1 /* 2 * AppArmor security module 3 * 4 * This file contains basic common functions used in AppArmor 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License as 11 * published by the Free Software Foundation, version 2 of the 12 * License. 13 */ 14 15 #include <linux/mm.h> 16 #include <linux/slab.h> 17 #include <linux/string.h> 18 #include <linux/vmalloc.h> 19 20 #include "include/audit.h" 21 #include "include/apparmor.h" 22 23 24 /** 25 * aa_split_fqname - split a fqname into a profile and namespace name 26 * @fqname: a full qualified name in namespace profile format (NOT NULL) 27 * @ns_name: pointer to portion of the string containing the ns name (NOT NULL) 28 * 29 * Returns: profile name or NULL if one is not specified 30 * 31 * Split a namespace name from a profile name (see policy.c for naming 32 * description). If a portion of the name is missing it returns NULL for 33 * that portion. 34 * 35 * NOTE: may modify the @fqname string. The pointers returned point 36 * into the @fqname string. 37 */ 38 char *aa_split_fqname(char *fqname, char **ns_name) 39 { 40 char *name = strim(fqname); 41 42 *ns_name = NULL; 43 if (name[0] == ':') { 44 char *split = strchr(&name[1], ':'); 45 *ns_name = skip_spaces(&name[1]); 46 if (split) { 47 /* overwrite ':' with \0 */ 48 *split++ = 0; 49 if (strncmp(split, "//", 2) == 0) 50 split += 2; 51 name = skip_spaces(split); 52 } else 53 /* a ns name without a following profile is allowed */ 54 name = NULL; 55 } 56 if (name && *name == 0) 57 name = NULL; 58 59 return name; 60 } 61 62 /** 63 * aa_info_message - log a none profile related status message 64 * @str: message to log 65 */ 66 void aa_info_message(const char *str) 67 { 68 if (audit_enabled) { 69 struct common_audit_data sa; 70 struct apparmor_audit_data aad = {0,}; 71 sa.type = LSM_AUDIT_DATA_NONE; 72 sa.aad = &aad; 73 aad.info = str; 74 aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL); 75 } 76 printk(KERN_INFO "AppArmor: %s\n", str); 77 } 78 79 /** 80 * __aa_kvmalloc - do allocation preferring kmalloc but falling back to vmalloc 81 * @size: how many bytes of memory are required 82 * @flags: the type of memory to allocate (see kmalloc). 83 * 84 * Return: allocated buffer or NULL if failed 85 * 86 * It is possible that policy being loaded from the user is larger than 87 * what can be allocated by kmalloc, in those cases fall back to vmalloc. 88 */ 89 void *__aa_kvmalloc(size_t size, gfp_t flags) 90 { 91 void *buffer = NULL; 92 93 if (size == 0) 94 return NULL; 95 96 /* do not attempt kmalloc if we need more than 16 pages at once */ 97 if (size <= (16*PAGE_SIZE)) 98 buffer = kmalloc(size, flags | GFP_NOIO | __GFP_NOWARN); 99 if (!buffer) { 100 /* see kvfree for why size must be at least work_struct size 101 * when allocated via vmalloc 102 */ 103 if (size < sizeof(struct work_struct)) 104 size = sizeof(struct work_struct); 105 if (flags & __GFP_ZERO) 106 buffer = vzalloc(size); 107 else 108 buffer = vmalloc(size); 109 } 110 return buffer; 111 } 112 113 /** 114 * kvfree - free an allocation do by kvmalloc 115 * @buffer: buffer to free (MAYBE_NULL) 116 * 117 * Free a buffer allocated by kvmalloc 118 */ 119 void kvfree(void *buffer) 120 { 121 if (is_vmalloc_addr(buffer)) 122 vfree(buffer); 123 else 124 kfree(buffer); 125 } 126