xref: /openbmc/linux/security/apparmor/lib.c (revision 7b6d864b)
1 /*
2  * AppArmor security module
3  *
4  * This file contains basic common functions used in AppArmor
5  *
6  * Copyright (C) 1998-2008 Novell/SUSE
7  * Copyright 2009-2010 Canonical Ltd.
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License as
11  * published by the Free Software Foundation, version 2 of the
12  * License.
13  */
14 
15 #include <linux/mm.h>
16 #include <linux/slab.h>
17 #include <linux/string.h>
18 #include <linux/vmalloc.h>
19 
20 #include "include/audit.h"
21 #include "include/apparmor.h"
22 
23 
24 /**
25  * aa_split_fqname - split a fqname into a profile and namespace name
26  * @fqname: a full qualified name in namespace profile format (NOT NULL)
27  * @ns_name: pointer to portion of the string containing the ns name (NOT NULL)
28  *
29  * Returns: profile name or NULL if one is not specified
30  *
31  * Split a namespace name from a profile name (see policy.c for naming
32  * description).  If a portion of the name is missing it returns NULL for
33  * that portion.
34  *
35  * NOTE: may modify the @fqname string.  The pointers returned point
36  *       into the @fqname string.
37  */
38 char *aa_split_fqname(char *fqname, char **ns_name)
39 {
40 	char *name = strim(fqname);
41 
42 	*ns_name = NULL;
43 	if (name[0] == ':') {
44 		char *split = strchr(&name[1], ':');
45 		*ns_name = skip_spaces(&name[1]);
46 		if (split) {
47 			/* overwrite ':' with \0 */
48 			*split++ = 0;
49 			if (strncmp(split, "//", 2) == 0)
50 				split += 2;
51 			name = skip_spaces(split);
52 		} else
53 			/* a ns name without a following profile is allowed */
54 			name = NULL;
55 	}
56 	if (name && *name == 0)
57 		name = NULL;
58 
59 	return name;
60 }
61 
62 /**
63  * aa_info_message - log a none profile related status message
64  * @str: message to log
65  */
66 void aa_info_message(const char *str)
67 {
68 	if (audit_enabled) {
69 		struct common_audit_data sa;
70 		struct apparmor_audit_data aad = {0,};
71 		sa.type = LSM_AUDIT_DATA_NONE;
72 		sa.aad = &aad;
73 		aad.info = str;
74 		aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL);
75 	}
76 	printk(KERN_INFO "AppArmor: %s\n", str);
77 }
78 
79 /**
80  * __aa_kvmalloc - do allocation preferring kmalloc but falling back to vmalloc
81  * @size: how many bytes of memory are required
82  * @flags: the type of memory to allocate (see kmalloc).
83  *
84  * Return: allocated buffer or NULL if failed
85  *
86  * It is possible that policy being loaded from the user is larger than
87  * what can be allocated by kmalloc, in those cases fall back to vmalloc.
88  */
89 void *__aa_kvmalloc(size_t size, gfp_t flags)
90 {
91 	void *buffer = NULL;
92 
93 	if (size == 0)
94 		return NULL;
95 
96 	/* do not attempt kmalloc if we need more than 16 pages at once */
97 	if (size <= (16*PAGE_SIZE))
98 		buffer = kmalloc(size, flags | GFP_NOIO | __GFP_NOWARN);
99 	if (!buffer) {
100 		/* see kvfree for why size must be at least work_struct size
101 		 * when allocated via vmalloc
102 		 */
103 		if (size < sizeof(struct work_struct))
104 			size = sizeof(struct work_struct);
105 		if (flags & __GFP_ZERO)
106 			buffer = vzalloc(size);
107 		else
108 			buffer = vmalloc(size);
109 	}
110 	return buffer;
111 }
112 
113 /**
114  * kvfree - free an allocation do by kvmalloc
115  * @buffer: buffer to free (MAYBE_NULL)
116  *
117  * Free a buffer allocated by kvmalloc
118  */
119 void kvfree(void *buffer)
120 {
121 	if (is_vmalloc_addr(buffer))
122 		vfree(buffer);
123 	else
124 		kfree(buffer);
125 }
126