linux/security/apparmor/apparmorfs.c
<<
>>
Prefs 
   1/*
   2 * AppArmor security module
   3 *
   4 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
   5 *
   6 * Copyright (C) 1998-2008 Novell/SUSE
   7 * Copyright 2009-2010 Canonical Ltd.
   8 *
   9 * This program is free software; you can redistribute it and/or
  10 * modify it under the terms of the GNU General Public License as
  11 * published by the Free Software Foundation, version 2 of the
  12 * License.
  13 */
  14
  15#include <linux/ctype.h>
  16#include <linux/security.h>
  17#include <linux/vmalloc.h>
  18#include <linux/module.h>
  19#include <linux/seq_file.h>
  20#include <linux/uaccess.h>
  21#include <linux/mount.h>
  22#include <linux/namei.h>
  23#include <linux/capability.h>
  24#include <linux/rcupdate.h>
  25#include <linux/fs.h>
  26#include <linux/poll.h>
  27#include <uapi/linux/major.h>
  28#include <uapi/linux/magic.h>
  29
  30#include "include/apparmor.h"
  31#include "include/apparmorfs.h"
  32#include "include/audit.h"
  33#include "include/context.h"
  34#include "include/crypto.h"
  35#include "include/policy_ns.h"
  36#include "include/label.h"
  37#include "include/policy.h"
  38#include "include/policy_ns.h"
  39#include "include/resource.h"
  40#include "include/policy_unpack.h"
  41
  42/*
  43 * The apparmor filesystem interface used for policy load and introspection
  44 * The interface is split into two main components based on their function
  45 * a securityfs component:
  46 *   used for static files that are always available, and which allows
  47 *   userspace to specificy the location of the security filesystem.
  48 *
  49 *   fns and data are prefixed with
  50 *      aa_sfs_
  51 *
  52 * an apparmorfs component:
  53 *   used loaded policy content and introspection. It is not part of  a
  54 *   regular mounted filesystem and is available only through the magic
  55 *   policy symlink in the root of the securityfs apparmor/ directory.
  56 *   Tasks queries will be magically redirected to the correct portion
  57 *   of the policy tree based on their confinement.
  58 *
  59 *   fns and data are prefixed with
  60 *      aafs_
  61 *
  62 * The aa_fs_ prefix is used to indicate the fn is used by both the
  63 * securityfs and apparmorfs filesystems.
  64 */
  65
  66
  67/*
  68 * support fns
  69 */
  70
  71/**
  72 * aa_mangle_name - mangle a profile name to std profile layout form
  73 * @name: profile name to mangle  (NOT NULL)
  74 * @target: buffer to store mangled name, same length as @name (MAYBE NULL)
  75 *
  76 * Returns: length of mangled name
  77 */
  78static int mangle_name(const char *name, char *target)
  79{
  80        char *t = target;
  81
  82        while (*name == '/' || *name == '.')
  83                name++;
  84
  85        if (target) {
  86                for (; *name; name++) {
  87                        if (*name == '/')
  88                                *(t)++ = '.';
  89                        else if (isspace(*name))
  90                                *(t)++ = '_';
  91                        else if (isalnum(*name) || strchr("._-", *name))
  92                                *(t)++ = *name;
  93                }
  94
  95                *t = 0;
  96        } else {
  97                int len = 0;
  98                for (; *name; name++) {
  99                        if (isalnum(*name) || isspace(*name) ||
 100                            strchr("/._-", *name))
 101                                len++;
 102                }
 103
 104                return len;
 105        }
 106
 107        return t - target;
 108}
 109
 110
 111/*
 112 * aafs - core fns and data for the policy tree
 113 */
 114
 115#define AAFS_NAME               "apparmorfs"
 116static struct vfsmount *aafs_mnt;
 117static int aafs_count;
 118
 119
 120static int aafs_show_path(struct seq_file *seq, struct dentry *dentry)
 121{
 122        struct inode *inode = d_inode(dentry);
 123
 124        seq_printf(seq, "%s:[%lu]", AAFS_NAME, inode->i_ino);
 125        return 0;
 126}
 127
 128static void aafs_evict_inode(struct inode *inode)
 129{
 130        truncate_inode_pages_final(&inode->i_data);
 131        clear_inode(inode);
 132        if (S_ISLNK(inode->i_mode))
 133                kfree(inode->i_link);
 134}
 135
 136static const struct super_operations aafs_super_ops = {
 137        .statfs = simple_statfs,
 138        .evict_inode = aafs_evict_inode,
 139        .show_path = aafs_show_path,
 140};
 141
 142static int fill_super(struct super_block *sb, void *data, int silent)
 143{
 144        static struct tree_descr files[] = { {""} };
 145        int error;
 146
 147        error = simple_fill_super(sb, AAFS_MAGIC, files);
 148        if (error)
 149                return error;
 150        sb->s_op = &aafs_super_ops;
 151
 152        return 0;
 153}
 154
 155static struct dentry *aafs_mount(struct file_system_type *fs_type,
 156                                 int flags, const char *dev_name, void *data)
 157{
 158        return mount_single(fs_type, flags, data, fill_super);
 159}
 160
 161static struct file_system_type aafs_ops = {
 162        .owner = THIS_MODULE,
 163        .name = AAFS_NAME,
 164        .mount = aafs_mount,
 165        .kill_sb = kill_anon_super,
 166};
 167
 168/**
 169 * __aafs_setup_d_inode - basic inode setup for apparmorfs
 170 * @dir: parent directory for the dentry
 171 * @dentry: dentry we are seting the inode up for
 172 * @mode: permissions the file should have
 173 * @data: data to store on inode.i_private, available in open()
 174 * @link: if symlink, symlink target string
 175 * @fops: struct file_operations that should be used
 176 * @iops: struct of inode_operations that should be used
 177 */
 178static int __aafs_setup_d_inode(struct inode *dir, struct dentry *dentry,
 179                               umode_t mode, void *data, char *link,
 180                               const struct file_operations *fops,
 181                               const struct inode_operations *iops)
 182{
 183        struct inode *inode = new_inode(dir->i_sb);
 184
 185        AA_BUG(!dir);
 186        AA_BUG(!dentry);
 187
 188        if (!inode)
 189                return -ENOMEM;
 190
 191        inode->i_ino = get_next_ino();
 192        inode->i_mode = mode;
 193        inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode);
 194        inode->i_private = data;
 195        if (S_ISDIR(mode)) {
 196                inode->i_op = iops ? iops : &simple_dir_inode_operations;
 197                inode->i_fop = &simple_dir_operations;
 198                inc_nlink(inode);
 199                inc_nlink(dir);
 200        } else if (S_ISLNK(mode)) {
 201                inode->i_op = iops ? iops : &simple_symlink_inode_operations;
 202                inode->i_link = link;
 203        } else {
 204                inode->i_fop = fops;
 205        }
 206        d_instantiate(dentry, inode);
 207        dget(dentry);
 208
 209        return 0;
 210}
 211
 212/**
 213 * aafs_create - create a dentry in the apparmorfs filesystem
 214 *
 215 * @name: name of dentry to create
 216 * @mode: permissions the file should have
 217 * @parent: parent directory for this dentry
 218 * @data: data to store on inode.i_private, available in open()
 219 * @link: if symlink, symlink target string
 220 * @fops: struct file_operations that should be used for
 221 * @iops: struct of inode_operations that should be used
 222 *
 223 * This is the basic "create a xxx" function for apparmorfs.
 224 *
 225 * Returns a pointer to a dentry if it succeeds, that must be free with
 226 * aafs_remove(). Will return ERR_PTR on failure.
 227 */
 228static struct dentry *aafs_create(const char *name, umode_t mode,
 229                                  struct dentry *parent, void *data, void *link,
 230                                  const struct file_operations *fops,
 231                                  const struct inode_operations *iops)
 232{
 233        struct dentry *dentry;
 234        struct inode *dir;
 235        int error;
 236
 237        AA_BUG(!name);
 238        AA_BUG(!parent);
 239
 240        if (!(mode & S_IFMT))
 241                mode = (mode & S_IALLUGO) | S_IFREG;
 242
 243        error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
 244        if (error)
 245                return ERR_PTR(error);
 246
 247        dir = d_inode(parent);
 248
 249        inode_lock(dir);
 250        dentry = lookup_one_len(name, parent, strlen(name));
 251        if (IS_ERR(dentry))
 252                goto fail_lock;
 253
 254        if (d_really_is_positive(dentry)) {
 255                error = -EEXIST;
 256                goto fail_dentry;
 257        }
 258
 259        error = __aafs_setup_d_inode(dir, dentry, mode, data, link, fops, iops);
 260        if (error)
 261                goto fail_dentry;
 262        inode_unlock(dir);
 263
 264        return dentry;
 265
 266fail_dentry:
 267        dput(dentry);
 268
 269fail_lock:
 270        inode_unlock(dir);
 271        simple_release_fs(&aafs_mnt, &aafs_count);
 272
 273        return ERR_PTR(error);
 274}
 275
 276/**
 277 * aafs_create_file - create a file in the apparmorfs filesystem
 278 *
 279 * @name: name of dentry to create
 280 * @mode: permissions the file should have
 281 * @parent: parent directory for this dentry
 282 * @data: data to store on inode.i_private, available in open()
 283 * @fops: struct file_operations that should be used for
 284 *
 285 * see aafs_create
 286 */
 287static struct dentry *aafs_create_file(const char *name, umode_t mode,
 288                                       struct dentry *parent, void *data,
 289                                       const struct file_operations *fops)
 290{
 291        return aafs_create(name, mode, parent, data, NULL, fops, NULL);
 292}
 293
 294/**
 295 * aafs_create_dir - create a directory in the apparmorfs filesystem
 296 *
 297 * @name: name of dentry to create
 298 * @parent: parent directory for this dentry
 299 *
 300 * see aafs_create
 301 */
 302static struct dentry *aafs_create_dir(const char *name, struct dentry *parent)
 303{
 304        return aafs_create(name, S_IFDIR | 0755, parent, NULL, NULL, NULL,
 305                           NULL);
 306}
 307
 308/**
 309 * aafs_create_symlink - create a symlink in the apparmorfs filesystem
 310 * @name: name of dentry to create
 311 * @parent: parent directory for this dentry
 312 * @target: if symlink, symlink target string
 313 * @iops: struct of inode_operations that should be used
 314 *
 315 * If @target parameter is %NULL, then the @iops parameter needs to be
 316 * setup to handle .readlink and .get_link inode_operations.
 317 */
 318static struct dentry *aafs_create_symlink(const char *name,
 319                                          struct dentry *parent,
 320                                          const char *target,
 321                                          const struct inode_operations *iops)
 322{
 323        struct dentry *dent;
 324        char *link = NULL;
 325
 326        if (target) {
 327                link = kstrdup(target, GFP_KERNEL);
 328                if (!link)
 329                        return ERR_PTR(-ENOMEM);
 330        }
 331        dent = aafs_create(name, S_IFLNK | 0444, parent, NULL, link, NULL,
 332                           iops);
 333        if (IS_ERR(dent))
 334                kfree(link);
 335
 336        return dent;
 337}
 338
 339/**
 340 * aafs_remove - removes a file or directory from the apparmorfs filesystem
 341 *
 342 * @dentry: dentry of the file/directory/symlink to removed.
 343 */
 344static void aafs_remove(struct dentry *dentry)
 345{
 346        struct inode *dir;
 347
 348        if (!dentry || IS_ERR(dentry))
 349                return;
 350
 351        dir = d_inode(dentry->d_parent);
 352        inode_lock(dir);
 353        if (simple_positive(dentry)) {
 354                if (d_is_dir(dentry))
 355                        simple_rmdir(dir, dentry);
 356                else
 357                        simple_unlink(dir, dentry);
 358                dput(dentry);
 359        }
 360        inode_unlock(dir);
 361        simple_release_fs(&aafs_mnt, &aafs_count);
 362}
 363
 364
 365/*
 366 * aa_fs - policy load/replace/remove
 367 */
 368
 369/**
 370 * aa_simple_write_to_buffer - common routine for getting policy from user
 371 * @userbuf: user buffer to copy data from  (NOT NULL)
 372 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
 373 * @copy_size: size of data to copy from user buffer
 374 * @pos: position write is at in the file (NOT NULL)
 375 *
 376 * Returns: kernel buffer containing copy of user buffer data or an
 377 *          ERR_PTR on failure.
 378 */
 379static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf,
 380                                                     size_t alloc_size,
 381                                                     size_t copy_size,
 382                                                     loff_t *pos)
 383{
 384        struct aa_loaddata *data;
 385
 386        AA_BUG(copy_size > alloc_size);
 387
 388        if (*pos != 0)
 389                /* only writes from pos 0, that is complete writes */
 390                return ERR_PTR(-ESPIPE);
 391
 392        /* freed by caller to simple_write_to_buffer */
 393        data = aa_loaddata_alloc(alloc_size);
 394        if (IS_ERR(data))
 395                return data;
 396
 397        data->size = copy_size;
 398        if (copy_from_user(data->data, userbuf, copy_size)) {
 399                kvfree(data);
 400                return ERR_PTR(-EFAULT);
 401        }
 402
 403        return data;
 404}
 405
 406static ssize_t policy_update(u32 mask, const char __user *buf, size_t size,
 407                             loff_t *pos, struct aa_ns *ns)
 408{
 409        struct aa_loaddata *data;
 410        struct aa_label *label;
 411        ssize_t error;
 412
 413        label = begin_current_label_crit_section();
 414
 415        /* high level check about policy management - fine grained in
 416         * below after unpack
 417         */
 418        error = aa_may_manage_policy(label, ns, mask);
 419        if (error)
 420                return error;
 421
 422        data = aa_simple_write_to_buffer(buf, size, size, pos);
 423        error = PTR_ERR(data);
 424        if (!IS_ERR(data)) {
 425                error = aa_replace_profiles(ns, label, mask, data);
 426                aa_put_loaddata(data);
 427        }
 428        end_current_label_crit_section(label);
 429
 430        return error;
 431}
 432
 433/* .load file hook fn to load policy */
 434static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
 435                            loff_t *pos)
 436{
 437        struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
 438        int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns);
 439
 440        aa_put_ns(ns);
 441
 442        return error;
 443}
 444
 445static const struct file_operations aa_fs_profile_load = {
 446        .write = profile_load,
 447        .llseek = default_llseek,
 448};
 449
 450/* .replace file hook fn to load and/or replace policy */
 451static ssize_t profile_replace(struct file *f, const char __user *buf,
 452                               size_t size, loff_t *pos)
 453{
 454        struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
 455        int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY,
 456                                  buf, size, pos, ns);
 457        aa_put_ns(ns);
 458
 459        return error;
 460}
 461
 462static const struct file_operations aa_fs_profile_replace = {
 463        .write = profile_replace,
 464        .llseek = default_llseek,
 465};
 466
 467/* .remove file hook fn to remove loaded policy */
 468static ssize_t profile_remove(struct file *f, const char __user *buf,
 469                              size_t size, loff_t *pos)
 470{
 471        struct aa_loaddata *data;
 472        struct aa_label *label;
 473        ssize_t error;
 474        struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
 475
 476        label = begin_current_label_crit_section();
 477        /* high level check about policy management - fine grained in
 478         * below after unpack
 479         */
 480        error = aa_may_manage_policy(label, ns, AA_MAY_REMOVE_POLICY);
 481        if (error)
 482                goto out;
 483
 484        /*
 485         * aa_remove_profile needs a null terminated string so 1 extra
 486         * byte is allocated and the copied data is null terminated.
 487         */
 488        data = aa_simple_write_to_buffer(buf, size + 1, size, pos);
 489
 490        error = PTR_ERR(data);
 491        if (!IS_ERR(data)) {
 492                data->data[size] = 0;
 493                error = aa_remove_profiles(ns, label, data->data, size);
 494                aa_put_loaddata(data);
 495        }
 496 out:
 497        end_current_label_crit_section(label);
 498        aa_put_ns(ns);
 499        return error;
 500}
 501
 502static const struct file_operations aa_fs_profile_remove = {
 503        .write = profile_remove,
 504        .llseek = default_llseek,
 505};
 506
 507struct aa_revision {
 508        struct aa_ns *ns;
 509        long last_read;
 510};
 511
 512/* revision file hook fn for policy loads */
 513static int ns_revision_release(struct inode *inode, struct file *file)
 514{
 515        struct aa_revision *rev = file->private_data;
 516
 517        if (rev) {
 518                aa_put_ns(rev->ns);
 519                kfree(rev);
 520        }
 521
 522        return 0;
 523}
 524
 525static ssize_t ns_revision_read(struct file *file, char __user *buf,
 526                                size_t size, loff_t *ppos)
 527{
 528        struct aa_revision *rev = file->private_data;
 529        char buffer[32];
 530        long last_read;
 531        int avail;
 532
 533        mutex_lock(&rev->ns->lock);
 534        last_read = rev->last_read;
 535        if (last_read == rev->ns->revision) {
 536                mutex_unlock(&rev->ns->lock);
 537                if (file->f_flags & O_NONBLOCK)
 538                        return -EAGAIN;
 539                if (wait_event_interruptible(rev->ns->wait,
 540                                             last_read !=
 541                                             READ_ONCE(rev->ns->revision)))
 542                        return -ERESTARTSYS;
 543                mutex_lock(&rev->ns->lock);
 544        }
 545
 546        avail = sprintf(buffer, "%ld\n", rev->ns->revision);
 547        if (*ppos + size > avail) {
 548                rev->last_read = rev->ns->revision;
 549                *ppos = 0;
 550        }
 551        mutex_unlock(&rev->ns->lock);
 552
 553        return simple_read_from_buffer(buf, size, ppos, buffer, avail);
 554}
 555
 556static int ns_revision_open(struct inode *inode, struct file *file)
 557{
 558        struct aa_revision *rev = kzalloc(sizeof(*rev), GFP_KERNEL);
 559
 560        if (!rev)
 561                return -ENOMEM;
 562
 563        rev->ns = aa_get_ns(inode->i_private);
 564        if (!rev->ns)
 565                rev->ns = aa_get_current_ns();
 566        file->private_data = rev;
 567
 568        return 0;
 569}
 570
 571static unsigned int ns_revision_poll(struct file *file, poll_table *pt)
 572{
 573        struct aa_revision *rev = file->private_data;
 574        unsigned int mask = 0;
 575
 576        if (rev) {
 577                mutex_lock(&rev->ns->lock);
 578                poll_wait(file, &rev->ns->wait, pt);
 579                if (rev->last_read < rev->ns->revision)
 580                        mask |= POLLIN | POLLRDNORM;
 581                mutex_unlock(&rev->ns->lock);
 582        }
 583
 584        return mask;
 585}
 586
 587void __aa_bump_ns_revision(struct aa_ns *ns)
 588{
 589        ns->revision++;
 590        wake_up_interruptible(&ns->wait);
 591}
 592
 593static const struct file_operations aa_fs_ns_revision_fops = {
 594        .owner          = THIS_MODULE,
 595        .open           = ns_revision_open,
 596        .poll           = ns_revision_poll,
 597        .read           = ns_revision_read,
 598        .llseek         = generic_file_llseek,
 599        .release        = ns_revision_release,
 600};
 601
 602static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms,
 603                             const char *match_str, size_t match_len)
 604{
 605        struct aa_perms tmp;
 606        struct aa_dfa *dfa;
 607        unsigned int state = 0;
 608
 609        if (profile_unconfined(profile))
 610                return;
 611        if (profile->file.dfa && *match_str == AA_CLASS_FILE) {
 612                dfa = profile->file.dfa;
 613                state = aa_dfa_match_len(dfa, profile->file.start,
 614                                         match_str + 1, match_len - 1);
 615                tmp = nullperms;
 616                if (state) {
 617                        struct path_cond cond = { };
 618
 619                        tmp = aa_compute_fperms(dfa, state, &cond);
 620                }
 621        } else if (profile->policy.dfa) {
 622                if (!PROFILE_MEDIATES_SAFE(profile, *match_str))
 623                        return; /* no change to current perms */
 624                dfa = profile->policy.dfa;
 625                state = aa_dfa_match_len(dfa, profile->policy.start[0],
 626                                         match_str, match_len);
 627                if (state)
 628                        aa_compute_perms(dfa, state, &tmp);
 629                else
 630                        tmp = nullperms;
 631        }
 632        aa_apply_modes_to_perms(profile, &tmp);
 633        aa_perms_accum_raw(perms, &tmp);
 634}
 635
 636
 637/**
 638 * query_data - queries a policy and writes its data to buf
 639 * @buf: the resulting data is stored here (NOT NULL)
 640 * @buf_len: size of buf
 641 * @query: query string used to retrieve data
 642 * @query_len: size of query including second NUL byte
 643 *
 644 * The buffers pointed to by buf and query may overlap. The query buffer is
 645 * parsed before buf is written to.
 646 *
 647 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of
 648 * the security confinement context and <KEY> is the name of the data to
 649 * retrieve. <LABEL> and <KEY> must not be NUL-terminated.
 650 *
 651 * Don't expect the contents of buf to be preserved on failure.
 652 *
 653 * Returns: number of characters written to buf or -errno on failure
 654 */
 655static ssize_t query_data(char *buf, size_t buf_len,
 656                          char *query, size_t query_len)
 657{
 658        char *out;
 659        const char *key;
 660        struct label_it i;
 661        struct aa_label *label, *curr;
 662        struct aa_profile *profile;
 663        struct aa_data *data;
 664        u32 bytes, blocks;
 665        __le32 outle32;
 666
 667        if (!query_len)
 668                return -EINVAL; /* need a query */
 669
 670        key = query + strnlen(query, query_len) + 1;
 671        if (key + 1 >= query + query_len)
 672                return -EINVAL; /* not enough space for a non-empty key */
 673        if (key + strnlen(key, query + query_len - key) >= query + query_len)
 674                return -EINVAL; /* must end with NUL */
 675
 676        if (buf_len < sizeof(bytes) + sizeof(blocks))
 677                return -EINVAL; /* not enough space */
 678
 679        curr = begin_current_label_crit_section();
 680        label = aa_label_parse(curr, query, GFP_KERNEL, false, false);
 681        end_current_label_crit_section(curr);
 682        if (IS_ERR(label))
 683                return PTR_ERR(label);
 684
 685        /* We are going to leave space for two numbers. The first is the total
 686         * number of bytes we are writing after the first number. This is so
 687         * users can read the full output without reallocation.
 688         *
 689         * The second number is the number of data blocks we're writing. An
 690         * application might be confined by multiple policies having data in
 691         * the same key.
 692         */
 693        memset(buf, 0, sizeof(bytes) + sizeof(blocks));
 694        out = buf + sizeof(bytes) + sizeof(blocks);
 695
 696        blocks = 0;
 697        label_for_each_confined(i, label, profile) {
 698                if (!profile->data)
 699                        continue;
 700
 701                data = rhashtable_lookup_fast(profile->data, &key,
 702                                              profile->data->p);
 703
 704                if (data) {
 705                        if (out + sizeof(outle32) + data->size > buf +
 706                            buf_len) {
 707                                aa_put_label(label);
 708                                return -EINVAL; /* not enough space */
 709                        }
 710                        outle32 = __cpu_to_le32(data->size);
 711                        memcpy(out, &outle32, sizeof(outle32));
 712                        out += sizeof(outle32);
 713                        memcpy(out, data->data, data->size);
 714                        out += data->size;
 715                        blocks++;
 716                }
 717        }
 718        aa_put_label(label);
 719
 720        outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
 721        memcpy(buf, &outle32, sizeof(outle32));
 722        outle32 = __cpu_to_le32(blocks);
 723        memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
 724
 725        return out - buf;
 726}
 727
 728/**
 729 * query_label - queries a label and writes permissions to buf
 730 * @buf: the resulting permissions string is stored here (NOT NULL)
 731 * @buf_len: size of buf
 732 * @query: binary query string to match against the dfa
 733 * @query_len: size of query
 734 * @view_only: only compute for querier's view
 735 *
 736 * The buffers pointed to by buf and query may overlap. The query buffer is
 737 * parsed before buf is written to.
 738 *
 739 * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is
 740 * the name of the label, in the current namespace, that is to be queried and
 741 * DFA_STRING is a binary string to match against the label(s)'s DFA.
 742 *
 743 * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters
 744 * but must *not* be NUL terminated.
 745 *
 746 * Returns: number of characters written to buf or -errno on failure
 747 */
 748static ssize_t query_label(char *buf, size_t buf_len,
 749                           char *query, size_t query_len, bool view_only)
 750{
 751        struct aa_profile *profile;
 752        struct aa_label *label, *curr;
 753        char *label_name, *match_str;
 754        size_t label_name_len, match_len;
 755        struct aa_perms perms;
 756        struct label_it i;
 757
 758        if (!query_len)
 759                return -EINVAL;
 760
 761        label_name = query;
 762        label_name_len = strnlen(query, query_len);
 763        if (!label_name_len || label_name_len == query_len)
 764                return -EINVAL;
 765
 766        /**
 767         * The extra byte is to account for the null byte between the
 768         * profile name and dfa string. profile_name_len is greater
 769         * than zero and less than query_len, so a byte can be safely
 770         * added or subtracted.
 771         */
 772        match_str = label_name + label_name_len + 1;
 773        match_len = query_len - label_name_len - 1;
 774
 775        curr = begin_current_label_crit_section();
 776        label = aa_label_parse(curr, label_name, GFP_KERNEL, false, false);
 777        end_current_label_crit_section(curr);
 778        if (IS_ERR(label))
 779                return PTR_ERR(label);
 780
 781        perms = allperms;
 782        if (view_only) {
 783                label_for_each_in_ns(i, labels_ns(label), label, profile) {
 784                        profile_query_cb(profile, &perms, match_str, match_len);
 785                }
 786        } else {
 787                label_for_each(i, label, profile) {
 788                        profile_query_cb(profile, &perms, match_str, match_len);
 789                }
 790        }
 791        aa_put_label(label);
 792
 793        return scnprintf(buf, buf_len,
 794                      "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n",
 795                      perms.allow, perms.deny, perms.audit, perms.quiet);
 796}
 797
 798/*
 799 * Transaction based IO.
 800 * The file expects a write which triggers the transaction, and then
 801 * possibly a read(s) which collects the result - which is stored in a
 802 * file-local buffer. Once a new write is performed, a new set of results
 803 * are stored in the file-local buffer.
 804 */
 805struct multi_transaction {
 806        struct kref count;
 807        ssize_t size;
 808        char data[0];
 809};
 810
 811#define MULTI_TRANSACTION_LIMIT (PAGE_SIZE - sizeof(struct multi_transaction))
 812/* TODO: replace with per file lock */
 813static DEFINE_SPINLOCK(multi_transaction_lock);
 814
 815static void multi_transaction_kref(struct kref *kref)
 816{
 817        struct multi_transaction *t;
 818
 819        t = container_of(kref, struct multi_transaction, count);
 820        free_page((unsigned long) t);
 821}
 822
 823static struct multi_transaction *
 824get_multi_transaction(struct multi_transaction *t)
 825{
 826        if  (t)
 827                kref_get(&(t->count));
 828
 829        return t;
 830}
 831
 832static void put_multi_transaction(struct multi_transaction *t)
 833{
 834        if (t)
 835                kref_put(&(t->count), multi_transaction_kref);
 836}
 837
 838/* does not increment @new's count */
 839static void multi_transaction_set(struct file *file,
 840                                  struct multi_transaction *new, size_t n)
 841{
 842        struct multi_transaction *old;
 843
 844        AA_BUG(n > MULTI_TRANSACTION_LIMIT);
 845
 846        new->size = n;
 847        spin_lock(&multi_transaction_lock);
 848        old = (struct multi_transaction *) file->private_data;
 849        file->private_data = new;
 850        spin_unlock(&multi_transaction_lock);
 851        put_multi_transaction(old);
 852}
 853
 854static struct multi_transaction *multi_transaction_new(struct file *file,
 855                                                       const char __user *buf,
 856                                                       size_t size)
 857{
 858        struct multi_transaction *t;
 859
 860        if (size > MULTI_TRANSACTION_LIMIT - 1)
 861                return ERR_PTR(-EFBIG);
 862
 863        t = (struct multi_transaction *)get_zeroed_page(GFP_KERNEL);
 864        if (!t)
 865                return ERR_PTR(-ENOMEM);
 866        kref_init(&t->count);
 867        if (copy_from_user(t->data, buf, size))
 868                return ERR_PTR(-EFAULT);
 869
 870        return t;
 871}
 872
 873static ssize_t multi_transaction_read(struct file *file, char __user *buf,
 874                                       size_t size, loff_t *pos)
 875{
 876        struct multi_transaction *t;
 877        ssize_t ret;
 878
 879        spin_lock(&multi_transaction_lock);
 880        t = get_multi_transaction(file->private_data);
 881        spin_unlock(&multi_transaction_lock);
 882        if (!t)
 883                return 0;
 884
 885        ret = simple_read_from_buffer(buf, size, pos, t->data, t->size);
 886        put_multi_transaction(t);
 887
 888        return ret;
 889}
 890
 891static int multi_transaction_release(struct inode *inode, struct file *file)
 892{
 893        put_multi_transaction(file->private_data);
 894
 895        return 0;
 896}
 897
 898#define QUERY_CMD_LABEL         "label\0"
 899#define QUERY_CMD_LABEL_LEN     6
 900#define QUERY_CMD_PROFILE       "profile\0"
 901#define QUERY_CMD_PROFILE_LEN   8
 902#define QUERY_CMD_LABELALL      "labelall\0"
 903#define QUERY_CMD_LABELALL_LEN  9
 904#define QUERY_CMD_DATA          "data\0"
 905#define QUERY_CMD_DATA_LEN      5
 906
 907/**
 908 * aa_write_access - generic permissions and data query
 909 * @file: pointer to open apparmorfs/access file
 910 * @ubuf: user buffer containing the complete query string (NOT NULL)
 911 * @count: size of ubuf
 912 * @ppos: position in the file (MUST BE ZERO)
 913 *
 914 * Allows for one permissions or data query per open(), write(), and read()
 915 * sequence. The only queries currently supported are label-based queries for
 916 * permissions or data.
 917 *
 918 * For permissions queries, ubuf must begin with "label\0", followed by the
 919 * profile query specific format described in the query_label() function
 920 * documentation.
 921 *
 922 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where
 923 * <LABEL> is the name of the security confinement context and <KEY> is the
 924 * name of the data to retrieve.
 925 *
 926 * Returns: number of bytes written or -errno on failure
 927 */
 928static ssize_t aa_write_access(struct file *file, const char __user *ubuf,
 929                               size_t count, loff_t *ppos)
 930{
 931        struct multi_transaction *t;
 932        ssize_t len;
 933
 934        if (*ppos)
 935                return -ESPIPE;
 936
 937        t = multi_transaction_new(file, ubuf, count);
 938        if (IS_ERR(t))
 939                return PTR_ERR(t);
 940
 941        if (count > QUERY_CMD_PROFILE_LEN &&
 942            !memcmp(t->data, QUERY_CMD_PROFILE, QUERY_CMD_PROFILE_LEN)) {
 943                len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
 944                                  t->data + QUERY_CMD_PROFILE_LEN,
 945                                  count - QUERY_CMD_PROFILE_LEN, true);
 946        } else if (count > QUERY_CMD_LABEL_LEN &&
 947                   !memcmp(t->data, QUERY_CMD_LABEL, QUERY_CMD_LABEL_LEN)) {
 948                len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
 949                                  t->data + QUERY_CMD_LABEL_LEN,
 950                                  count - QUERY_CMD_LABEL_LEN, true);
 951        } else if (count > QUERY_CMD_LABELALL_LEN &&
 952                   !memcmp(t->data, QUERY_CMD_LABELALL,
 953                           QUERY_CMD_LABELALL_LEN)) {
 954                len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
 955                                  t->data + QUERY_CMD_LABELALL_LEN,
 956                                  count - QUERY_CMD_LABELALL_LEN, false);
 957        } else if (count > QUERY_CMD_DATA_LEN &&
 958                   !memcmp(t->data, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) {
 959                len = query_data(t->data, MULTI_TRANSACTION_LIMIT,
 960                                 t->data + QUERY_CMD_DATA_LEN,
 961                                 count - QUERY_CMD_DATA_LEN);
 962        } else
 963                len = -EINVAL;
 964
 965        if (len < 0) {
 966                put_multi_transaction(t);
 967                return len;
 968        }
 969
 970        multi_transaction_set(file, t, len);
 971
 972        return count;
 973}
 974
 975static const struct file_operations aa_sfs_access = {
 976        .write          = aa_write_access,
 977        .read           = multi_transaction_read,
 978        .release        = multi_transaction_release,
 979        .llseek         = generic_file_llseek,
 980};
 981
 982static int aa_sfs_seq_show(struct seq_file *seq, void *v)
 983{
 984        struct aa_sfs_entry *fs_file = seq->private;
 985
 986        if (!fs_file)
 987                return 0;
 988
 989        switch (fs_file->v_type) {
 990        case AA_SFS_TYPE_BOOLEAN:
 991                seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
 992                break;
 993        case AA_SFS_TYPE_STRING:
 994                seq_printf(seq, "%s\n", fs_file->v.string);
 995                break;
 996        case AA_SFS_TYPE_U64:
 997                seq_printf(seq, "%#08lx\n", fs_file->v.u64);
 998                break;
 999        default:
1000                /* Ignore unpritable entry types. */

1001                break;
1002        }
1003
1004        return 0;
1005}
1006
1007static int aa_sfs_seq_open(struct inode *inode, struct file *file)
1008{
1009        return single_open(file, aa_sfs_seq_show, inode->i_private);
1010}
1011
1012const struct file_operations aa_sfs_seq_file_ops = {
1013        .owner          = THIS_MODULE,
1014        .open           = aa_sfs_seq_open,
1015        .read           = seq_read,
1016        .llseek         = seq_lseek,
1017        .release        = single_release,
1018};
1019
1020/*
1021 * profile based file operations
1022 *     policy/profiles/XXXX/profiles/ *
1023 */
1024
1025#define SEQ_PROFILE_FOPS(NAME)                                                \
1026static int seq_profile_ ##NAME ##_open(struct inode *inode, struct file *file)\
1027{                                                                             \
1028        return seq_profile_open(inode, file, seq_profile_ ##NAME ##_show);    \
1029}                                                                             \
1030                                                                              \
1031static const struct file_operations seq_profile_ ##NAME ##_fops = {           \
1032        .owner          = THIS_MODULE,                                        \
1033        .open           = seq_profile_ ##NAME ##_open,                        \
1034        .read           = seq_read,                                           \
1035        .llseek         = seq_lseek,                                          \
1036        .release        = seq_profile_release,                                \
1037}                                                                             \
1038
1039static int seq_profile_open(struct inode *inode, struct file *file,
1040                            int (*show)(struct seq_file *, void *))
1041{
1042        struct aa_proxy *proxy = aa_get_proxy(inode->i_private);
1043        int error = single_open(file, show, proxy);
1044
1045        if (error) {
1046                file->private_data = NULL;
1047                aa_put_proxy(proxy);
1048        }
1049
1050        return error;
1051}
1052
1053static int seq_profile_release(struct inode *inode, struct file *file)
1054{
1055        struct seq_file *seq = (struct seq_file *) file->private_data;
1056        if (seq)
1057                aa_put_proxy(seq->private);
1058        return single_release(inode, file);
1059}
1060
1061static int seq_profile_name_show(struct seq_file *seq, void *v)
1062{
1063        struct aa_proxy *proxy = seq->private;
1064        struct aa_label *label = aa_get_label_rcu(&proxy->label);
1065        struct aa_profile *profile = labels_profile(label);
1066        seq_printf(seq, "%s\n", profile->base.name);
1067        aa_put_label(label);
1068
1069        return 0;
1070}
1071
1072static int seq_profile_mode_show(struct seq_file *seq, void *v)
1073{
1074        struct aa_proxy *proxy = seq->private;
1075        struct aa_label *label = aa_get_label_rcu(&proxy->label);
1076        struct aa_profile *profile = labels_profile(label);
1077        seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]);
1078        aa_put_label(label);
1079
1080        return 0;
1081}
1082
1083static int seq_profile_attach_show(struct seq_file *seq, void *v)
1084{
1085        struct aa_proxy *proxy = seq->private;
1086        struct aa_label *label = aa_get_label_rcu(&proxy->label);
1087        struct aa_profile *profile = labels_profile(label);
1088        if (profile->attach)
1089                seq_printf(seq, "%s\n", profile->attach);
1090        else if (profile->xmatch)
1091                seq_puts(seq, "<unknown>\n");
1092        else
1093                seq_printf(seq, "%s\n", profile->base.name);
1094        aa_put_label(label);
1095
1096        return 0;
1097}
1098
1099static int seq_profile_hash_show(struct seq_file *seq, void *v)
1100{
1101        struct aa_proxy *proxy = seq->private;
1102        struct aa_label *label = aa_get_label_rcu(&proxy->label);
1103        struct aa_profile *profile = labels_profile(label);
1104        unsigned int i, size = aa_hash_size();
1105
1106        if (profile->hash) {
1107                for (i = 0; i < size; i++)
1108                        seq_printf(seq, "%.2x", profile->hash[i]);
1109                seq_putc(seq, '\n');
1110        }
1111        aa_put_label(label);
1112
1113        return 0;
1114}
1115
1116SEQ_PROFILE_FOPS(name);
1117SEQ_PROFILE_FOPS(mode);
1118SEQ_PROFILE_FOPS(attach);
1119SEQ_PROFILE_FOPS(hash);
1120
1121/*
1122 * namespace based files
1123 *     several root files and
1124 *     policy/ *
1125 */
1126
1127#define SEQ_NS_FOPS(NAME)                                                     \
1128static int seq_ns_ ##NAME ##_open(struct inode *inode, struct file *file)     \
1129{                                                                             \
1130        return single_open(file, seq_ns_ ##NAME ##_show, inode->i_private);   \
1131}                                                                             \
1132                                                                              \
1133static const struct file_operations seq_ns_ ##NAME ##_fops = {        \
1134        .owner          = THIS_MODULE,                                        \
1135        .open           = seq_ns_ ##NAME ##_open,                             \
1136        .read           = seq_read,                                           \
1137        .llseek         = seq_lseek,                                          \
1138        .release        = single_release,                                     \
1139}                                                                             \
1140
1141static int seq_ns_stacked_show(struct seq_file *seq, void *v)
1142{
1143        struct aa_label *label;
1144
1145        label = begin_current_label_crit_section();
1146        seq_printf(seq, "%s\n", label->size > 1 ? "yes" : "no");
1147        end_current_label_crit_section(label);
1148
1149        return 0;
1150}
1151
1152static int seq_ns_nsstacked_show(struct seq_file *seq, void *v)
1153{
1154        struct aa_label *label;
1155        struct aa_profile *profile;
1156        struct label_it it;
1157        int count = 1;
1158
1159        label = begin_current_label_crit_section();
1160
1161        if (label->size > 1) {
1162                label_for_each(it, label, profile)
1163                        if (profile->ns != labels_ns(label)) {
1164                                count++;
1165                                break;
1166                        }
1167        }
1168
1169        seq_printf(seq, "%s\n", count > 1 ? "yes" : "no");
1170        end_current_label_crit_section(label);
1171
1172        return 0;
1173}
1174
1175static int seq_ns_level_show(struct seq_file *seq, void *v)
1176{
1177        struct aa_label *label;
1178
1179        label = begin_current_label_crit_section();
1180        seq_printf(seq, "%d\n", labels_ns(label)->level);
1181        end_current_label_crit_section(label);
1182
1183        return 0;
1184}
1185
1186static int seq_ns_name_show(struct seq_file *seq, void *v)
1187{
1188        struct aa_label *label = begin_current_label_crit_section();
1189
1190        seq_printf(seq, "%s\n", aa_ns_name(labels_ns(label),
1191                                           labels_ns(label), true));
1192        end_current_label_crit_section(label);
1193
1194        return 0;
1195}
1196
1197SEQ_NS_FOPS(stacked);
1198SEQ_NS_FOPS(nsstacked);
1199SEQ_NS_FOPS(level);
1200SEQ_NS_FOPS(name);
1201
1202
1203/* policy/raw_data/ * file ops */
1204
1205#define SEQ_RAWDATA_FOPS(NAME)                                                \
1206static int seq_rawdata_ ##NAME ##_open(struct inode *inode, struct file *file)\
1207{                                                                             \
1208        return seq_rawdata_open(inode, file, seq_rawdata_ ##NAME ##_show);    \
1209}                                                                             \
1210                                                                              \
1211static const struct file_operations seq_rawdata_ ##NAME ##_fops = {           \
1212        .owner          = THIS_MODULE,                                        \
1213        .open           = seq_rawdata_ ##NAME ##_open,                        \
1214        .read           = seq_read,                                           \
1215        .llseek         = seq_lseek,                                          \
1216        .release        = seq_rawdata_release,                                \
1217}                                                                             \
1218
1219static int seq_rawdata_open(struct inode *inode, struct file *file,
1220                            int (*show)(struct seq_file *, void *))
1221{
1222        struct aa_loaddata *data = __aa_get_loaddata(inode->i_private);
1223        int error;
1224
1225        if (!data)
1226                /* lost race this ent is being reaped */
1227                return -ENOENT;
1228
1229        error = single_open(file, show, data);
1230        if (error) {
1231                AA_BUG(file->private_data &&
1232                       ((struct seq_file *)file->private_data)->private);
1233                aa_put_loaddata(data);
1234        }
1235
1236        return error;
1237}
1238
1239static int seq_rawdata_release(struct inode *inode, struct file *file)
1240{
1241        struct seq_file *seq = (struct seq_file *) file->private_data;
1242
1243        if (seq)
1244                aa_put_loaddata(seq->private);
1245
1246        return single_release(inode, file);
1247}
1248
1249static int seq_rawdata_abi_show(struct seq_file *seq, void *v)
1250{
1251        struct aa_loaddata *data = seq->private;
1252
1253        seq_printf(seq, "v%d\n", data->abi);
1254
1255        return 0;
1256}
1257
1258static int seq_rawdata_revision_show(struct seq_file *seq, void *v)
1259{
1260        struct aa_loaddata *data = seq->private;
1261
1262        seq_printf(seq, "%ld\n", data->revision);
1263
1264        return 0;
1265}
1266
1267static int seq_rawdata_hash_show(struct seq_file *seq, void *v)
1268{
1269        struct aa_loaddata *data = seq->private;
1270        unsigned int i, size = aa_hash_size();
1271
1272        if (data->hash) {
1273                for (i = 0; i < size; i++)
1274                        seq_printf(seq, "%.2x", data->hash[i]);
1275                seq_putc(seq, '\n');
1276        }
1277
1278        return 0;
1279}
1280
1281SEQ_RAWDATA_FOPS(abi);
1282SEQ_RAWDATA_FOPS(revision);
1283SEQ_RAWDATA_FOPS(hash);
1284
1285static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size,
1286                            loff_t *ppos)
1287{
1288        struct aa_loaddata *rawdata = file->private_data;
1289
1290        return simple_read_from_buffer(buf, size, ppos, rawdata->data,
1291                                       rawdata->size);
1292}
1293
1294static int rawdata_release(struct inode *inode, struct file *file)
1295{
1296        aa_put_loaddata(file->private_data);
1297
1298        return 0;
1299}
1300
1301static int rawdata_open(struct inode *inode, struct file *file)
1302{
1303        if (!policy_view_capable(NULL))
1304                return -EACCES;
1305        file->private_data = __aa_get_loaddata(inode->i_private);
1306        if (!file->private_data)
1307                /* lost race: this entry is being reaped */
1308                return -ENOENT;
1309
1310        return 0;
1311}
1312
1313static const struct file_operations rawdata_fops = {
1314        .open = rawdata_open,
1315        .read = rawdata_read,
1316        .llseek = generic_file_llseek,
1317        .release = rawdata_release,
1318};
1319
1320static void remove_rawdata_dents(struct aa_loaddata *rawdata)
1321{
1322        int i;
1323
1324        for (i = 0; i < AAFS_LOADDATA_NDENTS; i++) {
1325                if (!IS_ERR_OR_NULL(rawdata->dents[i])) {
1326                        /* no refcounts on i_private */
1327                        aafs_remove(rawdata->dents[i]);
1328                        rawdata->dents[i] = NULL;
1329                }
1330        }
1331}
1332
1333void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata)
1334{
1335        AA_BUG(rawdata->ns && !mutex_is_locked(&rawdata->ns->lock));
1336
1337        if (rawdata->ns) {
1338                remove_rawdata_dents(rawdata);
1339                list_del_init(&rawdata->list);
1340                aa_put_ns(rawdata->ns);
1341                rawdata->ns = NULL;
1342        }
1343}
1344
1345int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata)
1346{
1347        struct dentry *dent, *dir;
1348
1349        AA_BUG(!ns);
1350        AA_BUG(!rawdata);
1351        AA_BUG(!mutex_is_locked(&ns->lock));
1352        AA_BUG(!ns_subdata_dir(ns));
1353
1354        /*
1355         * just use ns revision dir was originally created at. This is
1356         * under ns->lock and if load is successful revision will be
1357         * bumped and is guaranteed to be unique
1358         */
1359        rawdata->name = kasprintf(GFP_KERNEL, "%ld", ns->revision);
1360        if (!rawdata->name)
1361                return -ENOMEM;
1362
1363        dir = aafs_create_dir(rawdata->name, ns_subdata_dir(ns));
1364        if (IS_ERR(dir))
1365                /* ->name freed when rawdata freed */
1366                return PTR_ERR(dir);
1367        rawdata->dents[AAFS_LOADDATA_DIR] = dir;
1368
1369        dent = aafs_create_file("abi", S_IFREG | 0444, dir, rawdata,
1370                                      &seq_rawdata_abi_fops);
1371        if (IS_ERR(dent))
1372                goto fail;
1373        rawdata->dents[AAFS_LOADDATA_ABI] = dent;
1374
1375        dent = aafs_create_file("revision", S_IFREG | 0444, dir, rawdata,
1376                                      &seq_rawdata_revision_fops);
1377        if (IS_ERR(dent))
1378                goto fail;
1379        rawdata->dents[AAFS_LOADDATA_REVISION] = dent;
1380
1381        if (aa_g_hash_policy) {
1382                dent = aafs_create_file("sha1", S_IFREG | 0444, dir,
1383                                              rawdata, &seq_rawdata_hash_fops);
1384                if (IS_ERR(dent))
1385                        goto fail;
1386                rawdata->dents[AAFS_LOADDATA_HASH] = dent;
1387        }
1388
1389        dent = aafs_create_file("raw_data", S_IFREG | 0444,
1390                                      dir, rawdata, &rawdata_fops);
1391        if (IS_ERR(dent))
1392                goto fail;
1393        rawdata->dents[AAFS_LOADDATA_DATA] = dent;
1394        d_inode(dent)->i_size = rawdata->size;
1395
1396        rawdata->ns = aa_get_ns(ns);
1397        list_add(&rawdata->list, &ns->rawdata_list);
1398        /* no refcount on inode rawdata */
1399
1400        return 0;
1401
1402fail:
1403        remove_rawdata_dents(rawdata);
1404
1405        return PTR_ERR(dent);
1406}
1407
1408/** fns to setup dynamic per profile/namespace files **/
1409
1410/**
1411 *
1412 * Requires: @profile->ns->lock held
1413 */
1414void __aafs_profile_rmdir(struct aa_profile *profile)
1415{
1416        struct aa_profile *child;
1417        int i;
1418
1419        if (!profile)
1420                return;
1421
1422        list_for_each_entry(child, &profile->base.profiles, base.list)
1423                __aafs_profile_rmdir(child);
1424
1425        for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) {
1426                struct aa_proxy *proxy;
1427                if (!profile->dents[i])
1428                        continue;
1429
1430                proxy = d_inode(profile->dents[i])->i_private;
1431                aafs_remove(profile->dents[i]);
1432                aa_put_proxy(proxy);
1433                profile->dents[i] = NULL;
1434        }
1435}
1436
1437/**
1438 *
1439 * Requires: @old->ns->lock held
1440 */
1441void __aafs_profile_migrate_dents(struct aa_profile *old,
1442                                  struct aa_profile *new)
1443{
1444        int i;
1445
1446        for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
1447                new->dents[i] = old->dents[i];
1448                if (new->dents[i])
1449                        new->dents[i]->d_inode->i_mtime = current_time(new->dents[i]->d_inode);
1450                old->dents[i] = NULL;
1451        }
1452}
1453
1454static struct dentry *create_profile_file(struct dentry *dir, const char *name,
1455                                          struct aa_profile *profile,
1456                                          const struct file_operations *fops)
1457{
1458        struct aa_proxy *proxy = aa_get_proxy(profile->label.proxy);
1459        struct dentry *dent;
1460
1461        dent = aafs_create_file(name, S_IFREG | 0444, dir, proxy, fops);
1462        if (IS_ERR(dent))
1463                aa_put_proxy(proxy);
1464
1465        return dent;
1466}
1467
1468static int profile_depth(struct aa_profile *profile)
1469{
1470        int depth = 0;
1471
1472        rcu_read_lock();
1473        for (depth = 0; profile; profile = rcu_access_pointer(profile->parent))
1474                depth++;
1475        rcu_read_unlock();
1476
1477        return depth;
1478}
1479
1480static int gen_symlink_name(char *buffer, size_t bsize, int depth,
1481                            const char *dirname, const char *fname)
1482{
1483        int error;
1484
1485        for (; depth > 0; depth--) {
1486                if (bsize < 7)
1487                        return -ENAMETOOLONG;
1488                strcpy(buffer, "../../");
1489                buffer += 6;
1490                bsize -= 6;
1491        }
1492
1493        error = snprintf(buffer, bsize, "raw_data/%s/%s", dirname, fname);
1494        if (error >= bsize || error < 0)
1495                return -ENAMETOOLONG;
1496
1497        return 0;
1498}
1499
1500/*
1501 * Requires: @profile->ns->lock held
1502 */
1503int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
1504{
1505        struct aa_profile *child;
1506        struct dentry *dent = NULL, *dir;
1507        int error;
1508
1509        if (!parent) {
1510                struct aa_profile *p;
1511                p = aa_deref_parent(profile);
1512                dent = prof_dir(p);
1513                /* adding to parent that previously didn't have children */
1514                dent = aafs_create_dir("profiles", dent);
1515                if (IS_ERR(dent))
1516                        goto fail;
1517                prof_child_dir(p) = parent = dent;
1518        }
1519
1520        if (!profile->dirname) {
1521                int len, id_len;
1522                len = mangle_name(profile->base.name, NULL);
1523                id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
1524
1525                profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
1526                if (!profile->dirname) {
1527                        error = -ENOMEM;
1528                        goto fail2;
1529                }
1530
1531                mangle_name(profile->base.name, profile->dirname);
1532                sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
1533        }
1534
1535        dent = aafs_create_dir(profile->dirname, parent);
1536        if (IS_ERR(dent))
1537                goto fail;
1538        prof_dir(profile) = dir = dent;
1539
1540        dent = create_profile_file(dir, "name", profile,
1541                                   &seq_profile_name_fops);
1542        if (IS_ERR(dent))
1543                goto fail;
1544        profile->dents[AAFS_PROF_NAME] = dent;
1545
1546        dent = create_profile_file(dir, "mode", profile,
1547                                   &seq_profile_mode_fops);
1548        if (IS_ERR(dent))
1549                goto fail;
1550        profile->dents[AAFS_PROF_MODE] = dent;
1551
1552        dent = create_profile_file(dir, "attach", profile,
1553                                   &seq_profile_attach_fops);
1554        if (IS_ERR(dent))
1555                goto fail;
1556        profile->dents[AAFS_PROF_ATTACH] = dent;
1557
1558        if (profile->hash) {
1559                dent = create_profile_file(dir, "sha1", profile,
1560                                           &seq_profile_hash_fops);
1561                if (IS_ERR(dent))
1562                        goto fail;
1563                profile->dents[AAFS_PROF_HASH] = dent;
1564        }
1565
1566        if (profile->rawdata) {
1567                char target[64];
1568                int depth = profile_depth(profile);
1569
1570                error = gen_symlink_name(target, sizeof(target), depth,
1571                                         profile->rawdata->name, "sha1");
1572                if (error < 0)
1573                        goto fail2;
1574                dent = aafs_create_symlink("raw_sha1", dir, target, NULL);
1575                if (IS_ERR(dent))
1576                        goto fail;
1577                profile->dents[AAFS_PROF_RAW_HASH] = dent;
1578
1579                error = gen_symlink_name(target, sizeof(target), depth,
1580                                         profile->rawdata->name, "abi");
1581                if (error < 0)
1582                        goto fail2;
1583                dent = aafs_create_symlink("raw_abi", dir, target, NULL);
1584                if (IS_ERR(dent))
1585                        goto fail;
1586                profile->dents[AAFS_PROF_RAW_ABI] = dent;
1587
1588                error = gen_symlink_name(target, sizeof(target), depth,
1589                                         profile->rawdata->name, "raw_data");
1590                if (error < 0)
1591                        goto fail2;
1592                dent = aafs_create_symlink("raw_data", dir, target, NULL);
1593                if (IS_ERR(dent))
1594                        goto fail;
1595                profile->dents[AAFS_PROF_RAW_DATA] = dent;
1596        }
1597
1598        list_for_each_entry(child, &profile->base.profiles, base.list) {
1599                error = __aafs_profile_mkdir(child, prof_child_dir(profile));
1600                if (error)
1601                        goto fail2;
1602        }
1603
1604        return 0;
1605
1606fail:
1607        error = PTR_ERR(dent);
1608
1609fail2:
1610        __aafs_profile_rmdir(profile);
1611
1612        return error;
1613}
1614
1615static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
1616{
1617        struct aa_ns *ns, *parent;
1618        /* TODO: improve permission check */
1619        struct aa_label *label;
1620        int error;
1621
1622        label = begin_current_label_crit_section();
1623        error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY);
1624        end_current_label_crit_section(label);
1625        if (error)
1626                return error;
1627
1628        parent = aa_get_ns(dir->i_private);
1629        AA_BUG(d_inode(ns_subns_dir(parent)) != dir);
1630
1631        /* we have to unlock and then relock to get locking order right
1632         * for pin_fs
1633         */
1634        inode_unlock(dir);
1635        error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
1636        mutex_lock(&parent->lock);
1637        inode_lock_nested(dir, I_MUTEX_PARENT);
1638        if (error)
1639                goto out;
1640
1641        error = __aafs_setup_d_inode(dir, dentry, mode | S_IFDIR,  NULL,
1642                                     NULL, NULL, NULL);
1643        if (error)
1644                goto out_pin;
1645
1646        ns = __aa_find_or_create_ns(parent, READ_ONCE(dentry->d_name.name),
1647                                    dentry);
1648        if (IS_ERR(ns)) {
1649                error = PTR_ERR(ns);
1650                ns = NULL;
1651        }
1652
1653        aa_put_ns(ns);          /* list ref remains */
1654out_pin:
1655        if (error)
1656                simple_release_fs(&aafs_mnt, &aafs_count);
1657out:
1658        mutex_unlock(&parent->lock);
1659        aa_put_ns(parent);
1660
1661        return error;
1662}
1663
1664static int ns_rmdir_op(struct inode *dir, struct dentry *dentry)
1665{
1666        struct aa_ns *ns, *parent;
1667        /* TODO: improve permission check */
1668        struct aa_label *label;
1669        int error;
1670
1671        label = begin_current_label_crit_section();
1672        error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY);
1673        end_current_label_crit_section(label);
1674        if (error)
1675                return error;
1676
1677         parent = aa_get_ns(dir->i_private);
1678        /* rmdir calls the generic securityfs functions to remove files
1679         * from the apparmor dir. It is up to the apparmor ns locking
1680         * to avoid races.
1681         */
1682        inode_unlock(dir);
1683        inode_unlock(dentry->d_inode);
1684
1685        mutex_lock(&parent->lock);
1686        ns = aa_get_ns(__aa_findn_ns(&parent->sub_ns, dentry->d_name.name,
1687                                     dentry->d_name.len));
1688        if (!ns) {
1689                error = -ENOENT;
1690                goto out;
1691        }
1692        AA_BUG(ns_dir(ns) != dentry);
1693
1694        __aa_remove_ns(ns);
1695        aa_put_ns(ns);
1696
1697out:
1698        mutex_unlock(&parent->lock);
1699        inode_lock_nested(dir, I_MUTEX_PARENT);
1700        inode_lock(dentry->d_inode);
1701        aa_put_ns(parent);
1702
1703        return error;
1704}
1705
1706static const struct inode_operations ns_dir_inode_operations = {
1707        .lookup         = simple_lookup,
1708        .mkdir          = ns_mkdir_op,
1709        .rmdir          = ns_rmdir_op,
1710};
1711
1712static void __aa_fs_list_remove_rawdata(struct aa_ns *ns)
1713{
1714        struct aa_loaddata *ent, *tmp;
1715
1716        AA_BUG(!mutex_is_locked(&ns->lock));
1717
1718        list_for_each_entry_safe(ent, tmp, &ns->rawdata_list, list)
1719                __aa_fs_remove_rawdata(ent);
1720}
1721
1722/**
1723 *
1724 * Requires: @ns->lock held
1725 */
1726void __aafs_ns_rmdir(struct aa_ns *ns)
1727{
1728        struct aa_ns *sub;
1729        struct aa_profile *child;
1730        int i;
1731
1732        if (!ns)
1733                return;
1734
1735        list_for_each_entry(child, &ns->base.profiles, base.list)
1736                __aafs_profile_rmdir(child);
1737
1738        list_for_each_entry(sub, &ns->sub_ns, base.list) {
1739                mutex_lock(&sub->lock);
1740                __aafs_ns_rmdir(sub);
1741                mutex_unlock(&sub->lock);
1742        }
1743
1744        __aa_fs_list_remove_rawdata(ns);
1745
1746        if (ns_subns_dir(ns)) {
1747                sub = d_inode(ns_subns_dir(ns))->i_private;
1748                aa_put_ns(sub);
1749        }
1750        if (ns_subload(ns)) {
1751                sub = d_inode(ns_subload(ns))->i_private;
1752                aa_put_ns(sub);
1753        }
1754        if (ns_subreplace(ns)) {
1755                sub = d_inode(ns_subreplace(ns))->i_private;
1756                aa_put_ns(sub);
1757        }
1758        if (ns_subremove(ns)) {
1759                sub = d_inode(ns_subremove(ns))->i_private;
1760                aa_put_ns(sub);
1761        }
1762        if (ns_subrevision(ns)) {
1763                sub = d_inode(ns_subrevision(ns))->i_private;
1764                aa_put_ns(sub);
1765        }
1766
1767        for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) {
1768                aafs_remove(ns->dents[i]);
1769                ns->dents[i] = NULL;
1770        }
1771}
1772
1773/* assumes cleanup in caller */
1774static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir)
1775{
1776        struct dentry *dent;
1777
1778        AA_BUG(!ns);
1779        AA_BUG(!dir);
1780
1781        dent = aafs_create_dir("profiles", dir);
1782        if (IS_ERR(dent))
1783                return PTR_ERR(dent);
1784        ns_subprofs_dir(ns) = dent;
1785
1786        dent = aafs_create_dir("raw_data", dir);
1787        if (IS_ERR(dent))
1788                return PTR_ERR(dent);
1789        ns_subdata_dir(ns) = dent;
1790
1791        dent = aafs_create_file("revision", 0444, dir, ns,
1792                                &aa_fs_ns_revision_fops);
1793        if (IS_ERR(dent))
1794                return PTR_ERR(dent);
1795        aa_get_ns(ns);
1796        ns_subrevision(ns) = dent;
1797
1798        dent = aafs_create_file(".load", 0640, dir, ns,
1799                                      &aa_fs_profile_load);
1800        if (IS_ERR(dent))
1801                return PTR_ERR(dent);
1802        aa_get_ns(ns);
1803        ns_subload(ns) = dent;
1804
1805        dent = aafs_create_file(".replace", 0640, dir, ns,
1806                                      &aa_fs_profile_replace);
1807        if (IS_ERR(dent))
1808                return PTR_ERR(dent);
1809        aa_get_ns(ns);
1810        ns_subreplace(ns) = dent;
1811
1812        dent = aafs_create_file(".remove", 0640, dir, ns,
1813                                      &aa_fs_profile_remove);
1814        if (IS_ERR(dent))
1815                return PTR_ERR(dent);
1816        aa_get_ns(ns);
1817        ns_subremove(ns) = dent;
1818
1819          /* use create_dentry so we can supply private data */
1820        dent = aafs_create("namespaces", S_IFDIR | 0755, dir, ns, NULL, NULL,
1821                           &ns_dir_inode_operations);
1822        if (IS_ERR(dent))
1823                return PTR_ERR(dent);
1824        aa_get_ns(ns);
1825        ns_subns_dir(ns) = dent;
1826
1827        return 0;
1828}
1829
1830/*
1831 * Requires: @ns->lock held
1832 */
1833int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
1834                    struct dentry *dent)
1835{
1836        struct aa_ns *sub;
1837        struct aa_profile *child;
1838        struct dentry *dir;
1839        int error;
1840
1841        AA_BUG(!ns);
1842        AA_BUG(!parent);
1843        AA_BUG(!mutex_is_locked(&ns->lock));
1844
1845        if (!name)
1846                name = ns->base.name;
1847
1848        if (!dent) {
1849                /* create ns dir if it doesn't already exist */
1850                dent = aafs_create_dir(name, parent);
1851                if (IS_ERR(dent))
1852                        goto fail;
1853        } else
1854                dget(dent);
1855        ns_dir(ns) = dir = dent;
1856        error = __aafs_ns_mkdir_entries(ns, dir);
1857        if (error)
1858                goto fail2;
1859
1860        /* profiles */
1861        list_for_each_entry(child, &ns->base.profiles, base.list) {
1862                error = __aafs_profile_mkdir(child, ns_subprofs_dir(ns));
1863                if (error)
1864                        goto fail2;
1865        }
1866
1867        /* subnamespaces */
1868        list_for_each_entry(sub, &ns->sub_ns, base.list) {
1869                mutex_lock(&sub->lock);
1870                error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL);
1871                mutex_unlock(&sub->lock);
1872                if (error)
1873                        goto fail2;
1874        }
1875
1876        return 0;
1877
1878fail:
1879        error = PTR_ERR(dent);
1880
1881fail2:
1882        __aafs_ns_rmdir(ns);
1883
1884        return error;
1885}
1886
1887
1888#define list_entry_is_head(pos, head, member) (&pos->member == (head))
1889
1890/**
1891 * __next_ns - find the next namespace to list
1892 * @root: root namespace to stop search at (NOT NULL)
1893 * @ns: current ns position (NOT NULL)
1894 *
1895 * Find the next namespace from @ns under @root and handle all locking needed
1896 * while switching current namespace.
1897 *
1898 * Returns: next namespace or NULL if at last namespace under @root
1899 * Requires: ns->parent->lock to be held
1900 * NOTE: will not unlock root->lock
1901 */
1902static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns)
1903{
1904        struct aa_ns *parent, *next;
1905
1906        /* is next namespace a child */
1907        if (!list_empty(&ns->sub_ns)) {
1908                next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
1909                mutex_lock(&next->lock);
1910                return next;
1911        }
1912
1913        /* check if the next ns is a sibling, parent, gp, .. */
1914        parent = ns->parent;
1915        while (ns != root) {
1916                mutex_unlock(&ns->lock);
1917                next = list_next_entry(ns, base.list);
1918                if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
1919                        mutex_lock(&next->lock);
1920                        return next;
1921                }
1922                ns = parent;
1923                parent = parent->parent;
1924        }
1925
1926        return NULL;
1927}
1928
1929/**
1930 * __first_profile - find the first profile in a namespace
1931 * @root: namespace that is root of profiles being displayed (NOT NULL)
1932 * @ns: namespace to start in   (NOT NULL)
1933 *
1934 * Returns: unrefcounted profile or NULL if no profile
1935 * Requires: profile->ns.lock to be held
1936 */
1937static struct aa_profile *__first_profile(struct aa_ns *root,
1938                                          struct aa_ns *ns)
1939{
1940        for (; ns; ns = __next_ns(root, ns)) {
1941                if (!list_empty(&ns->base.profiles))
1942                        return list_first_entry(&ns->base.profiles,
1943                                                struct aa_profile, base.list);
1944        }
1945        return NULL;
1946}
1947
1948/**
1949 * __next_profile - step to the next profile in a profile tree
1950 * @profile: current profile in tree (NOT NULL)
1951 *
1952 * Perform a depth first traversal on the profile tree in a namespace
1953 *
1954 * Returns: next profile or NULL if done
1955 * Requires: profile->ns.lock to be held
1956 */
1957static struct aa_profile *__next_profile(struct aa_profile *p)
1958{
1959        struct aa_profile *parent;
1960        struct aa_ns *ns = p->ns;
1961
1962        /* is next profile a child */
1963        if (!list_empty(&p->base.profiles))
1964                return list_first_entry(&p->base.profiles, typeof(*p),
1965                                        base.list);
1966
1967        /* is next profile a sibling, parent sibling, gp, sibling, .. */
1968        parent = rcu_dereference_protected(p->parent,
1969                                           mutex_is_locked(&p->ns->lock));
1970        while (parent) {
1971                p = list_next_entry(p, base.list);
1972                if (!list_entry_is_head(p, &parent->base.profiles, base.list))
1973                        return p;
1974                p = parent;
1975                parent = rcu_dereference_protected(parent->parent,
1976                                            mutex_is_locked(&parent->ns->lock));
1977        }
1978
1979        /* is next another profile in the namespace */
1980        p = list_next_entry(p, base.list);
1981        if (!list_entry_is_head(p, &ns->base.profiles, base.list))
1982                return p;
1983
1984        return NULL;
1985}
1986
1987/**
1988 * next_profile - step to the next profile in where ever it may be
1989 * @root: root namespace  (NOT NULL)
1990 * @profile: current profile  (NOT NULL)
1991 *
1992 * Returns: next profile or NULL if there isn't one
1993 */
1994static struct aa_profile *next_profile(struct aa_ns *root,
1995                                       struct aa_profile *profile)
1996{
1997        struct aa_profile *next = __next_profile(profile);
1998        if (next)
1999                return next;
2000

2001        /* finished all profiles in namespace move to next namespace */
2002        return __first_profile(root, __next_ns(root, profile->ns));
2003}
2004
2005/**
2006 * p_start - start a depth first traversal of profile tree
2007 * @f: seq_file to fill
2008 * @pos: current position
2009 *
2010 * Returns: first profile under current namespace or NULL if none found
2011 *
2012 * acquires first ns->lock
2013 */
2014static void *p_start(struct seq_file *f, loff_t *pos)
2015{
2016        struct aa_profile *profile = NULL;
2017        struct aa_ns *root = aa_get_current_ns();
2018        loff_t l = *pos;
2019        f->private = root;
2020
2021        /* find the first profile */
2022        mutex_lock(&root->lock);
2023        profile = __first_profile(root, root);
2024
2025        /* skip to position */
2026        for (; profile && l > 0; l--)
2027                profile = next_profile(root, profile);
2028
2029        return profile;
2030}
2031
2032/**
2033 * p_next - read the next profile entry
2034 * @f: seq_file to fill
2035 * @p: profile previously returned
2036 * @pos: current position
2037 *
2038 * Returns: next profile after @p or NULL if none
2039 *
2040 * may acquire/release locks in namespace tree as necessary
2041 */
2042static void *p_next(struct seq_file *f, void *p, loff_t *pos)
2043{
2044        struct aa_profile *profile = p;
2045        struct aa_ns *ns = f->private;
2046        (*pos)++;
2047
2048        return next_profile(ns, profile);
2049}
2050
2051/**
2052 * p_stop - stop depth first traversal
2053 * @f: seq_file we are filling
2054 * @p: the last profile writen
2055 *
2056 * Release all locking done by p_start/p_next on namespace tree
2057 */
2058static void p_stop(struct seq_file *f, void *p)
2059{
2060        struct aa_profile *profile = p;
2061        struct aa_ns *root = f->private, *ns;
2062
2063        if (profile) {
2064                for (ns = profile->ns; ns && ns != root; ns = ns->parent)
2065                        mutex_unlock(&ns->lock);
2066        }
2067        mutex_unlock(&root->lock);
2068        aa_put_ns(root);
2069}
2070
2071/**
2072 * seq_show_profile - show a profile entry
2073 * @f: seq_file to file
2074 * @p: current position (profile)    (NOT NULL)
2075 *
2076 * Returns: error on failure
2077 */
2078static int seq_show_profile(struct seq_file *f, void *p)
2079{
2080        struct aa_profile *profile = (struct aa_profile *)p;
2081        struct aa_ns *root = f->private;
2082
2083        aa_label_seq_xprint(f, root, &profile->label,
2084                            FLAG_SHOW_MODE | FLAG_VIEW_SUBNS, GFP_KERNEL);
2085        seq_putc(f, '\n');
2086
2087        return 0;
2088}
2089
2090static const struct seq_operations aa_sfs_profiles_op = {
2091        .start = p_start,
2092        .next = p_next,
2093        .stop = p_stop,
2094        .show = seq_show_profile,
2095};
2096
2097static int profiles_open(struct inode *inode, struct file *file)
2098{
2099        if (!policy_view_capable(NULL))
2100                return -EACCES;
2101
2102        return seq_open(file, &aa_sfs_profiles_op);
2103}
2104
2105static int profiles_release(struct inode *inode, struct file *file)
2106{
2107        return seq_release(inode, file);
2108}
2109
2110static const struct file_operations aa_sfs_profiles_fops = {
2111        .open = profiles_open,
2112        .read = seq_read,
2113        .llseek = seq_lseek,
2114        .release = profiles_release,
2115};
2116
2117
2118/** Base file system setup **/
2119static struct aa_sfs_entry aa_sfs_entry_file[] = {
2120        AA_SFS_FILE_STRING("mask",
2121                           "create read write exec append mmap_exec link lock"),
2122        { }
2123};
2124
2125static struct aa_sfs_entry aa_sfs_entry_ptrace[] = {
2126        AA_SFS_FILE_STRING("mask", "read trace"),
2127        { }
2128};
2129
2130static struct aa_sfs_entry aa_sfs_entry_domain[] = {
2131        AA_SFS_FILE_BOOLEAN("change_hat",       1),
2132        AA_SFS_FILE_BOOLEAN("change_hatv",      1),
2133        AA_SFS_FILE_BOOLEAN("change_onexec",    1),
2134        AA_SFS_FILE_BOOLEAN("change_profile",   1),
2135        AA_SFS_FILE_BOOLEAN("stack",            1),
2136        AA_SFS_FILE_BOOLEAN("fix_binfmt_elf_mmap",      1),
2137        AA_SFS_FILE_STRING("version", "1.2"),
2138        { }
2139};
2140
2141static struct aa_sfs_entry aa_sfs_entry_versions[] = {
2142        AA_SFS_FILE_BOOLEAN("v5",       1),
2143        AA_SFS_FILE_BOOLEAN("v6",       1),
2144        AA_SFS_FILE_BOOLEAN("v7",       1),
2145        { }
2146};
2147
2148static struct aa_sfs_entry aa_sfs_entry_policy[] = {
2149        AA_SFS_DIR("versions",                  aa_sfs_entry_versions),
2150        AA_SFS_FILE_BOOLEAN("set_load",         1),
2151        { }
2152};
2153
2154static struct aa_sfs_entry aa_sfs_entry_ns[] = {
2155        AA_SFS_FILE_BOOLEAN("profile",          1),
2156        AA_SFS_FILE_BOOLEAN("pivot_root",       1),
2157        { }
2158};
2159
2160static struct aa_sfs_entry aa_sfs_entry_query_label[] = {
2161        AA_SFS_FILE_STRING("perms", "allow deny audit quiet"),
2162        AA_SFS_FILE_BOOLEAN("data",             1),
2163        AA_SFS_FILE_BOOLEAN("multi_transaction",        1),
2164        { }
2165};
2166
2167static struct aa_sfs_entry aa_sfs_entry_query[] = {
2168        AA_SFS_DIR("label",                     aa_sfs_entry_query_label),
2169        { }
2170};
2171static struct aa_sfs_entry aa_sfs_entry_features[] = {
2172        AA_SFS_DIR("policy",                    aa_sfs_entry_policy),
2173        AA_SFS_DIR("domain",                    aa_sfs_entry_domain),
2174        AA_SFS_DIR("file",                      aa_sfs_entry_file),
2175        AA_SFS_DIR("namespaces",                aa_sfs_entry_ns),
2176        AA_SFS_FILE_U64("capability",           VFS_CAP_FLAGS_MASK),
2177        AA_SFS_DIR("rlimit",                    aa_sfs_entry_rlimit),
2178        AA_SFS_DIR("caps",                      aa_sfs_entry_caps),
2179        AA_SFS_DIR("ptrace",                    aa_sfs_entry_ptrace),
2180        AA_SFS_DIR("query",                     aa_sfs_entry_query),
2181        { }
2182};
2183
2184static struct aa_sfs_entry aa_sfs_entry_apparmor[] = {
2185        AA_SFS_FILE_FOPS(".access", 0640, &aa_sfs_access),
2186        AA_SFS_FILE_FOPS(".stacked", 0444, &seq_ns_stacked_fops),
2187        AA_SFS_FILE_FOPS(".ns_stacked", 0444, &seq_ns_nsstacked_fops),
2188        AA_SFS_FILE_FOPS(".ns_level", 0666, &seq_ns_level_fops),
2189        AA_SFS_FILE_FOPS(".ns_name", 0640, &seq_ns_name_fops),
2190        AA_SFS_FILE_FOPS("profiles", 0440, &aa_sfs_profiles_fops),
2191        AA_SFS_DIR("features", aa_sfs_entry_features),
2192        { }
2193};
2194
2195static struct aa_sfs_entry aa_sfs_entry =
2196        AA_SFS_DIR("apparmor", aa_sfs_entry_apparmor);
2197
2198/**
2199 * entry_create_file - create a file entry in the apparmor securityfs
2200 * @fs_file: aa_sfs_entry to build an entry for (NOT NULL)
2201 * @parent: the parent dentry in the securityfs
2202 *
2203 * Use entry_remove_file to remove entries created with this fn.
2204 */
2205static int __init entry_create_file(struct aa_sfs_entry *fs_file,
2206                                    struct dentry *parent)
2207{
2208        int error = 0;
2209
2210        fs_file->dentry = securityfs_create_file(fs_file->name,
2211                                                 S_IFREG | fs_file->mode,
2212                                                 parent, fs_file,
2213                                                 fs_file->file_ops);
2214        if (IS_ERR(fs_file->dentry)) {
2215                error = PTR_ERR(fs_file->dentry);
2216                fs_file->dentry = NULL;
2217        }
2218        return error;
2219}
2220
2221static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir);
2222/**
2223 * entry_create_dir - recursively create a directory entry in the securityfs
2224 * @fs_dir: aa_sfs_entry (and all child entries) to build (NOT NULL)
2225 * @parent: the parent dentry in the securityfs
2226 *
2227 * Use entry_remove_dir to remove entries created with this fn.
2228 */
2229static int __init entry_create_dir(struct aa_sfs_entry *fs_dir,
2230                                   struct dentry *parent)
2231{
2232        struct aa_sfs_entry *fs_file;
2233        struct dentry *dir;
2234        int error;
2235
2236        dir = securityfs_create_dir(fs_dir->name, parent);
2237        if (IS_ERR(dir))
2238                return PTR_ERR(dir);
2239        fs_dir->dentry = dir;
2240
2241        for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
2242                if (fs_file->v_type == AA_SFS_TYPE_DIR)
2243                        error = entry_create_dir(fs_file, fs_dir->dentry);
2244                else
2245                        error = entry_create_file(fs_file, fs_dir->dentry);
2246                if (error)
2247                        goto failed;
2248        }
2249
2250        return 0;
2251
2252failed:
2253        entry_remove_dir(fs_dir);
2254
2255        return error;
2256}
2257
2258/**
2259 * entry_remove_file - drop a single file entry in the apparmor securityfs
2260 * @fs_file: aa_sfs_entry to detach from the securityfs (NOT NULL)
2261 */
2262static void __init entry_remove_file(struct aa_sfs_entry *fs_file)
2263{
2264        if (!fs_file->dentry)
2265                return;
2266
2267        securityfs_remove(fs_file->dentry);
2268        fs_file->dentry = NULL;
2269}
2270
2271/**
2272 * entry_remove_dir - recursively drop a directory entry from the securityfs
2273 * @fs_dir: aa_sfs_entry (and all child entries) to detach (NOT NULL)
2274 */
2275static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir)
2276{
2277        struct aa_sfs_entry *fs_file;
2278
2279        for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
2280                if (fs_file->v_type == AA_SFS_TYPE_DIR)
2281                        entry_remove_dir(fs_file);
2282                else
2283                        entry_remove_file(fs_file);
2284        }
2285
2286        entry_remove_file(fs_dir);
2287}
2288
2289/**
2290 * aa_destroy_aafs - cleanup and free aafs
2291 *
2292 * releases dentries allocated by aa_create_aafs
2293 */
2294void __init aa_destroy_aafs(void)
2295{
2296        entry_remove_dir(&aa_sfs_entry);
2297}
2298
2299
2300#define NULL_FILE_NAME ".null"
2301struct path aa_null;
2302
2303static int aa_mk_null_file(struct dentry *parent)
2304{
2305        struct vfsmount *mount = NULL;
2306        struct dentry *dentry;
2307        struct inode *inode;
2308        int count = 0;
2309        int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count);
2310
2311        if (error)
2312                return error;
2313
2314        inode_lock(d_inode(parent));
2315        dentry = lookup_one_len(NULL_FILE_NAME, parent, strlen(NULL_FILE_NAME));
2316        if (IS_ERR(dentry)) {
2317                error = PTR_ERR(dentry);
2318                goto out;
2319        }
2320        inode = new_inode(parent->d_inode->i_sb);
2321        if (!inode) {
2322                error = -ENOMEM;
2323                goto out1;
2324        }
2325
2326        inode->i_ino = get_next_ino();
2327        inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
2328        inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode);
2329        init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO,
2330                           MKDEV(MEM_MAJOR, 3));
2331        d_instantiate(dentry, inode);
2332        aa_null.dentry = dget(dentry);
2333        aa_null.mnt = mntget(mount);
2334
2335        error = 0;
2336
2337out1:
2338        dput(dentry);
2339out:
2340        inode_unlock(d_inode(parent));
2341        simple_release_fs(&mount, &count);
2342        return error;
2343}
2344
2345
2346
2347static const char *policy_get_link(struct dentry *dentry,
2348                                   struct inode *inode,
2349                                   struct delayed_call *done)
2350{
2351        struct aa_ns *ns;
2352        struct path path;
2353
2354        if (!dentry)
2355                return ERR_PTR(-ECHILD);
2356        ns = aa_get_current_ns();
2357        path.mnt = mntget(aafs_mnt);
2358        path.dentry = dget(ns_dir(ns));
2359        nd_jump_link(&path);
2360        aa_put_ns(ns);
2361
2362        return NULL;
2363}
2364
2365static int ns_get_name(char *buf, size_t size, struct aa_ns *ns,
2366                       struct inode *inode)
2367{
2368        int res = snprintf(buf, size, "%s:[%lu]", AAFS_NAME, inode->i_ino);
2369
2370        if (res < 0 || res >= size)
2371                res = -ENOENT;
2372
2373        return res;
2374}
2375
2376static int policy_readlink(struct dentry *dentry, char __user *buffer,
2377                           int buflen)
2378{
2379        struct aa_ns *ns;
2380        char name[32];
2381        int res;
2382
2383        ns = aa_get_current_ns();
2384        res = ns_get_name(name, sizeof(name), ns, d_inode(dentry));
2385        if (res >= 0)
2386                res = readlink_copy(buffer, buflen, name);
2387        aa_put_ns(ns);
2388
2389        return res;
2390}
2391
2392static const struct inode_operations policy_link_iops = {
2393        .readlink       = policy_readlink,
2394        .get_link       = policy_get_link,
2395};
2396
2397
2398/**
2399 * aa_create_aafs - create the apparmor security filesystem
2400 *
2401 * dentries created here are released by aa_destroy_aafs
2402 *
2403 * Returns: error on failure
2404 */
2405static int __init aa_create_aafs(void)
2406{
2407        struct dentry *dent;
2408        int error;
2409
2410        if (!apparmor_initialized)
2411                return 0;
2412
2413        if (aa_sfs_entry.dentry) {
2414                AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
2415                return -EEXIST;
2416        }
2417
2418        /* setup apparmorfs used to virtualize policy/ */
2419        aafs_mnt = kern_mount(&aafs_ops);
2420        if (IS_ERR(aafs_mnt))
2421                panic("can't set apparmorfs up\n");
2422        aafs_mnt->mnt_sb->s_flags &= ~MS_NOUSER;
2423
2424        /* Populate fs tree. */
2425        error = entry_create_dir(&aa_sfs_entry, NULL);
2426        if (error)
2427                goto error;
2428
2429        dent = securityfs_create_file(".load", 0666, aa_sfs_entry.dentry,
2430                                      NULL, &aa_fs_profile_load);
2431        if (IS_ERR(dent)) {
2432                error = PTR_ERR(dent);
2433                goto error;
2434        }
2435        ns_subload(root_ns) = dent;
2436
2437        dent = securityfs_create_file(".replace", 0666, aa_sfs_entry.dentry,
2438                                      NULL, &aa_fs_profile_replace);
2439        if (IS_ERR(dent)) {
2440                error = PTR_ERR(dent);
2441                goto error;
2442        }
2443        ns_subreplace(root_ns) = dent;
2444
2445        dent = securityfs_create_file(".remove", 0666, aa_sfs_entry.dentry,
2446                                      NULL, &aa_fs_profile_remove);
2447        if (IS_ERR(dent)) {
2448                error = PTR_ERR(dent);
2449                goto error;
2450        }
2451        ns_subremove(root_ns) = dent;
2452
2453        dent = securityfs_create_file("revision", 0444, aa_sfs_entry.dentry,
2454                                      NULL, &aa_fs_ns_revision_fops);
2455        if (IS_ERR(dent)) {
2456                error = PTR_ERR(dent);
2457                goto error;
2458        }
2459        ns_subrevision(root_ns) = dent;
2460
2461        /* policy tree referenced by magic policy symlink */
2462        mutex_lock(&root_ns->lock);
2463        error = __aafs_ns_mkdir(root_ns, aafs_mnt->mnt_root, ".policy",
2464                                aafs_mnt->mnt_root);
2465        mutex_unlock(&root_ns->lock);
2466        if (error)
2467                goto error;
2468
2469        /* magic symlink similar to nsfs redirects based on task policy */
2470        dent = securityfs_create_symlink("policy", aa_sfs_entry.dentry,
2471                                         NULL, &policy_link_iops);
2472        if (IS_ERR(dent)) {
2473                error = PTR_ERR(dent);
2474                goto error;
2475        }
2476
2477        error = aa_mk_null_file(aa_sfs_entry.dentry);
2478        if (error)
2479                goto error;
2480
2481        /* TODO: add default profile to apparmorfs */
2482
2483        /* Report that AppArmor fs is enabled */
2484        aa_info_message("AppArmor Filesystem Enabled");
2485        return 0;
2486
2487error:
2488        aa_destroy_aafs();
2489        AA_ERROR("Error creating AppArmor securityfs\n");
2490        return error;
2491}
2492
2493fs_initcall(aa_create_aafs);
2494
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.