &ns->base.profiles, base.list))
2062 * next_profile - step to the next profile in where ever it may be
2063 * @root: root namespace (NOT NULL)
2064 * @profile: current profile (NOT NULL)
2066 * Returns: next profile or NULL if there isn't one
2068 static struct aa_profile *next_profile(struct aa_ns *root,
2069 struct aa_profile *profile)
2071 struct aa_profile *next = __next_profile(profile);
2075 /* finished all profiles in namespace move to next namespace */
2076 return __first_profile(root, __next_ns(root, profile->ns));
2080 * p_start - start a depth first traversal of profile tree
2081 * @f: seq_file to fill
2082 * @pos: current position
2084 * Returns: first profile under current namespace or NULL if none found
2086 * acquires first ns->lock
2088 static void *p_start(struct seq_file *f, loff_t *pos)
2090 struct aa_profile *profile = NULL;
2091 struct aa_ns *root = aa_get_current_ns();
2095 /* find the first profile */
2096 mutex_lock_nested(&root->lock, root->level);
2097 profile = __first_profile(root, root);
2099 /* skip to position */
2100 for (; profile && l > 0; l--)
2101 profile = next_profile(root, profile);
2107 * p_next - read the next profile entry
2108 * @f: seq_file to fill
2109 * @p: profile previously returned
2110 * @pos: current position
2112 * Returns: next profile after @p or NULL if none
2114 * may acquire/release locks in namespace tree as necessary
2116 static void *p_next(struct seq_file *f, void *p, loff_t *pos)
2118 struct aa_profile *profile = p;
2119 struct aa_ns *ns = f->private;
2122 return next_profile(ns, profile);
2126 * p_stop - stop depth first traversal
2127 * @f: seq_file we are filling
2128 * @p: the last profile writen
2130 * Release all locking done by p_start/p_next on namespace tree
2132 static void p_stop(struct seq_file *f, void *p)
2134 struct aa_profile *profile = p;
2135 struct aa_ns *root = f->private, *ns;
2138 for (ns = profile->ns; ns && ns != root; ns = ns->parent)
2139 mutex_unlock(&ns->lock);
2141 mutex_unlock(&root->lock);
2146 * seq_show_profile - show a profile entry
2147 * @f: seq_file to file
2148 * @p: current position (profile) (NOT NULL)
2150 * Returns: error on failure
2152 static int seq_show_profile(struct seq_file *f, void *p)
2154 struct aa_profile *profile = (struct aa_profile *)p;
2155 struct aa_ns *root = f->private;
2157 aa_label_seq_xprint(f, root, &profile->label,
2158 FLAG_SHOW_MODE | FLAG_VIEW_SUBNS, GFP_KERNEL);
2164 static const struct seq_operations aa_sfs_profiles_op = {
2168 .show = seq_show_profile,
2171 static int profiles_open(struct inode *inode, struct file *file)
2173 if (!policy_view_capable(NULL))
2176 return seq_open(file, &aa_sfs_profiles_op);
2179 static int profiles_release(struct inode *inode, struct file *file)
2181 return seq_release(inode, file);
2184 static const struct file_operations aa_sfs_profiles_fops = {
2185 .open = profiles_open,
2187 .llseek = seq_lseek,
2188 .release = profiles_release,
2192 /** Base file system setup **/
2193 static struct aa_sfs_entry aa_sfs_entry_file[] = {
2194 AA_SFS_FILE_STRING("mask",
2195 "create read write exec append mmap_exec link lock"),
2199 static struct aa_sfs_entry aa_sfs_entry_ptrace[] = {
2200 AA_SFS_FILE_STRING("mask", "read trace"),
2204 static struct aa_sfs_entry aa_sfs_entry_signal[] = {
2205 AA_SFS_FILE_STRING("mask", AA_SFS_SIG_MASK),
2209 static struct aa_sfs_entry aa_sfs_entry_attach[] = {
2210 AA_SFS_FILE_BOOLEAN("xattr", 1),
2213 static struct aa_sfs_entry aa_sfs_entry_domain[] = {
2214 AA_SFS_FILE_BOOLEAN("change_hat", 1),
2215 AA_SFS_FILE_BOOLEAN("change_hatv", 1),
2216 AA_SFS_FILE_BOOLEAN("change_onexec", 1),
2217 AA_SFS_FILE_BOOLEAN("change_profile", 1),
2218 AA_SFS_FILE_BOOLEAN("stack", 1),
2219 AA_SFS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1),
2220 AA_SFS_FILE_BOOLEAN("post_nnp_subset", 1),
2221 AA_SFS_FILE_BOOLEAN("computed_longest_left", 1),
2222 AA_SFS_DIR("attach_conditions", aa_sfs_entry_attach),
2223 AA_SFS_FILE_STRING("version", "1.2"),
2227 static struct aa_sfs_entry aa_sfs_entry_versions[] = {
2228 AA_SFS_FILE_BOOLEAN("v5", 1),
2229 AA_SFS_FILE_BOOLEAN("v6", 1),
2230 AA_SFS_FILE_BOOLEAN("v7", 1),
2231 AA_SFS_FILE_BOOLEAN("v8", 1),
2235 static struct aa_sfs_entry aa_sfs_entry_policy[] = {
2236 AA_SFS_DIR("versions", aa_sfs_entry_versions),
2237 AA_SFS_FILE_BOOLEAN("set_load", 1),
2241 static struct aa_sfs_entry aa_sfs_entry_mount[] = {
2242 AA_SFS_FILE_STRING("mask", "mount umount pivot_root"),
2246 static struct aa_sfs_entry aa_sfs_entry_ns[] = {
2247 AA_SFS_FILE_BOOLEAN("profile", 1),
2248 AA_SFS_FILE_BOOLEAN("pivot_root", 0),
2252 static struct aa_sfs_entry aa_sfs_entry_query_label[] = {
2253 AA_SFS_FILE_STRING("perms", "allow deny audit quiet"),
2254 AA_SFS_FILE_BOOLEAN("data", 1),
2255 AA_SFS_FILE_BOOLEAN("multi_transaction", 1),
2259 static struct aa_sfs_entry aa_sfs_entry_query[] = {
2260 AA_SFS_DIR("label", aa_sfs_entry_query_label),
2263 static struct aa_sfs_entry aa_sfs_entry_features[] = {
2264 AA_SFS_DIR("policy", aa_sfs_entry_policy),
2265 AA_SFS_DIR("domain", aa_sfs_entry_domain),
2266 AA_SFS_DIR("file", aa_sfs_entry_file),
2267 AA_SFS_DIR("network_v8", aa_sfs_entry_network),
2268 AA_SFS_DIR("mount", aa_sfs_entry_mount),
2269 AA_SFS_DIR("namespaces", aa_sfs_entry_ns),
2270 AA_SFS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
2271 AA_SFS_DIR("rlimit", aa_sfs_entry_rlimit),
2272 AA_SFS_DIR("caps", aa_sfs_entry_caps),
2273 AA_SFS_DIR("ptrace", aa_sfs_entry_ptrace),
2274 AA_SFS_DIR("signal", aa_sfs_entry_signal),
2275 AA_SFS_DIR("query", aa_sfs_entry_query),
2279 static struct aa_sfs_entry aa_sfs_entry_apparmor[] = {
2280 AA_SFS_FILE_FOPS(".access", 0666, &aa_sfs_access),
2281 AA_SFS_FILE_FOPS(".stacked", 0444, &seq_ns_stacked_fops),
2282 AA_SFS_FILE_FOPS(".ns_stacked", 0444, &seq_ns_nsstacked_fops),
2283 AA_SFS_FILE_FOPS(".ns_level", 0444, &seq_ns_level_fops),
2284 AA_SFS_FILE_FOPS(".ns_name", 0444, &seq_ns_name_fops),
2285 AA_SFS_FILE_FOPS("profiles", 0444, &aa_sfs_profiles_fops),
2286 AA_SFS_DIR("features", aa_sfs_entry_features),
2290 static struct aa_sfs_entry aa_sfs_entry =
2291 AA_SFS_DIR("apparmor", aa_sfs_entry_apparmor);
2294 * entry_create_file - create a file entry in the apparmor securityfs
2295 * @fs_file: aa_sfs_entry to build an entry for (NOT NULL)
2296 * @parent: the parent dentry in the securityfs
2298 * Use entry_remove_file to remove entries created with this fn.
2300 static int __init entry_create_file(struct aa_sfs_entry *fs_file,
2301 struct dentry *parent)
2305 fs_file->dentry = securityfs_create_file(fs_file->name,
2306 S_IFREG | fs_file->mode,
2309 if (IS_ERR(fs_file->dentry)) {
2310 error = PTR_ERR(fs_file->dentry);
2311 fs_file->dentry = NULL;
2316 static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir);
2318 * entry_create_dir - recursively create a directory entry in the securityfs
2319 * @fs_dir: aa_sfs_entry (and all child entries) to build (NOT NULL)
2320 * @parent: the parent dentry in the securityfs
2322 * Use entry_remove_dir to remove entries created with this fn.
2324 static int __init entry_create_dir(struct aa_sfs_entry *fs_dir,
2325 struct dentry *parent)
2327 struct aa_sfs_entry *fs_file;
2331 dir = securityfs_create_dir(fs_dir->name, parent);
2333 return PTR_ERR(dir);
2334 fs_dir->dentry = dir;
2336 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
2337 if (fs_file->v_type == AA_SFS_TYPE_DIR)
2338 error = entry_create_dir(fs_file, fs_dir->dentry);
2340 error = entry_create_file(fs_file, fs_dir->dentry);
2348 entry_remove_dir(fs_dir);
2354 * entry_remove_file - drop a single file entry in the apparmor securityfs
2355 * @fs_file: aa_sfs_entry to detach from the securityfs (NOT NULL)
2357 static void __init entry_remove_file(struct aa_sfs_entry *fs_file)
2359 if (!fs_file->dentry)
2362 securityfs_remove(fs_file->dentry);
2363 fs_file->dentry = NULL;
2367 * entry_remove_dir - recursively drop a directory entry from the securityfs
2368 * @fs_dir: aa_sfs_entry (and all child entries) to detach (NOT NULL)
2370 static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir)
2372 struct aa_sfs_entry *fs_file;
2374 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
2375 if (fs_file->v_type == AA_SFS_TYPE_DIR)
2376 entry_remove_dir(fs_file);
2378 entry_remove_file(fs_file);
2381 entry_remove_file(fs_dir);
2385 * aa_destroy_aafs - cleanup and free aafs
2387 * releases dentries allocated by aa_create_aafs
2389 void __init aa_destroy_aafs(void)
2391 entry_remove_dir(&aa_sfs_entry);
2395 #define NULL_FILE_NAME ".null"
2396 struct path aa_null;
2398 static int aa_mk_null_file(struct dentry *parent)
2400 struct vfsmount *mount = NULL;
2401 struct dentry *dentry;
2402 struct inode *inode;
2404 int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count);
2409 inode_lock(d_inode(parent));
2410 dentry = lookup_one_len(NULL_FILE_NAME, parent, strlen(NULL_FILE_NAME));
2411 if (IS_ERR(dentry)) {
2412 error = PTR_ERR(dentry);
2415 inode = new_inode(parent->d_inode->i_sb);
2421 inode->i_ino = get_next_ino();
2422 inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
2423 inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode);
2424 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO,
2425 MKDEV(MEM_MAJOR, 3));
2426 d_instantiate(dentry, inode);
2427 aa_null.dentry = dget(dentry);
2428 aa_null.mnt = mntget(mount);
2435 inode_unlock(d_inode(parent));
2436 simple_release_fs(&mount, &count);
2442 static const char *policy_get_link(struct dentry *dentry,
2443 struct inode *inode,
2444 struct delayed_call *done)
2450 return ERR_PTR(-ECHILD);
2451 ns = aa_get_current_ns();
2452 path.mnt = mntget(aafs_mnt);
2453 path.dentry = dget(ns_dir(ns));
2454 nd_jump_link(&path);
2460 static int policy_readlink(struct dentry *dentry, char __user *buffer,
2466 res = snprintf(name, sizeof(name), "%s:[%lu]", AAFS_NAME,
2467 d_inode(dentry)->i_ino);
2468 if (res > 0 && res < sizeof(name))
2469 res = readlink_copy(buffer, buflen, name);
2476 static const struct inode_operations policy_link_iops = {
2477 .readlink = policy_readlink,
2478 .get_link = policy_get_link,
2483 * aa_create_aafs - create the apparmor security filesystem
2485 * dentries created here are released by aa_destroy_aafs
2487 * Returns: error on failure
2489 static int __init aa_create_aafs(void)
2491 struct dentry *dent;
2494 if (!apparmor_initialized)
2497 if (aa_sfs_entry.dentry) {
2498 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
2502 /* setup apparmorfs used to virtualize policy/ */
2503 aafs_mnt = kern_mount(&aafs_ops);
2504 if (IS_ERR(aafs_mnt))
2505 panic("can't set apparmorfs up\n");
2506 aafs_mnt->mnt_sb->s_flags &= ~SB_NOUSER;
2508 /* Populate fs tree. */
2509 error = entry_create_dir(&aa_sfs_entry, NULL);
2513 dent = securityfs_create_file(".load", 0666, aa_sfs_entry.dentry,
2514 NULL, &aa_fs_profile_load);
2517 ns_subload(root_ns) = dent;
2519 dent = securityfs_create_file(".replace", 0666, aa_sfs_entry.dentry,
2520 NULL, &aa_fs_profile_replace);
2523 ns_subreplace(root_ns) = dent;
2525 dent = securityfs_create_file(".remove", 0666, aa_sfs_entry.dentry,
2526 NULL, &aa_fs_profile_remove);
2529 ns_subremove(root_ns) = dent;
2531 dent = securityfs_create_file("revision", 0444, aa_sfs_entry.dentry,
2532 NULL, &aa_fs_ns_revision_fops);
2535 ns_subrevision(root_ns) = dent;
2537 /* policy tree referenced by magic policy symlink */
2538 mutex_lock_nested(&root_ns->lock, root_ns->level);
2539 error = __aafs_ns_mkdir(root_ns, aafs_mnt->mnt_root, ".policy",
2540 aafs_mnt->mnt_root);
2541 mutex_unlock(&root_ns->lock);
2545 /* magic symlink similar to nsfs redirects based on task policy */
2546 dent = securityfs_create_symlink("policy", aa_sfs_entry.dentry,
2547 NULL, &policy_link_iops);
2551 error = aa_mk_null_file(aa_sfs_entry.dentry);
2555 /* TODO: add default profile to apparmorfs */
2557 /* Report that AppArmor fs is enabled */
2558 aa_info_message("AppArmor Filesystem Enabled");
2562 error = PTR_ERR(dent);
2565 AA_ERROR("Error creating AppArmor securityfs\n");
2569 fs_initcall(aa_create_aafs);
git.samba.org / sfrench / cifs-2.6.git / blob