xref: /openbmc/linux/security/apparmor/lib.c (revision 12557dcba21b015f470076da6947e68bc70fff64) 
1cdff2642SJohn Johansen /*
2cdff2642SJohn Johansen  * AppArmor security module
3cdff2642SJohn Johansen  *
4cdff2642SJohn Johansen  * This file contains basic common functions used in AppArmor
5cdff2642SJohn Johansen  *
6cdff2642SJohn Johansen  * Copyright (C) 1998-2008 Novell/SUSE
7cdff2642SJohn Johansen  * Copyright 2009-2010 Canonical Ltd.
8cdff2642SJohn Johansen  *
9cdff2642SJohn Johansen  * This program is free software; you can redistribute it and/or
10cdff2642SJohn Johansen  * modify it under the terms of the GNU General Public License as
11cdff2642SJohn Johansen  * published by the Free Software Foundation, version 2 of the
12cdff2642SJohn Johansen  * License.
13cdff2642SJohn Johansen  */
14cdff2642SJohn Johansen 
15b7f080cfSAlexey Dobriyan #include <linux/mm.h>
16cdff2642SJohn Johansen #include <linux/slab.h>
17cdff2642SJohn Johansen #include <linux/string.h>
18cdff2642SJohn Johansen #include <linux/vmalloc.h>
19cdff2642SJohn Johansen 
20cdff2642SJohn Johansen #include "include/audit.h"
2132c3df63SJames Morris #include "include/apparmor.h"
22*12557dcbSJohn Johansen #include "include/lib.h"
23cdff2642SJohn Johansen 
24cdff2642SJohn Johansen /**
25cdff2642SJohn Johansen  * aa_split_fqname - split a fqname into a profile and namespace name
26cdff2642SJohn Johansen  * @fqname: a full qualified name in namespace profile format (NOT NULL)
27cdff2642SJohn Johansen  * @ns_name: pointer to portion of the string containing the ns name (NOT NULL)
28cdff2642SJohn Johansen  *
29cdff2642SJohn Johansen  * Returns: profile name or NULL if one is not specified
30cdff2642SJohn Johansen  *
31cdff2642SJohn Johansen  * Split a namespace name from a profile name (see policy.c for naming
32cdff2642SJohn Johansen  * description).  If a portion of the name is missing it returns NULL for
33cdff2642SJohn Johansen  * that portion.
34cdff2642SJohn Johansen  *
35cdff2642SJohn Johansen  * NOTE: may modify the @fqname string.  The pointers returned point
36cdff2642SJohn Johansen  *       into the @fqname string.
37cdff2642SJohn Johansen  */
38cdff2642SJohn Johansen char *aa_split_fqname(char *fqname, char **ns_name)
39cdff2642SJohn Johansen {
40cdff2642SJohn Johansen 	char *name = strim(fqname);
41cdff2642SJohn Johansen 
42cdff2642SJohn Johansen 	*ns_name = NULL;
43cdff2642SJohn Johansen 	if (name[0] == ':') {
44cdff2642SJohn Johansen 		char *split = strchr(&name[1], ':');
4504ccd53fSJohn Johansen 		*ns_name = skip_spaces(&name[1]);
46cdff2642SJohn Johansen 		if (split) {
47cdff2642SJohn Johansen 			/* overwrite ':' with \0 */
482654bfbcSJohn Johansen 			*split++ = 0;
492654bfbcSJohn Johansen 			if (strncmp(split, "//", 2) == 0)
502654bfbcSJohn Johansen 				split += 2;
512654bfbcSJohn Johansen 			name = skip_spaces(split);
52cdff2642SJohn Johansen 		} else
53cdff2642SJohn Johansen 			/* a ns name without a following profile is allowed */
54cdff2642SJohn Johansen 			name = NULL;
55cdff2642SJohn Johansen 	}
56cdff2642SJohn Johansen 	if (name && *name == 0)
57cdff2642SJohn Johansen 		name = NULL;
58cdff2642SJohn Johansen 
59cdff2642SJohn Johansen 	return name;
60cdff2642SJohn Johansen }
61cdff2642SJohn Johansen 
62cdff2642SJohn Johansen /**
63cdff2642SJohn Johansen  * aa_info_message - log a none profile related status message
64cdff2642SJohn Johansen  * @str: message to log
65cdff2642SJohn Johansen  */
66cdff2642SJohn Johansen void aa_info_message(const char *str)
67cdff2642SJohn Johansen {
68cdff2642SJohn Johansen 	if (audit_enabled) {
69cdff2642SJohn Johansen 		struct common_audit_data sa;
703b3b0e4fSEric Paris 		struct apparmor_audit_data aad = {0,};
7150c205f5SEric Paris 		sa.type = LSM_AUDIT_DATA_NONE;
723b3b0e4fSEric Paris 		sa.aad = &aad;
733b3b0e4fSEric Paris 		aad.info = str;
74cdff2642SJohn Johansen 		aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL);
75cdff2642SJohn Johansen 	}
76cdff2642SJohn Johansen 	printk(KERN_INFO "AppArmor: %s\n", str);
77cdff2642SJohn Johansen }
78cdff2642SJohn Johansen 
79cdff2642SJohn Johansen /**
800ca554b9SJohn Johansen  * __aa_kvmalloc - do allocation preferring kmalloc but falling back to vmalloc
810ca554b9SJohn Johansen  * @size: how many bytes of memory are required
820ca554b9SJohn Johansen  * @flags: the type of memory to allocate (see kmalloc).
83cdff2642SJohn Johansen  *
84cdff2642SJohn Johansen  * Return: allocated buffer or NULL if failed
85cdff2642SJohn Johansen  *
86cdff2642SJohn Johansen  * It is possible that policy being loaded from the user is larger than
87cdff2642SJohn Johansen  * what can be allocated by kmalloc, in those cases fall back to vmalloc.
88cdff2642SJohn Johansen  */
890ca554b9SJohn Johansen void *__aa_kvmalloc(size_t size, gfp_t flags)
90cdff2642SJohn Johansen {
91cdff2642SJohn Johansen 	void *buffer = NULL;
92cdff2642SJohn Johansen 
93cdff2642SJohn Johansen 	if (size == 0)
94cdff2642SJohn Johansen 		return NULL;
95cdff2642SJohn Johansen 
96cdff2642SJohn Johansen 	/* do not attempt kmalloc if we need more than 16 pages at once */
97cdff2642SJohn Johansen 	if (size <= (16*PAGE_SIZE))
98a7f6c1b6STetsuo Handa 		buffer = kmalloc(size, flags | GFP_KERNEL | __GFP_NORETRY |
99a7f6c1b6STetsuo Handa 				 __GFP_NOWARN);
100cdff2642SJohn Johansen 	if (!buffer) {
1010ca554b9SJohn Johansen 		if (flags & __GFP_ZERO)
1020ca554b9SJohn Johansen 			buffer = vzalloc(size);
1030ca554b9SJohn Johansen 		else
104cdff2642SJohn Johansen 			buffer = vmalloc(size);
105cdff2642SJohn Johansen 	}
106cdff2642SJohn Johansen 	return buffer;
107cdff2642SJohn Johansen }
108