1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 * AppArmor security module
4
 *
5
 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
6
 *
7
 * Copyright (C) 1998-2008 Novell/SUSE
8
 * Copyright 2009-2010 Canonical Ltd.
9
 */
10

11
#include <linux/ctype.h>
12
#include <linux/security.h>
13
#include <linux/vmalloc.h>
14
#include <linux/init.h>
15
#include <linux/seq_file.h>
16
#include <linux/uaccess.h>
17
#include <linux/mount.h>
18
#include <linux/namei.h>
19
#include <linux/capability.h>
20
#include <linux/rcupdate.h>
21
#include <linux/fs.h>
22
#include <linux/fs_context.h>
23
#include <linux/poll.h>
24
#include <linux/zstd.h>
25
#include <uapi/linux/major.h>
26
#include <uapi/linux/magic.h>
27

28
#include "include/apparmor.h"
29
#include "include/apparmorfs.h"
30
#include "include/audit.h"
31
#include "include/cred.h"
32
#include "include/crypto.h"
33
#include "include/ipc.h"
34
#include "include/label.h"
35
#include "include/policy.h"
36
#include "include/policy_ns.h"
37
#include "include/resource.h"
38
#include "include/policy_unpack.h"
39
#include "include/task.h"
40

41
/*
42
 * The apparmor filesystem interface used for policy load and introspection
43
 * The interface is split into two main components based on their function
44
 * a securityfs component:
45
 *   used for static files that are always available, and which allows
46
 *   userspace to specify the location of the security filesystem.
47
 *
48
 *   fns and data are prefixed with
49
 *      aa_sfs_
50
 *
51
 * an apparmorfs component:
52
 *   used loaded policy content and introspection. It is not part of  a
53
 *   regular mounted filesystem and is available only through the magic
54
 *   policy symlink in the root of the securityfs apparmor/ directory.
55
 *   Tasks queries will be magically redirected to the correct portion
56
 *   of the policy tree based on their confinement.
57
 *
58
 *   fns and data are prefixed with
59
 *      aafs_
60
 *
61
 * The aa_fs_ prefix is used to indicate the fn is used by both the
62
 * securityfs and apparmorfs filesystems.
63
 */
64

65

66
/*
67
 * support fns
68
 */
69

70
struct rawdata_f_data {
71
	struct aa_loaddata *loaddata;
72
};
73

74
#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
75
#define RAWDATA_F_DATA_BUF(p) (char *)(p + 1)
76

77
static void rawdata_f_data_free(struct rawdata_f_data *private)
78
{
79
	if (!private)
80
		return;
81

82
	aa_put_loaddata(private->loaddata);
83
	kvfree(private);
84
}
85

86
static struct rawdata_f_data *rawdata_f_data_alloc(size_t size)
87
{
88
	struct rawdata_f_data *ret;
89

90
	if (size > SIZE_MAX - sizeof(*ret))
91
		return ERR_PTR(-EINVAL);
92

93
	ret = kvzalloc(sizeof(*ret) + size, GFP_KERNEL);
94
	if (!ret)
95
		return ERR_PTR(-ENOMEM);
96

97
	return ret;
98
}
99
#endif
100

101
/**
102
 * mangle_name - mangle a profile name to std profile layout form
103
 * @name: profile name to mangle  (NOT NULL)
104
 * @target: buffer to store mangled name, same length as @name (MAYBE NULL)
105
 *
106
 * Returns: length of mangled name
107
 */
108
static int mangle_name(const char *name, char *target)
109
{
110
	char *t = target;
111

112
	while (*name == '/' || *name == '.')
113
		name++;
114

115
	if (target) {
116
		for (; *name; name++) {
117
			if (*name == '/')
118
				*(t)++ = '.';
119
			else if (isspace(*name))
120
				*(t)++ = '_';
121
			else if (isalnum(*name) || strchr("._-", *name))
122
				*(t)++ = *name;
123
		}
124

125
		*t = 0;
126
	} else {
127
		int len = 0;
128
		for (; *name; name++) {
129
			if (isalnum(*name) || isspace(*name) ||
130
			    strchr("/._-", *name))
131
				len++;
132
		}
133

134
		return len;
135
	}
136

137
	return t - target;
138
}
139

140

141
/*
142
 * aafs - core fns and data for the policy tree
143
 */
144

145
#define AAFS_NAME		"apparmorfs"
146
static struct vfsmount *aafs_mnt;
147
static int aafs_count;
148

149

150
static int aafs_show_path(struct seq_file *seq, struct dentry *dentry)
151
{
152
	seq_printf(seq, "%s:[%lu]", AAFS_NAME, d_inode(dentry)->i_ino);
153
	return 0;
154
}
155

156
static void aafs_free_inode(struct inode *inode)
157
{
158
	if (S_ISLNK(inode->i_mode))
159
		kfree(inode->i_link);
160
	free_inode_nonrcu(inode);
161
}
162

163
static const struct super_operations aafs_super_ops = {
164
	.statfs = simple_statfs,
165
	.free_inode = aafs_free_inode,
166
	.show_path = aafs_show_path,
167
};
168

169
static int apparmorfs_fill_super(struct super_block *sb, struct fs_context *fc)
170
{
171
	static struct tree_descr files[] = { {""} };
172
	int error;
173

174
	error = simple_fill_super(sb, AAFS_MAGIC, files);
175
	if (error)
176
		return error;
177
	sb->s_op = &aafs_super_ops;
178

179
	return 0;
180
}
181

182
static int apparmorfs_get_tree(struct fs_context *fc)
183
{
184
	return get_tree_single(fc, apparmorfs_fill_super);
185
}
186

187
static const struct fs_context_operations apparmorfs_context_ops = {
188
	.get_tree	= apparmorfs_get_tree,
189
};
190

191
static int apparmorfs_init_fs_context(struct fs_context *fc)
192
{
193
	fc->ops = &apparmorfs_context_ops;
194
	return 0;
195
}
196

197
static struct file_system_type aafs_ops = {
198
	.owner = THIS_MODULE,
199
	.name = AAFS_NAME,
200
	.init_fs_context = apparmorfs_init_fs_context,
201
	.kill_sb = kill_anon_super,
202
};
203

204
/**
205
 * __aafs_setup_d_inode - basic inode setup for apparmorfs
206
 * @dir: parent directory for the dentry
207
 * @dentry: dentry we are setting the inode up for
208
 * @mode: permissions the file should have
209
 * @data: data to store on inode.i_private, available in open()
210
 * @link: if symlink, symlink target string
211
 * @fops: struct file_operations that should be used
212
 * @iops: struct of inode_operations that should be used
213
 */
214
static int __aafs_setup_d_inode(struct inode *dir, struct dentry *dentry,
215
			       umode_t mode, void *data, char *link,
216
			       const struct file_operations *fops,
217
			       const struct inode_operations *iops)
218
{
219
	struct inode *inode = new_inode(dir->i_sb);
220

221
	AA_BUG(!dir);
222
	AA_BUG(!dentry);
223

224
	if (!inode)
225
		return -ENOMEM;
226

227
	inode->i_ino = get_next_ino();
228
	inode->i_mode = mode;
229
	simple_inode_init_ts(inode);
230
	inode->i_private = data;
231
	if (S_ISDIR(mode)) {
232
		inode->i_op = iops ? iops : &simple_dir_inode_operations;
233
		inode->i_fop = &simple_dir_operations;
234
		inc_nlink(inode);
235
		inc_nlink(dir);
236
	} else if (S_ISLNK(mode)) {
237
		inode->i_op = iops ? iops : &simple_symlink_inode_operations;
238
		inode->i_link = link;
239
	} else {
240
		inode->i_fop = fops;
241
	}
242
	d_instantiate(dentry, inode);
243
	dget(dentry);
244

245
	return 0;
246
}
247

248
/**
249
 * aafs_create - create a dentry in the apparmorfs filesystem
250
 *
251
 * @name: name of dentry to create
252
 * @mode: permissions the file should have
253
 * @parent: parent directory for this dentry
254
 * @data: data to store on inode.i_private, available in open()
255
 * @link: if symlink, symlink target string
256
 * @fops: struct file_operations that should be used for
257
 * @iops: struct of inode_operations that should be used
258
 *
259
 * This is the basic "create a xxx" function for apparmorfs.
260
 *
261
 * Returns a pointer to a dentry if it succeeds, that must be free with
262
 * aafs_remove(). Will return ERR_PTR on failure.
263
 */
264
static struct dentry *aafs_create(const char *name, umode_t mode,
265
				  struct dentry *parent, void *data, void *link,
266
				  const struct file_operations *fops,
267
				  const struct inode_operations *iops)
268
{
269
	struct dentry *dentry;
270
	struct inode *dir;
271
	int error;
272

273
	AA_BUG(!name);
274
	AA_BUG(!parent);
275

276
	if (!(mode & S_IFMT))
277
		mode = (mode & S_IALLUGO) | S_IFREG;
278

279
	error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
280
	if (error)
281
		return ERR_PTR(error);
282

283
	dir = d_inode(parent);
284

285
	inode_lock(dir);
286
	dentry = lookup_noperm(&QSTR(name), parent);
287
	if (IS_ERR(dentry)) {
288
		error = PTR_ERR(dentry);
289
		goto fail_lock;
290
	}
291

292
	if (d_really_is_positive(dentry)) {
293
		error = -EEXIST;
294
		goto fail_dentry;
295
	}
296

297
	error = __aafs_setup_d_inode(dir, dentry, mode, data, link, fops, iops);
298
	if (error)
299
		goto fail_dentry;
300
	inode_unlock(dir);
301

302
	return dentry;
303

304
fail_dentry:
305
	dput(dentry);
306

307
fail_lock:
308
	inode_unlock(dir);
309
	simple_release_fs(&aafs_mnt, &aafs_count);
310

311
	return ERR_PTR(error);
312
}
313

314
/**
315
 * aafs_create_file - create a file in the apparmorfs filesystem
316
 *
317
 * @name: name of dentry to create
318
 * @mode: permissions the file should have
319
 * @parent: parent directory for this dentry
320
 * @data: data to store on inode.i_private, available in open()
321
 * @fops: struct file_operations that should be used for
322
 *
323
 * see aafs_create
324
 */
325
static struct dentry *aafs_create_file(const char *name, umode_t mode,
326
				       struct dentry *parent, void *data,
327
				       const struct file_operations *fops)
328
{
329
	return aafs_create(name, mode, parent, data, NULL, fops, NULL);
330
}
331

332
/**
333
 * aafs_create_dir - create a directory in the apparmorfs filesystem
334
 *
335
 * @name: name of dentry to create
336
 * @parent: parent directory for this dentry
337
 *
338
 * see aafs_create
339
 */
340
static struct dentry *aafs_create_dir(const char *name, struct dentry *parent)
341
{
342
	return aafs_create(name, S_IFDIR | 0755, parent, NULL, NULL, NULL,
343
			   NULL);
344
}
345

346
/**
347
 * aafs_remove - removes a file or directory from the apparmorfs filesystem
348
 *
349
 * @dentry: dentry of the file/directory/symlink to removed.
350
 */
351
static void aafs_remove(struct dentry *dentry)
352
{
353
	struct inode *dir;
354

355
	if (!dentry || IS_ERR(dentry))
356
		return;
357

358
	/* ->d_parent is stable as rename is not supported */
359
	dir = d_inode(dentry->d_parent);
360
	dentry = start_removing_dentry(dentry->d_parent, dentry);
361
	if (!IS_ERR(dentry) && simple_positive(dentry)) {
362
		if (d_is_dir(dentry)) {
363
			if (!WARN_ON(!simple_empty(dentry))) {
364
				__simple_rmdir(dir, dentry);
365
				dput(dentry);
366
			}
367
		} else {
368
			__simple_unlink(dir, dentry);
369
			dput(dentry);
370
		}
371
		d_delete(dentry);
372
	}
373
	end_removing(dentry);
374
	simple_release_fs(&aafs_mnt, &aafs_count);
375
}
376

377

378
/*
379
 * aa_fs - policy load/replace/remove
380
 */
381

382
/**
383
 * aa_simple_write_to_buffer - common routine for getting policy from user
384
 * @userbuf: user buffer to copy data from  (NOT NULL)
385
 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
386
 * @copy_size: size of data to copy from user buffer
387
 * @pos: position write is at in the file (NOT NULL)
388
 *
389
 * Returns: kernel buffer containing copy of user buffer data or an
390
 *          ERR_PTR on failure.
391
 */
392
static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf,
393
						     size_t alloc_size,
394
						     size_t copy_size,
395
						     loff_t *pos)
396
{
397
	struct aa_loaddata *data;
398

399
	AA_BUG(copy_size > alloc_size);
400

401
	if (*pos != 0)
402
		/* only writes from pos 0, that is complete writes */
403
		return ERR_PTR(-ESPIPE);
404

405
	/* freed by caller to simple_write_to_buffer */
406
	data = aa_loaddata_alloc(alloc_size);
407
	if (IS_ERR(data))
408
		return data;
409

410
	data->size = copy_size;
411
	if (copy_from_user(data->data, userbuf, copy_size)) {
412
		aa_put_loaddata(data);
413
		return ERR_PTR(-EFAULT);
414
	}
415

416
	return data;
417
}
418

419
static ssize_t policy_update(u32 mask, const char __user *buf, size_t size,
420
			     loff_t *pos, struct aa_ns *ns)
421
{
422
	struct aa_loaddata *data;
423
	struct aa_label *label;
424
	ssize_t error;
425

426
	label = begin_current_label_crit_section();
427

428
	/* high level check about policy management - fine grained in
429
	 * below after unpack
430
	 */
431
	error = aa_may_manage_policy(current_cred(), label, ns, mask);
432
	if (error)
433
		goto end_section;
434

435
	data = aa_simple_write_to_buffer(buf, size, size, pos);
436
	error = PTR_ERR(data);
437
	if (!IS_ERR(data)) {
438
		error = aa_replace_profiles(ns, label, mask, data);
439
		aa_put_loaddata(data);
440
	}
441
end_section:
442
	end_current_label_crit_section(label);
443

444
	return error;
445
}
446

447
/* .load file hook fn to load policy */
448
static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
449
			    loff_t *pos)
450
{
451
	struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
452
	int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns);
453

454
	aa_put_ns(ns);
455

456
	return error;
457
}
458

459
static const struct file_operations aa_fs_profile_load = {
460
	.write = profile_load,
461
	.llseek = default_llseek,
462
};
463

464
/* .replace file hook fn to load and/or replace policy */
465
static ssize_t profile_replace(struct file *f, const char __user *buf,
466
			       size_t size, loff_t *pos)
467
{
468
	struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
469
	int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY,
470
				  buf, size, pos, ns);
471
	aa_put_ns(ns);
472

473
	return error;
474
}
475

476
static const struct file_operations aa_fs_profile_replace = {
477
	.write = profile_replace,
478
	.llseek = default_llseek,
479
};
480

481
/* .remove file hook fn to remove loaded policy */
482
static ssize_t profile_remove(struct file *f, const char __user *buf,
483
			      size_t size, loff_t *pos)
484
{
485
	struct aa_loaddata *data;
486
	struct aa_label *label;
487
	ssize_t error;
488
	struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
489

490
	label = begin_current_label_crit_section();
491
	/* high level check about policy management - fine grained in
492
	 * below after unpack
493
	 */
494
	error = aa_may_manage_policy(current_cred(), label, ns,
495
				     AA_MAY_REMOVE_POLICY);
496
	if (error)
497
		goto out;
498

499
	/*
500
	 * aa_remove_profile needs a null terminated string so 1 extra
501
	 * byte is allocated and the copied data is null terminated.
502
	 */
503
	data = aa_simple_write_to_buffer(buf, size + 1, size, pos);
504

505
	error = PTR_ERR(data);
506
	if (!IS_ERR(data)) {
507
		data->data[size] = 0;
508
		error = aa_remove_profiles(ns, label, data->data, size);
509
		aa_put_loaddata(data);
510
	}
511
 out:
512
	end_current_label_crit_section(label);
513
	aa_put_ns(ns);
514
	return error;
515
}
516

517
static const struct file_operations aa_fs_profile_remove = {
518
	.write = profile_remove,
519
	.llseek = default_llseek,
520
};
521

522
struct aa_revision {
523
	struct aa_ns *ns;
524
	long last_read;
525
};
526

527
/* revision file hook fn for policy loads */
528
static int ns_revision_release(struct inode *inode, struct file *file)
529
{
530
	struct aa_revision *rev = file->private_data;
531

532
	if (rev) {
533
		aa_put_ns(rev->ns);
534
		kfree(rev);
535
	}
536

537
	return 0;
538
}
539

540
static ssize_t ns_revision_read(struct file *file, char __user *buf,
541
				size_t size, loff_t *ppos)
542
{
543
	struct aa_revision *rev = file->private_data;
544
	char buffer[32];
545
	long last_read;
546
	int avail;
547

548
	mutex_lock_nested(&rev->ns->lock, rev->ns->level);
549
	last_read = rev->last_read;
550
	if (last_read == rev->ns->revision) {
551
		mutex_unlock(&rev->ns->lock);
552
		if (file->f_flags & O_NONBLOCK)
553
			return -EAGAIN;
554
		if (wait_event_interruptible(rev->ns->wait,
555
					     last_read !=
556
					     READ_ONCE(rev->ns->revision)))
557
			return -ERESTARTSYS;
558
		mutex_lock_nested(&rev->ns->lock, rev->ns->level);
559
	}
560

561
	avail = sprintf(buffer, "%ld\n", rev->ns->revision);
562
	if (*ppos + size > avail) {
563
		rev->last_read = rev->ns->revision;
564
		*ppos = 0;
565
	}
566
	mutex_unlock(&rev->ns->lock);
567

568
	return simple_read_from_buffer(buf, size, ppos, buffer, avail);
569
}
570

571
static int ns_revision_open(struct inode *inode, struct file *file)
572
{
573
	struct aa_revision *rev = kzalloc(sizeof(*rev), GFP_KERNEL);
574

575
	if (!rev)
576
		return -ENOMEM;
577

578
	rev->ns = aa_get_ns(inode->i_private);
579
	if (!rev->ns)
580
		rev->ns = aa_get_current_ns();
581
	file->private_data = rev;
582

583
	return 0;
584
}
585

586
static __poll_t ns_revision_poll(struct file *file, poll_table *pt)
587
{
588
	struct aa_revision *rev = file->private_data;
589
	__poll_t mask = 0;
590

591
	if (rev) {
592
		mutex_lock_nested(&rev->ns->lock, rev->ns->level);
593
		poll_wait(file, &rev->ns->wait, pt);
594
		if (rev->last_read < rev->ns->revision)
595
			mask |= EPOLLIN | EPOLLRDNORM;
596
		mutex_unlock(&rev->ns->lock);
597
	}
598

599
	return mask;
600
}
601

602
void __aa_bump_ns_revision(struct aa_ns *ns)
603
{
604
	WRITE_ONCE(ns->revision, READ_ONCE(ns->revision) + 1);
605
	wake_up_interruptible(&ns->wait);
606
}
607

608
static const struct file_operations aa_fs_ns_revision_fops = {
609
	.owner		= THIS_MODULE,
610
	.open		= ns_revision_open,
611
	.poll		= ns_revision_poll,
612
	.read		= ns_revision_read,
613
	.llseek		= generic_file_llseek,
614
	.release	= ns_revision_release,
615
};
616

617
static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms,
618
			     const char *match_str, size_t match_len)
619
{
620
	struct aa_ruleset *rules = profile->label.rules[0];
621
	struct aa_perms tmp = { };
622
	aa_state_t state = DFA_NOMATCH;
623

624
	if (profile_unconfined(profile))
625
		return;
626
	if (rules->file->dfa && *match_str == AA_CLASS_FILE) {
627
		state = aa_dfa_match_len(rules->file->dfa,
628
					 rules->file->start[AA_CLASS_FILE],
629
					 match_str + 1, match_len - 1);
630
		if (state) {
631
			struct path_cond cond = { };
632

633
			tmp = *(aa_lookup_condperms(current_fsuid(),
634
						    rules->file, state, &cond));
635
		}
636
	} else if (rules->policy->dfa) {
637
		if (!RULE_MEDIATES(rules, *match_str))
638
			return;	/* no change to current perms */
639
		/* old user space does not correctly detect dbus mediation
640
		 * support so we may get dbus policy and requests when
641
		 * the abi doesn't support it. This can cause mediation
642
		 * regressions, so explicitly test for this situation.
643
		 */
644
		if (*match_str == AA_CLASS_DBUS &&
645
		    !RULE_MEDIATES_v9NET(rules))
646
			return; /* no change to current perms */
647
		state = aa_dfa_match_len(rules->policy->dfa,
648
					 rules->policy->start[0],
649
					 match_str, match_len);
650
		if (state)
651
			tmp = *aa_lookup_perms(rules->policy, state);
652
	}
653
	aa_apply_modes_to_perms(profile, &tmp);
654
	aa_perms_accum_raw(perms, &tmp);
655
}
656

657

658
/**
659
 * query_data - queries a policy and writes its data to buf
660
 * @buf: the resulting data is stored here (NOT NULL)
661
 * @buf_len: size of buf
662
 * @query: query string used to retrieve data
663
 * @query_len: size of query including second NUL byte
664
 *
665
 * The buffers pointed to by buf and query may overlap. The query buffer is
666
 * parsed before buf is written to.
667
 *
668
 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of
669
 * the security confinement context and <KEY> is the name of the data to
670
 * retrieve. <LABEL> and <KEY> must not be NUL-terminated.
671
 *
672
 * Don't expect the contents of buf to be preserved on failure.
673
 *
674
 * Returns: number of characters written to buf or -errno on failure
675
 */
676
static ssize_t query_data(char *buf, size_t buf_len,
677
			  char *query, size_t query_len)
678
{
679
	char *out;
680
	const char *key;
681
	struct label_it i;
682
	struct aa_label *label, *curr;
683
	struct aa_profile *profile;
684
	struct aa_data *data;
685
	u32 bytes, blocks;
686
	__le32 outle32;
687

688
	if (!query_len)
689
		return -EINVAL; /* need a query */
690

691
	key = query + strnlen(query, query_len) + 1;
692
	if (key + 1 >= query + query_len)
693
		return -EINVAL; /* not enough space for a non-empty key */
694
	if (key + strnlen(key, query + query_len - key) >= query + query_len)
695
		return -EINVAL; /* must end with NUL */
696

697
	if (buf_len < sizeof(bytes) + sizeof(blocks))
698
		return -EINVAL; /* not enough space */
699

700
	curr = begin_current_label_crit_section();
701
	label = aa_label_parse(curr, query, GFP_KERNEL, false, false);
702
	end_current_label_crit_section(curr);
703
	if (IS_ERR(label))
704
		return PTR_ERR(label);
705

706
	/* We are going to leave space for two numbers. The first is the total
707
	 * number of bytes we are writing after the first number. This is so
708
	 * users can read the full output without reallocation.
709
	 *
710
	 * The second number is the number of data blocks we're writing. An
711
	 * application might be confined by multiple policies having data in
712
	 * the same key.
713
	 */
714
	memset(buf, 0, sizeof(bytes) + sizeof(blocks));
715
	out = buf + sizeof(bytes) + sizeof(blocks);
716

717
	blocks = 0;
718
	label_for_each_confined(i, label, profile) {
719
		if (!profile->data)
720
			continue;
721

722
		data = rhashtable_lookup_fast(profile->data, &key,
723
					      profile->data->p);
724

725
		if (data) {
726
			if (out + sizeof(outle32) + data->size > buf +
727
			    buf_len) {
728
				aa_put_label(label);
729
				return -EINVAL; /* not enough space */
730
			}
731
			outle32 = __cpu_to_le32(data->size);
732
			memcpy(out, &outle32, sizeof(outle32));
733
			out += sizeof(outle32);
734
			memcpy(out, data->data, data->size);
735
			out += data->size;
736
			blocks++;
737
		}
738
	}
739
	aa_put_label(label);
740

741
	outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
742
	memcpy(buf, &outle32, sizeof(outle32));
743
	outle32 = __cpu_to_le32(blocks);
744
	memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
745

746
	return out - buf;
747
}
748

749
/**
750
 * query_label - queries a label and writes permissions to buf
751
 * @buf: the resulting permissions string is stored here (NOT NULL)
752
 * @buf_len: size of buf
753
 * @query: binary query string to match against the dfa
754
 * @query_len: size of query
755
 * @view_only: only compute for querier's view
756
 *
757
 * The buffers pointed to by buf and query may overlap. The query buffer is
758
 * parsed before buf is written to.
759
 *
760
 * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is
761
 * the name of the label, in the current namespace, that is to be queried and
762
 * DFA_STRING is a binary string to match against the label(s)'s DFA.
763
 *
764
 * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters
765
 * but must *not* be NUL terminated.
766
 *
767
 * Returns: number of characters written to buf or -errno on failure
768
 */
769
static ssize_t query_label(char *buf, size_t buf_len,
770
			   char *query, size_t query_len, bool view_only)
771
{
772
	struct aa_profile *profile;
773
	struct aa_label *label, *curr;
774
	char *label_name, *match_str;
775
	size_t label_name_len, match_len;
776
	struct aa_perms perms;
777
	struct label_it i;
778

779
	if (!query_len)
780
		return -EINVAL;
781

782
	label_name = query;
783
	label_name_len = strnlen(query, query_len);
784
	if (!label_name_len || label_name_len == query_len)
785
		return -EINVAL;
786

787
	/**
788
	 * The extra byte is to account for the null byte between the
789
	 * profile name and dfa string. profile_name_len is greater
790
	 * than zero and less than query_len, so a byte can be safely
791
	 * added or subtracted.
792
	 */
793
	match_str = label_name + label_name_len + 1;
794
	match_len = query_len - label_name_len - 1;
795

796
	curr = begin_current_label_crit_section();
797
	label = aa_label_parse(curr, label_name, GFP_KERNEL, false, false);
798
	end_current_label_crit_section(curr);
799
	if (IS_ERR(label))
800
		return PTR_ERR(label);
801

802
	perms = allperms;
803
	if (view_only) {
804
		label_for_each_in_ns(i, labels_ns(label), label, profile) {
805
			profile_query_cb(profile, &perms, match_str, match_len);
806
		}
807
	} else {
808
		label_for_each(i, label, profile) {
809
			profile_query_cb(profile, &perms, match_str, match_len);
810
		}
811
	}
812
	aa_put_label(label);
813

814
	return scnprintf(buf, buf_len,
815
		      "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n",
816
		      perms.allow, perms.deny, perms.audit, perms.quiet);
817
}
818

819
/*
820
 * Transaction based IO.
821
 * The file expects a write which triggers the transaction, and then
822
 * possibly a read(s) which collects the result - which is stored in a
823
 * file-local buffer. Once a new write is performed, a new set of results
824
 * are stored in the file-local buffer.
825
 */
826
struct multi_transaction {
827
	struct kref count;
828
	ssize_t size;
829
	char data[];
830
};
831

832
#define MULTI_TRANSACTION_LIMIT (PAGE_SIZE - sizeof(struct multi_transaction))
833

834
static void multi_transaction_kref(struct kref *kref)
835
{
836
	struct multi_transaction *t;
837

838
	t = container_of(kref, struct multi_transaction, count);
839
	free_page((unsigned long) t);
840
}
841

842
static struct multi_transaction *
843
get_multi_transaction(struct multi_transaction *t)
844
{
845
	if  (t)
846
		kref_get(&(t->count));
847

848
	return t;
849
}
850

851
static void put_multi_transaction(struct multi_transaction *t)
852
{
853
	if (t)
854
		kref_put(&(t->count), multi_transaction_kref);
855
}
856

857
/* does not increment @new's count */
858
static void multi_transaction_set(struct file *file,
859
				  struct multi_transaction *new, size_t n)
860
{
861
	struct multi_transaction *old;
862

863
	AA_BUG(n > MULTI_TRANSACTION_LIMIT);
864

865
	new->size = n;
866
	spin_lock(&file->f_lock);
867
	old = (struct multi_transaction *) file->private_data;
868
	file->private_data = new;
869
	spin_unlock(&file->f_lock);
870
	put_multi_transaction(old);
871
}
872

873
static struct multi_transaction *multi_transaction_new(struct file *file,
874
						       const char __user *buf,
875
						       size_t size)
876
{
877
	struct multi_transaction *t;
878

879
	if (size > MULTI_TRANSACTION_LIMIT - 1)
880
		return ERR_PTR(-EFBIG);
881

882
	t = (struct multi_transaction *)get_zeroed_page(GFP_KERNEL);
883
	if (!t)
884
		return ERR_PTR(-ENOMEM);
885
	kref_init(&t->count);
886
	if (copy_from_user(t->data, buf, size)) {
887
		put_multi_transaction(t);
888
		return ERR_PTR(-EFAULT);
889
	}
890

891
	return t;
892
}
893

894
static ssize_t multi_transaction_read(struct file *file, char __user *buf,
895
				       size_t size, loff_t *pos)
896
{
897
	struct multi_transaction *t;
898
	ssize_t ret;
899

900
	spin_lock(&file->f_lock);
901
	t = get_multi_transaction(file->private_data);
902
	spin_unlock(&file->f_lock);
903

904
	if (!t)
905
		return 0;
906

907
	ret = simple_read_from_buffer(buf, size, pos, t->data, t->size);
908
	put_multi_transaction(t);
909

910
	return ret;
911
}
912

913
static int multi_transaction_release(struct inode *inode, struct file *file)
914
{
915
	put_multi_transaction(file->private_data);
916

917
	return 0;
918
}
919

920
#define QUERY_CMD_LABEL		"label\0"
921
#define QUERY_CMD_LABEL_LEN	6
922
#define QUERY_CMD_PROFILE	"profile\0"
923
#define QUERY_CMD_PROFILE_LEN	8
924
#define QUERY_CMD_LABELALL	"labelall\0"
925
#define QUERY_CMD_LABELALL_LEN	9
926
#define QUERY_CMD_DATA		"data\0"
927
#define QUERY_CMD_DATA_LEN	5
928

929
/**
930
 * aa_write_access - generic permissions and data query
931
 * @file: pointer to open apparmorfs/access file
932
 * @ubuf: user buffer containing the complete query string (NOT NULL)
933
 * @count: size of ubuf
934
 * @ppos: position in the file (MUST BE ZERO)
935
 *
936
 * Allows for one permissions or data query per open(), write(), and read()
937
 * sequence. The only queries currently supported are label-based queries for
938
 * permissions or data.
939
 *
940
 * For permissions queries, ubuf must begin with "label\0", followed by the
941
 * profile query specific format described in the query_label() function
942
 * documentation.
943
 *
944
 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where
945
 * <LABEL> is the name of the security confinement context and <KEY> is the
946
 * name of the data to retrieve.
947
 *
948
 * Returns: number of bytes written or -errno on failure
949
 */
950
static ssize_t aa_write_access(struct file *file, const char __user *ubuf,
951
			       size_t count, loff_t *ppos)
952
{
953
	struct multi_transaction *t;
954
	ssize_t len;
955

956
	if (*ppos)
957
		return -ESPIPE;
958

959
	t = multi_transaction_new(file, ubuf, count);
960
	if (IS_ERR(t))
961
		return PTR_ERR(t);
962

963
	if (count > QUERY_CMD_PROFILE_LEN &&
964
	    !memcmp(t->data, QUERY_CMD_PROFILE, QUERY_CMD_PROFILE_LEN)) {
965
		len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
966
				  t->data + QUERY_CMD_PROFILE_LEN,
967
				  count - QUERY_CMD_PROFILE_LEN, true);
968
	} else if (count > QUERY_CMD_LABEL_LEN &&
969
		   !memcmp(t->data, QUERY_CMD_LABEL, QUERY_CMD_LABEL_LEN)) {
970
		len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
971
				  t->data + QUERY_CMD_LABEL_LEN,
972
				  count - QUERY_CMD_LABEL_LEN, true);
973
	} else if (count > QUERY_CMD_LABELALL_LEN &&
974
		   !memcmp(t->data, QUERY_CMD_LABELALL,
975
			   QUERY_CMD_LABELALL_LEN)) {
976
		len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
977
				  t->data + QUERY_CMD_LABELALL_LEN,
978
				  count - QUERY_CMD_LABELALL_LEN, false);
979
	} else if (count > QUERY_CMD_DATA_LEN &&
980
		   !memcmp(t->data, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) {
981
		len = query_data(t->data, MULTI_TRANSACTION_LIMIT,
982
				 t->data + QUERY_CMD_DATA_LEN,
983
				 count - QUERY_CMD_DATA_LEN);
984
	} else
985
		len = -EINVAL;
986

987
	if (len < 0) {
988
		put_multi_transaction(t);
989
		return len;
990
	}
991

992
	multi_transaction_set(file, t, len);
993

994
	return count;
995
}
996

997
static const struct file_operations aa_sfs_access = {
998
	.write		= aa_write_access,
999
	.read		= multi_transaction_read,
1000
	.release	= multi_transaction_release,
1001
	.llseek		= generic_file_llseek,
1002
};
1003

1004
static int aa_sfs_seq_show(struct seq_file *seq, void *v)
1005
{
1006
	struct aa_sfs_entry *fs_file = seq->private;
1007

1008
	if (!fs_file)
1009
		return 0;
1010

1011
	switch (fs_file->v_type) {
1012
	case AA_SFS_TYPE_BOOLEAN:
1013
		seq_printf(seq, "%s\n", str_yes_no(fs_file->v.boolean));
1014
		break;
1015
	case AA_SFS_TYPE_STRING:
1016
		seq_printf(seq, "%s\n", fs_file->v.string);
1017
		break;
1018
	case AA_SFS_TYPE_U64:
1019
		seq_printf(seq, "%#08lx\n", fs_file->v.u64);
1020
		break;
1021
	default:
1022
		/* Ignore unprintable entry types. */
1023
		break;
1024
	}
1025

1026
	return 0;
1027
}
1028

1029
static int aa_sfs_seq_open(struct inode *inode, struct file *file)
1030
{
1031
	return single_open(file, aa_sfs_seq_show, inode->i_private);
1032
}
1033

1034
const struct file_operations aa_sfs_seq_file_ops = {
1035
	.owner		= THIS_MODULE,
1036
	.open		= aa_sfs_seq_open,
1037
	.read		= seq_read,
1038
	.llseek		= seq_lseek,
1039
	.release	= single_release,
1040
};
1041

1042
/*
1043
 * profile based file operations
1044
 *     policy/profiles/XXXX/profiles/ *
1045
 */
1046

1047
#define SEQ_PROFILE_FOPS(NAME)						      \
1048
static int seq_profile_ ##NAME ##_open(struct inode *inode, struct file *file)\
1049
{									      \
1050
	return seq_profile_open(inode, file, seq_profile_ ##NAME ##_show);    \
1051
}									      \
1052
									      \
1053
static const struct file_operations seq_profile_ ##NAME ##_fops = {	      \
1054
	.owner		= THIS_MODULE,					      \
1055
	.open		= seq_profile_ ##NAME ##_open,			      \
1056
	.read		= seq_read,					      \
1057
	.llseek		= seq_lseek,					      \
1058
	.release	= seq_profile_release,				      \
1059
}									      \
1060

1061
static int seq_profile_open(struct inode *inode, struct file *file,
1062
			    int (*show)(struct seq_file *, void *))
1063
{
1064
	struct aa_proxy *proxy = aa_get_proxy(inode->i_private);
1065
	int error = single_open(file, show, proxy);
1066

1067
	if (error) {
1068
		file->private_data = NULL;
1069
		aa_put_proxy(proxy);
1070
	}
1071

1072
	return error;
1073
}
1074

1075
static int seq_profile_release(struct inode *inode, struct file *file)
1076
{
1077
	struct seq_file *seq = (struct seq_file *) file->private_data;
1078
	if (seq)
1079
		aa_put_proxy(seq->private);
1080
	return single_release(inode, file);
1081
}
1082

1083
static int seq_profile_name_show(struct seq_file *seq, void *v)
1084
{
1085
	struct aa_proxy *proxy = seq->private;
1086
	struct aa_label *label = aa_get_label_rcu(&proxy->label);
1087
	struct aa_profile *profile = labels_profile(label);
1088
	seq_printf(seq, "%s\n", profile->base.name);
1089
	aa_put_label(label);
1090

1091
	return 0;
1092
}
1093

1094
static int seq_profile_mode_show(struct seq_file *seq, void *v)
1095
{
1096
	struct aa_proxy *proxy = seq->private;
1097
	struct aa_label *label = aa_get_label_rcu(&proxy->label);
1098
	struct aa_profile *profile = labels_profile(label);
1099
	seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]);
1100
	aa_put_label(label);
1101

1102
	return 0;
1103
}
1104

1105
static int seq_profile_attach_show(struct seq_file *seq, void *v)
1106
{
1107
	struct aa_proxy *proxy = seq->private;
1108
	struct aa_label *label = aa_get_label_rcu(&proxy->label);
1109
	struct aa_profile *profile = labels_profile(label);
1110
	if (profile->attach.xmatch_str)
1111
		seq_printf(seq, "%s\n", profile->attach.xmatch_str);
1112
	else if (profile->attach.xmatch->dfa)
1113
		seq_puts(seq, "<unknown>\n");
1114
	else
1115
		seq_printf(seq, "%s\n", profile->base.name);
1116
	aa_put_label(label);
1117

1118
	return 0;
1119
}
1120

1121
static int seq_profile_hash_show(struct seq_file *seq, void *v)
1122
{
1123
	struct aa_proxy *proxy = seq->private;
1124
	struct aa_label *label = aa_get_label_rcu(&proxy->label);
1125
	struct aa_profile *profile = labels_profile(label);
1126
	unsigned int i, size = aa_hash_size();
1127

1128
	if (profile->hash) {
1129
		for (i = 0; i < size; i++)
1130
			seq_printf(seq, "%.2x", profile->hash[i]);
1131
		seq_putc(seq, '\n');
1132
	}
1133
	aa_put_label(label);
1134

1135
	return 0;
1136
}
1137

1138
SEQ_PROFILE_FOPS(name);
1139
SEQ_PROFILE_FOPS(mode);
1140
SEQ_PROFILE_FOPS(attach);
1141
SEQ_PROFILE_FOPS(hash);
1142

1143
/*
1144
 * namespace based files
1145
 *     several root files and
1146
 *     policy/ *
1147
 */
1148

1149
#define SEQ_NS_FOPS(NAME)						      \
1150
static int seq_ns_ ##NAME ##_open(struct inode *inode, struct file *file)     \
1151
{									      \
1152
	return single_open(file, seq_ns_ ##NAME ##_show, inode->i_private);   \
1153
}									      \
1154
									      \
1155
static const struct file_operations seq_ns_ ##NAME ##_fops = {	      \
1156
	.owner		= THIS_MODULE,					      \
1157
	.open		= seq_ns_ ##NAME ##_open,			      \
1158
	.read		= seq_read,					      \
1159
	.llseek		= seq_lseek,					      \
1160
	.release	= single_release,				      \
1161
}									      \
1162

1163
static int seq_ns_stacked_show(struct seq_file *seq, void *v)
1164
{
1165
	struct aa_label *label;
1166

1167
	label = begin_current_label_crit_section();
1168
	seq_printf(seq, "%s\n", str_yes_no(label->size > 1));
1169
	end_current_label_crit_section(label);
1170

1171
	return 0;
1172
}
1173

1174
static int seq_ns_nsstacked_show(struct seq_file *seq, void *v)
1175
{
1176
	struct aa_label *label;
1177
	struct aa_profile *profile;
1178
	struct label_it it;
1179
	int count = 1;
1180

1181
	label = begin_current_label_crit_section();
1182

1183
	if (label->size > 1) {
1184
		label_for_each(it, label, profile)
1185
			if (profile->ns != labels_ns(label)) {
1186
				count++;
1187
				break;
1188
			}
1189
	}
1190

1191
	seq_printf(seq, "%s\n", str_yes_no(count > 1));
1192
	end_current_label_crit_section(label);
1193

1194
	return 0;
1195
}
1196

1197
static int seq_ns_level_show(struct seq_file *seq, void *v)
1198
{
1199
	struct aa_label *label;
1200

1201
	label = begin_current_label_crit_section();
1202
	seq_printf(seq, "%d\n", labels_ns(label)->level);
1203
	end_current_label_crit_section(label);
1204

1205
	return 0;
1206
}
1207

1208
static int seq_ns_name_show(struct seq_file *seq, void *v)
1209
{
1210
	struct aa_label *label = begin_current_label_crit_section();
1211
	seq_printf(seq, "%s\n", labels_ns(label)->base.name);
1212
	end_current_label_crit_section(label);
1213

1214
	return 0;
1215
}
1216

1217
static int seq_ns_compress_min_show(struct seq_file *seq, void *v)
1218
{
1219
	seq_printf(seq, "%d\n", AA_MIN_CLEVEL);
1220
	return 0;
1221
}
1222

1223
static int seq_ns_compress_max_show(struct seq_file *seq, void *v)
1224
{
1225
	seq_printf(seq, "%d\n", AA_MAX_CLEVEL);
1226
	return 0;
1227
}
1228

1229
SEQ_NS_FOPS(stacked);
1230
SEQ_NS_FOPS(nsstacked);
1231
SEQ_NS_FOPS(level);
1232
SEQ_NS_FOPS(name);
1233
SEQ_NS_FOPS(compress_min);
1234
SEQ_NS_FOPS(compress_max);
1235

1236

1237
/* policy/raw_data/ * file ops */
1238
#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
1239
#define SEQ_RAWDATA_FOPS(NAME)						      \
1240
static int seq_rawdata_ ##NAME ##_open(struct inode *inode, struct file *file)\
1241
{									      \
1242
	return seq_rawdata_open(inode, file, seq_rawdata_ ##NAME ##_show);    \
1243
}									      \
1244
									      \
1245
static const struct file_operations seq_rawdata_ ##NAME ##_fops = {	      \
1246
	.owner		= THIS_MODULE,					      \
1247
	.open		= seq_rawdata_ ##NAME ##_open,			      \
1248
	.read		= seq_read,					      \
1249
	.llseek		= seq_lseek,					      \
1250
	.release	= seq_rawdata_release,				      \
1251
}									      \
1252

1253
static int seq_rawdata_open(struct inode *inode, struct file *file,
1254
			    int (*show)(struct seq_file *, void *))
1255
{
1256
	struct aa_loaddata *data = __aa_get_loaddata(inode->i_private);
1257
	int error;
1258

1259
	if (!data)
1260
		/* lost race this ent is being reaped */
1261
		return -ENOENT;
1262

1263
	error = single_open(file, show, data);
1264
	if (error) {
1265
		AA_BUG(file->private_data &&
1266
		       ((struct seq_file *)file->private_data)->private);
1267
		aa_put_loaddata(data);
1268
	}
1269

1270
	return error;
1271
}
1272

1273
static int seq_rawdata_release(struct inode *inode, struct file *file)
1274
{
1275
	struct seq_file *seq = (struct seq_file *) file->private_data;
1276

1277
	if (seq)
1278
		aa_put_loaddata(seq->private);
1279

1280
	return single_release(inode, file);
1281
}
1282

1283
static int seq_rawdata_abi_show(struct seq_file *seq, void *v)
1284
{
1285
	struct aa_loaddata *data = seq->private;
1286

1287
	seq_printf(seq, "v%d\n", data->abi);
1288

1289
	return 0;
1290
}
1291

1292
static int seq_rawdata_revision_show(struct seq_file *seq, void *v)
1293
{
1294
	struct aa_loaddata *data = seq->private;
1295

1296
	seq_printf(seq, "%ld\n", data->revision);
1297

1298
	return 0;
1299
}
1300

1301
static int seq_rawdata_hash_show(struct seq_file *seq, void *v)
1302
{
1303
	struct aa_loaddata *data = seq->private;
1304
	unsigned int i, size = aa_hash_size();
1305

1306
	if (data->hash) {
1307
		for (i = 0; i < size; i++)
1308
			seq_printf(seq, "%.2x", data->hash[i]);
1309
		seq_putc(seq, '\n');
1310
	}
1311

1312
	return 0;
1313
}
1314

1315
static int seq_rawdata_compressed_size_show(struct seq_file *seq, void *v)
1316
{
1317
	struct aa_loaddata *data = seq->private;
1318

1319
	seq_printf(seq, "%zu\n", data->compressed_size);
1320

1321
	return 0;
1322
}
1323

1324
SEQ_RAWDATA_FOPS(abi);
1325
SEQ_RAWDATA_FOPS(revision);
1326
SEQ_RAWDATA_FOPS(hash);
1327
SEQ_RAWDATA_FOPS(compressed_size);
1328

1329
static int decompress_zstd(char *src, size_t slen, char *dst, size_t dlen)
1330
{
1331
	if (slen < dlen) {
1332
		const size_t wksp_len = zstd_dctx_workspace_bound();
1333
		zstd_dctx *ctx;
1334
		void *wksp;
1335
		size_t out_len;
1336
		int ret = 0;
1337

1338
		wksp = kvzalloc(wksp_len, GFP_KERNEL);
1339
		if (!wksp) {
1340
			ret = -ENOMEM;
1341
			goto cleanup;
1342
		}
1343
		ctx = zstd_init_dctx(wksp, wksp_len);
1344
		if (ctx == NULL) {
1345
			ret = -ENOMEM;
1346
			goto cleanup;
1347
		}
1348
		out_len = zstd_decompress_dctx(ctx, dst, dlen, src, slen);
1349
		if (zstd_is_error(out_len)) {
1350
			ret = -EINVAL;
1351
			goto cleanup;
1352
		}
1353
cleanup:
1354
		kvfree(wksp);
1355
		return ret;
1356
	}
1357

1358
	if (dlen < slen)
1359
		return -EINVAL;
1360
	memcpy(dst, src, slen);
1361
	return 0;
1362
}
1363

1364
static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size,
1365
			    loff_t *ppos)
1366
{
1367
	struct rawdata_f_data *private = file->private_data;
1368

1369
	return simple_read_from_buffer(buf, size, ppos,
1370
				       RAWDATA_F_DATA_BUF(private),
1371
				       private->loaddata->size);
1372
}
1373

1374
static int rawdata_release(struct inode *inode, struct file *file)
1375
{
1376
	rawdata_f_data_free(file->private_data);
1377

1378
	return 0;
1379
}
1380

1381
static int rawdata_open(struct inode *inode, struct file *file)
1382
{
1383
	int error;
1384
	struct aa_loaddata *loaddata;
1385
	struct rawdata_f_data *private;
1386

1387
	if (!aa_current_policy_view_capable(NULL))
1388
		return -EACCES;
1389

1390
	loaddata = __aa_get_loaddata(inode->i_private);
1391
	if (!loaddata)
1392
		/* lost race: this entry is being reaped */
1393
		return -ENOENT;
1394

1395
	private = rawdata_f_data_alloc(loaddata->size);
1396
	if (IS_ERR(private)) {
1397
		error = PTR_ERR(private);
1398
		goto fail_private_alloc;
1399
	}
1400

1401
	private->loaddata = loaddata;
1402

1403
	error = decompress_zstd(loaddata->data, loaddata->compressed_size,
1404
				RAWDATA_F_DATA_BUF(private),
1405
				loaddata->size);
1406
	if (error)
1407
		goto fail_decompress;
1408

1409
	file->private_data = private;
1410
	return 0;
1411

1412
fail_decompress:
1413
	rawdata_f_data_free(private);
1414
	return error;
1415

1416
fail_private_alloc:
1417
	aa_put_loaddata(loaddata);
1418
	return error;
1419
}
1420

1421
static const struct file_operations rawdata_fops = {
1422
	.open = rawdata_open,
1423
	.read = rawdata_read,
1424
	.llseek = generic_file_llseek,
1425
	.release = rawdata_release,
1426
};
1427

1428
static void remove_rawdata_dents(struct aa_loaddata *rawdata)
1429
{
1430
	int i;
1431

1432
	for (i = 0; i < AAFS_LOADDATA_NDENTS; i++) {
1433
		if (!IS_ERR_OR_NULL(rawdata->dents[i])) {
1434
			/* no refcounts on i_private */
1435
			aafs_remove(rawdata->dents[i]);
1436
			rawdata->dents[i] = NULL;
1437
		}
1438
	}
1439
}
1440

1441
void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata)
1442
{
1443
	AA_BUG(rawdata->ns && !mutex_is_locked(&rawdata->ns->lock));
1444

1445
	if (rawdata->ns) {
1446
		remove_rawdata_dents(rawdata);
1447
		list_del_init(&rawdata->list);
1448
		aa_put_ns(rawdata->ns);
1449
		rawdata->ns = NULL;
1450
	}
1451
}
1452

1453
int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata)
1454
{
1455
	struct dentry *dent, *dir;
1456

1457
	AA_BUG(!ns);
1458
	AA_BUG(!rawdata);
1459
	AA_BUG(!mutex_is_locked(&ns->lock));
1460
	AA_BUG(!ns_subdata_dir(ns));
1461

1462
	/*
1463
	 * just use ns revision dir was originally created at. This is
1464
	 * under ns->lock and if load is successful revision will be
1465
	 * bumped and is guaranteed to be unique
1466
	 */
1467
	rawdata->name = kasprintf(GFP_KERNEL, "%ld", ns->revision);
1468
	if (!rawdata->name)
1469
		return -ENOMEM;
1470

1471
	dir = aafs_create_dir(rawdata->name, ns_subdata_dir(ns));
1472
	if (IS_ERR(dir))
1473
		/* ->name freed when rawdata freed */
1474
		return PTR_ERR(dir);
1475
	rawdata->dents[AAFS_LOADDATA_DIR] = dir;
1476

1477
	dent = aafs_create_file("abi", S_IFREG | 0444, dir, rawdata,
1478
				      &seq_rawdata_abi_fops);
1479
	if (IS_ERR(dent))
1480
		goto fail;
1481
	rawdata->dents[AAFS_LOADDATA_ABI] = dent;
1482

1483
	dent = aafs_create_file("revision", S_IFREG | 0444, dir, rawdata,
1484
				      &seq_rawdata_revision_fops);
1485
	if (IS_ERR(dent))
1486
		goto fail;
1487
	rawdata->dents[AAFS_LOADDATA_REVISION] = dent;
1488

1489
	if (aa_g_hash_policy) {
1490
		dent = aafs_create_file("sha256", S_IFREG | 0444, dir,
1491
					      rawdata, &seq_rawdata_hash_fops);
1492
		if (IS_ERR(dent))
1493
			goto fail;
1494
		rawdata->dents[AAFS_LOADDATA_HASH] = dent;
1495
	}
1496

1497
	dent = aafs_create_file("compressed_size", S_IFREG | 0444, dir,
1498
				rawdata,
1499
				&seq_rawdata_compressed_size_fops);
1500
	if (IS_ERR(dent))
1501
		goto fail;
1502
	rawdata->dents[AAFS_LOADDATA_COMPRESSED_SIZE] = dent;
1503

1504
	dent = aafs_create_file("raw_data", S_IFREG | 0444,
1505
				      dir, rawdata, &rawdata_fops);
1506
	if (IS_ERR(dent))
1507
		goto fail;
1508
	rawdata->dents[AAFS_LOADDATA_DATA] = dent;
1509
	d_inode(dent)->i_size = rawdata->size;
1510

1511
	rawdata->ns = aa_get_ns(ns);
1512
	list_add(&rawdata->list, &ns->rawdata_list);
1513
	/* no refcount on inode rawdata */
1514

1515
	return 0;
1516

1517
fail:
1518
	remove_rawdata_dents(rawdata);
1519

1520
	return PTR_ERR(dent);
1521
}
1522
#endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
1523

1524

1525
/** fns to setup dynamic per profile/namespace files **/
1526

1527
/*
1528
 *
1529
 * Requires: @profile->ns->lock held
1530
 */
1531
void __aafs_profile_rmdir(struct aa_profile *profile)
1532
{
1533
	struct aa_profile *child;
1534
	int i;
1535

1536
	if (!profile)
1537
		return;
1538

1539
	list_for_each_entry(child, &profile->base.profiles, base.list)
1540
		__aafs_profile_rmdir(child);
1541

1542
	for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) {
1543
		struct aa_proxy *proxy;
1544
		if (!profile->dents[i])
1545
			continue;
1546

1547
		proxy = d_inode(profile->dents[i])->i_private;
1548
		aafs_remove(profile->dents[i]);
1549
		aa_put_proxy(proxy);
1550
		profile->dents[i] = NULL;
1551
	}
1552
}
1553

1554
/*
1555
 *
1556
 * Requires: @old->ns->lock held
1557
 */
1558
void __aafs_profile_migrate_dents(struct aa_profile *old,
1559
				  struct aa_profile *new)
1560
{
1561
	int i;
1562

1563
	AA_BUG(!old);
1564
	AA_BUG(!new);
1565
	AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock));
1566

1567
	for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
1568
		new->dents[i] = old->dents[i];
1569
		if (new->dents[i]) {
1570
			struct inode *inode = d_inode(new->dents[i]);
1571

1572
			inode_set_mtime_to_ts(inode,
1573
					      inode_set_ctime_current(inode));
1574
		}
1575
		old->dents[i] = NULL;
1576
	}
1577
}
1578

1579
static struct dentry *create_profile_file(struct dentry *dir, const char *name,
1580
					  struct aa_profile *profile,
1581
					  const struct file_operations *fops)
1582
{
1583
	struct aa_proxy *proxy = aa_get_proxy(profile->label.proxy);
1584
	struct dentry *dent;
1585

1586
	dent = aafs_create_file(name, S_IFREG | 0444, dir, proxy, fops);
1587
	if (IS_ERR(dent))
1588
		aa_put_proxy(proxy);
1589

1590
	return dent;
1591
}
1592

1593
#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
1594
static int profile_depth(struct aa_profile *profile)
1595
{
1596
	int depth = 0;
1597

1598
	rcu_read_lock();
1599
	for (depth = 0; profile; profile = rcu_access_pointer(profile->parent))
1600
		depth++;
1601
	rcu_read_unlock();
1602

1603
	return depth;
1604
}
1605

1606
static char *gen_symlink_name(int depth, const char *dirname, const char *fname)
1607
{
1608
	char *buffer, *s;
1609
	int error;
1610
	int size = depth * 6 + strlen(dirname) + strlen(fname) + 11;
1611

1612
	s = buffer = kmalloc(size, GFP_KERNEL);
1613
	if (!buffer)
1614
		return ERR_PTR(-ENOMEM);
1615

1616
	for (; depth > 0; depth--) {
1617
		strcpy(s, "../../");
1618
		s += 6;
1619
		size -= 6;
1620
	}
1621

1622
	error = snprintf(s, size, "raw_data/%s/%s", dirname, fname);
1623
	if (error >= size || error < 0) {
1624
		kfree(buffer);
1625
		return ERR_PTR(-ENAMETOOLONG);
1626
	}
1627

1628
	return buffer;
1629
}
1630

1631
static const char *rawdata_get_link_base(struct dentry *dentry,
1632
					 struct inode *inode,
1633
					 struct delayed_call *done,
1634
					 const char *name)
1635
{
1636
	struct aa_proxy *proxy = inode->i_private;
1637
	struct aa_label *label;
1638
	struct aa_profile *profile;
1639
	char *target;
1640
	int depth;
1641

1642
	if (!dentry)
1643
		return ERR_PTR(-ECHILD);
1644

1645
	label = aa_get_label_rcu(&proxy->label);
1646
	profile = labels_profile(label);
1647
	depth = profile_depth(profile);
1648
	target = gen_symlink_name(depth, profile->rawdata->name, name);
1649
	aa_put_label(label);
1650

1651
	if (IS_ERR(target))
1652
		return target;
1653

1654
	set_delayed_call(done, kfree_link, target);
1655

1656
	return target;
1657
}
1658

1659
static const char *rawdata_get_link_sha256(struct dentry *dentry,
1660
					 struct inode *inode,
1661
					 struct delayed_call *done)
1662
{
1663
	return rawdata_get_link_base(dentry, inode, done, "sha256");
1664
}
1665

1666
static const char *rawdata_get_link_abi(struct dentry *dentry,
1667
					struct inode *inode,
1668
					struct delayed_call *done)
1669
{
1670
	return rawdata_get_link_base(dentry, inode, done, "abi");
1671
}
1672

1673
static const char *rawdata_get_link_data(struct dentry *dentry,
1674
					 struct inode *inode,
1675
					 struct delayed_call *done)
1676
{
1677
	return rawdata_get_link_base(dentry, inode, done, "raw_data");
1678
}
1679

1680
static const struct inode_operations rawdata_link_sha256_iops = {
1681
	.get_link	= rawdata_get_link_sha256,
1682
};
1683

1684
static const struct inode_operations rawdata_link_abi_iops = {
1685
	.get_link	= rawdata_get_link_abi,
1686
};
1687
static const struct inode_operations rawdata_link_data_iops = {
1688
	.get_link	= rawdata_get_link_data,
1689
};
1690
#endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
1691

1692
/*
1693
 * Requires: @profile->ns->lock held
1694
 */
1695
int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
1696
{
1697
	struct aa_profile *child;
1698
	struct dentry *dent = NULL, *dir;
1699
	int error;
1700

1701
	AA_BUG(!profile);
1702
	AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock));
1703

1704
	if (!parent) {
1705
		struct aa_profile *p;
1706
		p = aa_deref_parent(profile);
1707
		dent = prof_dir(p);
1708
		if (!dent) {
1709
			error = -ENOENT;
1710
			goto fail2;
1711
		}
1712
		/* adding to parent that previously didn't have children */
1713
		dent = aafs_create_dir("profiles", dent);
1714
		if (IS_ERR(dent))
1715
			goto fail;
1716
		prof_child_dir(p) = parent = dent;
1717
	}
1718

1719
	if (!profile->dirname) {
1720
		int len, id_len;
1721
		len = mangle_name(profile->base.name, NULL);
1722
		id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
1723

1724
		profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
1725
		if (!profile->dirname) {
1726
			error = -ENOMEM;
1727
			goto fail2;
1728
		}
1729

1730
		mangle_name(profile->base.name, profile->dirname);
1731
		sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
1732
	}
1733

1734
	dent = aafs_create_dir(profile->dirname, parent);
1735
	if (IS_ERR(dent))
1736
		goto fail;
1737
	prof_dir(profile) = dir = dent;
1738

1739
	dent = create_profile_file(dir, "name", profile,
1740
				   &seq_profile_name_fops);
1741
	if (IS_ERR(dent))
1742
		goto fail;
1743
	profile->dents[AAFS_PROF_NAME] = dent;
1744

1745
	dent = create_profile_file(dir, "mode", profile,
1746
				   &seq_profile_mode_fops);
1747
	if (IS_ERR(dent))
1748
		goto fail;
1749
	profile->dents[AAFS_PROF_MODE] = dent;
1750

1751
	dent = create_profile_file(dir, "attach", profile,
1752
				   &seq_profile_attach_fops);
1753
	if (IS_ERR(dent))
1754
		goto fail;
1755
	profile->dents[AAFS_PROF_ATTACH] = dent;
1756

1757
	if (profile->hash) {
1758
		dent = create_profile_file(dir, "sha256", profile,
1759
					   &seq_profile_hash_fops);
1760
		if (IS_ERR(dent))
1761
			goto fail;
1762
		profile->dents[AAFS_PROF_HASH] = dent;
1763
	}
1764

1765
#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
1766
	if (profile->rawdata) {
1767
		if (aa_g_hash_policy) {
1768
			dent = aafs_create("raw_sha256", S_IFLNK | 0444, dir,
1769
					   profile->label.proxy, NULL, NULL,
1770
					   &rawdata_link_sha256_iops);
1771
			if (IS_ERR(dent))
1772
				goto fail;
1773
			aa_get_proxy(profile->label.proxy);
1774
			profile->dents[AAFS_PROF_RAW_HASH] = dent;
1775
		}
1776
		dent = aafs_create("raw_abi", S_IFLNK | 0444, dir,
1777
				   profile->label.proxy, NULL, NULL,
1778
				   &rawdata_link_abi_iops);
1779
		if (IS_ERR(dent))
1780
			goto fail;
1781
		aa_get_proxy(profile->label.proxy);
1782
		profile->dents[AAFS_PROF_RAW_ABI] = dent;
1783

1784
		dent = aafs_create("raw_data", S_IFLNK | 0444, dir,
1785
				   profile->label.proxy, NULL, NULL,
1786
				   &rawdata_link_data_iops);
1787
		if (IS_ERR(dent))
1788
			goto fail;
1789
		aa_get_proxy(profile->label.proxy);
1790
		profile->dents[AAFS_PROF_RAW_DATA] = dent;
1791
	}
1792
#endif /*CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
1793

1794
	list_for_each_entry(child, &profile->base.profiles, base.list) {
1795
		error = __aafs_profile_mkdir(child, prof_child_dir(profile));
1796
		if (error)
1797
			goto fail2;
1798
	}
1799

1800
	return 0;
1801

1802
fail:
1803
	error = PTR_ERR(dent);
1804

1805
fail2:
1806
	__aafs_profile_rmdir(profile);
1807

1808
	return error;
1809
}
1810

1811
static struct dentry *ns_mkdir_op(struct mnt_idmap *idmap, struct inode *dir,
1812
				  struct dentry *dentry, umode_t mode)
1813
{
1814
	struct aa_ns *ns, *parent;
1815
	/* TODO: improve permission check */
1816
	struct aa_label *label;
1817
	int error;
1818

1819
	label = begin_current_label_crit_section();
1820
	error = aa_may_manage_policy(current_cred(), label, NULL,
1821
				     AA_MAY_LOAD_POLICY);
1822
	end_current_label_crit_section(label);
1823
	if (error)
1824
		return ERR_PTR(error);
1825

1826
	parent = aa_get_ns(dir->i_private);
1827
	AA_BUG(d_inode(ns_subns_dir(parent)) != dir);
1828

1829
	/* we have to unlock and then relock to get locking order right
1830
	 * for pin_fs
1831
	 */
1832
	inode_unlock(dir);
1833
	error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
1834
	mutex_lock_nested(&parent->lock, parent->level);
1835
	inode_lock_nested(dir, I_MUTEX_PARENT);
1836
	if (error)
1837
		goto out;
1838

1839
	error = __aafs_setup_d_inode(dir, dentry, mode | S_IFDIR,  NULL,
1840
				     NULL, NULL, NULL);
1841
	if (error)
1842
		goto out_pin;
1843

1844
	ns = __aa_find_or_create_ns(parent, READ_ONCE(dentry->d_name.name),
1845
				    dentry);
1846
	if (IS_ERR(ns)) {
1847
		error = PTR_ERR(ns);
1848
		ns = NULL;
1849
	}
1850

1851
	aa_put_ns(ns);		/* list ref remains */
1852
out_pin:
1853
	if (error)
1854
		simple_release_fs(&aafs_mnt, &aafs_count);
1855
out:
1856
	mutex_unlock(&parent->lock);
1857
	aa_put_ns(parent);
1858

1859
	return ERR_PTR(error);
1860
}
1861

1862
static int ns_rmdir_op(struct inode *dir, struct dentry *dentry)
1863
{
1864
	struct aa_ns *ns, *parent;
1865
	/* TODO: improve permission check */
1866
	struct aa_label *label;
1867
	int error;
1868

1869
	label = begin_current_label_crit_section();
1870
	error = aa_may_manage_policy(current_cred(), label, NULL,
1871
				     AA_MAY_LOAD_POLICY);
1872
	end_current_label_crit_section(label);
1873
	if (error)
1874
		return error;
1875

1876
	parent = aa_get_ns(dir->i_private);
1877
	/* rmdir calls the generic securityfs functions to remove files
1878
	 * from the apparmor dir. It is up to the apparmor ns locking
1879
	 * to avoid races.
1880
	 */
1881
	inode_unlock(dir);
1882
	inode_unlock(dentry->d_inode);
1883

1884
	mutex_lock_nested(&parent->lock, parent->level);
1885
	ns = aa_get_ns(__aa_findn_ns(&parent->sub_ns, dentry->d_name.name,
1886
				     dentry->d_name.len));
1887
	if (!ns) {
1888
		error = -ENOENT;
1889
		goto out;
1890
	}
1891
	AA_BUG(ns_dir(ns) != dentry);
1892

1893
	__aa_remove_ns(ns);
1894
	aa_put_ns(ns);
1895

1896
out:
1897
	mutex_unlock(&parent->lock);
1898
	inode_lock_nested(dir, I_MUTEX_PARENT);
1899
	inode_lock(dentry->d_inode);
1900
	aa_put_ns(parent);
1901

1902
	return error;
1903
}
1904

1905
static const struct inode_operations ns_dir_inode_operations = {
1906
	.lookup		= simple_lookup,
1907
	.mkdir		= ns_mkdir_op,
1908
	.rmdir		= ns_rmdir_op,
1909
};
1910

1911
static void __aa_fs_list_remove_rawdata(struct aa_ns *ns)
1912
{
1913
	struct aa_loaddata *ent, *tmp;
1914

1915
	AA_BUG(!mutex_is_locked(&ns->lock));
1916

1917
	list_for_each_entry_safe(ent, tmp, &ns->rawdata_list, list)
1918
		__aa_fs_remove_rawdata(ent);
1919
}
1920

1921
/*
1922
 *
1923
 * Requires: @ns->lock held
1924
 */
1925
void __aafs_ns_rmdir(struct aa_ns *ns)
1926
{
1927
	struct aa_ns *sub;
1928
	struct aa_profile *child;
1929
	int i;
1930

1931
	if (!ns)
1932
		return;
1933
	AA_BUG(!mutex_is_locked(&ns->lock));
1934

1935
	list_for_each_entry(child, &ns->base.profiles, base.list)
1936
		__aafs_profile_rmdir(child);
1937

1938
	list_for_each_entry(sub, &ns->sub_ns, base.list) {
1939
		mutex_lock_nested(&sub->lock, sub->level);
1940
		__aafs_ns_rmdir(sub);
1941
		mutex_unlock(&sub->lock);
1942
	}
1943

1944
	__aa_fs_list_remove_rawdata(ns);
1945

1946
	if (ns_subns_dir(ns)) {
1947
		sub = d_inode(ns_subns_dir(ns))->i_private;
1948
		aa_put_ns(sub);
1949
	}
1950
	if (ns_subload(ns)) {
1951
		sub = d_inode(ns_subload(ns))->i_private;
1952
		aa_put_ns(sub);
1953
	}
1954
	if (ns_subreplace(ns)) {
1955
		sub = d_inode(ns_subreplace(ns))->i_private;
1956
		aa_put_ns(sub);
1957
	}
1958
	if (ns_subremove(ns)) {
1959
		sub = d_inode(ns_subremove(ns))->i_private;
1960
		aa_put_ns(sub);
1961
	}
1962
	if (ns_subrevision(ns)) {
1963
		sub = d_inode(ns_subrevision(ns))->i_private;
1964
		aa_put_ns(sub);
1965
	}
1966

1967
	for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) {
1968
		aafs_remove(ns->dents[i]);
1969
		ns->dents[i] = NULL;
1970
	}
1971
}
1972

1973
/* assumes cleanup in caller */
1974
static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir)
1975
{
1976
	struct dentry *dent;
1977

1978
	AA_BUG(!ns);
1979
	AA_BUG(!dir);
1980

1981
	dent = aafs_create_dir("profiles", dir);
1982
	if (IS_ERR(dent))
1983
		return PTR_ERR(dent);
1984
	ns_subprofs_dir(ns) = dent;
1985

1986
	dent = aafs_create_dir("raw_data", dir);
1987
	if (IS_ERR(dent))
1988
		return PTR_ERR(dent);
1989
	ns_subdata_dir(ns) = dent;
1990

1991
	dent = aafs_create_file("revision", 0444, dir, ns,
1992
				&aa_fs_ns_revision_fops);
1993
	if (IS_ERR(dent))
1994
		return PTR_ERR(dent);
1995
	aa_get_ns(ns);
1996
	ns_subrevision(ns) = dent;
1997

1998
	dent = aafs_create_file(".load", 0640, dir, ns,
1999
				      &aa_fs_profile_load);
2000
	if (IS_ERR(dent))
2001
		return PTR_ERR(dent);
2002
	aa_get_ns(ns);
2003
	ns_subload(ns) = dent;
2004

2005
	dent = aafs_create_file(".replace", 0640, dir, ns,
2006
				      &aa_fs_profile_replace);
2007
	if (IS_ERR(dent))
2008
		return PTR_ERR(dent);
2009
	aa_get_ns(ns);
2010
	ns_subreplace(ns) = dent;
2011

2012
	dent = aafs_create_file(".remove", 0640, dir, ns,
2013
				      &aa_fs_profile_remove);
2014
	if (IS_ERR(dent))
2015
		return PTR_ERR(dent);
2016
	aa_get_ns(ns);
2017
	ns_subremove(ns) = dent;
2018

2019
	  /* use create_dentry so we can supply private data */
2020
	dent = aafs_create("namespaces", S_IFDIR | 0755, dir, ns, NULL, NULL,
2021
			   &ns_dir_inode_operations);
2022
	if (IS_ERR(dent))
2023
		return PTR_ERR(dent);
2024
	aa_get_ns(ns);
2025
	ns_subns_dir(ns) = dent;
2026

2027
	return 0;
2028
}
2029

2030
/*
2031
 * Requires: @ns->lock held
2032
 */
2033
int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
2034
		    struct dentry *dent)
2035
{
2036
	struct aa_ns *sub;
2037
	struct aa_profile *child;
2038
	struct dentry *dir;
2039
	int error;
2040

2041
	AA_BUG(!ns);
2042
	AA_BUG(!parent);
2043
	AA_BUG(!mutex_is_locked(&ns->lock));
2044

2045
	if (!name)
2046
		name = ns->base.name;
2047

2048
	if (!dent) {
2049
		/* create ns dir if it doesn't already exist */
2050
		dent = aafs_create_dir(name, parent);
2051
		if (IS_ERR(dent))
2052
			goto fail;
2053
	} else
2054
		dget(dent);
2055
	ns_dir(ns) = dir = dent;
2056
	error = __aafs_ns_mkdir_entries(ns, dir);
2057
	if (error)
2058
		goto fail2;
2059

2060
	/* profiles */
2061
	list_for_each_entry(child, &ns->base.profiles, base.list) {
2062
		error = __aafs_profile_mkdir(child, ns_subprofs_dir(ns));
2063
		if (error)
2064
			goto fail2;
2065
	}
2066

2067
	/* subnamespaces */
2068
	list_for_each_entry(sub, &ns->sub_ns, base.list) {
2069
		mutex_lock_nested(&sub->lock, sub->level);
2070
		error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL);
2071
		mutex_unlock(&sub->lock);
2072
		if (error)
2073
			goto fail2;
2074
	}
2075

2076
	return 0;
2077

2078
fail:
2079
	error = PTR_ERR(dent);
2080

2081
fail2:
2082
	__aafs_ns_rmdir(ns);
2083

2084
	return error;
2085
}
2086

2087
/**
2088
 * __next_ns - find the next namespace to list
2089
 * @root: root namespace to stop search at (NOT NULL)
2090
 * @ns: current ns position (NOT NULL)
2091
 *
2092
 * Find the next namespace from @ns under @root and handle all locking needed
2093
 * while switching current namespace.
2094
 *
2095
 * Returns: next namespace or NULL if at last namespace under @root
2096
 * Requires: ns->parent->lock to be held
2097
 * NOTE: will not unlock root->lock
2098
 */
2099
static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns)
2100
{
2101
	struct aa_ns *parent, *next;
2102

2103
	AA_BUG(!root);
2104
	AA_BUG(!ns);
2105
	AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock));
2106

2107
	/* is next namespace a child */
2108
	if (!list_empty(&ns->sub_ns)) {
2109
		next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
2110
		mutex_lock_nested(&next->lock, next->level);
2111
		return next;
2112
	}
2113

2114
	/* check if the next ns is a sibling, parent, gp, .. */
2115
	parent = ns->parent;
2116
	while (ns != root) {
2117
		mutex_unlock(&ns->lock);
2118
		next = list_next_entry(ns, base.list);
2119
		if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
2120
			mutex_lock_nested(&next->lock, next->level);
2121
			return next;
2122
		}
2123
		ns = parent;
2124
		parent = parent->parent;
2125
	}
2126

2127
	return NULL;
2128
}
2129

2130
/**
2131
 * __first_profile - find the first profile in a namespace
2132
 * @root: namespace that is root of profiles being displayed (NOT NULL)
2133
 * @ns: namespace to start in   (NOT NULL)
2134
 *
2135
 * Returns: unrefcounted profile or NULL if no profile
2136
 * Requires: profile->ns.lock to be held
2137
 */
2138
static struct aa_profile *__first_profile(struct aa_ns *root,
2139
					  struct aa_ns *ns)
2140
{
2141
	AA_BUG(!root);
2142
	AA_BUG(ns && !mutex_is_locked(&ns->lock));
2143

2144
	for (; ns; ns = __next_ns(root, ns)) {
2145
		if (!list_empty(&ns->base.profiles))
2146
			return list_first_entry(&ns->base.profiles,
2147
						struct aa_profile, base.list);
2148
	}
2149
	return NULL;
2150
}
2151

2152
/**
2153
 * __next_profile - step to the next profile in a profile tree
2154
 * @p: current profile in tree (NOT NULL)
2155
 *
2156
 * Perform a depth first traversal on the profile tree in a namespace
2157
 *
2158
 * Returns: next profile or NULL if done
2159
 * Requires: profile->ns.lock to be held
2160
 */
2161
static struct aa_profile *__next_profile(struct aa_profile *p)
2162
{
2163
	struct aa_profile *parent;
2164
	struct aa_ns *ns = p->ns;
2165

2166
	AA_BUG(!mutex_is_locked(&profiles_ns(p)->lock));
2167

2168
	/* is next profile a child */
2169
	if (!list_empty(&p->base.profiles))
2170
		return list_first_entry(&p->base.profiles, typeof(*p),
2171
					base.list);
2172

2173
	/* is next profile a sibling, parent sibling, gp, sibling, .. */
2174
	parent = rcu_dereference_protected(p->parent,
2175
					   mutex_is_locked(&p->ns->lock));
2176
	while (parent) {
2177
		p = list_next_entry(p, base.list);
2178
		if (!list_entry_is_head(p, &parent->base.profiles, base.list))
2179
			return p;
2180
		p = parent;
2181
		parent = rcu_dereference_protected(parent->parent,
2182
					    mutex_is_locked(&parent->ns->lock));
2183
	}
2184

2185
	/* is next another profile in the namespace */
2186
	p = list_next_entry(p, base.list);
2187
	if (!list_entry_is_head(p, &ns->base.profiles, base.list))
2188
		return p;
2189

2190
	return NULL;
2191
}
2192

2193
/**
2194
 * next_profile - step to the next profile in where ever it may be
2195
 * @root: root namespace  (NOT NULL)
2196
 * @profile: current profile  (NOT NULL)
2197
 *
2198
 * Returns: next profile or NULL if there isn't one
2199
 */
2200
static struct aa_profile *next_profile(struct aa_ns *root,
2201
				       struct aa_profile *profile)
2202
{
2203
	struct aa_profile *next = __next_profile(profile);
2204
	if (next)
2205
		return next;
2206

2207
	/* finished all profiles in namespace move to next namespace */
2208
	return __first_profile(root, __next_ns(root, profile->ns));
2209
}
2210

2211
/**
2212
 * p_start - start a depth first traversal of profile tree
2213
 * @f: seq_file to fill
2214
 * @pos: current position
2215
 *
2216
 * Returns: first profile under current namespace or NULL if none found
2217
 *
2218
 * acquires first ns->lock
2219
 */
2220
static void *p_start(struct seq_file *f, loff_t *pos)
2221
{
2222
	struct aa_profile *profile = NULL;
2223
	struct aa_ns *root = aa_get_current_ns();
2224
	loff_t l = *pos;
2225
	f->private = root;
2226

2227
	/* find the first profile */
2228
	mutex_lock_nested(&root->lock, root->level);
2229
	profile = __first_profile(root, root);
2230

2231
	/* skip to position */
2232
	for (; profile && l > 0; l--)
2233
		profile = next_profile(root, profile);
2234

2235
	return profile;
2236
}
2237

2238
/**
2239
 * p_next - read the next profile entry
2240
 * @f: seq_file to fill
2241
 * @p: profile previously returned
2242
 * @pos: current position
2243
 *
2244
 * Returns: next profile after @p or NULL if none
2245
 *
2246
 * may acquire/release locks in namespace tree as necessary
2247
 */
2248
static void *p_next(struct seq_file *f, void *p, loff_t *pos)
2249
{
2250
	struct aa_profile *profile = p;
2251
	struct aa_ns *ns = f->private;
2252
	(*pos)++;
2253

2254
	return next_profile(ns, profile);
2255
}
2256

2257
/**
2258
 * p_stop - stop depth first traversal
2259
 * @f: seq_file we are filling
2260
 * @p: the last profile written
2261
 *
2262
 * Release all locking done by p_start/p_next on namespace tree
2263
 */
2264
static void p_stop(struct seq_file *f, void *p)
2265
{
2266
	struct aa_profile *profile = p;
2267
	struct aa_ns *root = f->private, *ns;
2268

2269
	if (profile) {
2270
		for (ns = profile->ns; ns && ns != root; ns = ns->parent)
2271
			mutex_unlock(&ns->lock);
2272
	}
2273
	mutex_unlock(&root->lock);
2274
	aa_put_ns(root);
2275
}
2276

2277
/**
2278
 * seq_show_profile - show a profile entry
2279
 * @f: seq_file to file
2280
 * @p: current position (profile)    (NOT NULL)
2281
 *
2282
 * Returns: error on failure
2283
 */
2284
static int seq_show_profile(struct seq_file *f, void *p)
2285
{
2286
	struct aa_profile *profile = (struct aa_profile *)p;
2287
	struct aa_ns *root = f->private;
2288

2289
	aa_label_seq_xprint(f, root, &profile->label,
2290
			    FLAG_SHOW_MODE | FLAG_VIEW_SUBNS, GFP_KERNEL);
2291
	seq_putc(f, '\n');
2292

2293
	return 0;
2294
}
2295

2296
static const struct seq_operations aa_sfs_profiles_op = {
2297
	.start = p_start,
2298
	.next = p_next,
2299
	.stop = p_stop,
2300
	.show = seq_show_profile,
2301
};
2302

2303
static int profiles_open(struct inode *inode, struct file *file)
2304
{
2305
	if (!aa_current_policy_view_capable(NULL))
2306
		return -EACCES;
2307

2308
	return seq_open(file, &aa_sfs_profiles_op);
2309
}
2310

2311
static int profiles_release(struct inode *inode, struct file *file)
2312
{
2313
	return seq_release(inode, file);
2314
}
2315

2316
static const struct file_operations aa_sfs_profiles_fops = {
2317
	.open = profiles_open,
2318
	.read = seq_read,
2319
	.llseek = seq_lseek,
2320
	.release = profiles_release,
2321
};
2322

2323

2324
/** Base file system setup **/
2325
static struct aa_sfs_entry aa_sfs_entry_file[] = {
2326
	AA_SFS_FILE_STRING("mask",
2327
			   "create read write exec append mmap_exec link lock"),
2328
	{ }
2329
};
2330

2331
static struct aa_sfs_entry aa_sfs_entry_ptrace[] = {
2332
	AA_SFS_FILE_STRING("mask", "read trace"),
2333
	{ }
2334
};
2335

2336
static struct aa_sfs_entry aa_sfs_entry_signal[] = {
2337
	AA_SFS_FILE_STRING("mask", AA_SFS_SIG_MASK),
2338
	{ }
2339
};
2340

2341
static struct aa_sfs_entry aa_sfs_entry_attach[] = {
2342
	AA_SFS_FILE_BOOLEAN("xattr", 1),
2343
	{ }
2344
};
2345
static struct aa_sfs_entry aa_sfs_entry_domain[] = {
2346
	AA_SFS_FILE_BOOLEAN("change_hat",	1),
2347
	AA_SFS_FILE_BOOLEAN("change_hatv",	1),
2348
	AA_SFS_FILE_BOOLEAN("unconfined_allowed_children",	1),
2349
	AA_SFS_FILE_BOOLEAN("change_onexec",	1),
2350
	AA_SFS_FILE_BOOLEAN("change_profile",	1),
2351
	AA_SFS_FILE_BOOLEAN("stack",		1),
2352
	AA_SFS_FILE_BOOLEAN("fix_binfmt_elf_mmap",	1),
2353
	AA_SFS_FILE_BOOLEAN("post_nnp_subset",	1),
2354
	AA_SFS_FILE_BOOLEAN("computed_longest_left",	1),
2355
	AA_SFS_DIR("attach_conditions",		aa_sfs_entry_attach),
2356
	AA_SFS_FILE_BOOLEAN("disconnected.path",            1),
2357
	AA_SFS_FILE_BOOLEAN("kill.signal",		1),
2358
	AA_SFS_FILE_STRING("version", "1.2"),
2359
	{ }
2360
};
2361

2362
static struct aa_sfs_entry aa_sfs_entry_unconfined[] = {
2363
	AA_SFS_FILE_BOOLEAN("change_profile", 1),
2364
	{ }
2365
};
2366

2367
static struct aa_sfs_entry aa_sfs_entry_versions[] = {
2368
	AA_SFS_FILE_BOOLEAN("v5",	1),
2369
	AA_SFS_FILE_BOOLEAN("v6",	1),
2370
	AA_SFS_FILE_BOOLEAN("v7",	1),
2371
	AA_SFS_FILE_BOOLEAN("v8",	1),
2372
	AA_SFS_FILE_BOOLEAN("v9",	1),
2373
	{ }
2374
};
2375

2376
#define PERMS32STR "allow deny subtree cond kill complain prompt audit quiet hide xindex tag label"
2377
static struct aa_sfs_entry aa_sfs_entry_policy[] = {
2378
	AA_SFS_DIR("versions",			aa_sfs_entry_versions),
2379
	AA_SFS_FILE_BOOLEAN("set_load",		1),
2380
	/* number of out of band transitions supported */
2381
	AA_SFS_FILE_U64("outofband",		MAX_OOB_SUPPORTED),
2382
	AA_SFS_FILE_U64("permstable32_version",	3),
2383
	AA_SFS_FILE_STRING("permstable32", PERMS32STR),
2384
	AA_SFS_FILE_U64("state32",	1),
2385
	AA_SFS_DIR("unconfined_restrictions",   aa_sfs_entry_unconfined),
2386
	{ }
2387
};
2388

2389
static struct aa_sfs_entry aa_sfs_entry_mount[] = {
2390
	AA_SFS_FILE_STRING("mask", "mount umount pivot_root"),
2391
	AA_SFS_FILE_STRING("move_mount", "detached"),
2392
	{ }
2393
};
2394

2395
static struct aa_sfs_entry aa_sfs_entry_ns[] = {
2396
	AA_SFS_FILE_BOOLEAN("profile",		1),
2397
	AA_SFS_FILE_BOOLEAN("pivot_root",	0),
2398
	AA_SFS_FILE_STRING("mask", "userns_create"),
2399
	{ }
2400
};
2401

2402
static struct aa_sfs_entry aa_sfs_entry_dbus[] = {
2403
	AA_SFS_FILE_STRING("mask", "acquire send receive"),
2404
	{ }
2405
};
2406

2407
static struct aa_sfs_entry aa_sfs_entry_query_label[] = {
2408
	AA_SFS_FILE_STRING("perms", "allow deny audit quiet"),
2409
	AA_SFS_FILE_BOOLEAN("data",		1),
2410
	AA_SFS_FILE_BOOLEAN("multi_transaction",	1),
2411
	{ }
2412
};
2413

2414
static struct aa_sfs_entry aa_sfs_entry_query[] = {
2415
	AA_SFS_DIR("label",			aa_sfs_entry_query_label),
2416
	{ }
2417
};
2418

2419
static struct aa_sfs_entry aa_sfs_entry_io_uring[] = {
2420
	AA_SFS_FILE_STRING("mask", "sqpoll override_creds"),
2421
	{ }
2422
};
2423

2424
static struct aa_sfs_entry aa_sfs_entry_features[] = {
2425
	AA_SFS_DIR("policy",			aa_sfs_entry_policy),
2426
	AA_SFS_DIR("domain",			aa_sfs_entry_domain),
2427
	AA_SFS_DIR("file",			aa_sfs_entry_file),
2428
	AA_SFS_DIR("network_v8",		aa_sfs_entry_network),
2429
	AA_SFS_DIR("network_v9",		aa_sfs_entry_networkv9),
2430
	AA_SFS_DIR("mount",			aa_sfs_entry_mount),
2431
	AA_SFS_DIR("namespaces",		aa_sfs_entry_ns),
2432
	AA_SFS_FILE_U64("capability",		VFS_CAP_FLAGS_MASK),
2433
	AA_SFS_DIR("rlimit",			aa_sfs_entry_rlimit),
2434
	AA_SFS_DIR("caps",			aa_sfs_entry_caps),
2435
	AA_SFS_DIR("ptrace",			aa_sfs_entry_ptrace),
2436
	AA_SFS_DIR("signal",			aa_sfs_entry_signal),
2437
	AA_SFS_DIR("dbus",			aa_sfs_entry_dbus),
2438
	AA_SFS_DIR("query",			aa_sfs_entry_query),
2439
	AA_SFS_DIR("io_uring",			aa_sfs_entry_io_uring),
2440
	{ }
2441
};
2442

2443
static struct aa_sfs_entry aa_sfs_entry_apparmor[] = {
2444
	AA_SFS_FILE_FOPS(".access", 0666, &aa_sfs_access),
2445
	AA_SFS_FILE_FOPS(".stacked", 0444, &seq_ns_stacked_fops),
2446
	AA_SFS_FILE_FOPS(".ns_stacked", 0444, &seq_ns_nsstacked_fops),
2447
	AA_SFS_FILE_FOPS(".ns_level", 0444, &seq_ns_level_fops),
2448
	AA_SFS_FILE_FOPS(".ns_name", 0444, &seq_ns_name_fops),
2449
	AA_SFS_FILE_FOPS("profiles", 0444, &aa_sfs_profiles_fops),
2450
	AA_SFS_FILE_FOPS("raw_data_compression_level_min", 0444, &seq_ns_compress_min_fops),
2451
	AA_SFS_FILE_FOPS("raw_data_compression_level_max", 0444, &seq_ns_compress_max_fops),
2452
	AA_SFS_DIR("features", aa_sfs_entry_features),
2453
	{ }
2454
};
2455

2456
static struct aa_sfs_entry aa_sfs_entry =
2457
	AA_SFS_DIR("apparmor", aa_sfs_entry_apparmor);
2458

2459
/**
2460
 * entry_create_file - create a file entry in the apparmor securityfs
2461
 * @fs_file: aa_sfs_entry to build an entry for (NOT NULL)
2462
 * @parent: the parent dentry in the securityfs
2463
 *
2464
 * Use entry_remove_file to remove entries created with this fn.
2465
 */
2466
static int __init entry_create_file(struct aa_sfs_entry *fs_file,
2467
				    struct dentry *parent)
2468
{
2469
	int error = 0;
2470

2471
	fs_file->dentry = securityfs_create_file(fs_file->name,
2472
						 S_IFREG | fs_file->mode,
2473
						 parent, fs_file,
2474
						 fs_file->file_ops);
2475
	if (IS_ERR(fs_file->dentry)) {
2476
		error = PTR_ERR(fs_file->dentry);
2477
		fs_file->dentry = NULL;
2478
	}
2479
	return error;
2480
}
2481

2482
static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir);
2483
/**
2484
 * entry_create_dir - recursively create a directory entry in the securityfs
2485
 * @fs_dir: aa_sfs_entry (and all child entries) to build (NOT NULL)
2486
 * @parent: the parent dentry in the securityfs
2487
 *
2488
 * Use entry_remove_dir to remove entries created with this fn.
2489
 */
2490
static int __init entry_create_dir(struct aa_sfs_entry *fs_dir,
2491
				   struct dentry *parent)
2492
{
2493
	struct aa_sfs_entry *fs_file;
2494
	struct dentry *dir;
2495
	int error;
2496

2497
	dir = securityfs_create_dir(fs_dir->name, parent);
2498
	if (IS_ERR(dir))
2499
		return PTR_ERR(dir);
2500
	fs_dir->dentry = dir;
2501

2502
	for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
2503
		if (fs_file->v_type == AA_SFS_TYPE_DIR)
2504
			error = entry_create_dir(fs_file, fs_dir->dentry);
2505
		else
2506
			error = entry_create_file(fs_file, fs_dir->dentry);
2507
		if (error)
2508
			goto failed;
2509
	}
2510

2511
	return 0;
2512

2513
failed:
2514
	entry_remove_dir(fs_dir);
2515

2516
	return error;
2517
}
2518

2519
/**
2520
 * entry_remove_file - drop a single file entry in the apparmor securityfs
2521
 * @fs_file: aa_sfs_entry to detach from the securityfs (NOT NULL)
2522
 */
2523
static void __init entry_remove_file(struct aa_sfs_entry *fs_file)
2524
{
2525
	if (!fs_file->dentry)
2526
		return;
2527

2528
	securityfs_remove(fs_file->dentry);
2529
	fs_file->dentry = NULL;
2530
}
2531

2532
/**
2533
 * entry_remove_dir - recursively drop a directory entry from the securityfs
2534
 * @fs_dir: aa_sfs_entry (and all child entries) to detach (NOT NULL)
2535
 */
2536
static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir)
2537
{
2538
	struct aa_sfs_entry *fs_file;
2539

2540
	for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
2541
		if (fs_file->v_type == AA_SFS_TYPE_DIR)
2542
			entry_remove_dir(fs_file);
2543
		else
2544
			entry_remove_file(fs_file);
2545
	}
2546

2547
	entry_remove_file(fs_dir);
2548
}
2549

2550
/**
2551
 * aa_destroy_aafs - cleanup and free aafs
2552
 *
2553
 * releases dentries allocated by aa_create_aafs
2554
 */
2555
void __init aa_destroy_aafs(void)
2556
{
2557
	entry_remove_dir(&aa_sfs_entry);
2558
}
2559

2560

2561
#define NULL_FILE_NAME ".null"
2562
struct path aa_null;
2563

2564
static int aa_mk_null_file(struct dentry *parent)
2565
{
2566
	struct vfsmount *mount = NULL;
2567
	struct dentry *dentry;
2568
	struct inode *inode;
2569
	int count = 0;
2570
	int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count);
2571

2572
	if (error)
2573
		return error;
2574

2575
	inode_lock(d_inode(parent));
2576
	dentry = lookup_noperm(&QSTR(NULL_FILE_NAME), parent);
2577
	if (IS_ERR(dentry)) {
2578
		error = PTR_ERR(dentry);
2579
		goto out;
2580
	}
2581
	inode = new_inode(parent->d_inode->i_sb);
2582
	if (!inode) {
2583
		error = -ENOMEM;
2584
		goto out1;
2585
	}
2586

2587
	inode->i_ino = get_next_ino();
2588
	inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
2589
	simple_inode_init_ts(inode);
2590
	init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO,
2591
			   MKDEV(MEM_MAJOR, 3));
2592
	d_instantiate(dentry, inode);
2593
	aa_null.dentry = dget(dentry);
2594
	aa_null.mnt = mntget(mount);
2595

2596
	error = 0;
2597

2598
out1:
2599
	dput(dentry);
2600
out:
2601
	inode_unlock(d_inode(parent));
2602
	simple_release_fs(&mount, &count);
2603
	return error;
2604
}
2605

2606

2607

2608
static const char *policy_get_link(struct dentry *dentry,
2609
				   struct inode *inode,
2610
				   struct delayed_call *done)
2611
{
2612
	struct aa_ns *ns;
2613
	struct path path;
2614
	int error;
2615

2616
	if (!dentry)
2617
		return ERR_PTR(-ECHILD);
2618

2619
	ns = aa_get_current_ns();
2620
	path.mnt = mntget(aafs_mnt);
2621
	path.dentry = dget(ns_dir(ns));
2622
	error = nd_jump_link(&path);
2623
	aa_put_ns(ns);
2624

2625
	return ERR_PTR(error);
2626
}
2627

2628
static int policy_readlink(struct dentry *dentry, char __user *buffer,
2629
			   int buflen)
2630
{
2631
	char name[32];
2632
	int res;
2633

2634
	res = snprintf(name, sizeof(name), "%s:[%lu]", AAFS_NAME,
2635
		       d_inode(dentry)->i_ino);
2636
	if (res > 0 && res < sizeof(name))
2637
		res = readlink_copy(buffer, buflen, name, strlen(name));
2638
	else
2639
		res = -ENOENT;
2640

2641
	return res;
2642
}
2643

2644
static const struct inode_operations policy_link_iops = {
2645
	.readlink	= policy_readlink,
2646
	.get_link	= policy_get_link,
2647
};
2648

2649

2650
/**
2651
 * aa_create_aafs - create the apparmor security filesystem
2652
 *
2653
 * dentries created here are released by aa_destroy_aafs
2654
 *
2655
 * Returns: error on failure
2656
 */
2657
int __init aa_create_aafs(void)
2658
{
2659
	struct dentry *dent;
2660
	int error;
2661

2662
	if (!apparmor_initialized)
2663
		return 0;
2664

2665
	if (aa_sfs_entry.dentry) {
2666
		AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
2667
		return -EEXIST;
2668
	}
2669

2670
	/* setup apparmorfs used to virtualize policy/ */
2671
	aafs_mnt = kern_mount(&aafs_ops);
2672
	if (IS_ERR(aafs_mnt))
2673
		panic("can't set apparmorfs up\n");
2674
	aafs_mnt->mnt_sb->s_flags &= ~SB_NOUSER;
2675

2676
	/* Populate fs tree. */
2677
	error = entry_create_dir(&aa_sfs_entry, NULL);
2678
	if (error)
2679
		goto error;
2680

2681
	dent = securityfs_create_file(".load", 0666, aa_sfs_entry.dentry,
2682
				      NULL, &aa_fs_profile_load);
2683
	if (IS_ERR(dent))
2684
		goto dent_error;
2685
	ns_subload(root_ns) = dent;
2686

2687
	dent = securityfs_create_file(".replace", 0666, aa_sfs_entry.dentry,
2688
				      NULL, &aa_fs_profile_replace);
2689
	if (IS_ERR(dent))
2690
		goto dent_error;
2691
	ns_subreplace(root_ns) = dent;
2692

2693
	dent = securityfs_create_file(".remove", 0666, aa_sfs_entry.dentry,
2694
				      NULL, &aa_fs_profile_remove);
2695
	if (IS_ERR(dent))
2696
		goto dent_error;
2697
	ns_subremove(root_ns) = dent;
2698

2699
	dent = securityfs_create_file("revision", 0444, aa_sfs_entry.dentry,
2700
				      NULL, &aa_fs_ns_revision_fops);
2701
	if (IS_ERR(dent))
2702
		goto dent_error;
2703
	ns_subrevision(root_ns) = dent;
2704

2705
	/* policy tree referenced by magic policy symlink */
2706
	mutex_lock_nested(&root_ns->lock, root_ns->level);
2707
	error = __aafs_ns_mkdir(root_ns, aafs_mnt->mnt_root, ".policy",
2708
				aafs_mnt->mnt_root);
2709
	mutex_unlock(&root_ns->lock);
2710
	if (error)
2711
		goto error;
2712

2713
	/* magic symlink similar to nsfs redirects based on task policy */
2714
	dent = securityfs_create_symlink("policy", aa_sfs_entry.dentry,
2715
					 NULL, &policy_link_iops);
2716
	if (IS_ERR(dent))
2717
		goto dent_error;
2718

2719
	error = aa_mk_null_file(aa_sfs_entry.dentry);
2720
	if (error)
2721
		goto error;
2722

2723
	/* TODO: add default profile to apparmorfs */
2724

2725
	/* Report that AppArmor fs is enabled */
2726
	aa_info_message("AppArmor Filesystem Enabled");
2727
	return 0;
2728

2729
dent_error:
2730
	error = PTR_ERR(dent);
2731
error:
2732
	aa_destroy_aafs();
2733
	AA_ERROR("Error creating AppArmor securityfs\n");
2734
	return error;
2735
}
2736

2737