163e2b423SJohn Johansen /* 263e2b423SJohn Johansen * AppArmor security module 363e2b423SJohn Johansen * 463e2b423SJohn Johansen * This file contains AppArmor /sys/kernel/security/apparmor interface functions 563e2b423SJohn Johansen * 663e2b423SJohn Johansen * Copyright (C) 1998-2008 Novell/SUSE 763e2b423SJohn Johansen * Copyright 2009-2010 Canonical Ltd. 863e2b423SJohn Johansen * 963e2b423SJohn Johansen * This program is free software; you can redistribute it and/or 1063e2b423SJohn Johansen * modify it under the terms of the GNU General Public License as 1163e2b423SJohn Johansen * published by the Free Software Foundation, version 2 of the 1263e2b423SJohn Johansen * License. 1363e2b423SJohn Johansen */ 1463e2b423SJohn Johansen 1563e2b423SJohn Johansen #include <linux/security.h> 1663e2b423SJohn Johansen #include <linux/vmalloc.h> 1763e2b423SJohn Johansen #include <linux/module.h> 1863e2b423SJohn Johansen #include <linux/seq_file.h> 1963e2b423SJohn Johansen #include <linux/uaccess.h> 2063e2b423SJohn Johansen #include <linux/namei.h> 2163e2b423SJohn Johansen 2263e2b423SJohn Johansen #include "include/apparmor.h" 2363e2b423SJohn Johansen #include "include/apparmorfs.h" 2463e2b423SJohn Johansen #include "include/audit.h" 2563e2b423SJohn Johansen #include "include/context.h" 2663e2b423SJohn Johansen #include "include/policy.h" 2763e2b423SJohn Johansen 2863e2b423SJohn Johansen /** 2963e2b423SJohn Johansen * aa_simple_write_to_buffer - common routine for getting policy from user 3063e2b423SJohn Johansen * @op: operation doing the user buffer copy 3163e2b423SJohn Johansen * @userbuf: user buffer to copy data from (NOT NULL) 3263e2b423SJohn Johansen * @alloc_size: size of user buffer 3363e2b423SJohn Johansen * @copy_size: size of data to copy from user buffer 3463e2b423SJohn Johansen * @pos: position write is at in the file (NOT NULL) 3563e2b423SJohn Johansen * 3663e2b423SJohn Johansen * Returns: kernel buffer containing copy of user buffer data or an 3763e2b423SJohn Johansen * ERR_PTR on failure. 3863e2b423SJohn Johansen */ 3963e2b423SJohn Johansen static char *aa_simple_write_to_buffer(int op, const char __user *userbuf, 4063e2b423SJohn Johansen size_t alloc_size, size_t copy_size, 4163e2b423SJohn Johansen loff_t *pos) 4263e2b423SJohn Johansen { 4363e2b423SJohn Johansen char *data; 4463e2b423SJohn Johansen 4563e2b423SJohn Johansen if (*pos != 0) 4663e2b423SJohn Johansen /* only writes from pos 0, that is complete writes */ 4763e2b423SJohn Johansen return ERR_PTR(-ESPIPE); 4863e2b423SJohn Johansen 4963e2b423SJohn Johansen /* 5063e2b423SJohn Johansen * Don't allow profile load/replace/remove from profiles that don't 5163e2b423SJohn Johansen * have CAP_MAC_ADMIN 5263e2b423SJohn Johansen */ 5363e2b423SJohn Johansen if (!aa_may_manage_policy(op)) 5463e2b423SJohn Johansen return ERR_PTR(-EACCES); 5563e2b423SJohn Johansen 5663e2b423SJohn Johansen /* freed by caller to simple_write_to_buffer */ 5763e2b423SJohn Johansen data = kvmalloc(alloc_size); 5863e2b423SJohn Johansen if (data == NULL) 5963e2b423SJohn Johansen return ERR_PTR(-ENOMEM); 6063e2b423SJohn Johansen 6163e2b423SJohn Johansen if (copy_from_user(data, userbuf, copy_size)) { 6263e2b423SJohn Johansen kvfree(data); 6363e2b423SJohn Johansen return ERR_PTR(-EFAULT); 6463e2b423SJohn Johansen } 6563e2b423SJohn Johansen 6663e2b423SJohn Johansen return data; 6763e2b423SJohn Johansen } 6863e2b423SJohn Johansen 6963e2b423SJohn Johansen 7063e2b423SJohn Johansen /* .load file hook fn to load policy */ 7163e2b423SJohn Johansen static ssize_t profile_load(struct file *f, const char __user *buf, size_t size, 7263e2b423SJohn Johansen loff_t *pos) 7363e2b423SJohn Johansen { 7463e2b423SJohn Johansen char *data; 7563e2b423SJohn Johansen ssize_t error; 7663e2b423SJohn Johansen 7763e2b423SJohn Johansen data = aa_simple_write_to_buffer(OP_PROF_LOAD, buf, size, size, pos); 7863e2b423SJohn Johansen 7963e2b423SJohn Johansen error = PTR_ERR(data); 8063e2b423SJohn Johansen if (!IS_ERR(data)) { 8163e2b423SJohn Johansen error = aa_replace_profiles(data, size, PROF_ADD); 8263e2b423SJohn Johansen kvfree(data); 8363e2b423SJohn Johansen } 8463e2b423SJohn Johansen 8563e2b423SJohn Johansen return error; 8663e2b423SJohn Johansen } 8763e2b423SJohn Johansen 8863e2b423SJohn Johansen static const struct file_operations aa_fs_profile_load = { 89*6038f373SArnd Bergmann .write = profile_load, 90*6038f373SArnd Bergmann .llseek = default_llseek, 9163e2b423SJohn Johansen }; 9263e2b423SJohn Johansen 9363e2b423SJohn Johansen /* .replace file hook fn to load and/or replace policy */ 9463e2b423SJohn Johansen static ssize_t profile_replace(struct file *f, const char __user *buf, 9563e2b423SJohn Johansen size_t size, loff_t *pos) 9663e2b423SJohn Johansen { 9763e2b423SJohn Johansen char *data; 9863e2b423SJohn Johansen ssize_t error; 9963e2b423SJohn Johansen 10063e2b423SJohn Johansen data = aa_simple_write_to_buffer(OP_PROF_REPL, buf, size, size, pos); 10163e2b423SJohn Johansen error = PTR_ERR(data); 10263e2b423SJohn Johansen if (!IS_ERR(data)) { 10363e2b423SJohn Johansen error = aa_replace_profiles(data, size, PROF_REPLACE); 10463e2b423SJohn Johansen kvfree(data); 10563e2b423SJohn Johansen } 10663e2b423SJohn Johansen 10763e2b423SJohn Johansen return error; 10863e2b423SJohn Johansen } 10963e2b423SJohn Johansen 11063e2b423SJohn Johansen static const struct file_operations aa_fs_profile_replace = { 111*6038f373SArnd Bergmann .write = profile_replace, 112*6038f373SArnd Bergmann .llseek = default_llseek, 11363e2b423SJohn Johansen }; 11463e2b423SJohn Johansen 11563e2b423SJohn Johansen /* .remove file hook fn to remove loaded policy */ 11663e2b423SJohn Johansen static ssize_t profile_remove(struct file *f, const char __user *buf, 11763e2b423SJohn Johansen size_t size, loff_t *pos) 11863e2b423SJohn Johansen { 11963e2b423SJohn Johansen char *data; 12063e2b423SJohn Johansen ssize_t error; 12163e2b423SJohn Johansen 12263e2b423SJohn Johansen /* 12363e2b423SJohn Johansen * aa_remove_profile needs a null terminated string so 1 extra 12463e2b423SJohn Johansen * byte is allocated and the copied data is null terminated. 12563e2b423SJohn Johansen */ 12663e2b423SJohn Johansen data = aa_simple_write_to_buffer(OP_PROF_RM, buf, size + 1, size, pos); 12763e2b423SJohn Johansen 12863e2b423SJohn Johansen error = PTR_ERR(data); 12963e2b423SJohn Johansen if (!IS_ERR(data)) { 13063e2b423SJohn Johansen data[size] = 0; 13163e2b423SJohn Johansen error = aa_remove_profiles(data, size); 13263e2b423SJohn Johansen kvfree(data); 13363e2b423SJohn Johansen } 13463e2b423SJohn Johansen 13563e2b423SJohn Johansen return error; 13663e2b423SJohn Johansen } 13763e2b423SJohn Johansen 13863e2b423SJohn Johansen static const struct file_operations aa_fs_profile_remove = { 139*6038f373SArnd Bergmann .write = profile_remove, 140*6038f373SArnd Bergmann .llseek = default_llseek, 14163e2b423SJohn Johansen }; 14263e2b423SJohn Johansen 14363e2b423SJohn Johansen /** Base file system setup **/ 14463e2b423SJohn Johansen 14563e2b423SJohn Johansen static struct dentry *aa_fs_dentry __initdata; 14663e2b423SJohn Johansen 14763e2b423SJohn Johansen static void __init aafs_remove(const char *name) 14863e2b423SJohn Johansen { 14963e2b423SJohn Johansen struct dentry *dentry; 15063e2b423SJohn Johansen 15163e2b423SJohn Johansen dentry = lookup_one_len(name, aa_fs_dentry, strlen(name)); 15263e2b423SJohn Johansen if (!IS_ERR(dentry)) { 15363e2b423SJohn Johansen securityfs_remove(dentry); 15463e2b423SJohn Johansen dput(dentry); 15563e2b423SJohn Johansen } 15663e2b423SJohn Johansen } 15763e2b423SJohn Johansen 15863e2b423SJohn Johansen /** 15963e2b423SJohn Johansen * aafs_create - create an entry in the apparmor filesystem 16063e2b423SJohn Johansen * @name: name of the entry (NOT NULL) 16163e2b423SJohn Johansen * @mask: file permission mask of the file 16263e2b423SJohn Johansen * @fops: file operations for the file (NOT NULL) 16363e2b423SJohn Johansen * 16463e2b423SJohn Johansen * Used aafs_remove to remove entries created with this fn. 16563e2b423SJohn Johansen */ 16663e2b423SJohn Johansen static int __init aafs_create(const char *name, int mask, 16763e2b423SJohn Johansen const struct file_operations *fops) 16863e2b423SJohn Johansen { 16963e2b423SJohn Johansen struct dentry *dentry; 17063e2b423SJohn Johansen 17163e2b423SJohn Johansen dentry = securityfs_create_file(name, S_IFREG | mask, aa_fs_dentry, 17263e2b423SJohn Johansen NULL, fops); 17363e2b423SJohn Johansen 17463e2b423SJohn Johansen return IS_ERR(dentry) ? PTR_ERR(dentry) : 0; 17563e2b423SJohn Johansen } 17663e2b423SJohn Johansen 17763e2b423SJohn Johansen /** 17863e2b423SJohn Johansen * aa_destroy_aafs - cleanup and free aafs 17963e2b423SJohn Johansen * 18063e2b423SJohn Johansen * releases dentries allocated by aa_create_aafs 18163e2b423SJohn Johansen */ 18263e2b423SJohn Johansen void __init aa_destroy_aafs(void) 18363e2b423SJohn Johansen { 18463e2b423SJohn Johansen if (aa_fs_dentry) { 18563e2b423SJohn Johansen aafs_remove(".remove"); 18663e2b423SJohn Johansen aafs_remove(".replace"); 18763e2b423SJohn Johansen aafs_remove(".load"); 18863e2b423SJohn Johansen 18963e2b423SJohn Johansen securityfs_remove(aa_fs_dentry); 19063e2b423SJohn Johansen aa_fs_dentry = NULL; 19163e2b423SJohn Johansen } 19263e2b423SJohn Johansen } 19363e2b423SJohn Johansen 19463e2b423SJohn Johansen /** 19563e2b423SJohn Johansen * aa_create_aafs - create the apparmor security filesystem 19663e2b423SJohn Johansen * 19763e2b423SJohn Johansen * dentries created here are released by aa_destroy_aafs 19863e2b423SJohn Johansen * 19963e2b423SJohn Johansen * Returns: error on failure 20063e2b423SJohn Johansen */ 20163e2b423SJohn Johansen int __init aa_create_aafs(void) 20263e2b423SJohn Johansen { 20363e2b423SJohn Johansen int error; 20463e2b423SJohn Johansen 20563e2b423SJohn Johansen if (!apparmor_initialized) 20663e2b423SJohn Johansen return 0; 20763e2b423SJohn Johansen 20863e2b423SJohn Johansen if (aa_fs_dentry) { 20963e2b423SJohn Johansen AA_ERROR("%s: AppArmor securityfs already exists\n", __func__); 21063e2b423SJohn Johansen return -EEXIST; 21163e2b423SJohn Johansen } 21263e2b423SJohn Johansen 21363e2b423SJohn Johansen aa_fs_dentry = securityfs_create_dir("apparmor", NULL); 21463e2b423SJohn Johansen if (IS_ERR(aa_fs_dentry)) { 21563e2b423SJohn Johansen error = PTR_ERR(aa_fs_dentry); 21663e2b423SJohn Johansen aa_fs_dentry = NULL; 21763e2b423SJohn Johansen goto error; 21863e2b423SJohn Johansen } 21963e2b423SJohn Johansen 22063e2b423SJohn Johansen error = aafs_create(".load", 0640, &aa_fs_profile_load); 22163e2b423SJohn Johansen if (error) 22263e2b423SJohn Johansen goto error; 22363e2b423SJohn Johansen error = aafs_create(".replace", 0640, &aa_fs_profile_replace); 22463e2b423SJohn Johansen if (error) 22563e2b423SJohn Johansen goto error; 22663e2b423SJohn Johansen error = aafs_create(".remove", 0640, &aa_fs_profile_remove); 22763e2b423SJohn Johansen if (error) 22863e2b423SJohn Johansen goto error; 22963e2b423SJohn Johansen 23063e2b423SJohn Johansen /* TODO: add support for apparmorfs_null and apparmorfs_mnt */ 23163e2b423SJohn Johansen 23263e2b423SJohn Johansen /* Report that AppArmor fs is enabled */ 23363e2b423SJohn Johansen aa_info_message("AppArmor Filesystem Enabled"); 23463e2b423SJohn Johansen return 0; 23563e2b423SJohn Johansen 23663e2b423SJohn Johansen error: 23763e2b423SJohn Johansen aa_destroy_aafs(); 23863e2b423SJohn Johansen AA_ERROR("Error creating AppArmor securityfs\n"); 23963e2b423SJohn Johansen return error; 24063e2b423SJohn Johansen } 24163e2b423SJohn Johansen 24263e2b423SJohn Johansen fs_initcall(aa_create_aafs); 243