1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * AppArmor security module
4 *
5 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
6 *
7 * Copyright (C) 1998-2008 Novell/SUSE
8 * Copyright 2009-2010 Canonical Ltd.
9 */
10
11 #include <linux/ctype.h>
12 #include <linux/security.h>
13 #include <linux/vmalloc.h>
14 #include <linux/init.h>
15 #include <linux/seq_file.h>
16 #include <linux/uaccess.h>
17 #include <linux/mount.h>
18 #include <linux/namei.h>
19 #include <linux/capability.h>
20 #include <linux/rcupdate.h>
21 #include <linux/fs.h>
22 #include <linux/fs_context.h>
23 #include <linux/poll.h>
24 #include <linux/zstd.h>
25 #include <uapi/linux/major.h>
26 #include <uapi/linux/magic.h>
27
28 #include "include/apparmor.h"
29 #include "include/apparmorfs.h"
30 #include "include/audit.h"
31 #include "include/cred.h"
32 #include "include/crypto.h"
33 #include "include/ipc.h"
34 #include "include/label.h"
35 #include "include/policy.h"
36 #include "include/policy_ns.h"
37 #include "include/resource.h"
38 #include "include/policy_unpack.h"
39 #include "include/task.h"
40
41 /*
42 * The apparmor filesystem interface used for policy load and introspection
43 * The interface is split into two main components based on their function
44 * a securityfs component:
45 * used for static files that are always available, and which allows
46 * userspace to specify the location of the security filesystem.
47 *
48 * fns and data are prefixed with
49 * aa_sfs_
50 *
51 * an apparmorfs component:
52 * used loaded policy content and introspection. It is not part of a
53 * regular mounted filesystem and is available only through the magic
54 * policy symlink in the root of the securityfs apparmor/ directory.
55 * Tasks queries will be magically redirected to the correct portion
56 * of the policy tree based on their confinement.
57 *
58 * fns and data are prefixed with
59 * aafs_
60 *
61 * The aa_fs_ prefix is used to indicate the fn is used by both the
62 * securityfs and apparmorfs filesystems.
63 */
64
65
66 /*
67 * support fns
68 */
69
70 struct rawdata_f_data {
71 struct aa_loaddata *loaddata;
72 };
73
74 #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
75 #define RAWDATA_F_DATA_BUF(p) (char *)(p + 1)
76
rawdata_f_data_free(struct rawdata_f_data * private)77 static void rawdata_f_data_free(struct rawdata_f_data *private)
78 {
79 if (!private)
80 return;
81
82 aa_put_loaddata(private->loaddata);
83 kvfree(private);
84 }
85
rawdata_f_data_alloc(size_t size)86 static struct rawdata_f_data *rawdata_f_data_alloc(size_t size)
87 {
88 struct rawdata_f_data *ret;
89
90 if (size > SIZE_MAX - sizeof(*ret))
91 return ERR_PTR(-EINVAL);
92
93 ret = kvzalloc(sizeof(*ret) + size, GFP_KERNEL);
94 if (!ret)
95 return ERR_PTR(-ENOMEM);
96
97 return ret;
98 }
99 #endif
100
101 /**
102 * mangle_name - mangle a profile name to std profile layout form
103 * @name: profile name to mangle (NOT NULL)
104 * @target: buffer to store mangled name, same length as @name (MAYBE NULL)
105 *
106 * Returns: length of mangled name
107 */
mangle_name(const char * name,char * target)108 static int mangle_name(const char *name, char *target)
109 {
110 char *t = target;
111
112 while (*name == '/' || *name == '.')
113 name++;
114
115 if (target) {
116 for (; *name; name++) {
117 if (*name == '/')
118 *(t)++ = '.';
119 else if (isspace(*name))
120 *(t)++ = '_';
121 else if (isalnum(*name) || strchr("._-", *name))
122 *(t)++ = *name;
123 }
124
125 *t = 0;
126 } else {
127 int len = 0;
128 for (; *name; name++) {
129 if (isalnum(*name) || isspace(*name) ||
130 strchr("/._-", *name))
131 len++;
132 }
133
134 return len;
135 }
136
137 return t - target;
138 }
139
140
141 /*
142 * aafs - core fns and data for the policy tree
143 */
144
145 #define AAFS_NAME "apparmorfs"
146 static struct vfsmount *aafs_mnt;
147 static int aafs_count;
148
149
aafs_show_path(struct seq_file * seq,struct dentry * dentry)150 static int aafs_show_path(struct seq_file *seq, struct dentry *dentry)
151 {
152 seq_printf(seq, "%s:[%lu]", AAFS_NAME, d_inode(dentry)->i_ino);
153 return 0;
154 }
155
aafs_free_inode(struct inode * inode)156 static void aafs_free_inode(struct inode *inode)
157 {
158 if (S_ISLNK(inode->i_mode))
159 kfree(inode->i_link);
160 free_inode_nonrcu(inode);
161 }
162
163 static const struct super_operations aafs_super_ops = {
164 .statfs = simple_statfs,
165 .free_inode = aafs_free_inode,
166 .show_path = aafs_show_path,
167 };
168
apparmorfs_fill_super(struct super_block * sb,struct fs_context * fc)169 static int apparmorfs_fill_super(struct super_block *sb, struct fs_context *fc)
170 {
171 static struct tree_descr files[] = { {""} };
172 int error;
173
174 error = simple_fill_super(sb, AAFS_MAGIC, files);
175 if (error)
176 return error;
177 sb->s_op = &aafs_super_ops;
178
179 return 0;
180 }
181
apparmorfs_get_tree(struct fs_context * fc)182 static int apparmorfs_get_tree(struct fs_context *fc)
183 {
184 return get_tree_single(fc, apparmorfs_fill_super);
185 }
186
187 static const struct fs_context_operations apparmorfs_context_ops = {
188 .get_tree = apparmorfs_get_tree,
189 };
190
apparmorfs_init_fs_context(struct fs_context * fc)191 static int apparmorfs_init_fs_context(struct fs_context *fc)
192 {
193 fc->ops = &apparmorfs_context_ops;
194 return 0;
195 }
196
197 static struct file_system_type aafs_ops = {
198 .owner = THIS_MODULE,
199 .name = AAFS_NAME,
200 .init_fs_context = apparmorfs_init_fs_context,
201 .kill_sb = kill_anon_super,
202 };
203
204 /**
205 * __aafs_setup_d_inode - basic inode setup for apparmorfs
206 * @dir: parent directory for the dentry
207 * @dentry: dentry we are setting the inode up for
208 * @mode: permissions the file should have
209 * @data: data to store on inode.i_private, available in open()
210 * @link: if symlink, symlink target string
211 * @fops: struct file_operations that should be used
212 * @iops: struct of inode_operations that should be used
213 */
__aafs_setup_d_inode(struct inode * dir,struct dentry * dentry,umode_t mode,void * data,char * link,const struct file_operations * fops,const struct inode_operations * iops)214 static int __aafs_setup_d_inode(struct inode *dir, struct dentry *dentry,
215 umode_t mode, void *data, char *link,
216 const struct file_operations *fops,
217 const struct inode_operations *iops)
218 {
219 struct inode *inode = new_inode(dir->i_sb);
220
221 AA_BUG(!dir);
222 AA_BUG(!dentry);
223
224 if (!inode)
225 return -ENOMEM;
226
227 inode->i_ino = get_next_ino();
228 inode->i_mode = mode;
229 simple_inode_init_ts(inode);
230 inode->i_private = data;
231 if (S_ISDIR(mode)) {
232 inode->i_op = iops ? iops : &simple_dir_inode_operations;
233 inode->i_fop = &simple_dir_operations;
234 inc_nlink(inode);
235 inc_nlink(dir);
236 } else if (S_ISLNK(mode)) {
237 inode->i_op = iops ? iops : &simple_symlink_inode_operations;
238 inode->i_link = link;
239 } else {
240 inode->i_fop = fops;
241 }
242 d_instantiate(dentry, inode);
243 dget(dentry);
244
245 return 0;
246 }
247
248 /**
249 * aafs_create - create a dentry in the apparmorfs filesystem
250 *
251 * @name: name of dentry to create
252 * @mode: permissions the file should have
253 * @parent: parent directory for this dentry
254 * @data: data to store on inode.i_private, available in open()
255 * @link: if symlink, symlink target string
256 * @fops: struct file_operations that should be used for
257 * @iops: struct of inode_operations that should be used
258 *
259 * This is the basic "create a xxx" function for apparmorfs.
260 *
261 * Returns a pointer to a dentry if it succeeds, that must be free with
262 * aafs_remove(). Will return ERR_PTR on failure.
263 */
aafs_create(const char * name,umode_t mode,struct dentry * parent,void * data,void * link,const struct file_operations * fops,const struct inode_operations * iops)264 static struct dentry *aafs_create(const char *name, umode_t mode,
265 struct dentry *parent, void *data, void *link,
266 const struct file_operations *fops,
267 const struct inode_operations *iops)
268 {
269 struct dentry *dentry;
270 struct inode *dir;
271 int error;
272
273 AA_BUG(!name);
274 AA_BUG(!parent);
275
276 if (!(mode & S_IFMT))
277 mode = (mode & S_IALLUGO) | S_IFREG;
278
279 error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
280 if (error)
281 return ERR_PTR(error);
282
283 dir = d_inode(parent);
284
285 inode_lock(dir);
286 dentry = lookup_noperm(&QSTR(name), parent);
287 if (IS_ERR(dentry)) {
288 error = PTR_ERR(dentry);
289 goto fail_lock;
290 }
291
292 if (d_really_is_positive(dentry)) {
293 error = -EEXIST;
294 goto fail_dentry;
295 }
296
297 error = __aafs_setup_d_inode(dir, dentry, mode, data, link, fops, iops);
298 if (error)
299 goto fail_dentry;
300 inode_unlock(dir);
301
302 return dentry;
303
304 fail_dentry:
305 dput(dentry);
306
307 fail_lock:
308 inode_unlock(dir);
309 simple_release_fs(&aafs_mnt, &aafs_count);
310
311 return ERR_PTR(error);
312 }
313
314 /**
315 * aafs_create_file - create a file in the apparmorfs filesystem
316 *
317 * @name: name of dentry to create
318 * @mode: permissions the file should have
319 * @parent: parent directory for this dentry
320 * @data: data to store on inode.i_private, available in open()
321 * @fops: struct file_operations that should be used for
322 *
323 * see aafs_create
324 */
aafs_create_file(const char * name,umode_t mode,struct dentry * parent,void * data,const struct file_operations * fops)325 static struct dentry *aafs_create_file(const char *name, umode_t mode,
326 struct dentry *parent, void *data,
327 const struct file_operations *fops)
328 {
329 return aafs_create(name, mode, parent, data, NULL, fops, NULL);
330 }
331
332 /**
333 * aafs_create_dir - create a directory in the apparmorfs filesystem
334 *
335 * @name: name of dentry to create
336 * @parent: parent directory for this dentry
337 *
338 * see aafs_create
339 */
aafs_create_dir(const char * name,struct dentry * parent)340 static struct dentry *aafs_create_dir(const char *name, struct dentry *parent)
341 {
342 return aafs_create(name, S_IFDIR | 0755, parent, NULL, NULL, NULL,
343 NULL);
344 }
345
346 /**
347 * aafs_remove - removes a file or directory from the apparmorfs filesystem
348 *
349 * @dentry: dentry of the file/directory/symlink to removed.
350 */
aafs_remove(struct dentry * dentry)351 static void aafs_remove(struct dentry *dentry)
352 {
353 struct inode *dir;
354
355 if (!dentry || IS_ERR(dentry))
356 return;
357
358 dir = d_inode(dentry->d_parent);
359 inode_lock(dir);
360 if (simple_positive(dentry)) {
361 if (d_is_dir(dentry))
362 simple_rmdir(dir, dentry);
363 else
364 simple_unlink(dir, dentry);
365 d_delete(dentry);
366 dput(dentry);
367 }
368 inode_unlock(dir);
369 simple_release_fs(&aafs_mnt, &aafs_count);
370 }
371
372
373 /*
374 * aa_fs - policy load/replace/remove
375 */
376
377 /**
378 * aa_simple_write_to_buffer - common routine for getting policy from user
379 * @userbuf: user buffer to copy data from (NOT NULL)
380 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
381 * @copy_size: size of data to copy from user buffer
382 * @pos: position write is at in the file (NOT NULL)
383 *
384 * Returns: kernel buffer containing copy of user buffer data or an
385 * ERR_PTR on failure.
386 */
aa_simple_write_to_buffer(const char __user * userbuf,size_t alloc_size,size_t copy_size,loff_t * pos)387 static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf,
388 size_t alloc_size,
389 size_t copy_size,
390 loff_t *pos)
391 {
392 struct aa_loaddata *data;
393
394 AA_BUG(copy_size > alloc_size);
395
396 if (*pos != 0)
397 /* only writes from pos 0, that is complete writes */
398 return ERR_PTR(-ESPIPE);
399
400 /* freed by caller to simple_write_to_buffer */
401 data = aa_loaddata_alloc(alloc_size);
402 if (IS_ERR(data))
403 return data;
404
405 data->size = copy_size;
406 if (copy_from_user(data->data, userbuf, copy_size)) {
407 aa_put_loaddata(data);
408 return ERR_PTR(-EFAULT);
409 }
410
411 return data;
412 }
413
policy_update(u32 mask,const char __user * buf,size_t size,loff_t * pos,struct aa_ns * ns)414 static ssize_t policy_update(u32 mask, const char __user *buf, size_t size,
415 loff_t *pos, struct aa_ns *ns)
416 {
417 struct aa_loaddata *data;
418 struct aa_label *label;
419 ssize_t error;
420
421 label = begin_current_label_crit_section();
422
423 /* high level check about policy management - fine grained in
424 * below after unpack
425 */
426 error = aa_may_manage_policy(current_cred(), label, ns, mask);
427 if (error)
428 goto end_section;
429
430 data = aa_simple_write_to_buffer(buf, size, size, pos);
431 error = PTR_ERR(data);
432 if (!IS_ERR(data)) {
433 error = aa_replace_profiles(ns, label, mask, data);
434 aa_put_loaddata(data);
435 }
436 end_section:
437 end_current_label_crit_section(label);
438
439 return error;
440 }
441
442 /* .load file hook fn to load policy */
profile_load(struct file * f,const char __user * buf,size_t size,loff_t * pos)443 static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
444 loff_t *pos)
445 {
446 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
447 int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns);
448
449 aa_put_ns(ns);
450
451 return error;
452 }
453
454 static const struct file_operations aa_fs_profile_load = {
455 .write = profile_load,
456 .llseek = default_llseek,
457 };
458
459 /* .replace file hook fn to load and/or replace policy */
profile_replace(struct file * f,const char __user * buf,size_t size,loff_t * pos)460 static ssize_t profile_replace(struct file *f, const char __user *buf,
461 size_t size, loff_t *pos)
462 {
463 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
464 int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY,
465 buf, size, pos, ns);
466 aa_put_ns(ns);
467
468 return error;
469 }
470
471 static const struct file_operations aa_fs_profile_replace = {
472 .write = profile_replace,
473 .llseek = default_llseek,
474 };
475
476 /* .remove file hook fn to remove loaded policy */
profile_remove(struct file * f,const char __user * buf,size_t size,loff_t * pos)477 static ssize_t profile_remove(struct file *f, const char __user *buf,
478 size_t size, loff_t *pos)
479 {
480 struct aa_loaddata *data;
481 struct aa_label *label;
482 ssize_t error;
483 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
484
485 label = begin_current_label_crit_section();
486 /* high level check about policy management - fine grained in
487 * below after unpack
488 */
489 error = aa_may_manage_policy(current_cred(), label, ns,
490 AA_MAY_REMOVE_POLICY);
491 if (error)
492 goto out;
493
494 /*
495 * aa_remove_profile needs a null terminated string so 1 extra
496 * byte is allocated and the copied data is null terminated.
497 */
498 data = aa_simple_write_to_buffer(buf, size + 1, size, pos);
499
500 error = PTR_ERR(data);
501 if (!IS_ERR(data)) {
502 data->data[size] = 0;
503 error = aa_remove_profiles(ns, label, data->data, size);
504 aa_put_loaddata(data);
505 }
506 out:
507 end_current_label_crit_section(label);
508 aa_put_ns(ns);
509 return error;
510 }
511
512 static const struct file_operations aa_fs_profile_remove = {
513 .write = profile_remove,
514 .llseek = default_llseek,
515 };
516
517 struct aa_revision {
518 struct aa_ns *ns;
519 long last_read;
520 };
521
522 /* revision file hook fn for policy loads */
ns_revision_release(struct inode * inode,struct file * file)523 static int ns_revision_release(struct inode *inode, struct file *file)
524 {
525 struct aa_revision *rev = file->private_data;
526
527 if (rev) {
528 aa_put_ns(rev->ns);
529 kfree(rev);
530 }
531
532 return 0;
533 }
534
ns_revision_read(struct file * file,char __user * buf,size_t size,loff_t * ppos)535 static ssize_t ns_revision_read(struct file *file, char __user *buf,
536 size_t size, loff_t *ppos)
537 {
538 struct aa_revision *rev = file->private_data;
539 char buffer[32];
540 long last_read;
541 int avail;
542
543 mutex_lock_nested(&rev->ns->lock, rev->ns->level);
544 last_read = rev->last_read;
545 if (last_read == rev->ns->revision) {
546 mutex_unlock(&rev->ns->lock);
547 if (file->f_flags & O_NONBLOCK)
548 return -EAGAIN;
549 if (wait_event_interruptible(rev->ns->wait,
550 last_read !=
551 READ_ONCE(rev->ns->revision)))
552 return -ERESTARTSYS;
553 mutex_lock_nested(&rev->ns->lock, rev->ns->level);
554 }
555
556 avail = sprintf(buffer, "%ld\n", rev->ns->revision);
557 if (*ppos + size > avail) {
558 rev->last_read = rev->ns->revision;
559 *ppos = 0;
560 }
561 mutex_unlock(&rev->ns->lock);
562
563 return simple_read_from_buffer(buf, size, ppos, buffer, avail);
564 }
565
ns_revision_open(struct inode * inode,struct file * file)566 static int ns_revision_open(struct inode *inode, struct file *file)
567 {
568 struct aa_revision *rev = kzalloc(sizeof(*rev), GFP_KERNEL);
569
570 if (!rev)
571 return -ENOMEM;
572
573 rev->ns = aa_get_ns(inode->i_private);
574 if (!rev->ns)
575 rev->ns = aa_get_current_ns();
576 file->private_data = rev;
577
578 return 0;
579 }
580
ns_revision_poll(struct file * file,poll_table * pt)581 static __poll_t ns_revision_poll(struct file *file, poll_table *pt)
582 {
583 struct aa_revision *rev = file->private_data;
584 __poll_t mask = 0;
585
586 if (rev) {
587 mutex_lock_nested(&rev->ns->lock, rev->ns->level);
588 poll_wait(file, &rev->ns->wait, pt);
589 if (rev->last_read < rev->ns->revision)
590 mask |= EPOLLIN | EPOLLRDNORM;
591 mutex_unlock(&rev->ns->lock);
592 }
593
594 return mask;
595 }
596
__aa_bump_ns_revision(struct aa_ns * ns)597 void __aa_bump_ns_revision(struct aa_ns *ns)
598 {
599 WRITE_ONCE(ns->revision, READ_ONCE(ns->revision) + 1);
600 wake_up_interruptible(&ns->wait);
601 }
602
603 static const struct file_operations aa_fs_ns_revision_fops = {
604 .owner = THIS_MODULE,
605 .open = ns_revision_open,
606 .poll = ns_revision_poll,
607 .read = ns_revision_read,
608 .llseek = generic_file_llseek,
609 .release = ns_revision_release,
610 };
611
profile_query_cb(struct aa_profile * profile,struct aa_perms * perms,const char * match_str,size_t match_len)612 static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms,
613 const char *match_str, size_t match_len)
614 {
615 struct aa_ruleset *rules = profile->label.rules[0];
616 struct aa_perms tmp = { };
617 aa_state_t state = DFA_NOMATCH;
618
619 if (profile_unconfined(profile))
620 return;
621 if (rules->file->dfa && *match_str == AA_CLASS_FILE) {
622 state = aa_dfa_match_len(rules->file->dfa,
623 rules->file->start[AA_CLASS_FILE],
624 match_str + 1, match_len - 1);
625 if (state) {
626 struct path_cond cond = { };
627
628 tmp = *(aa_lookup_condperms(current_fsuid(),
629 rules->file, state, &cond));
630 }
631 } else if (rules->policy->dfa) {
632 if (!RULE_MEDIATES(rules, *match_str))
633 return; /* no change to current perms */
634 /* old user space does not correctly detect dbus mediation
635 * support so we may get dbus policy and requests when
636 * the abi doesn't support it. This can cause mediation
637 * regressions, so explicitly test for this situation.
638 */
639 if (*match_str == AA_CLASS_DBUS &&
640 !RULE_MEDIATES_v9NET(rules))
641 return; /* no change to current perms */
642 state = aa_dfa_match_len(rules->policy->dfa,
643 rules->policy->start[0],
644 match_str, match_len);
645 if (state)
646 tmp = *aa_lookup_perms(rules->policy, state);
647 }
648 aa_apply_modes_to_perms(profile, &tmp);
649 aa_perms_accum_raw(perms, &tmp);
650 }
651
652
653 /**
654 * query_data - queries a policy and writes its data to buf
655 * @buf: the resulting data is stored here (NOT NULL)
656 * @buf_len: size of buf
657 * @query: query string used to retrieve data
658 * @query_len: size of query including second NUL byte
659 *
660 * The buffers pointed to by buf and query may overlap. The query buffer is
661 * parsed before buf is written to.
662 *
663 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of
664 * the security confinement context and <KEY> is the name of the data to
665 * retrieve. <LABEL> and <KEY> must not be NUL-terminated.
666 *
667 * Don't expect the contents of buf to be preserved on failure.
668 *
669 * Returns: number of characters written to buf or -errno on failure
670 */
query_data(char * buf,size_t buf_len,char * query,size_t query_len)671 static ssize_t query_data(char *buf, size_t buf_len,
672 char *query, size_t query_len)
673 {
674 char *out;
675 const char *key;
676 struct label_it i;
677 struct aa_label *label, *curr;
678 struct aa_profile *profile;
679 struct aa_data *data;
680 u32 bytes, blocks;
681 __le32 outle32;
682
683 if (!query_len)
684 return -EINVAL; /* need a query */
685
686 key = query + strnlen(query, query_len) + 1;
687 if (key + 1 >= query + query_len)
688 return -EINVAL; /* not enough space for a non-empty key */
689 if (key + strnlen(key, query + query_len - key) >= query + query_len)
690 return -EINVAL; /* must end with NUL */
691
692 if (buf_len < sizeof(bytes) + sizeof(blocks))
693 return -EINVAL; /* not enough space */
694
695 curr = begin_current_label_crit_section();
696 label = aa_label_parse(curr, query, GFP_KERNEL, false, false);
697 end_current_label_crit_section(curr);
698 if (IS_ERR(label))
699 return PTR_ERR(label);
700
701 /* We are going to leave space for two numbers. The first is the total
702 * number of bytes we are writing after the first number. This is so
703 * users can read the full output without reallocation.
704 *
705 * The second number is the number of data blocks we're writing. An
706 * application might be confined by multiple policies having data in
707 * the same key.
708 */
709 memset(buf, 0, sizeof(bytes) + sizeof(blocks));
710 out = buf + sizeof(bytes) + sizeof(blocks);
711
712 blocks = 0;
713 label_for_each_confined(i, label, profile) {
714 if (!profile->data)
715 continue;
716
717 data = rhashtable_lookup_fast(profile->data, &key,
718 profile->data->p);
719
720 if (data) {
721 if (out + sizeof(outle32) + data->size > buf +
722 buf_len) {
723 aa_put_label(label);
724 return -EINVAL; /* not enough space */
725 }
726 outle32 = __cpu_to_le32(data->size);
727 memcpy(out, &outle32, sizeof(outle32));
728 out += sizeof(outle32);
729 memcpy(out, data->data, data->size);
730 out += data->size;
731 blocks++;
732 }
733 }
734 aa_put_label(label);
735
736 outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
737 memcpy(buf, &outle32, sizeof(outle32));
738 outle32 = __cpu_to_le32(blocks);
739 memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
740
741 return out - buf;
742 }
743
744 /**
745 * query_label - queries a label and writes permissions to buf
746 * @buf: the resulting permissions string is stored here (NOT NULL)
747 * @buf_len: size of buf
748 * @query: binary query string to match against the dfa
749 * @query_len: size of query
750 * @view_only: only compute for querier's view
751 *
752 * The buffers pointed to by buf and query may overlap. The query buffer is
753 * parsed before buf is written to.
754 *
755 * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is
756 * the name of the label, in the current namespace, that is to be queried and
757 * DFA_STRING is a binary string to match against the label(s)'s DFA.
758 *
759 * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters
760 * but must *not* be NUL terminated.
761 *
762 * Returns: number of characters written to buf or -errno on failure
763 */
query_label(char * buf,size_t buf_len,char * query,size_t query_len,bool view_only)764 static ssize_t query_label(char *buf, size_t buf_len,
765 char *query, size_t query_len, bool view_only)
766 {
767 struct aa_profile *profile;
768 struct aa_label *label, *curr;
769 char *label_name, *match_str;
770 size_t label_name_len, match_len;
771 struct aa_perms perms;
772 struct label_it i;
773
774 if (!query_len)
775 return -EINVAL;
776
777 label_name = query;
778 label_name_len = strnlen(query, query_len);
779 if (!label_name_len || label_name_len == query_len)
780 return -EINVAL;
781
782 /**
783 * The extra byte is to account for the null byte between the
784 * profile name and dfa string. profile_name_len is greater
785 * than zero and less than query_len, so a byte can be safely
786 * added or subtracted.
787 */
788 match_str = label_name + label_name_len + 1;
789 match_len = query_len - label_name_len - 1;
790
791 curr = begin_current_label_crit_section();
792 label = aa_label_parse(curr, label_name, GFP_KERNEL, false, false);
793 end_current_label_crit_section(curr);
794 if (IS_ERR(label))
795 return PTR_ERR(label);
796
797 perms = allperms;
798 if (view_only) {
799 label_for_each_in_ns(i, labels_ns(label), label, profile) {
800 profile_query_cb(profile, &perms, match_str, match_len);
801 }
802 } else {
803 label_for_each(i, label, profile) {
804 profile_query_cb(profile, &perms, match_str, match_len);
805 }
806 }
807 aa_put_label(label);
808
809 return scnprintf(buf, buf_len,
810 "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n",
811 perms.allow, perms.deny, perms.audit, perms.quiet);
812 }
813
814 /*
815 * Transaction based IO.
816 * The file expects a write which triggers the transaction, and then
817 * possibly a read(s) which collects the result - which is stored in a
818 * file-local buffer. Once a new write is performed, a new set of results
819 * are stored in the file-local buffer.
820 */
821 struct multi_transaction {
822 struct kref count;
823 ssize_t size;
824 char data[];
825 };
826
827 #define MULTI_TRANSACTION_LIMIT (PAGE_SIZE - sizeof(struct multi_transaction))
828
multi_transaction_kref(struct kref * kref)829 static void multi_transaction_kref(struct kref *kref)
830 {
831 struct multi_transaction *t;
832
833 t = container_of(kref, struct multi_transaction, count);
834 free_page((unsigned long) t);
835 }
836
837 static struct multi_transaction *
get_multi_transaction(struct multi_transaction * t)838 get_multi_transaction(struct multi_transaction *t)
839 {
840 if (t)
841 kref_get(&(t->count));
842
843 return t;
844 }
845
put_multi_transaction(struct multi_transaction * t)846 static void put_multi_transaction(struct multi_transaction *t)
847 {
848 if (t)
849 kref_put(&(t->count), multi_transaction_kref);
850 }
851
852 /* does not increment @new's count */
multi_transaction_set(struct file * file,struct multi_transaction * new,size_t n)853 static void multi_transaction_set(struct file *file,
854 struct multi_transaction *new, size_t n)
855 {
856 struct multi_transaction *old;
857
858 AA_BUG(n > MULTI_TRANSACTION_LIMIT);
859
860 new->size = n;
861 spin_lock(&file->f_lock);
862 old = (struct multi_transaction *) file->private_data;
863 file->private_data = new;
864 spin_unlock(&file->f_lock);
865 put_multi_transaction(old);
866 }
867
multi_transaction_new(struct file * file,const char __user * buf,size_t size)868 static struct multi_transaction *multi_transaction_new(struct file *file,
869 const char __user *buf,
870 size_t size)
871 {
872 struct multi_transaction *t;
873
874 if (size > MULTI_TRANSACTION_LIMIT - 1)
875 return ERR_PTR(-EFBIG);
876
877 t = (struct multi_transaction *)get_zeroed_page(GFP_KERNEL);
878 if (!t)
879 return ERR_PTR(-ENOMEM);
880 kref_init(&t->count);
881 if (copy_from_user(t->data, buf, size)) {
882 put_multi_transaction(t);
883 return ERR_PTR(-EFAULT);
884 }
885
886 return t;
887 }
888
multi_transaction_read(struct file * file,char __user * buf,size_t size,loff_t * pos)889 static ssize_t multi_transaction_read(struct file *file, char __user *buf,
890 size_t size, loff_t *pos)
891 {
892 struct multi_transaction *t;
893 ssize_t ret;
894
895 spin_lock(&file->f_lock);
896 t = get_multi_transaction(file->private_data);
897 spin_unlock(&file->f_lock);
898
899 if (!t)
900 return 0;
901
902 ret = simple_read_from_buffer(buf, size, pos, t->data, t->size);
903 put_multi_transaction(t);
904
905 return ret;
906 }
907
multi_transaction_release(struct inode * inode,struct file * file)908 static int multi_transaction_release(struct inode *inode, struct file *file)
909 {
910 put_multi_transaction(file->private_data);
911
912 return 0;
913 }
914
915 #define QUERY_CMD_LABEL "label\0"
916 #define QUERY_CMD_LABEL_LEN 6
917 #define QUERY_CMD_PROFILE "profile\0"
918 #define QUERY_CMD_PROFILE_LEN 8
919 #define QUERY_CMD_LABELALL "labelall\0"
920 #define QUERY_CMD_LABELALL_LEN 9
921 #define QUERY_CMD_DATA "data\0"
922 #define QUERY_CMD_DATA_LEN 5
923
924 /**
925 * aa_write_access - generic permissions and data query
926 * @file: pointer to open apparmorfs/access file
927 * @ubuf: user buffer containing the complete query string (NOT NULL)
928 * @count: size of ubuf
929 * @ppos: position in the file (MUST BE ZERO)
930 *
931 * Allows for one permissions or data query per open(), write(), and read()
932 * sequence. The only queries currently supported are label-based queries for
933 * permissions or data.
934 *
935 * For permissions queries, ubuf must begin with "label\0", followed by the
936 * profile query specific format described in the query_label() function
937 * documentation.
938 *
939 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where
940 * <LABEL> is the name of the security confinement context and <KEY> is the
941 * name of the data to retrieve.
942 *
943 * Returns: number of bytes written or -errno on failure
944 */
aa_write_access(struct file * file,const char __user * ubuf,size_t count,loff_t * ppos)945 static ssize_t aa_write_access(struct file *file, const char __user *ubuf,
946 size_t count, loff_t *ppos)
947 {
948 struct multi_transaction *t;
949 ssize_t len;
950
951 if (*ppos)
952 return -ESPIPE;
953
954 t = multi_transaction_new(file, ubuf, count);
955 if (IS_ERR(t))
956 return PTR_ERR(t);
957
958 if (count > QUERY_CMD_PROFILE_LEN &&
959 !memcmp(t->data, QUERY_CMD_PROFILE, QUERY_CMD_PROFILE_LEN)) {
960 len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
961 t->data + QUERY_CMD_PROFILE_LEN,
962 count - QUERY_CMD_PROFILE_LEN, true);
963 } else if (count > QUERY_CMD_LABEL_LEN &&
964 !memcmp(t->data, QUERY_CMD_LABEL, QUERY_CMD_LABEL_LEN)) {
965 len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
966 t->data + QUERY_CMD_LABEL_LEN,
967 count - QUERY_CMD_LABEL_LEN, true);
968 } else if (count > QUERY_CMD_LABELALL_LEN &&
969 !memcmp(t->data, QUERY_CMD_LABELALL,
970 QUERY_CMD_LABELALL_LEN)) {
971 len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
972 t->data + QUERY_CMD_LABELALL_LEN,
973 count - QUERY_CMD_LABELALL_LEN, false);
974 } else if (count > QUERY_CMD_DATA_LEN &&
975 !memcmp(t->data, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) {
976 len = query_data(t->data, MULTI_TRANSACTION_LIMIT,
977 t->data + QUERY_CMD_DATA_LEN,
978 count - QUERY_CMD_DATA_LEN);
979 } else
980 len = -EINVAL;
981
982 if (len < 0) {
983 put_multi_transaction(t);
984 return len;
985 }
986
987 multi_transaction_set(file, t, len);
988
989 return count;
990 }
991
992 static const struct file_operations aa_sfs_access = {
993 .write = aa_write_access,
994 .read = multi_transaction_read,
995 .release = multi_transaction_release,
996 .llseek = generic_file_llseek,
997 };
998
aa_sfs_seq_show(struct seq_file * seq,void * v)999 static int aa_sfs_seq_show(struct seq_file *seq, void *v)
1000 {
1001 struct aa_sfs_entry *fs_file = seq->private;
1002
1003 if (!fs_file)
1004 return 0;
1005
1006 switch (fs_file->v_type) {
1007 case AA_SFS_TYPE_BOOLEAN:
1008 seq_printf(seq, "%s\n", str_yes_no(fs_file->v.boolean));
1009 break;
1010 case AA_SFS_TYPE_STRING:
1011 seq_printf(seq, "%s\n", fs_file->v.string);
1012 break;
1013 case AA_SFS_TYPE_U64:
1014 seq_printf(seq, "%#08lx\n", fs_file->v.u64);
1015 break;
1016 default:
1017 /* Ignore unprintable entry types. */
1018 break;
1019 }
1020
1021 return 0;
1022 }
1023
aa_sfs_seq_open(struct inode * inode,struct file * file)1024 static int aa_sfs_seq_open(struct inode *inode, struct file *file)
1025 {
1026 return single_open(file, aa_sfs_seq_show, inode->i_private);
1027 }
1028
1029 const struct file_operations aa_sfs_seq_file_ops = {
1030 .owner = THIS_MODULE,
1031 .open = aa_sfs_seq_open,
1032 .read = seq_read,
1033 .llseek = seq_lseek,
1034 .release = single_release,
1035 };
1036
1037 /*
1038 * profile based file operations
1039 * policy/profiles/XXXX/profiles/ *
1040 */
1041
1042 #define SEQ_PROFILE_FOPS(NAME) \
1043 static int seq_profile_ ##NAME ##_open(struct inode *inode, struct file *file)\
1044 { \
1045 return seq_profile_open(inode, file, seq_profile_ ##NAME ##_show); \
1046 } \
1047 \
1048 static const struct file_operations seq_profile_ ##NAME ##_fops = { \
1049 .owner = THIS_MODULE, \
1050 .open = seq_profile_ ##NAME ##_open, \
1051 .read = seq_read, \
1052 .llseek = seq_lseek, \
1053 .release = seq_profile_release, \
1054 } \
1055
seq_profile_open(struct inode * inode,struct file * file,int (* show)(struct seq_file *,void *))1056 static int seq_profile_open(struct inode *inode, struct file *file,
1057 int (*show)(struct seq_file *, void *))
1058 {
1059 struct aa_proxy *proxy = aa_get_proxy(inode->i_private);
1060 int error = single_open(file, show, proxy);
1061
1062 if (error) {
1063 file->private_data = NULL;
1064 aa_put_proxy(proxy);
1065 }
1066
1067 return error;
1068 }
1069
seq_profile_release(struct inode * inode,struct file * file)1070 static int seq_profile_release(struct inode *inode, struct file *file)
1071 {
1072 struct seq_file *seq = (struct seq_file *) file->private_data;
1073 if (seq)
1074 aa_put_proxy(seq->private);
1075 return single_release(inode, file);
1076 }
1077
seq_profile_name_show(struct seq_file * seq,void * v)1078 static int seq_profile_name_show(struct seq_file *seq, void *v)
1079 {
1080 struct aa_proxy *proxy = seq->private;
1081 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1082 struct aa_profile *profile = labels_profile(label);
1083 seq_printf(seq, "%s\n", profile->base.name);
1084 aa_put_label(label);
1085
1086 return 0;
1087 }
1088
seq_profile_mode_show(struct seq_file * seq,void * v)1089 static int seq_profile_mode_show(struct seq_file *seq, void *v)
1090 {
1091 struct aa_proxy *proxy = seq->private;
1092 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1093 struct aa_profile *profile = labels_profile(label);
1094 seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]);
1095 aa_put_label(label);
1096
1097 return 0;
1098 }
1099
seq_profile_attach_show(struct seq_file * seq,void * v)1100 static int seq_profile_attach_show(struct seq_file *seq, void *v)
1101 {
1102 struct aa_proxy *proxy = seq->private;
1103 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1104 struct aa_profile *profile = labels_profile(label);
1105 if (profile->attach.xmatch_str)
1106 seq_printf(seq, "%s\n", profile->attach.xmatch_str);
1107 else if (profile->attach.xmatch->dfa)
1108 seq_puts(seq, "<unknown>\n");
1109 else
1110 seq_printf(seq, "%s\n", profile->base.name);
1111 aa_put_label(label);
1112
1113 return 0;
1114 }
1115
seq_profile_hash_show(struct seq_file * seq,void * v)1116 static int seq_profile_hash_show(struct seq_file *seq, void *v)
1117 {
1118 struct aa_proxy *proxy = seq->private;
1119 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1120 struct aa_profile *profile = labels_profile(label);
1121 unsigned int i, size = aa_hash_size();
1122
1123 if (profile->hash) {
1124 for (i = 0; i < size; i++)
1125 seq_printf(seq, "%.2x", profile->hash[i]);
1126 seq_putc(seq, '\n');
1127 }
1128 aa_put_label(label);
1129
1130 return 0;
1131 }
1132
1133 SEQ_PROFILE_FOPS(name);
1134 SEQ_PROFILE_FOPS(mode);
1135 SEQ_PROFILE_FOPS(attach);
1136 SEQ_PROFILE_FOPS(hash);
1137
1138 /*
1139 * namespace based files
1140 * several root files and
1141 * policy/ *
1142 */
1143
1144 #define SEQ_NS_FOPS(NAME) \
1145 static int seq_ns_ ##NAME ##_open(struct inode *inode, struct file *file) \
1146 { \
1147 return single_open(file, seq_ns_ ##NAME ##_show, inode->i_private); \
1148 } \
1149 \
1150 static const struct file_operations seq_ns_ ##NAME ##_fops = { \
1151 .owner = THIS_MODULE, \
1152 .open = seq_ns_ ##NAME ##_open, \
1153 .read = seq_read, \
1154 .llseek = seq_lseek, \
1155 .release = single_release, \
1156 } \
1157
seq_ns_stacked_show(struct seq_file * seq,void * v)1158 static int seq_ns_stacked_show(struct seq_file *seq, void *v)
1159 {
1160 struct aa_label *label;
1161
1162 label = begin_current_label_crit_section();
1163 seq_printf(seq, "%s\n", str_yes_no(label->size > 1));
1164 end_current_label_crit_section(label);
1165
1166 return 0;
1167 }
1168
seq_ns_nsstacked_show(struct seq_file * seq,void * v)1169 static int seq_ns_nsstacked_show(struct seq_file *seq, void *v)
1170 {
1171 struct aa_label *label;
1172 struct aa_profile *profile;
1173 struct label_it it;
1174 int count = 1;
1175
1176 label = begin_current_label_crit_section();
1177
1178 if (label->size > 1) {
1179 label_for_each(it, label, profile)
1180 if (profile->ns != labels_ns(label)) {
1181 count++;
1182 break;
1183 }
1184 }
1185
1186 seq_printf(seq, "%s\n", str_yes_no(count > 1));
1187 end_current_label_crit_section(label);
1188
1189 return 0;
1190 }
1191
seq_ns_level_show(struct seq_file * seq,void * v)1192 static int seq_ns_level_show(struct seq_file *seq, void *v)
1193 {
1194 struct aa_label *label;
1195
1196 label = begin_current_label_crit_section();
1197 seq_printf(seq, "%d\n", labels_ns(label)->level);
1198 end_current_label_crit_section(label);
1199
1200 return 0;
1201 }
1202
seq_ns_name_show(struct seq_file * seq,void * v)1203 static int seq_ns_name_show(struct seq_file *seq, void *v)
1204 {
1205 struct aa_label *label = begin_current_label_crit_section();
1206 seq_printf(seq, "%s\n", labels_ns(label)->base.name);
1207 end_current_label_crit_section(label);
1208
1209 return 0;
1210 }
1211
seq_ns_compress_min_show(struct seq_file * seq,void * v)1212 static int seq_ns_compress_min_show(struct seq_file *seq, void *v)
1213 {
1214 seq_printf(seq, "%d\n", AA_MIN_CLEVEL);
1215 return 0;
1216 }
1217
seq_ns_compress_max_show(struct seq_file * seq,void * v)1218 static int seq_ns_compress_max_show(struct seq_file *seq, void *v)
1219 {
1220 seq_printf(seq, "%d\n", AA_MAX_CLEVEL);
1221 return 0;
1222 }
1223
1224 SEQ_NS_FOPS(stacked);
1225 SEQ_NS_FOPS(nsstacked);
1226 SEQ_NS_FOPS(level);
1227 SEQ_NS_FOPS(name);
1228 SEQ_NS_FOPS(compress_min);
1229 SEQ_NS_FOPS(compress_max);
1230
1231
1232 /* policy/raw_data/ * file ops */
1233 #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
1234 #define SEQ_RAWDATA_FOPS(NAME) \
1235 static int seq_rawdata_ ##NAME ##_open(struct inode *inode, struct file *file)\
1236 { \
1237 return seq_rawdata_open(inode, file, seq_rawdata_ ##NAME ##_show); \
1238 } \
1239 \
1240 static const struct file_operations seq_rawdata_ ##NAME ##_fops = { \
1241 .owner = THIS_MODULE, \
1242 .open = seq_rawdata_ ##NAME ##_open, \
1243 .read = seq_read, \
1244 .llseek = seq_lseek, \
1245 .release = seq_rawdata_release, \
1246 } \
1247
seq_rawdata_open(struct inode * inode,struct file * file,int (* show)(struct seq_file *,void *))1248 static int seq_rawdata_open(struct inode *inode, struct file *file,
1249 int (*show)(struct seq_file *, void *))
1250 {
1251 struct aa_loaddata *data = __aa_get_loaddata(inode->i_private);
1252 int error;
1253
1254 if (!data)
1255 /* lost race this ent is being reaped */
1256 return -ENOENT;
1257
1258 error = single_open(file, show, data);
1259 if (error) {
1260 AA_BUG(file->private_data &&
1261 ((struct seq_file *)file->private_data)->private);
1262 aa_put_loaddata(data);
1263 }
1264
1265 return error;
1266 }
1267
seq_rawdata_release(struct inode * inode,struct file * file)1268 static int seq_rawdata_release(struct inode *inode, struct file *file)
1269 {
1270 struct seq_file *seq = (struct seq_file *) file->private_data;
1271
1272 if (seq)
1273 aa_put_loaddata(seq->private);
1274
1275 return single_release(inode, file);
1276 }
1277
seq_rawdata_abi_show(struct seq_file * seq,void * v)1278 static int seq_rawdata_abi_show(struct seq_file *seq, void *v)
1279 {
1280 struct aa_loaddata *data = seq->private;
1281
1282 seq_printf(seq, "v%d\n", data->abi);
1283
1284 return 0;
1285 }
1286
seq_rawdata_revision_show(struct seq_file * seq,void * v)1287 static int seq_rawdata_revision_show(struct seq_file *seq, void *v)
1288 {
1289 struct aa_loaddata *data = seq->private;
1290
1291 seq_printf(seq, "%ld\n", data->revision);
1292
1293 return 0;
1294 }
1295
seq_rawdata_hash_show(struct seq_file * seq,void * v)1296 static int seq_rawdata_hash_show(struct seq_file *seq, void *v)
1297 {
1298 struct aa_loaddata *data = seq->private;
1299 unsigned int i, size = aa_hash_size();
1300
1301 if (data->hash) {
1302 for (i = 0; i < size; i++)
1303 seq_printf(seq, "%.2x", data->hash[i]);
1304 seq_putc(seq, '\n');
1305 }
1306
1307 return 0;
1308 }
1309
seq_rawdata_compressed_size_show(struct seq_file * seq,void * v)1310 static int seq_rawdata_compressed_size_show(struct seq_file *seq, void *v)
1311 {
1312 struct aa_loaddata *data = seq->private;
1313
1314 seq_printf(seq, "%zu\n", data->compressed_size);
1315
1316 return 0;
1317 }
1318
1319 SEQ_RAWDATA_FOPS(abi);
1320 SEQ_RAWDATA_FOPS(revision);
1321 SEQ_RAWDATA_FOPS(hash);
1322 SEQ_RAWDATA_FOPS(compressed_size);
1323
decompress_zstd(char * src,size_t slen,char * dst,size_t dlen)1324 static int decompress_zstd(char *src, size_t slen, char *dst, size_t dlen)
1325 {
1326 if (slen < dlen) {
1327 const size_t wksp_len = zstd_dctx_workspace_bound();
1328 zstd_dctx *ctx;
1329 void *wksp;
1330 size_t out_len;
1331 int ret = 0;
1332
1333 wksp = kvzalloc(wksp_len, GFP_KERNEL);
1334 if (!wksp) {
1335 ret = -ENOMEM;
1336 goto cleanup;
1337 }
1338 ctx = zstd_init_dctx(wksp, wksp_len);
1339 if (ctx == NULL) {
1340 ret = -ENOMEM;
1341 goto cleanup;
1342 }
1343 out_len = zstd_decompress_dctx(ctx, dst, dlen, src, slen);
1344 if (zstd_is_error(out_len)) {
1345 ret = -EINVAL;
1346 goto cleanup;
1347 }
1348 cleanup:
1349 kvfree(wksp);
1350 return ret;
1351 }
1352
1353 if (dlen < slen)
1354 return -EINVAL;
1355 memcpy(dst, src, slen);
1356 return 0;
1357 }
1358
rawdata_read(struct file * file,char __user * buf,size_t size,loff_t * ppos)1359 static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size,
1360 loff_t *ppos)
1361 {
1362 struct rawdata_f_data *private = file->private_data;
1363
1364 return simple_read_from_buffer(buf, size, ppos,
1365 RAWDATA_F_DATA_BUF(private),
1366 private->loaddata->size);
1367 }
1368
rawdata_release(struct inode * inode,struct file * file)1369 static int rawdata_release(struct inode *inode, struct file *file)
1370 {
1371 rawdata_f_data_free(file->private_data);
1372
1373 return 0;
1374 }
1375
rawdata_open(struct inode * inode,struct file * file)1376 static int rawdata_open(struct inode *inode, struct file *file)
1377 {
1378 int error;
1379 struct aa_loaddata *loaddata;
1380 struct rawdata_f_data *private;
1381
1382 if (!aa_current_policy_view_capable(NULL))
1383 return -EACCES;
1384
1385 loaddata = __aa_get_loaddata(inode->i_private);
1386 if (!loaddata)
1387 /* lost race: this entry is being reaped */
1388 return -ENOENT;
1389
1390 private = rawdata_f_data_alloc(loaddata->size);
1391 if (IS_ERR(private)) {
1392 error = PTR_ERR(private);
1393 goto fail_private_alloc;
1394 }
1395
1396 private->loaddata = loaddata;
1397
1398 error = decompress_zstd(loaddata->data, loaddata->compressed_size,
1399 RAWDATA_F_DATA_BUF(private),
1400 loaddata->size);
1401 if (error)
1402 goto fail_decompress;
1403
1404 file->private_data = private;
1405 return 0;
1406
1407 fail_decompress:
1408 rawdata_f_data_free(private);
1409 return error;
1410
1411 fail_private_alloc:
1412 aa_put_loaddata(loaddata);
1413 return error;
1414 }
1415
1416 static const struct file_operations rawdata_fops = {
1417 .open = rawdata_open,
1418 .read = rawdata_read,
1419 .llseek = generic_file_llseek,
1420 .release = rawdata_release,
1421 };
1422
remove_rawdata_dents(struct aa_loaddata * rawdata)1423 static void remove_rawdata_dents(struct aa_loaddata *rawdata)
1424 {
1425 int i;
1426
1427 for (i = 0; i < AAFS_LOADDATA_NDENTS; i++) {
1428 if (!IS_ERR_OR_NULL(rawdata->dents[i])) {
1429 /* no refcounts on i_private */
1430 aafs_remove(rawdata->dents[i]);
1431 rawdata->dents[i] = NULL;
1432 }
1433 }
1434 }
1435
__aa_fs_remove_rawdata(struct aa_loaddata * rawdata)1436 void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata)
1437 {
1438 AA_BUG(rawdata->ns && !mutex_is_locked(&rawdata->ns->lock));
1439
1440 if (rawdata->ns) {
1441 remove_rawdata_dents(rawdata);
1442 list_del_init(&rawdata->list);
1443 aa_put_ns(rawdata->ns);
1444 rawdata->ns = NULL;
1445 }
1446 }
1447
__aa_fs_create_rawdata(struct aa_ns * ns,struct aa_loaddata * rawdata)1448 int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata)
1449 {
1450 struct dentry *dent, *dir;
1451
1452 AA_BUG(!ns);
1453 AA_BUG(!rawdata);
1454 AA_BUG(!mutex_is_locked(&ns->lock));
1455 AA_BUG(!ns_subdata_dir(ns));
1456
1457 /*
1458 * just use ns revision dir was originally created at. This is
1459 * under ns->lock and if load is successful revision will be
1460 * bumped and is guaranteed to be unique
1461 */
1462 rawdata->name = kasprintf(GFP_KERNEL, "%ld", ns->revision);
1463 if (!rawdata->name)
1464 return -ENOMEM;
1465
1466 dir = aafs_create_dir(rawdata->name, ns_subdata_dir(ns));
1467 if (IS_ERR(dir))
1468 /* ->name freed when rawdata freed */
1469 return PTR_ERR(dir);
1470 rawdata->dents[AAFS_LOADDATA_DIR] = dir;
1471
1472 dent = aafs_create_file("abi", S_IFREG | 0444, dir, rawdata,
1473 &seq_rawdata_abi_fops);
1474 if (IS_ERR(dent))
1475 goto fail;
1476 rawdata->dents[AAFS_LOADDATA_ABI] = dent;
1477
1478 dent = aafs_create_file("revision", S_IFREG | 0444, dir, rawdata,
1479 &seq_rawdata_revision_fops);
1480 if (IS_ERR(dent))
1481 goto fail;
1482 rawdata->dents[AAFS_LOADDATA_REVISION] = dent;
1483
1484 if (aa_g_hash_policy) {
1485 dent = aafs_create_file("sha256", S_IFREG | 0444, dir,
1486 rawdata, &seq_rawdata_hash_fops);
1487 if (IS_ERR(dent))
1488 goto fail;
1489 rawdata->dents[AAFS_LOADDATA_HASH] = dent;
1490 }
1491
1492 dent = aafs_create_file("compressed_size", S_IFREG | 0444, dir,
1493 rawdata,
1494 &seq_rawdata_compressed_size_fops);
1495 if (IS_ERR(dent))
1496 goto fail;
1497 rawdata->dents[AAFS_LOADDATA_COMPRESSED_SIZE] = dent;
1498
1499 dent = aafs_create_file("raw_data", S_IFREG | 0444,
1500 dir, rawdata, &rawdata_fops);
1501 if (IS_ERR(dent))
1502 goto fail;
1503 rawdata->dents[AAFS_LOADDATA_DATA] = dent;
1504 d_inode(dent)->i_size = rawdata->size;
1505
1506 rawdata->ns = aa_get_ns(ns);
1507 list_add(&rawdata->list, &ns->rawdata_list);
1508 /* no refcount on inode rawdata */
1509
1510 return 0;
1511
1512 fail:
1513 remove_rawdata_dents(rawdata);
1514
1515 return PTR_ERR(dent);
1516 }
1517 #endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
1518
1519
1520 /** fns to setup dynamic per profile/namespace files **/
1521
1522 /*
1523 *
1524 * Requires: @profile->ns->lock held
1525 */
__aafs_profile_rmdir(struct aa_profile * profile)1526 void __aafs_profile_rmdir(struct aa_profile *profile)
1527 {
1528 struct aa_profile *child;
1529 int i;
1530
1531 if (!profile)
1532 return;
1533
1534 list_for_each_entry(child, &profile->base.profiles, base.list)
1535 __aafs_profile_rmdir(child);
1536
1537 for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) {
1538 struct aa_proxy *proxy;
1539 if (!profile->dents[i])
1540 continue;
1541
1542 proxy = d_inode(profile->dents[i])->i_private;
1543 aafs_remove(profile->dents[i]);
1544 aa_put_proxy(proxy);
1545 profile->dents[i] = NULL;
1546 }
1547 }
1548
1549 /*
1550 *
1551 * Requires: @old->ns->lock held
1552 */
__aafs_profile_migrate_dents(struct aa_profile * old,struct aa_profile * new)1553 void __aafs_profile_migrate_dents(struct aa_profile *old,
1554 struct aa_profile *new)
1555 {
1556 int i;
1557
1558 AA_BUG(!old);
1559 AA_BUG(!new);
1560 AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock));
1561
1562 for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
1563 new->dents[i] = old->dents[i];
1564 if (new->dents[i]) {
1565 struct inode *inode = d_inode(new->dents[i]);
1566
1567 inode_set_mtime_to_ts(inode,
1568 inode_set_ctime_current(inode));
1569 }
1570 old->dents[i] = NULL;
1571 }
1572 }
1573
create_profile_file(struct dentry * dir,const char * name,struct aa_profile * profile,const struct file_operations * fops)1574 static struct dentry *create_profile_file(struct dentry *dir, const char *name,
1575 struct aa_profile *profile,
1576 const struct file_operations *fops)
1577 {
1578 struct aa_proxy *proxy = aa_get_proxy(profile->label.proxy);
1579 struct dentry *dent;
1580
1581 dent = aafs_create_file(name, S_IFREG | 0444, dir, proxy, fops);
1582 if (IS_ERR(dent))
1583 aa_put_proxy(proxy);
1584
1585 return dent;
1586 }
1587
1588 #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
profile_depth(struct aa_profile * profile)1589 static int profile_depth(struct aa_profile *profile)
1590 {
1591 int depth = 0;
1592
1593 rcu_read_lock();
1594 for (depth = 0; profile; profile = rcu_access_pointer(profile->parent))
1595 depth++;
1596 rcu_read_unlock();
1597
1598 return depth;
1599 }
1600
gen_symlink_name(int depth,const char * dirname,const char * fname)1601 static char *gen_symlink_name(int depth, const char *dirname, const char *fname)
1602 {
1603 char *buffer, *s;
1604 int error;
1605 int size = depth * 6 + strlen(dirname) + strlen(fname) + 11;
1606
1607 s = buffer = kmalloc(size, GFP_KERNEL);
1608 if (!buffer)
1609 return ERR_PTR(-ENOMEM);
1610
1611 for (; depth > 0; depth--) {
1612 strcpy(s, "../../");
1613 s += 6;
1614 size -= 6;
1615 }
1616
1617 error = snprintf(s, size, "raw_data/%s/%s", dirname, fname);
1618 if (error >= size || error < 0) {
1619 kfree(buffer);
1620 return ERR_PTR(-ENAMETOOLONG);
1621 }
1622
1623 return buffer;
1624 }
1625
rawdata_get_link_base(struct dentry * dentry,struct inode * inode,struct delayed_call * done,const char * name)1626 static const char *rawdata_get_link_base(struct dentry *dentry,
1627 struct inode *inode,
1628 struct delayed_call *done,
1629 const char *name)
1630 {
1631 struct aa_proxy *proxy = inode->i_private;
1632 struct aa_label *label;
1633 struct aa_profile *profile;
1634 char *target;
1635 int depth;
1636
1637 if (!dentry)
1638 return ERR_PTR(-ECHILD);
1639
1640 label = aa_get_label_rcu(&proxy->label);
1641 profile = labels_profile(label);
1642 depth = profile_depth(profile);
1643 target = gen_symlink_name(depth, profile->rawdata->name, name);
1644 aa_put_label(label);
1645
1646 if (IS_ERR(target))
1647 return target;
1648
1649 set_delayed_call(done, kfree_link, target);
1650
1651 return target;
1652 }
1653
rawdata_get_link_sha256(struct dentry * dentry,struct inode * inode,struct delayed_call * done)1654 static const char *rawdata_get_link_sha256(struct dentry *dentry,
1655 struct inode *inode,
1656 struct delayed_call *done)
1657 {
1658 return rawdata_get_link_base(dentry, inode, done, "sha256");
1659 }
1660
rawdata_get_link_abi(struct dentry * dentry,struct inode * inode,struct delayed_call * done)1661 static const char *rawdata_get_link_abi(struct dentry *dentry,
1662 struct inode *inode,
1663 struct delayed_call *done)
1664 {
1665 return rawdata_get_link_base(dentry, inode, done, "abi");
1666 }
1667
rawdata_get_link_data(struct dentry * dentry,struct inode * inode,struct delayed_call * done)1668 static const char *rawdata_get_link_data(struct dentry *dentry,
1669 struct inode *inode,
1670 struct delayed_call *done)
1671 {
1672 return rawdata_get_link_base(dentry, inode, done, "raw_data");
1673 }
1674
1675 static const struct inode_operations rawdata_link_sha256_iops = {
1676 .get_link = rawdata_get_link_sha256,
1677 };
1678
1679 static const struct inode_operations rawdata_link_abi_iops = {
1680 .get_link = rawdata_get_link_abi,
1681 };
1682 static const struct inode_operations rawdata_link_data_iops = {
1683 .get_link = rawdata_get_link_data,
1684 };
1685 #endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
1686
1687 /*
1688 * Requires: @profile->ns->lock held
1689 */
__aafs_profile_mkdir(struct aa_profile * profile,struct dentry * parent)1690 int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
1691 {
1692 struct aa_profile *child;
1693 struct dentry *dent = NULL, *dir;
1694 int error;
1695
1696 AA_BUG(!profile);
1697 AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock));
1698
1699 if (!parent) {
1700 struct aa_profile *p;
1701 p = aa_deref_parent(profile);
1702 dent = prof_dir(p);
1703 if (!dent) {
1704 error = -ENOENT;
1705 goto fail2;
1706 }
1707 /* adding to parent that previously didn't have children */
1708 dent = aafs_create_dir("profiles", dent);
1709 if (IS_ERR(dent))
1710 goto fail;
1711 prof_child_dir(p) = parent = dent;
1712 }
1713
1714 if (!profile->dirname) {
1715 int len, id_len;
1716 len = mangle_name(profile->base.name, NULL);
1717 id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
1718
1719 profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
1720 if (!profile->dirname) {
1721 error = -ENOMEM;
1722 goto fail2;
1723 }
1724
1725 mangle_name(profile->base.name, profile->dirname);
1726 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
1727 }
1728
1729 dent = aafs_create_dir(profile->dirname, parent);
1730 if (IS_ERR(dent))
1731 goto fail;
1732 prof_dir(profile) = dir = dent;
1733
1734 dent = create_profile_file(dir, "name", profile,
1735 &seq_profile_name_fops);
1736 if (IS_ERR(dent))
1737 goto fail;
1738 profile->dents[AAFS_PROF_NAME] = dent;
1739
1740 dent = create_profile_file(dir, "mode", profile,
1741 &seq_profile_mode_fops);
1742 if (IS_ERR(dent))
1743 goto fail;
1744 profile->dents[AAFS_PROF_MODE] = dent;
1745
1746 dent = create_profile_file(dir, "attach", profile,
1747 &seq_profile_attach_fops);
1748 if (IS_ERR(dent))
1749 goto fail;
1750 profile->dents[AAFS_PROF_ATTACH] = dent;
1751
1752 if (profile->hash) {
1753 dent = create_profile_file(dir, "sha256", profile,
1754 &seq_profile_hash_fops);
1755 if (IS_ERR(dent))
1756 goto fail;
1757 profile->dents[AAFS_PROF_HASH] = dent;
1758 }
1759
1760 #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
1761 if (profile->rawdata) {
1762 if (aa_g_hash_policy) {
1763 dent = aafs_create("raw_sha256", S_IFLNK | 0444, dir,
1764 profile->label.proxy, NULL, NULL,
1765 &rawdata_link_sha256_iops);
1766 if (IS_ERR(dent))
1767 goto fail;
1768 aa_get_proxy(profile->label.proxy);
1769 profile->dents[AAFS_PROF_RAW_HASH] = dent;
1770 }
1771 dent = aafs_create("raw_abi", S_IFLNK | 0444, dir,
1772 profile->label.proxy, NULL, NULL,
1773 &rawdata_link_abi_iops);
1774 if (IS_ERR(dent))
1775 goto fail;
1776 aa_get_proxy(profile->label.proxy);
1777 profile->dents[AAFS_PROF_RAW_ABI] = dent;
1778
1779 dent = aafs_create("raw_data", S_IFLNK | 0444, dir,
1780 profile->label.proxy, NULL, NULL,
1781 &rawdata_link_data_iops);
1782 if (IS_ERR(dent))
1783 goto fail;
1784 aa_get_proxy(profile->label.proxy);
1785 profile->dents[AAFS_PROF_RAW_DATA] = dent;
1786 }
1787 #endif /*CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
1788
1789 list_for_each_entry(child, &profile->base.profiles, base.list) {
1790 error = __aafs_profile_mkdir(child, prof_child_dir(profile));
1791 if (error)
1792 goto fail2;
1793 }
1794
1795 return 0;
1796
1797 fail:
1798 error = PTR_ERR(dent);
1799
1800 fail2:
1801 __aafs_profile_rmdir(profile);
1802
1803 return error;
1804 }
1805
ns_mkdir_op(struct mnt_idmap * idmap,struct inode * dir,struct dentry * dentry,umode_t mode)1806 static struct dentry *ns_mkdir_op(struct mnt_idmap *idmap, struct inode *dir,
1807 struct dentry *dentry, umode_t mode)
1808 {
1809 struct aa_ns *ns, *parent;
1810 /* TODO: improve permission check */
1811 struct aa_label *label;
1812 int error;
1813
1814 label = begin_current_label_crit_section();
1815 error = aa_may_manage_policy(current_cred(), label, NULL,
1816 AA_MAY_LOAD_POLICY);
1817 end_current_label_crit_section(label);
1818 if (error)
1819 return ERR_PTR(error);
1820
1821 parent = aa_get_ns(dir->i_private);
1822 AA_BUG(d_inode(ns_subns_dir(parent)) != dir);
1823
1824 /* we have to unlock and then relock to get locking order right
1825 * for pin_fs
1826 */
1827 inode_unlock(dir);
1828 error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
1829 mutex_lock_nested(&parent->lock, parent->level);
1830 inode_lock_nested(dir, I_MUTEX_PARENT);
1831 if (error)
1832 goto out;
1833
1834 error = __aafs_setup_d_inode(dir, dentry, mode | S_IFDIR, NULL,
1835 NULL, NULL, NULL);
1836 if (error)
1837 goto out_pin;
1838
1839 ns = __aa_find_or_create_ns(parent, READ_ONCE(dentry->d_name.name),
1840 dentry);
1841 if (IS_ERR(ns)) {
1842 error = PTR_ERR(ns);
1843 ns = NULL;
1844 }
1845
1846 aa_put_ns(ns); /* list ref remains */
1847 out_pin:
1848 if (error)
1849 simple_release_fs(&aafs_mnt, &aafs_count);
1850 out:
1851 mutex_unlock(&parent->lock);
1852 aa_put_ns(parent);
1853
1854 return ERR_PTR(error);
1855 }
1856
ns_rmdir_op(struct inode * dir,struct dentry * dentry)1857 static int ns_rmdir_op(struct inode *dir, struct dentry *dentry)
1858 {
1859 struct aa_ns *ns, *parent;
1860 /* TODO: improve permission check */
1861 struct aa_label *label;
1862 int error;
1863
1864 label = begin_current_label_crit_section();
1865 error = aa_may_manage_policy(current_cred(), label, NULL,
1866 AA_MAY_LOAD_POLICY);
1867 end_current_label_crit_section(label);
1868 if (error)
1869 return error;
1870
1871 parent = aa_get_ns(dir->i_private);
1872 /* rmdir calls the generic securityfs functions to remove files
1873 * from the apparmor dir. It is up to the apparmor ns locking
1874 * to avoid races.
1875 */
1876 inode_unlock(dir);
1877 inode_unlock(dentry->d_inode);
1878
1879 mutex_lock_nested(&parent->lock, parent->level);
1880 ns = aa_get_ns(__aa_findn_ns(&parent->sub_ns, dentry->d_name.name,
1881 dentry->d_name.len));
1882 if (!ns) {
1883 error = -ENOENT;
1884 goto out;
1885 }
1886 AA_BUG(ns_dir(ns) != dentry);
1887
1888 __aa_remove_ns(ns);
1889 aa_put_ns(ns);
1890
1891 out:
1892 mutex_unlock(&parent->lock);
1893 inode_lock_nested(dir, I_MUTEX_PARENT);
1894 inode_lock(dentry->d_inode);
1895 aa_put_ns(parent);
1896
1897 return error;
1898 }
1899
1900 static const struct inode_operations ns_dir_inode_operations = {
1901 .lookup = simple_lookup,
1902 .mkdir = ns_mkdir_op,
1903 .rmdir = ns_rmdir_op,
1904 };
1905
__aa_fs_list_remove_rawdata(struct aa_ns * ns)1906 static void __aa_fs_list_remove_rawdata(struct aa_ns *ns)
1907 {
1908 struct aa_loaddata *ent, *tmp;
1909
1910 AA_BUG(!mutex_is_locked(&ns->lock));
1911
1912 list_for_each_entry_safe(ent, tmp, &ns->rawdata_list, list)
1913 __aa_fs_remove_rawdata(ent);
1914 }
1915
1916 /*
1917 *
1918 * Requires: @ns->lock held
1919 */
__aafs_ns_rmdir(struct aa_ns * ns)1920 void __aafs_ns_rmdir(struct aa_ns *ns)
1921 {
1922 struct aa_ns *sub;
1923 struct aa_profile *child;
1924 int i;
1925
1926 if (!ns)
1927 return;
1928 AA_BUG(!mutex_is_locked(&ns->lock));
1929
1930 list_for_each_entry(child, &ns->base.profiles, base.list)
1931 __aafs_profile_rmdir(child);
1932
1933 list_for_each_entry(sub, &ns->sub_ns, base.list) {
1934 mutex_lock_nested(&sub->lock, sub->level);
1935 __aafs_ns_rmdir(sub);
1936 mutex_unlock(&sub->lock);
1937 }
1938
1939 __aa_fs_list_remove_rawdata(ns);
1940
1941 if (ns_subns_dir(ns)) {
1942 sub = d_inode(ns_subns_dir(ns))->i_private;
1943 aa_put_ns(sub);
1944 }
1945 if (ns_subload(ns)) {
1946 sub = d_inode(ns_subload(ns))->i_private;
1947 aa_put_ns(sub);
1948 }
1949 if (ns_subreplace(ns)) {
1950 sub = d_inode(ns_subreplace(ns))->i_private;
1951 aa_put_ns(sub);
1952 }
1953 if (ns_subremove(ns)) {
1954 sub = d_inode(ns_subremove(ns))->i_private;
1955 aa_put_ns(sub);
1956 }
1957 if (ns_subrevision(ns)) {
1958 sub = d_inode(ns_subrevision(ns))->i_private;
1959 aa_put_ns(sub);
1960 }
1961
1962 for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) {
1963 aafs_remove(ns->dents[i]);
1964 ns->dents[i] = NULL;
1965 }
1966 }
1967
1968 /* assumes cleanup in caller */
__aafs_ns_mkdir_entries(struct aa_ns * ns,struct dentry * dir)1969 static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir)
1970 {
1971 struct dentry *dent;
1972
1973 AA_BUG(!ns);
1974 AA_BUG(!dir);
1975
1976 dent = aafs_create_dir("profiles", dir);
1977 if (IS_ERR(dent))
1978 return PTR_ERR(dent);
1979 ns_subprofs_dir(ns) = dent;
1980
1981 dent = aafs_create_dir("raw_data", dir);
1982 if (IS_ERR(dent))
1983 return PTR_ERR(dent);
1984 ns_subdata_dir(ns) = dent;
1985
1986 dent = aafs_create_file("revision", 0444, dir, ns,
1987 &aa_fs_ns_revision_fops);
1988 if (IS_ERR(dent))
1989 return PTR_ERR(dent);
1990 aa_get_ns(ns);
1991 ns_subrevision(ns) = dent;
1992
1993 dent = aafs_create_file(".load", 0640, dir, ns,
1994 &aa_fs_profile_load);
1995 if (IS_ERR(dent))
1996 return PTR_ERR(dent);
1997 aa_get_ns(ns);
1998 ns_subload(ns) = dent;
1999
2000 dent = aafs_create_file(".replace", 0640, dir, ns,
2001 &aa_fs_profile_replace);
2002 if (IS_ERR(dent))
2003 return PTR_ERR(dent);
2004 aa_get_ns(ns);
2005 ns_subreplace(ns) = dent;
2006
2007 dent = aafs_create_file(".remove", 0640, dir, ns,
2008 &aa_fs_profile_remove);
2009 if (IS_ERR(dent))
2010 return PTR_ERR(dent);
2011 aa_get_ns(ns);
2012 ns_subremove(ns) = dent;
2013
2014 /* use create_dentry so we can supply private data */
2015 dent = aafs_create("namespaces", S_IFDIR | 0755, dir, ns, NULL, NULL,
2016 &ns_dir_inode_operations);
2017 if (IS_ERR(dent))
2018 return PTR_ERR(dent);
2019 aa_get_ns(ns);
2020 ns_subns_dir(ns) = dent;
2021
2022 return 0;
2023 }
2024
2025 /*
2026 * Requires: @ns->lock held
2027 */
__aafs_ns_mkdir(struct aa_ns * ns,struct dentry * parent,const char * name,struct dentry * dent)2028 int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
2029 struct dentry *dent)
2030 {
2031 struct aa_ns *sub;
2032 struct aa_profile *child;
2033 struct dentry *dir;
2034 int error;
2035
2036 AA_BUG(!ns);
2037 AA_BUG(!parent);
2038 AA_BUG(!mutex_is_locked(&ns->lock));
2039
2040 if (!name)
2041 name = ns->base.name;
2042
2043 if (!dent) {
2044 /* create ns dir if it doesn't already exist */
2045 dent = aafs_create_dir(name, parent);
2046 if (IS_ERR(dent))
2047 goto fail;
2048 } else
2049 dget(dent);
2050 ns_dir(ns) = dir = dent;
2051 error = __aafs_ns_mkdir_entries(ns, dir);
2052 if (error)
2053 goto fail2;
2054
2055 /* profiles */
2056 list_for_each_entry(child, &ns->base.profiles, base.list) {
2057 error = __aafs_profile_mkdir(child, ns_subprofs_dir(ns));
2058 if (error)
2059 goto fail2;
2060 }
2061
2062 /* subnamespaces */
2063 list_for_each_entry(sub, &ns->sub_ns, base.list) {
2064 mutex_lock_nested(&sub->lock, sub->level);
2065 error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL);
2066 mutex_unlock(&sub->lock);
2067 if (error)
2068 goto fail2;
2069 }
2070
2071 return 0;
2072
2073 fail:
2074 error = PTR_ERR(dent);
2075
2076 fail2:
2077 __aafs_ns_rmdir(ns);
2078
2079 return error;
2080 }
2081
2082 /**
2083 * __next_ns - find the next namespace to list
2084 * @root: root namespace to stop search at (NOT NULL)
2085 * @ns: current ns position (NOT NULL)
2086 *
2087 * Find the next namespace from @ns under @root and handle all locking needed
2088 * while switching current namespace.
2089 *
2090 * Returns: next namespace or NULL if at last namespace under @root
2091 * Requires: ns->parent->lock to be held
2092 * NOTE: will not unlock root->lock
2093 */
__next_ns(struct aa_ns * root,struct aa_ns * ns)2094 static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns)
2095 {
2096 struct aa_ns *parent, *next;
2097
2098 AA_BUG(!root);
2099 AA_BUG(!ns);
2100 AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock));
2101
2102 /* is next namespace a child */
2103 if (!list_empty(&ns->sub_ns)) {
2104 next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
2105 mutex_lock_nested(&next->lock, next->level);
2106 return next;
2107 }
2108
2109 /* check if the next ns is a sibling, parent, gp, .. */
2110 parent = ns->parent;
2111 while (ns != root) {
2112 mutex_unlock(&ns->lock);
2113 next = list_next_entry(ns, base.list);
2114 if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
2115 mutex_lock_nested(&next->lock, next->level);
2116 return next;
2117 }
2118 ns = parent;
2119 parent = parent->parent;
2120 }
2121
2122 return NULL;
2123 }
2124
2125 /**
2126 * __first_profile - find the first profile in a namespace
2127 * @root: namespace that is root of profiles being displayed (NOT NULL)
2128 * @ns: namespace to start in (NOT NULL)
2129 *
2130 * Returns: unrefcounted profile or NULL if no profile
2131 * Requires: profile->ns.lock to be held
2132 */
__first_profile(struct aa_ns * root,struct aa_ns * ns)2133 static struct aa_profile *__first_profile(struct aa_ns *root,
2134 struct aa_ns *ns)
2135 {
2136 AA_BUG(!root);
2137 AA_BUG(ns && !mutex_is_locked(&ns->lock));
2138
2139 for (; ns; ns = __next_ns(root, ns)) {
2140 if (!list_empty(&ns->base.profiles))
2141 return list_first_entry(&ns->base.profiles,
2142 struct aa_profile, base.list);
2143 }
2144 return NULL;
2145 }
2146
2147 /**
2148 * __next_profile - step to the next profile in a profile tree
2149 * @p: current profile in tree (NOT NULL)
2150 *
2151 * Perform a depth first traversal on the profile tree in a namespace
2152 *
2153 * Returns: next profile or NULL if done
2154 * Requires: profile->ns.lock to be held
2155 */
__next_profile(struct aa_profile * p)2156 static struct aa_profile *__next_profile(struct aa_profile *p)
2157 {
2158 struct aa_profile *parent;
2159 struct aa_ns *ns = p->ns;
2160
2161 AA_BUG(!mutex_is_locked(&profiles_ns(p)->lock));
2162
2163 /* is next profile a child */
2164 if (!list_empty(&p->base.profiles))
2165 return list_first_entry(&p->base.profiles, typeof(*p),
2166 base.list);
2167
2168 /* is next profile a sibling, parent sibling, gp, sibling, .. */
2169 parent = rcu_dereference_protected(p->parent,
2170 mutex_is_locked(&p->ns->lock));
2171 while (parent) {
2172 p = list_next_entry(p, base.list);
2173 if (!list_entry_is_head(p, &parent->base.profiles, base.list))
2174 return p;
2175 p = parent;
2176 parent = rcu_dereference_protected(parent->parent,
2177 mutex_is_locked(&parent->ns->lock));
2178 }
2179
2180 /* is next another profile in the namespace */
2181 p = list_next_entry(p, base.list);
2182 if (!list_entry_is_head(p, &ns->base.profiles, base.list))
2183 return p;
2184
2185 return NULL;
2186 }
2187
2188 /**
2189 * next_profile - step to the next profile in where ever it may be
2190 * @root: root namespace (NOT NULL)
2191 * @profile: current profile (NOT NULL)
2192 *
2193 * Returns: next profile or NULL if there isn't one
2194 */
next_profile(struct aa_ns * root,struct aa_profile * profile)2195 static struct aa_profile *next_profile(struct aa_ns *root,
2196 struct aa_profile *profile)
2197 {
2198 struct aa_profile *next = __next_profile(profile);
2199 if (next)
2200 return next;
2201
2202 /* finished all profiles in namespace move to next namespace */
2203 return __first_profile(root, __next_ns(root, profile->ns));
2204 }
2205
2206 /**
2207 * p_start - start a depth first traversal of profile tree
2208 * @f: seq_file to fill
2209 * @pos: current position
2210 *
2211 * Returns: first profile under current namespace or NULL if none found
2212 *
2213 * acquires first ns->lock
2214 */
p_start(struct seq_file * f,loff_t * pos)2215 static void *p_start(struct seq_file *f, loff_t *pos)
2216 {
2217 struct aa_profile *profile = NULL;
2218 struct aa_ns *root = aa_get_current_ns();
2219 loff_t l = *pos;
2220 f->private = root;
2221
2222 /* find the first profile */
2223 mutex_lock_nested(&root->lock, root->level);
2224 profile = __first_profile(root, root);
2225
2226 /* skip to position */
2227 for (; profile && l > 0; l--)
2228 profile = next_profile(root, profile);
2229
2230 return profile;
2231 }
2232
2233 /**
2234 * p_next - read the next profile entry
2235 * @f: seq_file to fill
2236 * @p: profile previously returned
2237 * @pos: current position
2238 *
2239 * Returns: next profile after @p or NULL if none
2240 *
2241 * may acquire/release locks in namespace tree as necessary
2242 */
p_next(struct seq_file * f,void * p,loff_t * pos)2243 static void *p_next(struct seq_file *f, void *p, loff_t *pos)
2244 {
2245 struct aa_profile *profile = p;
2246 struct aa_ns *ns = f->private;
2247 (*pos)++;
2248
2249 return next_profile(ns, profile);
2250 }
2251
2252 /**
2253 * p_stop - stop depth first traversal
2254 * @f: seq_file we are filling
2255 * @p: the last profile written
2256 *
2257 * Release all locking done by p_start/p_next on namespace tree
2258 */
p_stop(struct seq_file * f,void * p)2259 static void p_stop(struct seq_file *f, void *p)
2260 {
2261 struct aa_profile *profile = p;
2262 struct aa_ns *root = f->private, *ns;
2263
2264 if (profile) {
2265 for (ns = profile->ns; ns && ns != root; ns = ns->parent)
2266 mutex_unlock(&ns->lock);
2267 }
2268 mutex_unlock(&root->lock);
2269 aa_put_ns(root);
2270 }
2271
2272 /**
2273 * seq_show_profile - show a profile entry
2274 * @f: seq_file to file
2275 * @p: current position (profile) (NOT NULL)
2276 *
2277 * Returns: error on failure
2278 */
seq_show_profile(struct seq_file * f,void * p)2279 static int seq_show_profile(struct seq_file *f, void *p)
2280 {
2281 struct aa_profile *profile = (struct aa_profile *)p;
2282 struct aa_ns *root = f->private;
2283
2284 aa_label_seq_xprint(f, root, &profile->label,
2285 FLAG_SHOW_MODE | FLAG_VIEW_SUBNS, GFP_KERNEL);
2286 seq_putc(f, '\n');
2287
2288 return 0;
2289 }
2290
2291 static const struct seq_operations aa_sfs_profiles_op = {
2292 .start = p_start,
2293 .next = p_next,
2294 .stop = p_stop,
2295 .show = seq_show_profile,
2296 };
2297
profiles_open(struct inode * inode,struct file * file)2298 static int profiles_open(struct inode *inode, struct file *file)
2299 {
2300 if (!aa_current_policy_view_capable(NULL))
2301 return -EACCES;
2302
2303 return seq_open(file, &aa_sfs_profiles_op);
2304 }
2305
profiles_release(struct inode * inode,struct file * file)2306 static int profiles_release(struct inode *inode, struct file *file)
2307 {
2308 return seq_release(inode, file);
2309 }
2310
2311 static const struct file_operations aa_sfs_profiles_fops = {
2312 .open = profiles_open,
2313 .read = seq_read,
2314 .llseek = seq_lseek,
2315 .release = profiles_release,
2316 };
2317
2318
2319 /** Base file system setup **/
2320 static struct aa_sfs_entry aa_sfs_entry_file[] = {
2321 AA_SFS_FILE_STRING("mask",
2322 "create read write exec append mmap_exec link lock"),
2323 { }
2324 };
2325
2326 static struct aa_sfs_entry aa_sfs_entry_ptrace[] = {
2327 AA_SFS_FILE_STRING("mask", "read trace"),
2328 { }
2329 };
2330
2331 static struct aa_sfs_entry aa_sfs_entry_signal[] = {
2332 AA_SFS_FILE_STRING("mask", AA_SFS_SIG_MASK),
2333 { }
2334 };
2335
2336 static struct aa_sfs_entry aa_sfs_entry_attach[] = {
2337 AA_SFS_FILE_BOOLEAN("xattr", 1),
2338 { }
2339 };
2340 static struct aa_sfs_entry aa_sfs_entry_domain[] = {
2341 AA_SFS_FILE_BOOLEAN("change_hat", 1),
2342 AA_SFS_FILE_BOOLEAN("change_hatv", 1),
2343 AA_SFS_FILE_BOOLEAN("unconfined_allowed_children", 1),
2344 AA_SFS_FILE_BOOLEAN("change_onexec", 1),
2345 AA_SFS_FILE_BOOLEAN("change_profile", 1),
2346 AA_SFS_FILE_BOOLEAN("stack", 1),
2347 AA_SFS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1),
2348 AA_SFS_FILE_BOOLEAN("post_nnp_subset", 1),
2349 AA_SFS_FILE_BOOLEAN("computed_longest_left", 1),
2350 AA_SFS_DIR("attach_conditions", aa_sfs_entry_attach),
2351 AA_SFS_FILE_BOOLEAN("disconnected.path", 1),
2352 AA_SFS_FILE_BOOLEAN("kill.signal", 1),
2353 AA_SFS_FILE_STRING("version", "1.2"),
2354 { }
2355 };
2356
2357 static struct aa_sfs_entry aa_sfs_entry_unconfined[] = {
2358 AA_SFS_FILE_BOOLEAN("change_profile", 1),
2359 { }
2360 };
2361
2362 static struct aa_sfs_entry aa_sfs_entry_versions[] = {
2363 AA_SFS_FILE_BOOLEAN("v5", 1),
2364 AA_SFS_FILE_BOOLEAN("v6", 1),
2365 AA_SFS_FILE_BOOLEAN("v7", 1),
2366 AA_SFS_FILE_BOOLEAN("v8", 1),
2367 AA_SFS_FILE_BOOLEAN("v9", 1),
2368 { }
2369 };
2370
2371 #define PERMS32STR "allow deny subtree cond kill complain prompt audit quiet hide xindex tag label"
2372 static struct aa_sfs_entry aa_sfs_entry_policy[] = {
2373 AA_SFS_DIR("versions", aa_sfs_entry_versions),
2374 AA_SFS_FILE_BOOLEAN("set_load", 1),
2375 /* number of out of band transitions supported */
2376 AA_SFS_FILE_U64("outofband", MAX_OOB_SUPPORTED),
2377 AA_SFS_FILE_U64("permstable32_version", 3),
2378 AA_SFS_FILE_STRING("permstable32", PERMS32STR),
2379 AA_SFS_FILE_U64("state32", 1),
2380 AA_SFS_DIR("unconfined_restrictions", aa_sfs_entry_unconfined),
2381 { }
2382 };
2383
2384 static struct aa_sfs_entry aa_sfs_entry_mount[] = {
2385 AA_SFS_FILE_STRING("mask", "mount umount pivot_root"),
2386 AA_SFS_FILE_STRING("move_mount", "detached"),
2387 { }
2388 };
2389
2390 static struct aa_sfs_entry aa_sfs_entry_ns[] = {
2391 AA_SFS_FILE_BOOLEAN("profile", 1),
2392 AA_SFS_FILE_BOOLEAN("pivot_root", 0),
2393 AA_SFS_FILE_STRING("mask", "userns_create"),
2394 { }
2395 };
2396
2397 static struct aa_sfs_entry aa_sfs_entry_dbus[] = {
2398 AA_SFS_FILE_STRING("mask", "acquire send receive"),
2399 { }
2400 };
2401
2402 static struct aa_sfs_entry aa_sfs_entry_query_label[] = {
2403 AA_SFS_FILE_STRING("perms", "allow deny audit quiet"),
2404 AA_SFS_FILE_BOOLEAN("data", 1),
2405 AA_SFS_FILE_BOOLEAN("multi_transaction", 1),
2406 { }
2407 };
2408
2409 static struct aa_sfs_entry aa_sfs_entry_query[] = {
2410 AA_SFS_DIR("label", aa_sfs_entry_query_label),
2411 { }
2412 };
2413
2414 static struct aa_sfs_entry aa_sfs_entry_io_uring[] = {
2415 AA_SFS_FILE_STRING("mask", "sqpoll override_creds"),
2416 { }
2417 };
2418
2419 static struct aa_sfs_entry aa_sfs_entry_features[] = {
2420 AA_SFS_DIR("policy", aa_sfs_entry_policy),
2421 AA_SFS_DIR("domain", aa_sfs_entry_domain),
2422 AA_SFS_DIR("file", aa_sfs_entry_file),
2423 AA_SFS_DIR("network_v8", aa_sfs_entry_network),
2424 AA_SFS_DIR("network_v9", aa_sfs_entry_networkv9),
2425 AA_SFS_DIR("mount", aa_sfs_entry_mount),
2426 AA_SFS_DIR("namespaces", aa_sfs_entry_ns),
2427 AA_SFS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
2428 AA_SFS_DIR("rlimit", aa_sfs_entry_rlimit),
2429 AA_SFS_DIR("caps", aa_sfs_entry_caps),
2430 AA_SFS_DIR("ptrace", aa_sfs_entry_ptrace),
2431 AA_SFS_DIR("signal", aa_sfs_entry_signal),
2432 AA_SFS_DIR("dbus", aa_sfs_entry_dbus),
2433 AA_SFS_DIR("query", aa_sfs_entry_query),
2434 AA_SFS_DIR("io_uring", aa_sfs_entry_io_uring),
2435 { }
2436 };
2437
2438 static struct aa_sfs_entry aa_sfs_entry_apparmor[] = {
2439 AA_SFS_FILE_FOPS(".access", 0666, &aa_sfs_access),
2440 AA_SFS_FILE_FOPS(".stacked", 0444, &seq_ns_stacked_fops),
2441 AA_SFS_FILE_FOPS(".ns_stacked", 0444, &seq_ns_nsstacked_fops),
2442 AA_SFS_FILE_FOPS(".ns_level", 0444, &seq_ns_level_fops),
2443 AA_SFS_FILE_FOPS(".ns_name", 0444, &seq_ns_name_fops),
2444 AA_SFS_FILE_FOPS("profiles", 0444, &aa_sfs_profiles_fops),
2445 AA_SFS_FILE_FOPS("raw_data_compression_level_min", 0444, &seq_ns_compress_min_fops),
2446 AA_SFS_FILE_FOPS("raw_data_compression_level_max", 0444, &seq_ns_compress_max_fops),
2447 AA_SFS_DIR("features", aa_sfs_entry_features),
2448 { }
2449 };
2450
2451 static struct aa_sfs_entry aa_sfs_entry =
2452 AA_SFS_DIR("apparmor", aa_sfs_entry_apparmor);
2453
2454 /**
2455 * entry_create_file - create a file entry in the apparmor securityfs
2456 * @fs_file: aa_sfs_entry to build an entry for (NOT NULL)
2457 * @parent: the parent dentry in the securityfs
2458 *
2459 * Use entry_remove_file to remove entries created with this fn.
2460 */
entry_create_file(struct aa_sfs_entry * fs_file,struct dentry * parent)2461 static int __init entry_create_file(struct aa_sfs_entry *fs_file,
2462 struct dentry *parent)
2463 {
2464 int error = 0;
2465
2466 fs_file->dentry = securityfs_create_file(fs_file->name,
2467 S_IFREG | fs_file->mode,
2468 parent, fs_file,
2469 fs_file->file_ops);
2470 if (IS_ERR(fs_file->dentry)) {
2471 error = PTR_ERR(fs_file->dentry);
2472 fs_file->dentry = NULL;
2473 }
2474 return error;
2475 }
2476
2477 static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir);
2478 /**
2479 * entry_create_dir - recursively create a directory entry in the securityfs
2480 * @fs_dir: aa_sfs_entry (and all child entries) to build (NOT NULL)
2481 * @parent: the parent dentry in the securityfs
2482 *
2483 * Use entry_remove_dir to remove entries created with this fn.
2484 */
entry_create_dir(struct aa_sfs_entry * fs_dir,struct dentry * parent)2485 static int __init entry_create_dir(struct aa_sfs_entry *fs_dir,
2486 struct dentry *parent)
2487 {
2488 struct aa_sfs_entry *fs_file;
2489 struct dentry *dir;
2490 int error;
2491
2492 dir = securityfs_create_dir(fs_dir->name, parent);
2493 if (IS_ERR(dir))
2494 return PTR_ERR(dir);
2495 fs_dir->dentry = dir;
2496
2497 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
2498 if (fs_file->v_type == AA_SFS_TYPE_DIR)
2499 error = entry_create_dir(fs_file, fs_dir->dentry);
2500 else
2501 error = entry_create_file(fs_file, fs_dir->dentry);
2502 if (error)
2503 goto failed;
2504 }
2505
2506 return 0;
2507
2508 failed:
2509 entry_remove_dir(fs_dir);
2510
2511 return error;
2512 }
2513
2514 /**
2515 * entry_remove_file - drop a single file entry in the apparmor securityfs
2516 * @fs_file: aa_sfs_entry to detach from the securityfs (NOT NULL)
2517 */
entry_remove_file(struct aa_sfs_entry * fs_file)2518 static void __init entry_remove_file(struct aa_sfs_entry *fs_file)
2519 {
2520 if (!fs_file->dentry)
2521 return;
2522
2523 securityfs_remove(fs_file->dentry);
2524 fs_file->dentry = NULL;
2525 }
2526
2527 /**
2528 * entry_remove_dir - recursively drop a directory entry from the securityfs
2529 * @fs_dir: aa_sfs_entry (and all child entries) to detach (NOT NULL)
2530 */
entry_remove_dir(struct aa_sfs_entry * fs_dir)2531 static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir)
2532 {
2533 struct aa_sfs_entry *fs_file;
2534
2535 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
2536 if (fs_file->v_type == AA_SFS_TYPE_DIR)
2537 entry_remove_dir(fs_file);
2538 else
2539 entry_remove_file(fs_file);
2540 }
2541
2542 entry_remove_file(fs_dir);
2543 }
2544
2545 /**
2546 * aa_destroy_aafs - cleanup and free aafs
2547 *
2548 * releases dentries allocated by aa_create_aafs
2549 */
aa_destroy_aafs(void)2550 void __init aa_destroy_aafs(void)
2551 {
2552 entry_remove_dir(&aa_sfs_entry);
2553 }
2554
2555
2556 #define NULL_FILE_NAME ".null"
2557 struct path aa_null;
2558
aa_mk_null_file(struct dentry * parent)2559 static int aa_mk_null_file(struct dentry *parent)
2560 {
2561 struct vfsmount *mount = NULL;
2562 struct dentry *dentry;
2563 struct inode *inode;
2564 int count = 0;
2565 int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count);
2566
2567 if (error)
2568 return error;
2569
2570 inode_lock(d_inode(parent));
2571 dentry = lookup_noperm(&QSTR(NULL_FILE_NAME), parent);
2572 if (IS_ERR(dentry)) {
2573 error = PTR_ERR(dentry);
2574 goto out;
2575 }
2576 inode = new_inode(parent->d_inode->i_sb);
2577 if (!inode) {
2578 error = -ENOMEM;
2579 goto out1;
2580 }
2581
2582 inode->i_ino = get_next_ino();
2583 inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
2584 simple_inode_init_ts(inode);
2585 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO,
2586 MKDEV(MEM_MAJOR, 3));
2587 d_instantiate(dentry, inode);
2588 aa_null.dentry = dget(dentry);
2589 aa_null.mnt = mntget(mount);
2590
2591 error = 0;
2592
2593 out1:
2594 dput(dentry);
2595 out:
2596 inode_unlock(d_inode(parent));
2597 simple_release_fs(&mount, &count);
2598 return error;
2599 }
2600
2601
2602
policy_get_link(struct dentry * dentry,struct inode * inode,struct delayed_call * done)2603 static const char *policy_get_link(struct dentry *dentry,
2604 struct inode *inode,
2605 struct delayed_call *done)
2606 {
2607 struct aa_ns *ns;
2608 struct path path;
2609 int error;
2610
2611 if (!dentry)
2612 return ERR_PTR(-ECHILD);
2613
2614 ns = aa_get_current_ns();
2615 path.mnt = mntget(aafs_mnt);
2616 path.dentry = dget(ns_dir(ns));
2617 error = nd_jump_link(&path);
2618 aa_put_ns(ns);
2619
2620 return ERR_PTR(error);
2621 }
2622
policy_readlink(struct dentry * dentry,char __user * buffer,int buflen)2623 static int policy_readlink(struct dentry *dentry, char __user *buffer,
2624 int buflen)
2625 {
2626 char name[32];
2627 int res;
2628
2629 res = snprintf(name, sizeof(name), "%s:[%lu]", AAFS_NAME,
2630 d_inode(dentry)->i_ino);
2631 if (res > 0 && res < sizeof(name))
2632 res = readlink_copy(buffer, buflen, name, strlen(name));
2633 else
2634 res = -ENOENT;
2635
2636 return res;
2637 }
2638
2639 static const struct inode_operations policy_link_iops = {
2640 .readlink = policy_readlink,
2641 .get_link = policy_get_link,
2642 };
2643
2644
2645 /**
2646 * aa_create_aafs - create the apparmor security filesystem
2647 *
2648 * dentries created here are released by aa_destroy_aafs
2649 *
2650 * Returns: error on failure
2651 */
aa_create_aafs(void)2652 static int __init aa_create_aafs(void)
2653 {
2654 struct dentry *dent;
2655 int error;
2656
2657 if (!apparmor_initialized)
2658 return 0;
2659
2660 if (aa_sfs_entry.dentry) {
2661 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
2662 return -EEXIST;
2663 }
2664
2665 /* setup apparmorfs used to virtualize policy/ */
2666 aafs_mnt = kern_mount(&aafs_ops);
2667 if (IS_ERR(aafs_mnt))
2668 panic("can't set apparmorfs up\n");
2669 aafs_mnt->mnt_sb->s_flags &= ~SB_NOUSER;
2670
2671 /* Populate fs tree. */
2672 error = entry_create_dir(&aa_sfs_entry, NULL);
2673 if (error)
2674 goto error;
2675
2676 dent = securityfs_create_file(".load", 0666, aa_sfs_entry.dentry,
2677 NULL, &aa_fs_profile_load);
2678 if (IS_ERR(dent))
2679 goto dent_error;
2680 ns_subload(root_ns) = dent;
2681
2682 dent = securityfs_create_file(".replace", 0666, aa_sfs_entry.dentry,
2683 NULL, &aa_fs_profile_replace);
2684 if (IS_ERR(dent))
2685 goto dent_error;
2686 ns_subreplace(root_ns) = dent;
2687
2688 dent = securityfs_create_file(".remove", 0666, aa_sfs_entry.dentry,
2689 NULL, &aa_fs_profile_remove);
2690 if (IS_ERR(dent))
2691 goto dent_error;
2692 ns_subremove(root_ns) = dent;
2693
2694 dent = securityfs_create_file("revision", 0444, aa_sfs_entry.dentry,
2695 NULL, &aa_fs_ns_revision_fops);
2696 if (IS_ERR(dent))
2697 goto dent_error;
2698 ns_subrevision(root_ns) = dent;
2699
2700 /* policy tree referenced by magic policy symlink */
2701 mutex_lock_nested(&root_ns->lock, root_ns->level);
2702 error = __aafs_ns_mkdir(root_ns, aafs_mnt->mnt_root, ".policy",
2703 aafs_mnt->mnt_root);
2704 mutex_unlock(&root_ns->lock);
2705 if (error)
2706 goto error;
2707
2708 /* magic symlink similar to nsfs redirects based on task policy */
2709 dent = securityfs_create_symlink("policy", aa_sfs_entry.dentry,
2710 NULL, &policy_link_iops);
2711 if (IS_ERR(dent))
2712 goto dent_error;
2713
2714 error = aa_mk_null_file(aa_sfs_entry.dentry);
2715 if (error)
2716 goto error;
2717
2718 /* TODO: add default profile to apparmorfs */
2719
2720 /* Report that AppArmor fs is enabled */
2721 aa_info_message("AppArmor Filesystem Enabled");
2722 return 0;
2723
2724 dent_error:
2725 error = PTR_ERR(dent);
2726 error:
2727 aa_destroy_aafs();
2728 AA_ERROR("Error creating AppArmor securityfs\n");
2729 return error;
2730 }
2731
2732 fs_initcall(aa_create_aafs);
2733