1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * AppArmor security module 4 * 5 * This file contains basic common functions used in AppArmor 6 * 7 * Copyright (C) 1998-2008 Novell/SUSE 8 * Copyright 2009-2010 Canonical Ltd. 9 */ 10 11 #include <linux/ctype.h> 12 #include <linux/mm.h> 13 #include <linux/slab.h> 14 #include <linux/string.h> 15 #include <linux/vmalloc.h> 16 17 #include "include/audit.h" 18 #include "include/apparmor.h" 19 #include "include/lib.h" 20 #include "include/perms.h" 21 #include "include/policy.h" 22 23 struct aa_perms nullperms; 24 struct aa_perms allperms = { .allow = ALL_PERMS_MASK, 25 .quiet = ALL_PERMS_MASK, 26 .hide = ALL_PERMS_MASK }; 27 28 struct val_table_ent { 29 const char *str; 30 int value; 31 }; 32 33 static struct val_table_ent debug_values_table[] = { 34 { "N", DEBUG_NONE }, 35 { "none", DEBUG_NONE }, 36 { "n", DEBUG_NONE }, 37 { "0", DEBUG_NONE }, 38 { "all", DEBUG_ALL }, 39 { "Y", DEBUG_ALL }, 40 { "y", DEBUG_ALL }, 41 { "1", DEBUG_ALL }, 42 { "abs_root", DEBUG_LABEL_ABS_ROOT }, 43 { "label", DEBUG_LABEL }, 44 { "domain", DEBUG_DOMAIN }, 45 { "policy", DEBUG_POLICY }, 46 { "interface", DEBUG_INTERFACE }, 47 { NULL, 0 } 48 }; 49 50 static struct val_table_ent *val_table_find_ent(struct val_table_ent *table, 51 const char *name, size_t len) 52 { 53 struct val_table_ent *entry; 54 55 for (entry = table; entry->str != NULL; entry++) { 56 if (strncmp(entry->str, name, len) == 0 && 57 strlen(entry->str) == len) 58 return entry; 59 } 60 return NULL; 61 } 62 63 int aa_parse_debug_params(const char *str) 64 { 65 struct val_table_ent *ent; 66 const char *next; 67 int val = 0; 68 69 do { 70 size_t n = strcspn(str, "\r\n,"); 71 72 next = str + n; 73 ent = val_table_find_ent(debug_values_table, str, next - str); 74 if (ent) 75 val |= ent->value; 76 else 77 AA_DEBUG(DEBUG_INTERFACE, "unknown debug type '%.*s'", 78 (int)(next - str), str); 79 str = next + 1; 80 } while (*next != 0); 81 return val; 82 } 83 84 /** 85 * val_mask_to_str - convert a perm mask to its short string 86 * @str: character buffer to store string in (at least 10 characters) 87 * @size: size of the @str buffer 88 * @table: NUL-terminated character buffer of permission characters (NOT NULL) 89 * @mask: permission mask to convert 90 */ 91 static int val_mask_to_str(char *str, size_t size, 92 const struct val_table_ent *table, u32 mask) 93 { 94 const struct val_table_ent *ent; 95 int total = 0; 96 97 for (ent = table; ent->str; ent++) { 98 if (ent->value && (ent->value & mask) == ent->value) { 99 int len = scnprintf(str, size, "%s%s", total ? "," : "", 100 ent->str); 101 size -= len; 102 str += len; 103 total += len; 104 mask &= ~ent->value; 105 } 106 } 107 108 return total; 109 } 110 111 int aa_print_debug_params(char *buffer) 112 { 113 if (!aa_g_debug) 114 return sprintf(buffer, "N"); 115 return val_mask_to_str(buffer, PAGE_SIZE, debug_values_table, 116 aa_g_debug); 117 } 118 119 bool aa_resize_str_table(struct aa_str_table *t, int newsize, gfp_t gfp) 120 { 121 char **n; 122 int i; 123 124 if (t->size == newsize) 125 return true; 126 n = kcalloc(newsize, sizeof(*n), gfp); 127 if (!n) 128 return false; 129 for (i = 0; i < min(t->size, newsize); i++) 130 n[i] = t->table[i]; 131 for (; i < t->size; i++) 132 kfree_sensitive(t->table[i]); 133 if (newsize > t->size) 134 memset(&n[t->size], 0, (newsize-t->size)*sizeof(*n)); 135 kfree_sensitive(t->table); 136 t->table = n; 137 t->size = newsize; 138 139 return true; 140 } 141 142 /** 143 * aa_free_str_table - free entries str table 144 * @t: the string table to free (MAYBE NULL) 145 */ 146 void aa_free_str_table(struct aa_str_table *t) 147 { 148 int i; 149 150 if (t) { 151 if (!t->table) 152 return; 153 154 for (i = 0; i < t->size; i++) 155 kfree_sensitive(t->table[i]); 156 kfree_sensitive(t->table); 157 t->table = NULL; 158 t->size = 0; 159 } 160 } 161 162 /** 163 * skipn_spaces - Removes leading whitespace from @str. 164 * @str: The string to be stripped. 165 * @n: length of str to parse, will stop at \0 if encountered before n 166 * 167 * Returns a pointer to the first non-whitespace character in @str. 168 * if all whitespace will return NULL 169 */ 170 171 const char *skipn_spaces(const char *str, size_t n) 172 { 173 for (; n && isspace(*str); --n) 174 ++str; 175 if (n) 176 return (char *)str; 177 return NULL; 178 } 179 180 const char *aa_splitn_fqname(const char *fqname, size_t n, const char **ns_name, 181 size_t *ns_len) 182 { 183 const char *end = fqname + n; 184 const char *name = skipn_spaces(fqname, n); 185 186 *ns_name = NULL; 187 *ns_len = 0; 188 189 if (!name) 190 return NULL; 191 192 if (name[0] == ':') { 193 char *split = strnchr(&name[1], end - &name[1], ':'); 194 *ns_name = skipn_spaces(&name[1], end - &name[1]); 195 if (!*ns_name) 196 return NULL; 197 if (split) { 198 *ns_len = split - *ns_name; 199 if (*ns_len == 0) 200 *ns_name = NULL; 201 split++; 202 if (end - split > 1 && strncmp(split, "//", 2) == 0) 203 split += 2; 204 name = skipn_spaces(split, end - split); 205 } else { 206 /* a ns name without a following profile is allowed */ 207 name = NULL; 208 *ns_len = end - *ns_name; 209 } 210 } 211 if (name && *name == 0) 212 name = NULL; 213 214 return name; 215 } 216 217 /** 218 * aa_info_message - log a none profile related status message 219 * @str: message to log 220 */ 221 void aa_info_message(const char *str) 222 { 223 if (audit_enabled) { 224 DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_NONE, NULL); 225 226 ad.info = str; 227 aa_audit_msg(AUDIT_APPARMOR_STATUS, &ad, NULL); 228 } 229 printk(KERN_INFO "AppArmor: %s\n", str); 230 } 231 232 __counted char *aa_str_alloc(int size, gfp_t gfp) 233 { 234 struct counted_str *str; 235 236 str = kmalloc(struct_size(str, name, size), gfp); 237 if (!str) 238 return NULL; 239 240 kref_init(&str->count); 241 return str->name; 242 } 243 244 void aa_str_kref(struct kref *kref) 245 { 246 kfree(container_of(kref, struct counted_str, count)); 247 } 248 249 250 const char aa_file_perm_chrs[] = "xwracd km l "; 251 const char *aa_file_perm_names[] = { 252 "exec", 253 "write", 254 "read", 255 "append", 256 257 "create", 258 "delete", 259 "open", 260 "rename", 261 262 "setattr", 263 "getattr", 264 "setcred", 265 "getcred", 266 267 "chmod", 268 "chown", 269 "chgrp", 270 "lock", 271 272 "mmap", 273 "mprot", 274 "link", 275 "snapshot", 276 277 "unknown", 278 "unknown", 279 "unknown", 280 "unknown", 281 282 "unknown", 283 "unknown", 284 "unknown", 285 "unknown", 286 287 "stack", 288 "change_onexec", 289 "change_profile", 290 "change_hat", 291 }; 292 293 /** 294 * aa_perm_mask_to_str - convert a perm mask to its short string 295 * @str: character buffer to store string in (at least 10 characters) 296 * @str_size: size of the @str buffer 297 * @chrs: NUL-terminated character buffer of permission characters 298 * @mask: permission mask to convert 299 */ 300 void aa_perm_mask_to_str(char *str, size_t str_size, const char *chrs, u32 mask) 301 { 302 unsigned int i, perm = 1; 303 size_t num_chrs = strlen(chrs); 304 305 for (i = 0; i < num_chrs; perm <<= 1, i++) { 306 if (mask & perm) { 307 /* Ensure that one byte is left for NUL-termination */ 308 if (WARN_ON_ONCE(str_size <= 1)) 309 break; 310 311 *str++ = chrs[i]; 312 str_size--; 313 } 314 } 315 *str = '\0'; 316 } 317 318 void aa_audit_perm_names(struct audit_buffer *ab, const char * const *names, 319 u32 mask) 320 { 321 const char *fmt = "%s"; 322 unsigned int i, perm = 1; 323 bool prev = false; 324 325 for (i = 0; i < 32; perm <<= 1, i++) { 326 if (mask & perm) { 327 audit_log_format(ab, fmt, names[i]); 328 if (!prev) { 329 prev = true; 330 fmt = " %s"; 331 } 332 } 333 } 334 } 335 336 void aa_audit_perm_mask(struct audit_buffer *ab, u32 mask, const char *chrs, 337 u32 chrsmask, const char * const *names, u32 namesmask) 338 { 339 char str[33]; 340 341 audit_log_format(ab, "\""); 342 if ((mask & chrsmask) && chrs) { 343 aa_perm_mask_to_str(str, sizeof(str), chrs, mask & chrsmask); 344 mask &= ~chrsmask; 345 audit_log_format(ab, "%s", str); 346 if (mask & namesmask) 347 audit_log_format(ab, " "); 348 } 349 if ((mask & namesmask) && names) 350 aa_audit_perm_names(ab, names, mask & namesmask); 351 audit_log_format(ab, "\""); 352 } 353 354 /** 355 * aa_apply_modes_to_perms - apply namespace and profile flags to perms 356 * @profile: that perms where computed from 357 * @perms: perms to apply mode modifiers to 358 * 359 * TODO: split into profile and ns based flags for when accumulating perms 360 */ 361 void aa_apply_modes_to_perms(struct aa_profile *profile, struct aa_perms *perms) 362 { 363 switch (AUDIT_MODE(profile)) { 364 case AUDIT_ALL: 365 perms->audit = ALL_PERMS_MASK; 366 fallthrough; 367 case AUDIT_NOQUIET: 368 perms->quiet = 0; 369 break; 370 case AUDIT_QUIET: 371 perms->audit = 0; 372 fallthrough; 373 case AUDIT_QUIET_DENIED: 374 perms->quiet = ALL_PERMS_MASK; 375 break; 376 } 377 378 if (KILL_MODE(profile)) 379 perms->kill = ALL_PERMS_MASK; 380 else if (COMPLAIN_MODE(profile)) 381 perms->complain = ALL_PERMS_MASK; 382 else if (USER_MODE(profile)) 383 perms->prompt = ALL_PERMS_MASK; 384 } 385 386 void aa_profile_match_label(struct aa_profile *profile, 387 struct aa_ruleset *rules, 388 struct aa_label *label, 389 int type, u32 request, struct aa_perms *perms) 390 { 391 /* TODO: doesn't yet handle extended types */ 392 aa_state_t state; 393 394 state = aa_dfa_next(rules->policy->dfa, 395 rules->policy->start[AA_CLASS_LABEL], 396 type); 397 aa_label_match(profile, rules, label, state, false, request, perms); 398 } 399 400 401 /** 402 * aa_check_perms - do audit mode selection based on perms set 403 * @profile: profile being checked 404 * @perms: perms computed for the request 405 * @request: requested perms 406 * @ad: initialized audit structure (MAY BE NULL if not auditing) 407 * @cb: callback fn for type specific fields (MAY BE NULL) 408 * 409 * Returns: 0 if permission else error code 410 * 411 * Note: profile audit modes need to be set before calling by setting the 412 * perm masks appropriately. 413 * 414 * If not auditing then complain mode is not enabled and the 415 * error code will indicate whether there was an explicit deny 416 * with a positive value. 417 */ 418 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms, 419 u32 request, struct apparmor_audit_data *ad, 420 void (*cb)(struct audit_buffer *, void *)) 421 { 422 int type, error; 423 u32 denied = request & (~perms->allow | perms->deny); 424 425 if (likely(!denied)) { 426 /* mask off perms that are not being force audited */ 427 request &= perms->audit; 428 if (!request || !ad) 429 return 0; 430 431 type = AUDIT_APPARMOR_AUDIT; 432 error = 0; 433 } else { 434 error = -EACCES; 435 436 if (denied & perms->kill) 437 type = AUDIT_APPARMOR_KILL; 438 else if (denied == (denied & perms->complain)) 439 type = AUDIT_APPARMOR_ALLOWED; 440 else 441 type = AUDIT_APPARMOR_DENIED; 442 443 if (denied == (denied & perms->hide)) 444 error = -ENOENT; 445 446 denied &= ~perms->quiet; 447 if (!ad || !denied) 448 return error; 449 } 450 451 if (ad) { 452 ad->subj_label = &profile->label; 453 ad->request = request; 454 ad->denied = denied; 455 ad->error = error; 456 aa_audit_msg(type, ad, cb); 457 } 458 459 if (type == AUDIT_APPARMOR_ALLOWED) 460 error = 0; 461 462 return error; 463 } 464 465 466 /** 467 * aa_policy_init - initialize a policy structure 468 * @policy: policy to initialize (NOT NULL) 469 * @prefix: prefix name if any is required. (MAYBE NULL) 470 * @name: name of the policy, init will make a copy of it (NOT NULL) 471 * @gfp: allocation mode 472 * 473 * Note: this fn creates a copy of strings passed in 474 * 475 * Returns: true if policy init successful 476 */ 477 bool aa_policy_init(struct aa_policy *policy, const char *prefix, 478 const char *name, gfp_t gfp) 479 { 480 char *hname; 481 482 /* freed by policy_free */ 483 if (prefix) { 484 hname = aa_str_alloc(strlen(prefix) + strlen(name) + 3, gfp); 485 if (hname) 486 sprintf(hname, "%s//%s", prefix, name); 487 } else { 488 hname = aa_str_alloc(strlen(name) + 1, gfp); 489 if (hname) 490 strcpy(hname, name); 491 } 492 if (!hname) 493 return false; 494 policy->hname = hname; 495 /* base.name is a substring of fqname */ 496 policy->name = basename(policy->hname); 497 INIT_LIST_HEAD(&policy->list); 498 INIT_LIST_HEAD(&policy->profiles); 499 500 return true; 501 } 502 503 /** 504 * aa_policy_destroy - free the elements referenced by @policy 505 * @policy: policy that is to have its elements freed (NOT NULL) 506 */ 507 void aa_policy_destroy(struct aa_policy *policy) 508 { 509 AA_BUG(on_list_rcu(&policy->profiles)); 510 AA_BUG(on_list_rcu(&policy->list)); 511 512 /* don't free name as its a subset of hname */ 513 aa_put_str(policy->hname); 514 } 515