1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * AppArmor security module 4 * 5 * This file contains AppArmor /sys/kernel/security/apparmor interface functions 6 * 7 * Copyright (C) 1998-2008 Novell/SUSE 8 * Copyright 2009-2010 Canonical Ltd. 9 */ 10 11 #include <linux/ctype.h> 12 #include <linux/security.h> 13 #include <linux/vmalloc.h> 14 #include <linux/init.h> 15 #include <linux/seq_file.h> 16 #include <linux/uaccess.h> 17 #include <linux/mount.h> 18 #include <linux/namei.h> 19 #include <linux/capability.h> 20 #include <linux/rcupdate.h> 21 #include <linux/fs.h> 22 #include <linux/fs_context.h> 23 #include <linux/poll.h> 24 #include <linux/zstd.h> 25 #include <uapi/linux/major.h> 26 #include <uapi/linux/magic.h> 27 28 #include "include/apparmor.h" 29 #include "include/apparmorfs.h" 30 #include "include/audit.h" 31 #include "include/cred.h" 32 #include "include/crypto.h" 33 #include "include/ipc.h" 34 #include "include/label.h" 35 #include "include/policy.h" 36 #include "include/policy_ns.h" 37 #include "include/resource.h" 38 #include "include/policy_unpack.h" 39 #include "include/task.h" 40 41 /* 42 * The apparmor filesystem interface used for policy load and introspection 43 * The interface is split into two main components based on their function 44 * a securityfs component: 45 * used for static files that are always available, and which allows 46 * userspace to specificy the location of the security filesystem. 47 * 48 * fns and data are prefixed with 49 * aa_sfs_ 50 * 51 * an apparmorfs component: 52 * used loaded policy content and introspection. It is not part of a 53 * regular mounted filesystem and is available only through the magic 54 * policy symlink in the root of the securityfs apparmor/ directory. 55 * Tasks queries will be magically redirected to the correct portion 56 * of the policy tree based on their confinement. 57 * 58 * fns and data are prefixed with 59 * aafs_ 60 * 61 * The aa_fs_ prefix is used to indicate the fn is used by both the 62 * securityfs and apparmorfs filesystems. 63 */ 64 65 66 /* 67 * support fns 68 */ 69 70 struct rawdata_f_data { 71 struct aa_loaddata *loaddata; 72 }; 73 74 #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY 75 #define RAWDATA_F_DATA_BUF(p) (char *)(p + 1) 76 rawdata_f_data_free(struct rawdata_f_data * private)77 static void rawdata_f_data_free(struct rawdata_f_data *private) 78 { 79 if (!private) 80 return; 81 82 aa_put_loaddata(private->loaddata); 83 kvfree(private); 84 } 85 rawdata_f_data_alloc(size_t size)86 static struct rawdata_f_data *rawdata_f_data_alloc(size_t size) 87 { 88 struct rawdata_f_data *ret; 89 90 if (size > SIZE_MAX - sizeof(*ret)) 91 return ERR_PTR(-EINVAL); 92 93 ret = kvzalloc(sizeof(*ret) + size, GFP_KERNEL); 94 if (!ret) 95 return ERR_PTR(-ENOMEM); 96 97 return ret; 98 } 99 #endif 100 101 /** 102 * mangle_name - mangle a profile name to std profile layout form 103 * @name: profile name to mangle (NOT NULL) 104 * @target: buffer to store mangled name, same length as @name (MAYBE NULL) 105 * 106 * Returns: length of mangled name 107 */ mangle_name(const char * name,char * target)108 static int mangle_name(const char *name, char *target) 109 { 110 char *t = target; 111 112 while (*name == '/' || *name == '.') 113 name++; 114 115 if (target) { 116 for (; *name; name++) { 117 if (*name == '/') 118 *(t)++ = '.'; 119 else if (isspace(*name)) 120 *(t)++ = '_'; 121 else if (isalnum(*name) || strchr("._-", *name)) 122 *(t)++ = *name; 123 } 124 125 *t = 0; 126 } else { 127 int len = 0; 128 for (; *name; name++) { 129 if (isalnum(*name) || isspace(*name) || 130 strchr("/._-", *name)) 131 len++; 132 } 133 134 return len; 135 } 136 137 return t - target; 138 } 139 140 141 /* 142 * aafs - core fns and data for the policy tree 143 */ 144 145 #define AAFS_NAME "apparmorfs" 146 static struct vfsmount *aafs_mnt; 147 static int aafs_count; 148 149 aafs_show_path(struct seq_file * seq,struct dentry * dentry)150 static int aafs_show_path(struct seq_file *seq, struct dentry *dentry) 151 { 152 seq_printf(seq, "%s:[%lu]", AAFS_NAME, d_inode(dentry)->i_ino); 153 return 0; 154 } 155 aafs_free_inode(struct inode * inode)156 static void aafs_free_inode(struct inode *inode) 157 { 158 if (S_ISLNK(inode->i_mode)) 159 kfree(inode->i_link); 160 free_inode_nonrcu(inode); 161 } 162 163 static const struct super_operations aafs_super_ops = { 164 .statfs = simple_statfs, 165 .free_inode = aafs_free_inode, 166 .show_path = aafs_show_path, 167 }; 168 apparmorfs_fill_super(struct super_block * sb,struct fs_context * fc)169 static int apparmorfs_fill_super(struct super_block *sb, struct fs_context *fc) 170 { 171 static struct tree_descr files[] = { {""} }; 172 int error; 173 174 error = simple_fill_super(sb, AAFS_MAGIC, files); 175 if (error) 176 return error; 177 sb->s_op = &aafs_super_ops; 178 179 return 0; 180 } 181 apparmorfs_get_tree(struct fs_context * fc)182 static int apparmorfs_get_tree(struct fs_context *fc) 183 { 184 return get_tree_single(fc, apparmorfs_fill_super); 185 } 186 187 static const struct fs_context_operations apparmorfs_context_ops = { 188 .get_tree = apparmorfs_get_tree, 189 }; 190 apparmorfs_init_fs_context(struct fs_context * fc)191 static int apparmorfs_init_fs_context(struct fs_context *fc) 192 { 193 fc->ops = &apparmorfs_context_ops; 194 return 0; 195 } 196 197 static struct file_system_type aafs_ops = { 198 .owner = THIS_MODULE, 199 .name = AAFS_NAME, 200 .init_fs_context = apparmorfs_init_fs_context, 201 .kill_sb = kill_anon_super, 202 }; 203 204 /** 205 * __aafs_setup_d_inode - basic inode setup for apparmorfs 206 * @dir: parent directory for the dentry 207 * @dentry: dentry we are seting the inode up for 208 * @mode: permissions the file should have 209 * @data: data to store on inode.i_private, available in open() 210 * @link: if symlink, symlink target string 211 * @fops: struct file_operations that should be used 212 * @iops: struct of inode_operations that should be used 213 */ __aafs_setup_d_inode(struct inode * dir,struct dentry * dentry,umode_t mode,void * data,char * link,const struct file_operations * fops,const struct inode_operations * iops)214 static int __aafs_setup_d_inode(struct inode *dir, struct dentry *dentry, 215 umode_t mode, void *data, char *link, 216 const struct file_operations *fops, 217 const struct inode_operations *iops) 218 { 219 struct inode *inode = new_inode(dir->i_sb); 220 221 AA_BUG(!dir); 222 AA_BUG(!dentry); 223 224 if (!inode) 225 return -ENOMEM; 226 227 inode->i_ino = get_next_ino(); 228 inode->i_mode = mode; 229 inode->i_atime = inode->i_mtime = inode_set_ctime_current(inode); 230 inode->i_private = data; 231 if (S_ISDIR(mode)) { 232 inode->i_op = iops ? iops : &simple_dir_inode_operations; 233 inode->i_fop = &simple_dir_operations; 234 inc_nlink(inode); 235 inc_nlink(dir); 236 } else if (S_ISLNK(mode)) { 237 inode->i_op = iops ? iops : &simple_symlink_inode_operations; 238 inode->i_link = link; 239 } else { 240 inode->i_fop = fops; 241 } 242 d_instantiate(dentry, inode); 243 dget(dentry); 244 245 return 0; 246 } 247 248 /** 249 * aafs_create - create a dentry in the apparmorfs filesystem 250 * 251 * @name: name of dentry to create 252 * @mode: permissions the file should have 253 * @parent: parent directory for this dentry 254 * @data: data to store on inode.i_private, available in open() 255 * @link: if symlink, symlink target string 256 * @fops: struct file_operations that should be used for 257 * @iops: struct of inode_operations that should be used 258 * 259 * This is the basic "create a xxx" function for apparmorfs. 260 * 261 * Returns a pointer to a dentry if it succeeds, that must be free with 262 * aafs_remove(). Will return ERR_PTR on failure. 263 */ aafs_create(const char * name,umode_t mode,struct dentry * parent,void * data,void * link,const struct file_operations * fops,const struct inode_operations * iops)264 static struct dentry *aafs_create(const char *name, umode_t mode, 265 struct dentry *parent, void *data, void *link, 266 const struct file_operations *fops, 267 const struct inode_operations *iops) 268 { 269 struct dentry *dentry; 270 struct inode *dir; 271 int error; 272 273 AA_BUG(!name); 274 AA_BUG(!parent); 275 276 if (!(mode & S_IFMT)) 277 mode = (mode & S_IALLUGO) | S_IFREG; 278 279 error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count); 280 if (error) 281 return ERR_PTR(error); 282 283 dir = d_inode(parent); 284 285 inode_lock(dir); 286 dentry = lookup_one_len(name, parent, strlen(name)); 287 if (IS_ERR(dentry)) { 288 error = PTR_ERR(dentry); 289 goto fail_lock; 290 } 291 292 if (d_really_is_positive(dentry)) { 293 error = -EEXIST; 294 goto fail_dentry; 295 } 296 297 error = __aafs_setup_d_inode(dir, dentry, mode, data, link, fops, iops); 298 if (error) 299 goto fail_dentry; 300 inode_unlock(dir); 301 302 return dentry; 303 304 fail_dentry: 305 dput(dentry); 306 307 fail_lock: 308 inode_unlock(dir); 309 simple_release_fs(&aafs_mnt, &aafs_count); 310 311 return ERR_PTR(error); 312 } 313 314 /** 315 * aafs_create_file - create a file in the apparmorfs filesystem 316 * 317 * @name: name of dentry to create 318 * @mode: permissions the file should have 319 * @parent: parent directory for this dentry 320 * @data: data to store on inode.i_private, available in open() 321 * @fops: struct file_operations that should be used for 322 * 323 * see aafs_create 324 */ aafs_create_file(const char * name,umode_t mode,struct dentry * parent,void * data,const struct file_operations * fops)325 static struct dentry *aafs_create_file(const char *name, umode_t mode, 326 struct dentry *parent, void *data, 327 const struct file_operations *fops) 328 { 329 return aafs_create(name, mode, parent, data, NULL, fops, NULL); 330 } 331 332 /** 333 * aafs_create_dir - create a directory in the apparmorfs filesystem 334 * 335 * @name: name of dentry to create 336 * @parent: parent directory for this dentry 337 * 338 * see aafs_create 339 */ aafs_create_dir(const char * name,struct dentry * parent)340 static struct dentry *aafs_create_dir(const char *name, struct dentry *parent) 341 { 342 return aafs_create(name, S_IFDIR | 0755, parent, NULL, NULL, NULL, 343 NULL); 344 } 345 346 /** 347 * aafs_remove - removes a file or directory from the apparmorfs filesystem 348 * 349 * @dentry: dentry of the file/directory/symlink to removed. 350 */ aafs_remove(struct dentry * dentry)351 static void aafs_remove(struct dentry *dentry) 352 { 353 struct inode *dir; 354 355 if (!dentry || IS_ERR(dentry)) 356 return; 357 358 dir = d_inode(dentry->d_parent); 359 inode_lock(dir); 360 if (simple_positive(dentry)) { 361 if (d_is_dir(dentry)) 362 simple_rmdir(dir, dentry); 363 else 364 simple_unlink(dir, dentry); 365 d_delete(dentry); 366 dput(dentry); 367 } 368 inode_unlock(dir); 369 simple_release_fs(&aafs_mnt, &aafs_count); 370 } 371 372 373 /* 374 * aa_fs - policy load/replace/remove 375 */ 376 377 /** 378 * aa_simple_write_to_buffer - common routine for getting policy from user 379 * @userbuf: user buffer to copy data from (NOT NULL) 380 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size) 381 * @copy_size: size of data to copy from user buffer 382 * @pos: position write is at in the file (NOT NULL) 383 * 384 * Returns: kernel buffer containing copy of user buffer data or an 385 * ERR_PTR on failure. 386 */ aa_simple_write_to_buffer(const char __user * userbuf,size_t alloc_size,size_t copy_size,loff_t * pos)387 static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf, 388 size_t alloc_size, 389 size_t copy_size, 390 loff_t *pos) 391 { 392 struct aa_loaddata *data; 393 394 AA_BUG(copy_size > alloc_size); 395 396 if (*pos != 0) 397 /* only writes from pos 0, that is complete writes */ 398 return ERR_PTR(-ESPIPE); 399 400 /* freed by caller to simple_write_to_buffer */ 401 data = aa_loaddata_alloc(alloc_size); 402 if (IS_ERR(data)) 403 return data; 404 405 data->size = copy_size; 406 if (copy_from_user(data->data, userbuf, copy_size)) { 407 aa_put_loaddata(data); 408 return ERR_PTR(-EFAULT); 409 } 410 411 return data; 412 } 413 policy_update(u32 mask,const char __user * buf,size_t size,loff_t * pos,struct aa_ns * ns)414 static ssize_t policy_update(u32 mask, const char __user *buf, size_t size, 415 loff_t *pos, struct aa_ns *ns) 416 { 417 struct aa_loaddata *data; 418 struct aa_label *label; 419 ssize_t error; 420 421 label = begin_current_label_crit_section(); 422 423 /* high level check about policy management - fine grained in 424 * below after unpack 425 */ 426 error = aa_may_manage_policy(current_cred(), label, ns, mask); 427 if (error) 428 goto end_section; 429 430 data = aa_simple_write_to_buffer(buf, size, size, pos); 431 error = PTR_ERR(data); 432 if (!IS_ERR(data)) { 433 error = aa_replace_profiles(ns, label, mask, data); 434 aa_put_loaddata(data); 435 } 436 end_section: 437 end_current_label_crit_section(label); 438 439 return error; 440 } 441 442 /* .load file hook fn to load policy */ profile_load(struct file * f,const char __user * buf,size_t size,loff_t * pos)443 static ssize_t profile_load(struct file *f, const char __user *buf, size_t size, 444 loff_t *pos) 445 { 446 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); 447 int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns); 448 449 aa_put_ns(ns); 450 451 return error; 452 } 453 454 static const struct file_operations aa_fs_profile_load = { 455 .write = profile_load, 456 .llseek = default_llseek, 457 }; 458 459 /* .replace file hook fn to load and/or replace policy */ profile_replace(struct file * f,const char __user * buf,size_t size,loff_t * pos)460 static ssize_t profile_replace(struct file *f, const char __user *buf, 461 size_t size, loff_t *pos) 462 { 463 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); 464 int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY, 465 buf, size, pos, ns); 466 aa_put_ns(ns); 467 468 return error; 469 } 470 471 static const struct file_operations aa_fs_profile_replace = { 472 .write = profile_replace, 473 .llseek = default_llseek, 474 }; 475 476 /* .remove file hook fn to remove loaded policy */ profile_remove(struct file * f,const char __user * buf,size_t size,loff_t * pos)477 static ssize_t profile_remove(struct file *f, const char __user *buf, 478 size_t size, loff_t *pos) 479 { 480 struct aa_loaddata *data; 481 struct aa_label *label; 482 ssize_t error; 483 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private); 484 485 label = begin_current_label_crit_section(); 486 /* high level check about policy management - fine grained in 487 * below after unpack 488 */ 489 error = aa_may_manage_policy(current_cred(), label, ns, 490 AA_MAY_REMOVE_POLICY); 491 if (error) 492 goto out; 493 494 /* 495 * aa_remove_profile needs a null terminated string so 1 extra 496 * byte is allocated and the copied data is null terminated. 497 */ 498 data = aa_simple_write_to_buffer(buf, size + 1, size, pos); 499 500 error = PTR_ERR(data); 501 if (!IS_ERR(data)) { 502 data->data[size] = 0; 503 error = aa_remove_profiles(ns, label, data->data, size); 504 aa_put_loaddata(data); 505 } 506 out: 507 end_current_label_crit_section(label); 508 aa_put_ns(ns); 509 return error; 510 } 511 512 static const struct file_operations aa_fs_profile_remove = { 513 .write = profile_remove, 514 .llseek = default_llseek, 515 }; 516 517 struct aa_revision { 518 struct aa_ns *ns; 519 long last_read; 520 }; 521 522 /* revision file hook fn for policy loads */ ns_revision_release(struct inode * inode,struct file * file)523 static int ns_revision_release(struct inode *inode, struct file *file) 524 { 525 struct aa_revision *rev = file->private_data; 526 527 if (rev) { 528 aa_put_ns(rev->ns); 529 kfree(rev); 530 } 531 532 return 0; 533 } 534 ns_revision_read(struct file * file,char __user * buf,size_t size,loff_t * ppos)535 static ssize_t ns_revision_read(struct file *file, char __user *buf, 536 size_t size, loff_t *ppos) 537 { 538 struct aa_revision *rev = file->private_data; 539 char buffer[32]; 540 long last_read; 541 int avail; 542 543 mutex_lock_nested(&rev->ns->lock, rev->ns->level); 544 last_read = rev->last_read; 545 if (last_read == rev->ns->revision) { 546 mutex_unlock(&rev->ns->lock); 547 if (file->f_flags & O_NONBLOCK) 548 return -EAGAIN; 549 if (wait_event_interruptible(rev->ns->wait, 550 last_read != 551 READ_ONCE(rev->ns->revision))) 552 return -ERESTARTSYS; 553 mutex_lock_nested(&rev->ns->lock, rev->ns->level); 554 } 555 556 avail = sprintf(buffer, "%ld\n", rev->ns->revision); 557 if (*ppos + size > avail) { 558 rev->last_read = rev->ns->revision; 559 *ppos = 0; 560 } 561 mutex_unlock(&rev->ns->lock); 562 563 return simple_read_from_buffer(buf, size, ppos, buffer, avail); 564 } 565 ns_revision_open(struct inode * inode,struct file * file)566 static int ns_revision_open(struct inode *inode, struct file *file) 567 { 568 struct aa_revision *rev = kzalloc(sizeof(*rev), GFP_KERNEL); 569 570 if (!rev) 571 return -ENOMEM; 572 573 rev->ns = aa_get_ns(inode->i_private); 574 if (!rev->ns) 575 rev->ns = aa_get_current_ns(); 576 file->private_data = rev; 577 578 return 0; 579 } 580 ns_revision_poll(struct file * file,poll_table * pt)581 static __poll_t ns_revision_poll(struct file *file, poll_table *pt) 582 { 583 struct aa_revision *rev = file->private_data; 584 __poll_t mask = 0; 585 586 if (rev) { 587 mutex_lock_nested(&rev->ns->lock, rev->ns->level); 588 poll_wait(file, &rev->ns->wait, pt); 589 if (rev->last_read < rev->ns->revision) 590 mask |= EPOLLIN | EPOLLRDNORM; 591 mutex_unlock(&rev->ns->lock); 592 } 593 594 return mask; 595 } 596 __aa_bump_ns_revision(struct aa_ns * ns)597 void __aa_bump_ns_revision(struct aa_ns *ns) 598 { 599 WRITE_ONCE(ns->revision, READ_ONCE(ns->revision) + 1); 600 wake_up_interruptible(&ns->wait); 601 } 602 603 static const struct file_operations aa_fs_ns_revision_fops = { 604 .owner = THIS_MODULE, 605 .open = ns_revision_open, 606 .poll = ns_revision_poll, 607 .read = ns_revision_read, 608 .llseek = generic_file_llseek, 609 .release = ns_revision_release, 610 }; 611 profile_query_cb(struct aa_profile * profile,struct aa_perms * perms,const char * match_str,size_t match_len)612 static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms, 613 const char *match_str, size_t match_len) 614 { 615 struct aa_ruleset *rules = list_first_entry(&profile->rules, 616 typeof(*rules), list); 617 struct aa_perms tmp = { }; 618 aa_state_t state = DFA_NOMATCH; 619 620 if (profile_unconfined(profile)) 621 return; 622 if (rules->file.dfa && *match_str == AA_CLASS_FILE) { 623 state = aa_dfa_match_len(rules->file.dfa, 624 rules->file.start[AA_CLASS_FILE], 625 match_str + 1, match_len - 1); 626 if (state) { 627 struct path_cond cond = { }; 628 629 tmp = *(aa_lookup_fperms(&(rules->file), state, &cond)); 630 } 631 } else if (rules->policy.dfa) { 632 if (!RULE_MEDIATES(rules, *match_str)) 633 return; /* no change to current perms */ 634 state = aa_dfa_match_len(rules->policy.dfa, 635 rules->policy.start[0], 636 match_str, match_len); 637 if (state) 638 tmp = *aa_lookup_perms(&rules->policy, state); 639 } 640 aa_apply_modes_to_perms(profile, &tmp); 641 aa_perms_accum_raw(perms, &tmp); 642 } 643 644 645 /** 646 * query_data - queries a policy and writes its data to buf 647 * @buf: the resulting data is stored here (NOT NULL) 648 * @buf_len: size of buf 649 * @query: query string used to retrieve data 650 * @query_len: size of query including second NUL byte 651 * 652 * The buffers pointed to by buf and query may overlap. The query buffer is 653 * parsed before buf is written to. 654 * 655 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of 656 * the security confinement context and <KEY> is the name of the data to 657 * retrieve. <LABEL> and <KEY> must not be NUL-terminated. 658 * 659 * Don't expect the contents of buf to be preserved on failure. 660 * 661 * Returns: number of characters written to buf or -errno on failure 662 */ query_data(char * buf,size_t buf_len,char * query,size_t query_len)663 static ssize_t query_data(char *buf, size_t buf_len, 664 char *query, size_t query_len) 665 { 666 char *out; 667 const char *key; 668 struct label_it i; 669 struct aa_label *label, *curr; 670 struct aa_profile *profile; 671 struct aa_data *data; 672 u32 bytes, blocks; 673 __le32 outle32; 674 675 if (!query_len) 676 return -EINVAL; /* need a query */ 677 678 key = query + strnlen(query, query_len) + 1; 679 if (key + 1 >= query + query_len) 680 return -EINVAL; /* not enough space for a non-empty key */ 681 if (key + strnlen(key, query + query_len - key) >= query + query_len) 682 return -EINVAL; /* must end with NUL */ 683 684 if (buf_len < sizeof(bytes) + sizeof(blocks)) 685 return -EINVAL; /* not enough space */ 686 687 curr = begin_current_label_crit_section(); 688 label = aa_label_parse(curr, query, GFP_KERNEL, false, false); 689 end_current_label_crit_section(curr); 690 if (IS_ERR(label)) 691 return PTR_ERR(label); 692 693 /* We are going to leave space for two numbers. The first is the total 694 * number of bytes we are writing after the first number. This is so 695 * users can read the full output without reallocation. 696 * 697 * The second number is the number of data blocks we're writing. An 698 * application might be confined by multiple policies having data in 699 * the same key. 700 */ 701 memset(buf, 0, sizeof(bytes) + sizeof(blocks)); 702 out = buf + sizeof(bytes) + sizeof(blocks); 703 704 blocks = 0; 705 label_for_each_confined(i, label, profile) { 706 if (!profile->data) 707 continue; 708 709 data = rhashtable_lookup_fast(profile->data, &key, 710 profile->data->p); 711 712 if (data) { 713 if (out + sizeof(outle32) + data->size > buf + 714 buf_len) { 715 aa_put_label(label); 716 return -EINVAL; /* not enough space */ 717 } 718 outle32 = __cpu_to_le32(data->size); 719 memcpy(out, &outle32, sizeof(outle32)); 720 out += sizeof(outle32); 721 memcpy(out, data->data, data->size); 722 out += data->size; 723 blocks++; 724 } 725 } 726 aa_put_label(label); 727 728 outle32 = __cpu_to_le32(out - buf - sizeof(bytes)); 729 memcpy(buf, &outle32, sizeof(outle32)); 730 outle32 = __cpu_to_le32(blocks); 731 memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32)); 732 733 return out - buf; 734 } 735 736 /** 737 * query_label - queries a label and writes permissions to buf 738 * @buf: the resulting permissions string is stored here (NOT NULL) 739 * @buf_len: size of buf 740 * @query: binary query string to match against the dfa 741 * @query_len: size of query 742 * @view_only: only compute for querier's view 743 * 744 * The buffers pointed to by buf and query may overlap. The query buffer is 745 * parsed before buf is written to. 746 * 747 * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is 748 * the name of the label, in the current namespace, that is to be queried and 749 * DFA_STRING is a binary string to match against the label(s)'s DFA. 750 * 751 * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters 752 * but must *not* be NUL terminated. 753 * 754 * Returns: number of characters written to buf or -errno on failure 755 */ query_label(char * buf,size_t buf_len,char * query,size_t query_len,bool view_only)756 static ssize_t query_label(char *buf, size_t buf_len, 757 char *query, size_t query_len, bool view_only) 758 { 759 struct aa_profile *profile; 760 struct aa_label *label, *curr; 761 char *label_name, *match_str; 762 size_t label_name_len, match_len; 763 struct aa_perms perms; 764 struct label_it i; 765 766 if (!query_len) 767 return -EINVAL; 768 769 label_name = query; 770 label_name_len = strnlen(query, query_len); 771 if (!label_name_len || label_name_len == query_len) 772 return -EINVAL; 773 774 /** 775 * The extra byte is to account for the null byte between the 776 * profile name and dfa string. profile_name_len is greater 777 * than zero and less than query_len, so a byte can be safely 778 * added or subtracted. 779 */ 780 match_str = label_name + label_name_len + 1; 781 match_len = query_len - label_name_len - 1; 782 783 curr = begin_current_label_crit_section(); 784 label = aa_label_parse(curr, label_name, GFP_KERNEL, false, false); 785 end_current_label_crit_section(curr); 786 if (IS_ERR(label)) 787 return PTR_ERR(label); 788 789 perms = allperms; 790 if (view_only) { 791 label_for_each_in_ns(i, labels_ns(label), label, profile) { 792 profile_query_cb(profile, &perms, match_str, match_len); 793 } 794 } else { 795 label_for_each(i, label, profile) { 796 profile_query_cb(profile, &perms, match_str, match_len); 797 } 798 } 799 aa_put_label(label); 800 801 return scnprintf(buf, buf_len, 802 "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n", 803 perms.allow, perms.deny, perms.audit, perms.quiet); 804 } 805 806 /* 807 * Transaction based IO. 808 * The file expects a write which triggers the transaction, and then 809 * possibly a read(s) which collects the result - which is stored in a 810 * file-local buffer. Once a new write is performed, a new set of results 811 * are stored in the file-local buffer. 812 */ 813 struct multi_transaction { 814 struct kref count; 815 ssize_t size; 816 char data[]; 817 }; 818 819 #define MULTI_TRANSACTION_LIMIT (PAGE_SIZE - sizeof(struct multi_transaction)) 820 multi_transaction_kref(struct kref * kref)821 static void multi_transaction_kref(struct kref *kref) 822 { 823 struct multi_transaction *t; 824 825 t = container_of(kref, struct multi_transaction, count); 826 free_page((unsigned long) t); 827 } 828 829 static struct multi_transaction * get_multi_transaction(struct multi_transaction * t)830 get_multi_transaction(struct multi_transaction *t) 831 { 832 if (t) 833 kref_get(&(t->count)); 834 835 return t; 836 } 837 put_multi_transaction(struct multi_transaction * t)838 static void put_multi_transaction(struct multi_transaction *t) 839 { 840 if (t) 841 kref_put(&(t->count), multi_transaction_kref); 842 } 843 844 /* does not increment @new's count */ multi_transaction_set(struct file * file,struct multi_transaction * new,size_t n)845 static void multi_transaction_set(struct file *file, 846 struct multi_transaction *new, size_t n) 847 { 848 struct multi_transaction *old; 849 850 AA_BUG(n > MULTI_TRANSACTION_LIMIT); 851 852 new->size = n; 853 spin_lock(&file->f_lock); 854 old = (struct multi_transaction *) file->private_data; 855 file->private_data = new; 856 spin_unlock(&file->f_lock); 857 put_multi_transaction(old); 858 } 859 multi_transaction_new(struct file * file,const char __user * buf,size_t size)860 static struct multi_transaction *multi_transaction_new(struct file *file, 861 const char __user *buf, 862 size_t size) 863 { 864 struct multi_transaction *t; 865 866 if (size > MULTI_TRANSACTION_LIMIT - 1) 867 return ERR_PTR(-EFBIG); 868 869 t = (struct multi_transaction *)get_zeroed_page(GFP_KERNEL); 870 if (!t) 871 return ERR_PTR(-ENOMEM); 872 kref_init(&t->count); 873 if (copy_from_user(t->data, buf, size)) { 874 put_multi_transaction(t); 875 return ERR_PTR(-EFAULT); 876 } 877 878 return t; 879 } 880 multi_transaction_read(struct file * file,char __user * buf,size_t size,loff_t * pos)881 static ssize_t multi_transaction_read(struct file *file, char __user *buf, 882 size_t size, loff_t *pos) 883 { 884 struct multi_transaction *t; 885 ssize_t ret; 886 887 spin_lock(&file->f_lock); 888 t = get_multi_transaction(file->private_data); 889 spin_unlock(&file->f_lock); 890 891 if (!t) 892 return 0; 893 894 ret = simple_read_from_buffer(buf, size, pos, t->data, t->size); 895 put_multi_transaction(t); 896 897 return ret; 898 } 899 multi_transaction_release(struct inode * inode,struct file * file)900 static int multi_transaction_release(struct inode *inode, struct file *file) 901 { 902 put_multi_transaction(file->private_data); 903 904 return 0; 905 } 906 907 #define QUERY_CMD_LABEL "label\0" 908 #define QUERY_CMD_LABEL_LEN 6 909 #define QUERY_CMD_PROFILE "profile\0" 910 #define QUERY_CMD_PROFILE_LEN 8 911 #define QUERY_CMD_LABELALL "labelall\0" 912 #define QUERY_CMD_LABELALL_LEN 9 913 #define QUERY_CMD_DATA "data\0" 914 #define QUERY_CMD_DATA_LEN 5 915 916 /** 917 * aa_write_access - generic permissions and data query 918 * @file: pointer to open apparmorfs/access file 919 * @ubuf: user buffer containing the complete query string (NOT NULL) 920 * @count: size of ubuf 921 * @ppos: position in the file (MUST BE ZERO) 922 * 923 * Allows for one permissions or data query per open(), write(), and read() 924 * sequence. The only queries currently supported are label-based queries for 925 * permissions or data. 926 * 927 * For permissions queries, ubuf must begin with "label\0", followed by the 928 * profile query specific format described in the query_label() function 929 * documentation. 930 * 931 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where 932 * <LABEL> is the name of the security confinement context and <KEY> is the 933 * name of the data to retrieve. 934 * 935 * Returns: number of bytes written or -errno on failure 936 */ aa_write_access(struct file * file,const char __user * ubuf,size_t count,loff_t * ppos)937 static ssize_t aa_write_access(struct file *file, const char __user *ubuf, 938 size_t count, loff_t *ppos) 939 { 940 struct multi_transaction *t; 941 ssize_t len; 942 943 if (*ppos) 944 return -ESPIPE; 945 946 t = multi_transaction_new(file, ubuf, count); 947 if (IS_ERR(t)) 948 return PTR_ERR(t); 949 950 if (count > QUERY_CMD_PROFILE_LEN && 951 !memcmp(t->data, QUERY_CMD_PROFILE, QUERY_CMD_PROFILE_LEN)) { 952 len = query_label(t->data, MULTI_TRANSACTION_LIMIT, 953 t->data + QUERY_CMD_PROFILE_LEN, 954 count - QUERY_CMD_PROFILE_LEN, true); 955 } else if (count > QUERY_CMD_LABEL_LEN && 956 !memcmp(t->data, QUERY_CMD_LABEL, QUERY_CMD_LABEL_LEN)) { 957 len = query_label(t->data, MULTI_TRANSACTION_LIMIT, 958 t->data + QUERY_CMD_LABEL_LEN, 959 count - QUERY_CMD_LABEL_LEN, true); 960 } else if (count > QUERY_CMD_LABELALL_LEN && 961 !memcmp(t->data, QUERY_CMD_LABELALL, 962 QUERY_CMD_LABELALL_LEN)) { 963 len = query_label(t->data, MULTI_TRANSACTION_LIMIT, 964 t->data + QUERY_CMD_LABELALL_LEN, 965 count - QUERY_CMD_LABELALL_LEN, false); 966 } else if (count > QUERY_CMD_DATA_LEN && 967 !memcmp(t->data, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) { 968 len = query_data(t->data, MULTI_TRANSACTION_LIMIT, 969 t->data + QUERY_CMD_DATA_LEN, 970 count - QUERY_CMD_DATA_LEN); 971 } else 972 len = -EINVAL; 973 974 if (len < 0) { 975 put_multi_transaction(t); 976 return len; 977 } 978 979 multi_transaction_set(file, t, len); 980 981 return count; 982 } 983 984 static const struct file_operations aa_sfs_access = { 985 .write = aa_write_access, 986 .read = multi_transaction_read, 987 .release = multi_transaction_release, 988 .llseek = generic_file_llseek, 989 }; 990 aa_sfs_seq_show(struct seq_file * seq,void * v)991 static int aa_sfs_seq_show(struct seq_file *seq, void *v) 992 { 993 struct aa_sfs_entry *fs_file = seq->private; 994 995 if (!fs_file) 996 return 0; 997 998 switch (fs_file->v_type) { 999 case AA_SFS_TYPE_BOOLEAN: 1000 seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no"); 1001 break; 1002 case AA_SFS_TYPE_STRING: 1003 seq_printf(seq, "%s\n", fs_file->v.string); 1004 break; 1005 case AA_SFS_TYPE_U64: 1006 seq_printf(seq, "%#08lx\n", fs_file->v.u64); 1007 break; 1008 default: 1009 /* Ignore unpritable entry types. */ 1010 break; 1011 } 1012 1013 return 0; 1014 } 1015 aa_sfs_seq_open(struct inode * inode,struct file * file)1016 static int aa_sfs_seq_open(struct inode *inode, struct file *file) 1017 { 1018 return single_open(file, aa_sfs_seq_show, inode->i_private); 1019 } 1020 1021 const struct file_operations aa_sfs_seq_file_ops = { 1022 .owner = THIS_MODULE, 1023 .open = aa_sfs_seq_open, 1024 .read = seq_read, 1025 .llseek = seq_lseek, 1026 .release = single_release, 1027 }; 1028 1029 /* 1030 * profile based file operations 1031 * policy/profiles/XXXX/profiles/ * 1032 */ 1033 1034 #define SEQ_PROFILE_FOPS(NAME) \ 1035 static int seq_profile_ ##NAME ##_open(struct inode *inode, struct file *file)\ 1036 { \ 1037 return seq_profile_open(inode, file, seq_profile_ ##NAME ##_show); \ 1038 } \ 1039 \ 1040 static const struct file_operations seq_profile_ ##NAME ##_fops = { \ 1041 .owner = THIS_MODULE, \ 1042 .open = seq_profile_ ##NAME ##_open, \ 1043 .read = seq_read, \ 1044 .llseek = seq_lseek, \ 1045 .release = seq_profile_release, \ 1046 } \ 1047 seq_profile_open(struct inode * inode,struct file * file,int (* show)(struct seq_file *,void *))1048 static int seq_profile_open(struct inode *inode, struct file *file, 1049 int (*show)(struct seq_file *, void *)) 1050 { 1051 struct aa_proxy *proxy = aa_get_proxy(inode->i_private); 1052 int error = single_open(file, show, proxy); 1053 1054 if (error) { 1055 file->private_data = NULL; 1056 aa_put_proxy(proxy); 1057 } 1058 1059 return error; 1060 } 1061 seq_profile_release(struct inode * inode,struct file * file)1062 static int seq_profile_release(struct inode *inode, struct file *file) 1063 { 1064 struct seq_file *seq = (struct seq_file *) file->private_data; 1065 if (seq) 1066 aa_put_proxy(seq->private); 1067 return single_release(inode, file); 1068 } 1069 seq_profile_name_show(struct seq_file * seq,void * v)1070 static int seq_profile_name_show(struct seq_file *seq, void *v) 1071 { 1072 struct aa_proxy *proxy = seq->private; 1073 struct aa_label *label = aa_get_label_rcu(&proxy->label); 1074 struct aa_profile *profile = labels_profile(label); 1075 seq_printf(seq, "%s\n", profile->base.name); 1076 aa_put_label(label); 1077 1078 return 0; 1079 } 1080 seq_profile_mode_show(struct seq_file * seq,void * v)1081 static int seq_profile_mode_show(struct seq_file *seq, void *v) 1082 { 1083 struct aa_proxy *proxy = seq->private; 1084 struct aa_label *label = aa_get_label_rcu(&proxy->label); 1085 struct aa_profile *profile = labels_profile(label); 1086 seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]); 1087 aa_put_label(label); 1088 1089 return 0; 1090 } 1091 seq_profile_attach_show(struct seq_file * seq,void * v)1092 static int seq_profile_attach_show(struct seq_file *seq, void *v) 1093 { 1094 struct aa_proxy *proxy = seq->private; 1095 struct aa_label *label = aa_get_label_rcu(&proxy->label); 1096 struct aa_profile *profile = labels_profile(label); 1097 if (profile->attach.xmatch_str) 1098 seq_printf(seq, "%s\n", profile->attach.xmatch_str); 1099 else if (profile->attach.xmatch.dfa) 1100 seq_puts(seq, "<unknown>\n"); 1101 else 1102 seq_printf(seq, "%s\n", profile->base.name); 1103 aa_put_label(label); 1104 1105 return 0; 1106 } 1107 seq_profile_hash_show(struct seq_file * seq,void * v)1108 static int seq_profile_hash_show(struct seq_file *seq, void *v) 1109 { 1110 struct aa_proxy *proxy = seq->private; 1111 struct aa_label *label = aa_get_label_rcu(&proxy->label); 1112 struct aa_profile *profile = labels_profile(label); 1113 unsigned int i, size = aa_hash_size(); 1114 1115 if (profile->hash) { 1116 for (i = 0; i < size; i++) 1117 seq_printf(seq, "%.2x", profile->hash[i]); 1118 seq_putc(seq, '\n'); 1119 } 1120 aa_put_label(label); 1121 1122 return 0; 1123 } 1124 1125 SEQ_PROFILE_FOPS(name); 1126 SEQ_PROFILE_FOPS(mode); 1127 SEQ_PROFILE_FOPS(attach); 1128 SEQ_PROFILE_FOPS(hash); 1129 1130 /* 1131 * namespace based files 1132 * several root files and 1133 * policy/ * 1134 */ 1135 1136 #define SEQ_NS_FOPS(NAME) \ 1137 static int seq_ns_ ##NAME ##_open(struct inode *inode, struct file *file) \ 1138 { \ 1139 return single_open(file, seq_ns_ ##NAME ##_show, inode->i_private); \ 1140 } \ 1141 \ 1142 static const struct file_operations seq_ns_ ##NAME ##_fops = { \ 1143 .owner = THIS_MODULE, \ 1144 .open = seq_ns_ ##NAME ##_open, \ 1145 .read = seq_read, \ 1146 .llseek = seq_lseek, \ 1147 .release = single_release, \ 1148 } \ 1149 seq_ns_stacked_show(struct seq_file * seq,void * v)1150 static int seq_ns_stacked_show(struct seq_file *seq, void *v) 1151 { 1152 struct aa_label *label; 1153 1154 label = begin_current_label_crit_section(); 1155 seq_printf(seq, "%s\n", label->size > 1 ? "yes" : "no"); 1156 end_current_label_crit_section(label); 1157 1158 return 0; 1159 } 1160 seq_ns_nsstacked_show(struct seq_file * seq,void * v)1161 static int seq_ns_nsstacked_show(struct seq_file *seq, void *v) 1162 { 1163 struct aa_label *label; 1164 struct aa_profile *profile; 1165 struct label_it it; 1166 int count = 1; 1167 1168 label = begin_current_label_crit_section(); 1169 1170 if (label->size > 1) { 1171 label_for_each(it, label, profile) 1172 if (profile->ns != labels_ns(label)) { 1173 count++; 1174 break; 1175 } 1176 } 1177 1178 seq_printf(seq, "%s\n", count > 1 ? "yes" : "no"); 1179 end_current_label_crit_section(label); 1180 1181 return 0; 1182 } 1183 seq_ns_level_show(struct seq_file * seq,void * v)1184 static int seq_ns_level_show(struct seq_file *seq, void *v) 1185 { 1186 struct aa_label *label; 1187 1188 label = begin_current_label_crit_section(); 1189 seq_printf(seq, "%d\n", labels_ns(label)->level); 1190 end_current_label_crit_section(label); 1191 1192 return 0; 1193 } 1194 seq_ns_name_show(struct seq_file * seq,void * v)1195 static int seq_ns_name_show(struct seq_file *seq, void *v) 1196 { 1197 struct aa_label *label = begin_current_label_crit_section(); 1198 seq_printf(seq, "%s\n", labels_ns(label)->base.name); 1199 end_current_label_crit_section(label); 1200 1201 return 0; 1202 } 1203 seq_ns_compress_min_show(struct seq_file * seq,void * v)1204 static int seq_ns_compress_min_show(struct seq_file *seq, void *v) 1205 { 1206 seq_printf(seq, "%d\n", AA_MIN_CLEVEL); 1207 return 0; 1208 } 1209 seq_ns_compress_max_show(struct seq_file * seq,void * v)1210 static int seq_ns_compress_max_show(struct seq_file *seq, void *v) 1211 { 1212 seq_printf(seq, "%d\n", AA_MAX_CLEVEL); 1213 return 0; 1214 } 1215 1216 SEQ_NS_FOPS(stacked); 1217 SEQ_NS_FOPS(nsstacked); 1218 SEQ_NS_FOPS(level); 1219 SEQ_NS_FOPS(name); 1220 SEQ_NS_FOPS(compress_min); 1221 SEQ_NS_FOPS(compress_max); 1222 1223 1224 /* policy/raw_data/ * file ops */ 1225 #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY 1226 #define SEQ_RAWDATA_FOPS(NAME) \ 1227 static int seq_rawdata_ ##NAME ##_open(struct inode *inode, struct file *file)\ 1228 { \ 1229 return seq_rawdata_open(inode, file, seq_rawdata_ ##NAME ##_show); \ 1230 } \ 1231 \ 1232 static const struct file_operations seq_rawdata_ ##NAME ##_fops = { \ 1233 .owner = THIS_MODULE, \ 1234 .open = seq_rawdata_ ##NAME ##_open, \ 1235 .read = seq_read, \ 1236 .llseek = seq_lseek, \ 1237 .release = seq_rawdata_release, \ 1238 } \ 1239 seq_rawdata_open(struct inode * inode,struct file * file,int (* show)(struct seq_file *,void *))1240 static int seq_rawdata_open(struct inode *inode, struct file *file, 1241 int (*show)(struct seq_file *, void *)) 1242 { 1243 struct aa_loaddata *data = __aa_get_loaddata(inode->i_private); 1244 int error; 1245 1246 if (!data) 1247 /* lost race this ent is being reaped */ 1248 return -ENOENT; 1249 1250 error = single_open(file, show, data); 1251 if (error) { 1252 AA_BUG(file->private_data && 1253 ((struct seq_file *)file->private_data)->private); 1254 aa_put_loaddata(data); 1255 } 1256 1257 return error; 1258 } 1259 seq_rawdata_release(struct inode * inode,struct file * file)1260 static int seq_rawdata_release(struct inode *inode, struct file *file) 1261 { 1262 struct seq_file *seq = (struct seq_file *) file->private_data; 1263 1264 if (seq) 1265 aa_put_loaddata(seq->private); 1266 1267 return single_release(inode, file); 1268 } 1269 seq_rawdata_abi_show(struct seq_file * seq,void * v)1270 static int seq_rawdata_abi_show(struct seq_file *seq, void *v) 1271 { 1272 struct aa_loaddata *data = seq->private; 1273 1274 seq_printf(seq, "v%d\n", data->abi); 1275 1276 return 0; 1277 } 1278 seq_rawdata_revision_show(struct seq_file * seq,void * v)1279 static int seq_rawdata_revision_show(struct seq_file *seq, void *v) 1280 { 1281 struct aa_loaddata *data = seq->private; 1282 1283 seq_printf(seq, "%ld\n", data->revision); 1284 1285 return 0; 1286 } 1287 seq_rawdata_hash_show(struct seq_file * seq,void * v)1288 static int seq_rawdata_hash_show(struct seq_file *seq, void *v) 1289 { 1290 struct aa_loaddata *data = seq->private; 1291 unsigned int i, size = aa_hash_size(); 1292 1293 if (data->hash) { 1294 for (i = 0; i < size; i++) 1295 seq_printf(seq, "%.2x", data->hash[i]); 1296 seq_putc(seq, '\n'); 1297 } 1298 1299 return 0; 1300 } 1301 seq_rawdata_compressed_size_show(struct seq_file * seq,void * v)1302 static int seq_rawdata_compressed_size_show(struct seq_file *seq, void *v) 1303 { 1304 struct aa_loaddata *data = seq->private; 1305 1306 seq_printf(seq, "%zu\n", data->compressed_size); 1307 1308 return 0; 1309 } 1310 1311 SEQ_RAWDATA_FOPS(abi); 1312 SEQ_RAWDATA_FOPS(revision); 1313 SEQ_RAWDATA_FOPS(hash); 1314 SEQ_RAWDATA_FOPS(compressed_size); 1315 decompress_zstd(char * src,size_t slen,char * dst,size_t dlen)1316 static int decompress_zstd(char *src, size_t slen, char *dst, size_t dlen) 1317 { 1318 #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY 1319 if (slen < dlen) { 1320 const size_t wksp_len = zstd_dctx_workspace_bound(); 1321 zstd_dctx *ctx; 1322 void *wksp; 1323 size_t out_len; 1324 int ret = 0; 1325 1326 wksp = kvzalloc(wksp_len, GFP_KERNEL); 1327 if (!wksp) { 1328 ret = -ENOMEM; 1329 goto cleanup; 1330 } 1331 ctx = zstd_init_dctx(wksp, wksp_len); 1332 if (ctx == NULL) { 1333 ret = -ENOMEM; 1334 goto cleanup; 1335 } 1336 out_len = zstd_decompress_dctx(ctx, dst, dlen, src, slen); 1337 if (zstd_is_error(out_len)) { 1338 ret = -EINVAL; 1339 goto cleanup; 1340 } 1341 cleanup: 1342 kvfree(wksp); 1343 return ret; 1344 } 1345 #endif 1346 1347 if (dlen < slen) 1348 return -EINVAL; 1349 memcpy(dst, src, slen); 1350 return 0; 1351 } 1352 rawdata_read(struct file * file,char __user * buf,size_t size,loff_t * ppos)1353 static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size, 1354 loff_t *ppos) 1355 { 1356 struct rawdata_f_data *private = file->private_data; 1357 1358 return simple_read_from_buffer(buf, size, ppos, 1359 RAWDATA_F_DATA_BUF(private), 1360 private->loaddata->size); 1361 } 1362 rawdata_release(struct inode * inode,struct file * file)1363 static int rawdata_release(struct inode *inode, struct file *file) 1364 { 1365 rawdata_f_data_free(file->private_data); 1366 1367 return 0; 1368 } 1369 rawdata_open(struct inode * inode,struct file * file)1370 static int rawdata_open(struct inode *inode, struct file *file) 1371 { 1372 int error; 1373 struct aa_loaddata *loaddata; 1374 struct rawdata_f_data *private; 1375 1376 if (!aa_current_policy_view_capable(NULL)) 1377 return -EACCES; 1378 1379 loaddata = __aa_get_loaddata(inode->i_private); 1380 if (!loaddata) 1381 /* lost race: this entry is being reaped */ 1382 return -ENOENT; 1383 1384 private = rawdata_f_data_alloc(loaddata->size); 1385 if (IS_ERR(private)) { 1386 error = PTR_ERR(private); 1387 goto fail_private_alloc; 1388 } 1389 1390 private->loaddata = loaddata; 1391 1392 error = decompress_zstd(loaddata->data, loaddata->compressed_size, 1393 RAWDATA_F_DATA_BUF(private), 1394 loaddata->size); 1395 if (error) 1396 goto fail_decompress; 1397 1398 file->private_data = private; 1399 return 0; 1400 1401 fail_decompress: 1402 rawdata_f_data_free(private); 1403 return error; 1404 1405 fail_private_alloc: 1406 aa_put_loaddata(loaddata); 1407 return error; 1408 } 1409 1410 static const struct file_operations rawdata_fops = { 1411 .open = rawdata_open, 1412 .read = rawdata_read, 1413 .llseek = generic_file_llseek, 1414 .release = rawdata_release, 1415 }; 1416 remove_rawdata_dents(struct aa_loaddata * rawdata)1417 static void remove_rawdata_dents(struct aa_loaddata *rawdata) 1418 { 1419 int i; 1420 1421 for (i = 0; i < AAFS_LOADDATA_NDENTS; i++) { 1422 if (!IS_ERR_OR_NULL(rawdata->dents[i])) { 1423 /* no refcounts on i_private */ 1424 aafs_remove(rawdata->dents[i]); 1425 rawdata->dents[i] = NULL; 1426 } 1427 } 1428 } 1429 __aa_fs_remove_rawdata(struct aa_loaddata * rawdata)1430 void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata) 1431 { 1432 AA_BUG(rawdata->ns && !mutex_is_locked(&rawdata->ns->lock)); 1433 1434 if (rawdata->ns) { 1435 remove_rawdata_dents(rawdata); 1436 list_del_init(&rawdata->list); 1437 aa_put_ns(rawdata->ns); 1438 rawdata->ns = NULL; 1439 } 1440 } 1441 __aa_fs_create_rawdata(struct aa_ns * ns,struct aa_loaddata * rawdata)1442 int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata) 1443 { 1444 struct dentry *dent, *dir; 1445 1446 AA_BUG(!ns); 1447 AA_BUG(!rawdata); 1448 AA_BUG(!mutex_is_locked(&ns->lock)); 1449 AA_BUG(!ns_subdata_dir(ns)); 1450 1451 /* 1452 * just use ns revision dir was originally created at. This is 1453 * under ns->lock and if load is successful revision will be 1454 * bumped and is guaranteed to be unique 1455 */ 1456 rawdata->name = kasprintf(GFP_KERNEL, "%ld", ns->revision); 1457 if (!rawdata->name) 1458 return -ENOMEM; 1459 1460 dir = aafs_create_dir(rawdata->name, ns_subdata_dir(ns)); 1461 if (IS_ERR(dir)) 1462 /* ->name freed when rawdata freed */ 1463 return PTR_ERR(dir); 1464 rawdata->dents[AAFS_LOADDATA_DIR] = dir; 1465 1466 dent = aafs_create_file("abi", S_IFREG | 0444, dir, rawdata, 1467 &seq_rawdata_abi_fops); 1468 if (IS_ERR(dent)) 1469 goto fail; 1470 rawdata->dents[AAFS_LOADDATA_ABI] = dent; 1471 1472 dent = aafs_create_file("revision", S_IFREG | 0444, dir, rawdata, 1473 &seq_rawdata_revision_fops); 1474 if (IS_ERR(dent)) 1475 goto fail; 1476 rawdata->dents[AAFS_LOADDATA_REVISION] = dent; 1477 1478 if (aa_g_hash_policy) { 1479 dent = aafs_create_file("sha1", S_IFREG | 0444, dir, 1480 rawdata, &seq_rawdata_hash_fops); 1481 if (IS_ERR(dent)) 1482 goto fail; 1483 rawdata->dents[AAFS_LOADDATA_HASH] = dent; 1484 } 1485 1486 dent = aafs_create_file("compressed_size", S_IFREG | 0444, dir, 1487 rawdata, 1488 &seq_rawdata_compressed_size_fops); 1489 if (IS_ERR(dent)) 1490 goto fail; 1491 rawdata->dents[AAFS_LOADDATA_COMPRESSED_SIZE] = dent; 1492 1493 dent = aafs_create_file("raw_data", S_IFREG | 0444, 1494 dir, rawdata, &rawdata_fops); 1495 if (IS_ERR(dent)) 1496 goto fail; 1497 rawdata->dents[AAFS_LOADDATA_DATA] = dent; 1498 d_inode(dent)->i_size = rawdata->size; 1499 1500 rawdata->ns = aa_get_ns(ns); 1501 list_add(&rawdata->list, &ns->rawdata_list); 1502 /* no refcount on inode rawdata */ 1503 1504 return 0; 1505 1506 fail: 1507 remove_rawdata_dents(rawdata); 1508 1509 return PTR_ERR(dent); 1510 } 1511 #endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */ 1512 1513 1514 /** fns to setup dynamic per profile/namespace files **/ 1515 1516 /* 1517 * 1518 * Requires: @profile->ns->lock held 1519 */ __aafs_profile_rmdir(struct aa_profile * profile)1520 void __aafs_profile_rmdir(struct aa_profile *profile) 1521 { 1522 struct aa_profile *child; 1523 int i; 1524 1525 if (!profile) 1526 return; 1527 1528 list_for_each_entry(child, &profile->base.profiles, base.list) 1529 __aafs_profile_rmdir(child); 1530 1531 for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) { 1532 struct aa_proxy *proxy; 1533 if (!profile->dents[i]) 1534 continue; 1535 1536 proxy = d_inode(profile->dents[i])->i_private; 1537 aafs_remove(profile->dents[i]); 1538 aa_put_proxy(proxy); 1539 profile->dents[i] = NULL; 1540 } 1541 } 1542 1543 /* 1544 * 1545 * Requires: @old->ns->lock held 1546 */ __aafs_profile_migrate_dents(struct aa_profile * old,struct aa_profile * new)1547 void __aafs_profile_migrate_dents(struct aa_profile *old, 1548 struct aa_profile *new) 1549 { 1550 int i; 1551 1552 AA_BUG(!old); 1553 AA_BUG(!new); 1554 AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock)); 1555 1556 for (i = 0; i < AAFS_PROF_SIZEOF; i++) { 1557 new->dents[i] = old->dents[i]; 1558 if (new->dents[i]) { 1559 struct inode *inode = d_inode(new->dents[i]); 1560 1561 inode->i_mtime = inode_set_ctime_current(inode); 1562 } 1563 old->dents[i] = NULL; 1564 } 1565 } 1566 create_profile_file(struct dentry * dir,const char * name,struct aa_profile * profile,const struct file_operations * fops)1567 static struct dentry *create_profile_file(struct dentry *dir, const char *name, 1568 struct aa_profile *profile, 1569 const struct file_operations *fops) 1570 { 1571 struct aa_proxy *proxy = aa_get_proxy(profile->label.proxy); 1572 struct dentry *dent; 1573 1574 dent = aafs_create_file(name, S_IFREG | 0444, dir, proxy, fops); 1575 if (IS_ERR(dent)) 1576 aa_put_proxy(proxy); 1577 1578 return dent; 1579 } 1580 1581 #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY profile_depth(struct aa_profile * profile)1582 static int profile_depth(struct aa_profile *profile) 1583 { 1584 int depth = 0; 1585 1586 rcu_read_lock(); 1587 for (depth = 0; profile; profile = rcu_access_pointer(profile->parent)) 1588 depth++; 1589 rcu_read_unlock(); 1590 1591 return depth; 1592 } 1593 gen_symlink_name(int depth,const char * dirname,const char * fname)1594 static char *gen_symlink_name(int depth, const char *dirname, const char *fname) 1595 { 1596 char *buffer, *s; 1597 int error; 1598 int size = depth * 6 + strlen(dirname) + strlen(fname) + 11; 1599 1600 s = buffer = kmalloc(size, GFP_KERNEL); 1601 if (!buffer) 1602 return ERR_PTR(-ENOMEM); 1603 1604 for (; depth > 0; depth--) { 1605 strcpy(s, "../../"); 1606 s += 6; 1607 size -= 6; 1608 } 1609 1610 error = snprintf(s, size, "raw_data/%s/%s", dirname, fname); 1611 if (error >= size || error < 0) { 1612 kfree(buffer); 1613 return ERR_PTR(-ENAMETOOLONG); 1614 } 1615 1616 return buffer; 1617 } 1618 rawdata_link_cb(void * arg)1619 static void rawdata_link_cb(void *arg) 1620 { 1621 kfree(arg); 1622 } 1623 rawdata_get_link_base(struct dentry * dentry,struct inode * inode,struct delayed_call * done,const char * name)1624 static const char *rawdata_get_link_base(struct dentry *dentry, 1625 struct inode *inode, 1626 struct delayed_call *done, 1627 const char *name) 1628 { 1629 struct aa_proxy *proxy = inode->i_private; 1630 struct aa_label *label; 1631 struct aa_profile *profile; 1632 char *target; 1633 int depth; 1634 1635 if (!dentry) 1636 return ERR_PTR(-ECHILD); 1637 1638 label = aa_get_label_rcu(&proxy->label); 1639 profile = labels_profile(label); 1640 depth = profile_depth(profile); 1641 target = gen_symlink_name(depth, profile->rawdata->name, name); 1642 aa_put_label(label); 1643 1644 if (IS_ERR(target)) 1645 return target; 1646 1647 set_delayed_call(done, rawdata_link_cb, target); 1648 1649 return target; 1650 } 1651 rawdata_get_link_sha1(struct dentry * dentry,struct inode * inode,struct delayed_call * done)1652 static const char *rawdata_get_link_sha1(struct dentry *dentry, 1653 struct inode *inode, 1654 struct delayed_call *done) 1655 { 1656 return rawdata_get_link_base(dentry, inode, done, "sha1"); 1657 } 1658 rawdata_get_link_abi(struct dentry * dentry,struct inode * inode,struct delayed_call * done)1659 static const char *rawdata_get_link_abi(struct dentry *dentry, 1660 struct inode *inode, 1661 struct delayed_call *done) 1662 { 1663 return rawdata_get_link_base(dentry, inode, done, "abi"); 1664 } 1665 rawdata_get_link_data(struct dentry * dentry,struct inode * inode,struct delayed_call * done)1666 static const char *rawdata_get_link_data(struct dentry *dentry, 1667 struct inode *inode, 1668 struct delayed_call *done) 1669 { 1670 return rawdata_get_link_base(dentry, inode, done, "raw_data"); 1671 } 1672 1673 static const struct inode_operations rawdata_link_sha1_iops = { 1674 .get_link = rawdata_get_link_sha1, 1675 }; 1676 1677 static const struct inode_operations rawdata_link_abi_iops = { 1678 .get_link = rawdata_get_link_abi, 1679 }; 1680 static const struct inode_operations rawdata_link_data_iops = { 1681 .get_link = rawdata_get_link_data, 1682 }; 1683 #endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */ 1684 1685 /* 1686 * Requires: @profile->ns->lock held 1687 */ __aafs_profile_mkdir(struct aa_profile * profile,struct dentry * parent)1688 int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) 1689 { 1690 struct aa_profile *child; 1691 struct dentry *dent = NULL, *dir; 1692 int error; 1693 1694 AA_BUG(!profile); 1695 AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock)); 1696 1697 if (!parent) { 1698 struct aa_profile *p; 1699 p = aa_deref_parent(profile); 1700 dent = prof_dir(p); 1701 if (!dent) { 1702 error = -ENOENT; 1703 goto fail2; 1704 } 1705 /* adding to parent that previously didn't have children */ 1706 dent = aafs_create_dir("profiles", dent); 1707 if (IS_ERR(dent)) 1708 goto fail; 1709 prof_child_dir(p) = parent = dent; 1710 } 1711 1712 if (!profile->dirname) { 1713 int len, id_len; 1714 len = mangle_name(profile->base.name, NULL); 1715 id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id); 1716 1717 profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL); 1718 if (!profile->dirname) { 1719 error = -ENOMEM; 1720 goto fail2; 1721 } 1722 1723 mangle_name(profile->base.name, profile->dirname); 1724 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++); 1725 } 1726 1727 dent = aafs_create_dir(profile->dirname, parent); 1728 if (IS_ERR(dent)) 1729 goto fail; 1730 prof_dir(profile) = dir = dent; 1731 1732 dent = create_profile_file(dir, "name", profile, 1733 &seq_profile_name_fops); 1734 if (IS_ERR(dent)) 1735 goto fail; 1736 profile->dents[AAFS_PROF_NAME] = dent; 1737 1738 dent = create_profile_file(dir, "mode", profile, 1739 &seq_profile_mode_fops); 1740 if (IS_ERR(dent)) 1741 goto fail; 1742 profile->dents[AAFS_PROF_MODE] = dent; 1743 1744 dent = create_profile_file(dir, "attach", profile, 1745 &seq_profile_attach_fops); 1746 if (IS_ERR(dent)) 1747 goto fail; 1748 profile->dents[AAFS_PROF_ATTACH] = dent; 1749 1750 if (profile->hash) { 1751 dent = create_profile_file(dir, "sha1", profile, 1752 &seq_profile_hash_fops); 1753 if (IS_ERR(dent)) 1754 goto fail; 1755 profile->dents[AAFS_PROF_HASH] = dent; 1756 } 1757 1758 #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY 1759 if (profile->rawdata) { 1760 if (aa_g_hash_policy) { 1761 dent = aafs_create("raw_sha1", S_IFLNK | 0444, dir, 1762 profile->label.proxy, NULL, NULL, 1763 &rawdata_link_sha1_iops); 1764 if (IS_ERR(dent)) 1765 goto fail; 1766 aa_get_proxy(profile->label.proxy); 1767 profile->dents[AAFS_PROF_RAW_HASH] = dent; 1768 } 1769 dent = aafs_create("raw_abi", S_IFLNK | 0444, dir, 1770 profile->label.proxy, NULL, NULL, 1771 &rawdata_link_abi_iops); 1772 if (IS_ERR(dent)) 1773 goto fail; 1774 aa_get_proxy(profile->label.proxy); 1775 profile->dents[AAFS_PROF_RAW_ABI] = dent; 1776 1777 dent = aafs_create("raw_data", S_IFLNK | 0444, dir, 1778 profile->label.proxy, NULL, NULL, 1779 &rawdata_link_data_iops); 1780 if (IS_ERR(dent)) 1781 goto fail; 1782 aa_get_proxy(profile->label.proxy); 1783 profile->dents[AAFS_PROF_RAW_DATA] = dent; 1784 } 1785 #endif /*CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */ 1786 1787 list_for_each_entry(child, &profile->base.profiles, base.list) { 1788 error = __aafs_profile_mkdir(child, prof_child_dir(profile)); 1789 if (error) 1790 goto fail2; 1791 } 1792 1793 return 0; 1794 1795 fail: 1796 error = PTR_ERR(dent); 1797 1798 fail2: 1799 __aafs_profile_rmdir(profile); 1800 1801 return error; 1802 } 1803 ns_mkdir_op(struct mnt_idmap * idmap,struct inode * dir,struct dentry * dentry,umode_t mode)1804 static int ns_mkdir_op(struct mnt_idmap *idmap, struct inode *dir, 1805 struct dentry *dentry, umode_t mode) 1806 { 1807 struct aa_ns *ns, *parent; 1808 /* TODO: improve permission check */ 1809 struct aa_label *label; 1810 int error; 1811 1812 label = begin_current_label_crit_section(); 1813 error = aa_may_manage_policy(current_cred(), label, NULL, 1814 AA_MAY_LOAD_POLICY); 1815 end_current_label_crit_section(label); 1816 if (error) 1817 return error; 1818 1819 parent = aa_get_ns(dir->i_private); 1820 AA_BUG(d_inode(ns_subns_dir(parent)) != dir); 1821 1822 /* we have to unlock and then relock to get locking order right 1823 * for pin_fs 1824 */ 1825 inode_unlock(dir); 1826 error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count); 1827 mutex_lock_nested(&parent->lock, parent->level); 1828 inode_lock_nested(dir, I_MUTEX_PARENT); 1829 if (error) 1830 goto out; 1831 1832 error = __aafs_setup_d_inode(dir, dentry, mode | S_IFDIR, NULL, 1833 NULL, NULL, NULL); 1834 if (error) 1835 goto out_pin; 1836 1837 ns = __aa_find_or_create_ns(parent, READ_ONCE(dentry->d_name.name), 1838 dentry); 1839 if (IS_ERR(ns)) { 1840 error = PTR_ERR(ns); 1841 ns = NULL; 1842 } 1843 1844 aa_put_ns(ns); /* list ref remains */ 1845 out_pin: 1846 if (error) 1847 simple_release_fs(&aafs_mnt, &aafs_count); 1848 out: 1849 mutex_unlock(&parent->lock); 1850 aa_put_ns(parent); 1851 1852 return error; 1853 } 1854 ns_rmdir_op(struct inode * dir,struct dentry * dentry)1855 static int ns_rmdir_op(struct inode *dir, struct dentry *dentry) 1856 { 1857 struct aa_ns *ns, *parent; 1858 /* TODO: improve permission check */ 1859 struct aa_label *label; 1860 int error; 1861 1862 label = begin_current_label_crit_section(); 1863 error = aa_may_manage_policy(current_cred(), label, NULL, 1864 AA_MAY_LOAD_POLICY); 1865 end_current_label_crit_section(label); 1866 if (error) 1867 return error; 1868 1869 parent = aa_get_ns(dir->i_private); 1870 /* rmdir calls the generic securityfs functions to remove files 1871 * from the apparmor dir. It is up to the apparmor ns locking 1872 * to avoid races. 1873 */ 1874 inode_unlock(dir); 1875 inode_unlock(dentry->d_inode); 1876 1877 mutex_lock_nested(&parent->lock, parent->level); 1878 ns = aa_get_ns(__aa_findn_ns(&parent->sub_ns, dentry->d_name.name, 1879 dentry->d_name.len)); 1880 if (!ns) { 1881 error = -ENOENT; 1882 goto out; 1883 } 1884 AA_BUG(ns_dir(ns) != dentry); 1885 1886 __aa_remove_ns(ns); 1887 aa_put_ns(ns); 1888 1889 out: 1890 mutex_unlock(&parent->lock); 1891 inode_lock_nested(dir, I_MUTEX_PARENT); 1892 inode_lock(dentry->d_inode); 1893 aa_put_ns(parent); 1894 1895 return error; 1896 } 1897 1898 static const struct inode_operations ns_dir_inode_operations = { 1899 .lookup = simple_lookup, 1900 .mkdir = ns_mkdir_op, 1901 .rmdir = ns_rmdir_op, 1902 }; 1903 __aa_fs_list_remove_rawdata(struct aa_ns * ns)1904 static void __aa_fs_list_remove_rawdata(struct aa_ns *ns) 1905 { 1906 struct aa_loaddata *ent, *tmp; 1907 1908 AA_BUG(!mutex_is_locked(&ns->lock)); 1909 1910 list_for_each_entry_safe(ent, tmp, &ns->rawdata_list, list) 1911 __aa_fs_remove_rawdata(ent); 1912 } 1913 1914 /* 1915 * 1916 * Requires: @ns->lock held 1917 */ __aafs_ns_rmdir(struct aa_ns * ns)1918 void __aafs_ns_rmdir(struct aa_ns *ns) 1919 { 1920 struct aa_ns *sub; 1921 struct aa_profile *child; 1922 int i; 1923 1924 if (!ns) 1925 return; 1926 AA_BUG(!mutex_is_locked(&ns->lock)); 1927 1928 list_for_each_entry(child, &ns->base.profiles, base.list) 1929 __aafs_profile_rmdir(child); 1930 1931 list_for_each_entry(sub, &ns->sub_ns, base.list) { 1932 mutex_lock_nested(&sub->lock, sub->level); 1933 __aafs_ns_rmdir(sub); 1934 mutex_unlock(&sub->lock); 1935 } 1936 1937 __aa_fs_list_remove_rawdata(ns); 1938 1939 if (ns_subns_dir(ns)) { 1940 sub = d_inode(ns_subns_dir(ns))->i_private; 1941 aa_put_ns(sub); 1942 } 1943 if (ns_subload(ns)) { 1944 sub = d_inode(ns_subload(ns))->i_private; 1945 aa_put_ns(sub); 1946 } 1947 if (ns_subreplace(ns)) { 1948 sub = d_inode(ns_subreplace(ns))->i_private; 1949 aa_put_ns(sub); 1950 } 1951 if (ns_subremove(ns)) { 1952 sub = d_inode(ns_subremove(ns))->i_private; 1953 aa_put_ns(sub); 1954 } 1955 if (ns_subrevision(ns)) { 1956 sub = d_inode(ns_subrevision(ns))->i_private; 1957 aa_put_ns(sub); 1958 } 1959 1960 for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) { 1961 aafs_remove(ns->dents[i]); 1962 ns->dents[i] = NULL; 1963 } 1964 } 1965 1966 /* assumes cleanup in caller */ __aafs_ns_mkdir_entries(struct aa_ns * ns,struct dentry * dir)1967 static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir) 1968 { 1969 struct dentry *dent; 1970 1971 AA_BUG(!ns); 1972 AA_BUG(!dir); 1973 1974 dent = aafs_create_dir("profiles", dir); 1975 if (IS_ERR(dent)) 1976 return PTR_ERR(dent); 1977 ns_subprofs_dir(ns) = dent; 1978 1979 dent = aafs_create_dir("raw_data", dir); 1980 if (IS_ERR(dent)) 1981 return PTR_ERR(dent); 1982 ns_subdata_dir(ns) = dent; 1983 1984 dent = aafs_create_file("revision", 0444, dir, ns, 1985 &aa_fs_ns_revision_fops); 1986 if (IS_ERR(dent)) 1987 return PTR_ERR(dent); 1988 aa_get_ns(ns); 1989 ns_subrevision(ns) = dent; 1990 1991 dent = aafs_create_file(".load", 0640, dir, ns, 1992 &aa_fs_profile_load); 1993 if (IS_ERR(dent)) 1994 return PTR_ERR(dent); 1995 aa_get_ns(ns); 1996 ns_subload(ns) = dent; 1997 1998 dent = aafs_create_file(".replace", 0640, dir, ns, 1999 &aa_fs_profile_replace); 2000 if (IS_ERR(dent)) 2001 return PTR_ERR(dent); 2002 aa_get_ns(ns); 2003 ns_subreplace(ns) = dent; 2004 2005 dent = aafs_create_file(".remove", 0640, dir, ns, 2006 &aa_fs_profile_remove); 2007 if (IS_ERR(dent)) 2008 return PTR_ERR(dent); 2009 aa_get_ns(ns); 2010 ns_subremove(ns) = dent; 2011 2012 /* use create_dentry so we can supply private data */ 2013 dent = aafs_create("namespaces", S_IFDIR | 0755, dir, ns, NULL, NULL, 2014 &ns_dir_inode_operations); 2015 if (IS_ERR(dent)) 2016 return PTR_ERR(dent); 2017 aa_get_ns(ns); 2018 ns_subns_dir(ns) = dent; 2019 2020 return 0; 2021 } 2022 2023 /* 2024 * Requires: @ns->lock held 2025 */ __aafs_ns_mkdir(struct aa_ns * ns,struct dentry * parent,const char * name,struct dentry * dent)2026 int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name, 2027 struct dentry *dent) 2028 { 2029 struct aa_ns *sub; 2030 struct aa_profile *child; 2031 struct dentry *dir; 2032 int error; 2033 2034 AA_BUG(!ns); 2035 AA_BUG(!parent); 2036 AA_BUG(!mutex_is_locked(&ns->lock)); 2037 2038 if (!name) 2039 name = ns->base.name; 2040 2041 if (!dent) { 2042 /* create ns dir if it doesn't already exist */ 2043 dent = aafs_create_dir(name, parent); 2044 if (IS_ERR(dent)) 2045 goto fail; 2046 } else 2047 dget(dent); 2048 ns_dir(ns) = dir = dent; 2049 error = __aafs_ns_mkdir_entries(ns, dir); 2050 if (error) 2051 goto fail2; 2052 2053 /* profiles */ 2054 list_for_each_entry(child, &ns->base.profiles, base.list) { 2055 error = __aafs_profile_mkdir(child, ns_subprofs_dir(ns)); 2056 if (error) 2057 goto fail2; 2058 } 2059 2060 /* subnamespaces */ 2061 list_for_each_entry(sub, &ns->sub_ns, base.list) { 2062 mutex_lock_nested(&sub->lock, sub->level); 2063 error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL); 2064 mutex_unlock(&sub->lock); 2065 if (error) 2066 goto fail2; 2067 } 2068 2069 return 0; 2070 2071 fail: 2072 error = PTR_ERR(dent); 2073 2074 fail2: 2075 __aafs_ns_rmdir(ns); 2076 2077 return error; 2078 } 2079 2080 /** 2081 * __next_ns - find the next namespace to list 2082 * @root: root namespace to stop search at (NOT NULL) 2083 * @ns: current ns position (NOT NULL) 2084 * 2085 * Find the next namespace from @ns under @root and handle all locking needed 2086 * while switching current namespace. 2087 * 2088 * Returns: next namespace or NULL if at last namespace under @root 2089 * Requires: ns->parent->lock to be held 2090 * NOTE: will not unlock root->lock 2091 */ __next_ns(struct aa_ns * root,struct aa_ns * ns)2092 static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns) 2093 { 2094 struct aa_ns *parent, *next; 2095 2096 AA_BUG(!root); 2097 AA_BUG(!ns); 2098 AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock)); 2099 2100 /* is next namespace a child */ 2101 if (!list_empty(&ns->sub_ns)) { 2102 next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list); 2103 mutex_lock_nested(&next->lock, next->level); 2104 return next; 2105 } 2106 2107 /* check if the next ns is a sibling, parent, gp, .. */ 2108 parent = ns->parent; 2109 while (ns != root) { 2110 mutex_unlock(&ns->lock); 2111 next = list_next_entry(ns, base.list); 2112 if (!list_entry_is_head(next, &parent->sub_ns, base.list)) { 2113 mutex_lock_nested(&next->lock, next->level); 2114 return next; 2115 } 2116 ns = parent; 2117 parent = parent->parent; 2118 } 2119 2120 return NULL; 2121 } 2122 2123 /** 2124 * __first_profile - find the first profile in a namespace 2125 * @root: namespace that is root of profiles being displayed (NOT NULL) 2126 * @ns: namespace to start in (NOT NULL) 2127 * 2128 * Returns: unrefcounted profile or NULL if no profile 2129 * Requires: profile->ns.lock to be held 2130 */ __first_profile(struct aa_ns * root,struct aa_ns * ns)2131 static struct aa_profile *__first_profile(struct aa_ns *root, 2132 struct aa_ns *ns) 2133 { 2134 AA_BUG(!root); 2135 AA_BUG(ns && !mutex_is_locked(&ns->lock)); 2136 2137 for (; ns; ns = __next_ns(root, ns)) { 2138 if (!list_empty(&ns->base.profiles)) 2139 return list_first_entry(&ns->base.profiles, 2140 struct aa_profile, base.list); 2141 } 2142 return NULL; 2143 } 2144 2145 /** 2146 * __next_profile - step to the next profile in a profile tree 2147 * @p: current profile in tree (NOT NULL) 2148 * 2149 * Perform a depth first traversal on the profile tree in a namespace 2150 * 2151 * Returns: next profile or NULL if done 2152 * Requires: profile->ns.lock to be held 2153 */ __next_profile(struct aa_profile * p)2154 static struct aa_profile *__next_profile(struct aa_profile *p) 2155 { 2156 struct aa_profile *parent; 2157 struct aa_ns *ns = p->ns; 2158 2159 AA_BUG(!mutex_is_locked(&profiles_ns(p)->lock)); 2160 2161 /* is next profile a child */ 2162 if (!list_empty(&p->base.profiles)) 2163 return list_first_entry(&p->base.profiles, typeof(*p), 2164 base.list); 2165 2166 /* is next profile a sibling, parent sibling, gp, sibling, .. */ 2167 parent = rcu_dereference_protected(p->parent, 2168 mutex_is_locked(&p->ns->lock)); 2169 while (parent) { 2170 p = list_next_entry(p, base.list); 2171 if (!list_entry_is_head(p, &parent->base.profiles, base.list)) 2172 return p; 2173 p = parent; 2174 parent = rcu_dereference_protected(parent->parent, 2175 mutex_is_locked(&parent->ns->lock)); 2176 } 2177 2178 /* is next another profile in the namespace */ 2179 p = list_next_entry(p, base.list); 2180 if (!list_entry_is_head(p, &ns->base.profiles, base.list)) 2181 return p; 2182 2183 return NULL; 2184 } 2185 2186 /** 2187 * next_profile - step to the next profile in where ever it may be 2188 * @root: root namespace (NOT NULL) 2189 * @profile: current profile (NOT NULL) 2190 * 2191 * Returns: next profile or NULL if there isn't one 2192 */ next_profile(struct aa_ns * root,struct aa_profile * profile)2193 static struct aa_profile *next_profile(struct aa_ns *root, 2194 struct aa_profile *profile) 2195 { 2196 struct aa_profile *next = __next_profile(profile); 2197 if (next) 2198 return next; 2199 2200 /* finished all profiles in namespace move to next namespace */ 2201 return __first_profile(root, __next_ns(root, profile->ns)); 2202 } 2203 2204 /** 2205 * p_start - start a depth first traversal of profile tree 2206 * @f: seq_file to fill 2207 * @pos: current position 2208 * 2209 * Returns: first profile under current namespace or NULL if none found 2210 * 2211 * acquires first ns->lock 2212 */ p_start(struct seq_file * f,loff_t * pos)2213 static void *p_start(struct seq_file *f, loff_t *pos) 2214 { 2215 struct aa_profile *profile = NULL; 2216 struct aa_ns *root = aa_get_current_ns(); 2217 loff_t l = *pos; 2218 f->private = root; 2219 2220 /* find the first profile */ 2221 mutex_lock_nested(&root->lock, root->level); 2222 profile = __first_profile(root, root); 2223 2224 /* skip to position */ 2225 for (; profile && l > 0; l--) 2226 profile = next_profile(root, profile); 2227 2228 return profile; 2229 } 2230 2231 /** 2232 * p_next - read the next profile entry 2233 * @f: seq_file to fill 2234 * @p: profile previously returned 2235 * @pos: current position 2236 * 2237 * Returns: next profile after @p or NULL if none 2238 * 2239 * may acquire/release locks in namespace tree as necessary 2240 */ p_next(struct seq_file * f,void * p,loff_t * pos)2241 static void *p_next(struct seq_file *f, void *p, loff_t *pos) 2242 { 2243 struct aa_profile *profile = p; 2244 struct aa_ns *ns = f->private; 2245 (*pos)++; 2246 2247 return next_profile(ns, profile); 2248 } 2249 2250 /** 2251 * p_stop - stop depth first traversal 2252 * @f: seq_file we are filling 2253 * @p: the last profile writen 2254 * 2255 * Release all locking done by p_start/p_next on namespace tree 2256 */ p_stop(struct seq_file * f,void * p)2257 static void p_stop(struct seq_file *f, void *p) 2258 { 2259 struct aa_profile *profile = p; 2260 struct aa_ns *root = f->private, *ns; 2261 2262 if (profile) { 2263 for (ns = profile->ns; ns && ns != root; ns = ns->parent) 2264 mutex_unlock(&ns->lock); 2265 } 2266 mutex_unlock(&root->lock); 2267 aa_put_ns(root); 2268 } 2269 2270 /** 2271 * seq_show_profile - show a profile entry 2272 * @f: seq_file to file 2273 * @p: current position (profile) (NOT NULL) 2274 * 2275 * Returns: error on failure 2276 */ seq_show_profile(struct seq_file * f,void * p)2277 static int seq_show_profile(struct seq_file *f, void *p) 2278 { 2279 struct aa_profile *profile = (struct aa_profile *)p; 2280 struct aa_ns *root = f->private; 2281 2282 aa_label_seq_xprint(f, root, &profile->label, 2283 FLAG_SHOW_MODE | FLAG_VIEW_SUBNS, GFP_KERNEL); 2284 seq_putc(f, '\n'); 2285 2286 return 0; 2287 } 2288 2289 static const struct seq_operations aa_sfs_profiles_op = { 2290 .start = p_start, 2291 .next = p_next, 2292 .stop = p_stop, 2293 .show = seq_show_profile, 2294 }; 2295 profiles_open(struct inode * inode,struct file * file)2296 static int profiles_open(struct inode *inode, struct file *file) 2297 { 2298 if (!aa_current_policy_view_capable(NULL)) 2299 return -EACCES; 2300 2301 return seq_open(file, &aa_sfs_profiles_op); 2302 } 2303 profiles_release(struct inode * inode,struct file * file)2304 static int profiles_release(struct inode *inode, struct file *file) 2305 { 2306 return seq_release(inode, file); 2307 } 2308 2309 static const struct file_operations aa_sfs_profiles_fops = { 2310 .open = profiles_open, 2311 .read = seq_read, 2312 .llseek = seq_lseek, 2313 .release = profiles_release, 2314 }; 2315 2316 2317 /** Base file system setup **/ 2318 static struct aa_sfs_entry aa_sfs_entry_file[] = { 2319 AA_SFS_FILE_STRING("mask", 2320 "create read write exec append mmap_exec link lock"), 2321 { } 2322 }; 2323 2324 static struct aa_sfs_entry aa_sfs_entry_ptrace[] = { 2325 AA_SFS_FILE_STRING("mask", "read trace"), 2326 { } 2327 }; 2328 2329 static struct aa_sfs_entry aa_sfs_entry_signal[] = { 2330 AA_SFS_FILE_STRING("mask", AA_SFS_SIG_MASK), 2331 { } 2332 }; 2333 2334 static struct aa_sfs_entry aa_sfs_entry_attach[] = { 2335 AA_SFS_FILE_BOOLEAN("xattr", 1), 2336 { } 2337 }; 2338 static struct aa_sfs_entry aa_sfs_entry_domain[] = { 2339 AA_SFS_FILE_BOOLEAN("change_hat", 1), 2340 AA_SFS_FILE_BOOLEAN("change_hatv", 1), 2341 AA_SFS_FILE_BOOLEAN("change_onexec", 1), 2342 AA_SFS_FILE_BOOLEAN("change_profile", 1), 2343 AA_SFS_FILE_BOOLEAN("stack", 1), 2344 AA_SFS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1), 2345 AA_SFS_FILE_BOOLEAN("post_nnp_subset", 1), 2346 AA_SFS_FILE_BOOLEAN("computed_longest_left", 1), 2347 AA_SFS_DIR("attach_conditions", aa_sfs_entry_attach), 2348 AA_SFS_FILE_STRING("version", "1.2"), 2349 { } 2350 }; 2351 2352 static struct aa_sfs_entry aa_sfs_entry_versions[] = { 2353 AA_SFS_FILE_BOOLEAN("v5", 1), 2354 AA_SFS_FILE_BOOLEAN("v6", 1), 2355 AA_SFS_FILE_BOOLEAN("v7", 1), 2356 AA_SFS_FILE_BOOLEAN("v8", 1), 2357 AA_SFS_FILE_BOOLEAN("v9", 1), 2358 { } 2359 }; 2360 2361 static struct aa_sfs_entry aa_sfs_entry_policy[] = { 2362 AA_SFS_DIR("versions", aa_sfs_entry_versions), 2363 AA_SFS_FILE_BOOLEAN("set_load", 1), 2364 /* number of out of band transitions supported */ 2365 AA_SFS_FILE_U64("outofband", MAX_OOB_SUPPORTED), 2366 { } 2367 }; 2368 2369 static struct aa_sfs_entry aa_sfs_entry_mount[] = { 2370 AA_SFS_FILE_STRING("mask", "mount umount pivot_root"), 2371 AA_SFS_FILE_STRING("move_mount", "detached"), 2372 { } 2373 }; 2374 2375 static struct aa_sfs_entry aa_sfs_entry_ns[] = { 2376 AA_SFS_FILE_BOOLEAN("profile", 1), 2377 AA_SFS_FILE_BOOLEAN("pivot_root", 0), 2378 { } 2379 }; 2380 2381 static struct aa_sfs_entry aa_sfs_entry_query_label[] = { 2382 AA_SFS_FILE_STRING("perms", "allow deny audit quiet"), 2383 AA_SFS_FILE_BOOLEAN("data", 1), 2384 AA_SFS_FILE_BOOLEAN("multi_transaction", 1), 2385 { } 2386 }; 2387 2388 static struct aa_sfs_entry aa_sfs_entry_query[] = { 2389 AA_SFS_DIR("label", aa_sfs_entry_query_label), 2390 { } 2391 }; 2392 static struct aa_sfs_entry aa_sfs_entry_features[] = { 2393 AA_SFS_DIR("policy", aa_sfs_entry_policy), 2394 AA_SFS_DIR("domain", aa_sfs_entry_domain), 2395 AA_SFS_DIR("file", aa_sfs_entry_file), 2396 AA_SFS_DIR("network_v8", aa_sfs_entry_network), 2397 AA_SFS_DIR("mount", aa_sfs_entry_mount), 2398 AA_SFS_DIR("namespaces", aa_sfs_entry_ns), 2399 AA_SFS_FILE_U64("capability", VFS_CAP_FLAGS_MASK), 2400 AA_SFS_DIR("rlimit", aa_sfs_entry_rlimit), 2401 AA_SFS_DIR("caps", aa_sfs_entry_caps), 2402 AA_SFS_DIR("ptrace", aa_sfs_entry_ptrace), 2403 AA_SFS_DIR("signal", aa_sfs_entry_signal), 2404 AA_SFS_DIR("query", aa_sfs_entry_query), 2405 { } 2406 }; 2407 2408 static struct aa_sfs_entry aa_sfs_entry_apparmor[] = { 2409 AA_SFS_FILE_FOPS(".access", 0666, &aa_sfs_access), 2410 AA_SFS_FILE_FOPS(".stacked", 0444, &seq_ns_stacked_fops), 2411 AA_SFS_FILE_FOPS(".ns_stacked", 0444, &seq_ns_nsstacked_fops), 2412 AA_SFS_FILE_FOPS(".ns_level", 0444, &seq_ns_level_fops), 2413 AA_SFS_FILE_FOPS(".ns_name", 0444, &seq_ns_name_fops), 2414 AA_SFS_FILE_FOPS("profiles", 0444, &aa_sfs_profiles_fops), 2415 AA_SFS_FILE_FOPS("raw_data_compression_level_min", 0444, &seq_ns_compress_min_fops), 2416 AA_SFS_FILE_FOPS("raw_data_compression_level_max", 0444, &seq_ns_compress_max_fops), 2417 AA_SFS_DIR("features", aa_sfs_entry_features), 2418 { } 2419 }; 2420 2421 static struct aa_sfs_entry aa_sfs_entry = 2422 AA_SFS_DIR("apparmor", aa_sfs_entry_apparmor); 2423 2424 /** 2425 * entry_create_file - create a file entry in the apparmor securityfs 2426 * @fs_file: aa_sfs_entry to build an entry for (NOT NULL) 2427 * @parent: the parent dentry in the securityfs 2428 * 2429 * Use entry_remove_file to remove entries created with this fn. 2430 */ entry_create_file(struct aa_sfs_entry * fs_file,struct dentry * parent)2431 static int __init entry_create_file(struct aa_sfs_entry *fs_file, 2432 struct dentry *parent) 2433 { 2434 int error = 0; 2435 2436 fs_file->dentry = securityfs_create_file(fs_file->name, 2437 S_IFREG | fs_file->mode, 2438 parent, fs_file, 2439 fs_file->file_ops); 2440 if (IS_ERR(fs_file->dentry)) { 2441 error = PTR_ERR(fs_file->dentry); 2442 fs_file->dentry = NULL; 2443 } 2444 return error; 2445 } 2446 2447 static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir); 2448 /** 2449 * entry_create_dir - recursively create a directory entry in the securityfs 2450 * @fs_dir: aa_sfs_entry (and all child entries) to build (NOT NULL) 2451 * @parent: the parent dentry in the securityfs 2452 * 2453 * Use entry_remove_dir to remove entries created with this fn. 2454 */ entry_create_dir(struct aa_sfs_entry * fs_dir,struct dentry * parent)2455 static int __init entry_create_dir(struct aa_sfs_entry *fs_dir, 2456 struct dentry *parent) 2457 { 2458 struct aa_sfs_entry *fs_file; 2459 struct dentry *dir; 2460 int error; 2461 2462 dir = securityfs_create_dir(fs_dir->name, parent); 2463 if (IS_ERR(dir)) 2464 return PTR_ERR(dir); 2465 fs_dir->dentry = dir; 2466 2467 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) { 2468 if (fs_file->v_type == AA_SFS_TYPE_DIR) 2469 error = entry_create_dir(fs_file, fs_dir->dentry); 2470 else 2471 error = entry_create_file(fs_file, fs_dir->dentry); 2472 if (error) 2473 goto failed; 2474 } 2475 2476 return 0; 2477 2478 failed: 2479 entry_remove_dir(fs_dir); 2480 2481 return error; 2482 } 2483 2484 /** 2485 * entry_remove_file - drop a single file entry in the apparmor securityfs 2486 * @fs_file: aa_sfs_entry to detach from the securityfs (NOT NULL) 2487 */ entry_remove_file(struct aa_sfs_entry * fs_file)2488 static void __init entry_remove_file(struct aa_sfs_entry *fs_file) 2489 { 2490 if (!fs_file->dentry) 2491 return; 2492 2493 securityfs_remove(fs_file->dentry); 2494 fs_file->dentry = NULL; 2495 } 2496 2497 /** 2498 * entry_remove_dir - recursively drop a directory entry from the securityfs 2499 * @fs_dir: aa_sfs_entry (and all child entries) to detach (NOT NULL) 2500 */ entry_remove_dir(struct aa_sfs_entry * fs_dir)2501 static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir) 2502 { 2503 struct aa_sfs_entry *fs_file; 2504 2505 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) { 2506 if (fs_file->v_type == AA_SFS_TYPE_DIR) 2507 entry_remove_dir(fs_file); 2508 else 2509 entry_remove_file(fs_file); 2510 } 2511 2512 entry_remove_file(fs_dir); 2513 } 2514 2515 /** 2516 * aa_destroy_aafs - cleanup and free aafs 2517 * 2518 * releases dentries allocated by aa_create_aafs 2519 */ aa_destroy_aafs(void)2520 void __init aa_destroy_aafs(void) 2521 { 2522 entry_remove_dir(&aa_sfs_entry); 2523 } 2524 2525 2526 #define NULL_FILE_NAME ".null" 2527 struct path aa_null; 2528 aa_mk_null_file(struct dentry * parent)2529 static int aa_mk_null_file(struct dentry *parent) 2530 { 2531 struct vfsmount *mount = NULL; 2532 struct dentry *dentry; 2533 struct inode *inode; 2534 int count = 0; 2535 int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count); 2536 2537 if (error) 2538 return error; 2539 2540 inode_lock(d_inode(parent)); 2541 dentry = lookup_one_len(NULL_FILE_NAME, parent, strlen(NULL_FILE_NAME)); 2542 if (IS_ERR(dentry)) { 2543 error = PTR_ERR(dentry); 2544 goto out; 2545 } 2546 inode = new_inode(parent->d_inode->i_sb); 2547 if (!inode) { 2548 error = -ENOMEM; 2549 goto out1; 2550 } 2551 2552 inode->i_ino = get_next_ino(); 2553 inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO; 2554 inode->i_atime = inode->i_mtime = inode_set_ctime_current(inode); 2555 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, 2556 MKDEV(MEM_MAJOR, 3)); 2557 d_instantiate(dentry, inode); 2558 aa_null.dentry = dget(dentry); 2559 aa_null.mnt = mntget(mount); 2560 2561 error = 0; 2562 2563 out1: 2564 dput(dentry); 2565 out: 2566 inode_unlock(d_inode(parent)); 2567 simple_release_fs(&mount, &count); 2568 return error; 2569 } 2570 2571 2572 policy_get_link(struct dentry * dentry,struct inode * inode,struct delayed_call * done)2573 static const char *policy_get_link(struct dentry *dentry, 2574 struct inode *inode, 2575 struct delayed_call *done) 2576 { 2577 struct aa_ns *ns; 2578 struct path path; 2579 int error; 2580 2581 if (!dentry) 2582 return ERR_PTR(-ECHILD); 2583 2584 ns = aa_get_current_ns(); 2585 path.mnt = mntget(aafs_mnt); 2586 path.dentry = dget(ns_dir(ns)); 2587 error = nd_jump_link(&path); 2588 aa_put_ns(ns); 2589 2590 return ERR_PTR(error); 2591 } 2592 policy_readlink(struct dentry * dentry,char __user * buffer,int buflen)2593 static int policy_readlink(struct dentry *dentry, char __user *buffer, 2594 int buflen) 2595 { 2596 char name[32]; 2597 int res; 2598 2599 res = snprintf(name, sizeof(name), "%s:[%lu]", AAFS_NAME, 2600 d_inode(dentry)->i_ino); 2601 if (res > 0 && res < sizeof(name)) 2602 res = readlink_copy(buffer, buflen, name); 2603 else 2604 res = -ENOENT; 2605 2606 return res; 2607 } 2608 2609 static const struct inode_operations policy_link_iops = { 2610 .readlink = policy_readlink, 2611 .get_link = policy_get_link, 2612 }; 2613 2614 2615 /** 2616 * aa_create_aafs - create the apparmor security filesystem 2617 * 2618 * dentries created here are released by aa_destroy_aafs 2619 * 2620 * Returns: error on failure 2621 */ aa_create_aafs(void)2622 static int __init aa_create_aafs(void) 2623 { 2624 struct dentry *dent; 2625 int error; 2626 2627 if (!apparmor_initialized) 2628 return 0; 2629 2630 if (aa_sfs_entry.dentry) { 2631 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__); 2632 return -EEXIST; 2633 } 2634 2635 /* setup apparmorfs used to virtualize policy/ */ 2636 aafs_mnt = kern_mount(&aafs_ops); 2637 if (IS_ERR(aafs_mnt)) 2638 panic("can't set apparmorfs up\n"); 2639 aafs_mnt->mnt_sb->s_flags &= ~SB_NOUSER; 2640 2641 /* Populate fs tree. */ 2642 error = entry_create_dir(&aa_sfs_entry, NULL); 2643 if (error) 2644 goto error; 2645 2646 dent = securityfs_create_file(".load", 0666, aa_sfs_entry.dentry, 2647 NULL, &aa_fs_profile_load); 2648 if (IS_ERR(dent)) 2649 goto dent_error; 2650 ns_subload(root_ns) = dent; 2651 2652 dent = securityfs_create_file(".replace", 0666, aa_sfs_entry.dentry, 2653 NULL, &aa_fs_profile_replace); 2654 if (IS_ERR(dent)) 2655 goto dent_error; 2656 ns_subreplace(root_ns) = dent; 2657 2658 dent = securityfs_create_file(".remove", 0666, aa_sfs_entry.dentry, 2659 NULL, &aa_fs_profile_remove); 2660 if (IS_ERR(dent)) 2661 goto dent_error; 2662 ns_subremove(root_ns) = dent; 2663 2664 dent = securityfs_create_file("revision", 0444, aa_sfs_entry.dentry, 2665 NULL, &aa_fs_ns_revision_fops); 2666 if (IS_ERR(dent)) 2667 goto dent_error; 2668 ns_subrevision(root_ns) = dent; 2669 2670 /* policy tree referenced by magic policy symlink */ 2671 mutex_lock_nested(&root_ns->lock, root_ns->level); 2672 error = __aafs_ns_mkdir(root_ns, aafs_mnt->mnt_root, ".policy", 2673 aafs_mnt->mnt_root); 2674 mutex_unlock(&root_ns->lock); 2675 if (error) 2676 goto error; 2677 2678 /* magic symlink similar to nsfs redirects based on task policy */ 2679 dent = securityfs_create_symlink("policy", aa_sfs_entry.dentry, 2680 NULL, &policy_link_iops); 2681 if (IS_ERR(dent)) 2682 goto dent_error; 2683 2684 error = aa_mk_null_file(aa_sfs_entry.dentry); 2685 if (error) 2686 goto error; 2687 2688 /* TODO: add default profile to apparmorfs */ 2689 2690 /* Report that AppArmor fs is enabled */ 2691 aa_info_message("AppArmor Filesystem Enabled"); 2692 return 0; 2693 2694 dent_error: 2695 error = PTR_ERR(dent); 2696 error: 2697 aa_destroy_aafs(); 2698 AA_ERROR("Error creating AppArmor securityfs\n"); 2699 return error; 2700 } 2701 2702 fs_initcall(aa_create_aafs); 2703